Wireshark

Wireshark is a network or protocol analyzer (also known as a network sniffer) available for free at the Wireshark website. It is used to analyze the structure of different network protocols and has the ability to demonstrate encapsulation. The analyzer operates on Unix, Linux and Microsoft Windows operating systems, and employs the GTK+ widget toolkit and pcap for packet capturing. Wireshark and other terminal-based free software versions like Tshark are released under the GNU General Public License.

Wireshark shares many characteristics with tcpdump. The difference is that it supports a graphical user interface (GUI) and has information filtering features. In addition, Wireshark permits the user to see all the traffic being passed over the network.

Features of Wireshark include:

• Data is analyzed either from the wire over the network connection or from data files that have already captured data packets.
• Supports live data reading and analysis for a wide range of networks (including Ethernet, IEEE 802.11, point-to-point Protocol (PPP) and loopback).
• With the help of GUI or other versions, users can browse captured data networks.
• For programmatically editing and converting the captured files to the editcap application, users can use command line switches.
• Display filters are used to filter and organize the data display.
• New protocols can be scrutinized by creating plug-ins.
• Captured traffic can also trace Voice over Internet (VoIP) calls over the network.
• When using Linux, it is also possible to capture raw USB traffic.