Wireshark is a network protocol analyzer that has become a standard across several industries. Supported protocols are still growing, the number going by the hundreds. It can do live captures and off-line analysis, VoIP analysis, and protocol decryption.
Coming with a three paned packed browser, this protocol analyzer reads and writes in many different capture file formats, exports output to XML, PostScript, CSV or plain text, and browses captured network data by the use of a GUI or of TShark utility.
Said to offer the most powerful display filters in the industry, this one can also decompress gzip files on the fly and display results in an intuitive manner, by the use of colors and packed listing.
Wireshark features and benefits:
- Data can be captured "off the wire" from a live network connection, or read from a capture file
- Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms)
- Captured network data can be browsed via a GUI, or via the TTY-mode "tethereal" program
- Capture files can be programmatically edited or converted via command-line switches to the "editcap" program
- 602 protocols can currently be dissected
- Output can be saved or printed as plain text or PostScript
- Data display can be refined using a display filter
- Display filters can also be used to selectively highlight and color packet summary information
- All or part of each captured network trace can be saved to disk