Wireshark - Open Source Protocol Analyzer
Description
Started in 1998 by Gerald Combs, this protocol analyzer was named Ethereal. At 2006 the name changed to Wireshark. Follow this link to now why Gerald Combs changed Ethereal to Wireshark.
After 10 years of development, by network expert all around the world, and still continuing, it is the de facto protocol analyzer now, with almost 1000 protocols supported. IP based protocol, cellular protocol - GTP, BSSAP - and many others.
Here is the features supported by Wireshark:
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and off line analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Certification
WireShark University run by Laura Chappellis is offering Wireshark Certification. You can even download a lot of resources to go deep on protocol analyzing.
Quick Howto
- Download and Install the Wireshark
- Run it
- If you want to capture packet from your own computer:
- Click Capture Menu
- Choose the interface and click Start
- If you want to change the capture option, choose the interface and clik Option
- If you want to capture packet from web sever (for example)
- Activate port mirroring in the switch
- Mirror the web server port to the empty port in the switch
- Plug your LAN Cable to that port
- Do step 3
- If you want to capture large data:
- It is better to uncheck all options in “Display Options” and “Name Resolution”
- Create a multiple file
- You can auto stop packet capture using:
- How Many Packets number
- Packet Captured Size
- Time, how long to capture
Download and Resources
- Wireshark Documentation
- Wireshark for Windows 2000/XP/2003/Vista Installer, you need WinPCAP also
- Wireshark for Mac OSX Intel
- Wireshark for Linux - Ubuntu, Fedora, OpenSuse, Debian, Mandriva, Gentoo is in their standard package
- Wireshark for Unix Solaris, HP
- Wireshark for NetBSD, FreeBSD is in their standard package
- Wireshark Source Code
- Laura Lab Kit version 8 and Version 9
- List of protocols supported by Wireshark
Screenshoot
See the complete Wireshark Screenshot at www.softpedia.com (old version, as softpedia still use ethereal as the name)
:))
Interesting to know.