Review of the Free & Open Source Software (FOSS) network protocol analysis (“sniffing”) tools included in Wireshark.REVIEW SUMMARY
Wireshark is the world's most popular network protocol analyzer (“packet sniffer”) which allows you to see what’s happening on your network at a micro level. It is the defacto standard tool for network protocol analysis across many industries and academic institutions. Wireshark supports the deep inspection of hundreds of network protocols, with more protocols being added continuously. Live network data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). Decryption support is provided for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
Network data captured by Wireshark can be browsed by either a GUI or the TShark Command Line Interpreter (CLI) utility. Wireshark’s powerful network data filters allow users to efficiently separate interesting data from network traffic “noise”. Wireshark supports a wide range of capture file formats including, but not limited to: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, and Network General Sniffer. Wireshark is the leading network protocol analyzer, and is highly recommended for both cybersecurity noobs and certified ethical hackers.
CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.