Wireshark is the most popular network protocol analyser software. It allows you to see what is happening on your network in detail and represents the standard across many commercial and non-profit enterprises.
Gerald Combs started this project back in 1998 and he is still active on the project. Since it is an open source software, officially there are more than six hundred additional contributing authors.
Wireshark Main Features
Wireshark is a cross-platform software, available for Windows, Linux, MacOS and many other operating systems. Wireshark uses pcap to capture packets. This open source software deeply inspects hundreds of supported protocols. The team behind this software constantly adds new protocols to ensure that software can inspect them.
You can also capture live data and analyse them offline. Wireshark also read and write to many different capture file formats. It can also read data from Ethernet, Bluetooth, Wi-Fi, USB, and many other streams.
Wireshark can colour packets based on rules that match fields in packets, to help the user identify the types of traffic immediately.
- Data can be captured from a live network connection or read from an exported file,
- Captured data can be browsed via a GUI or via CLI version of the Wireshark – TShark,
- Data presentation can be refined using a display filter easily,
- VoIP calls in the captured network can be detected, encoded, and even played,
- This utility is capable to capture raw USB traffic as well.