Wireshark

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Wireshark is a network packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development. The Ethereal project was forced to change names in May 2006 due to trademark issues. It is now called Wireshark.

Wireshark is cross-platform with versions for Microsoft Windows, Linux, and many other Operating Systems.

The following are some of the many features Wireshark provides:

  • Available for UNIX and Windows.
  • Capture live packet data from a network interface.
  • Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
  • Import packets from text files containing hex dumps of packet data.
  • Display packets with very detailed protocol information.
  • Save packet data captured.
  • Export some or all packets in a number of capture file formats.
  • Filter packets on many criteria.
  • Search for packets on many criteria.
  • Colorize packet display based on filters.
  • Create various statistics.

Linux

wireshark-filter.4.gz
Wireshark and TShark share a powerful filter engine that helps remove
      the noise from a packet trace and lets you see only the packets that
      interest you.  If a packet meets the requirements expressed in your
      filter, then it is displayed in the list of packets.  Display filters
      let you compare the fields within a protocol against a specific value,
      compare fields against fields, and check the existence of specified
      fields or protocols.
      Filters are also used by other features such as statistics generation
      and packet list colorization (the latter is only available to
      Wireshark). This manual page describes their syntax. A comprehensive
      reference of filter fields can be found within Wireshark and in the
      display filter reference at <http://www.wireshark.org/docs/dfref/>.