Review: Wireshark - Network Protocol Analyzer (“Packet Sniffer”)

EDITORS'
 CHOICE 

Review of the Free & Open Source Software (FOSS) network protocol analysis (“sniffing”) tools included in Wireshark.

REVIEW SUMMARY

Wireshark is the world's most popular network protocol analyzer (“packet sniffer”) which allows you to see what’s happening on your network at a micro level. It is the defacto standard tool for network protocol analysis across many industries and academic institutions. Wireshark supports the deep inspection of hundreds of network protocols, with more protocols being added continuously. Live network data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). Decryption support is provided for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.

Network data captured by Wireshark can be browsed by either a GUI or the TShark Command Line Interpreter (CLI) utility. Wireshark’s powerful network data filters allow users to efficiently separate interesting data from network traffic “noise”. Wireshark supports a wide range of capture file formats including, but not limited to: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, and Network General Sniffer. Wireshark is the leading network protocol analyzer, and is highly recommended for both cybersecurity noobs and certified ethical hackers.


Cybersecurity Software Reviewed: Wireshark: Network Protocol Analyzer (“Packet Sniffer”)
Date Published: 12/15/2014
Editor Rating: 3.8 / 5 Stars

EDITOR RATINGS
⁃ Functionality (40%)
⁃ Performance (20%)
⁃ Usability (20%)
⁃ Portability (10%)
⁃ Value (10%)
⁃ OVERALL






PLATFORMS


PROS
  • Includes a comprehensive arsenal of network protocol analysis (“packet sniffing”) tools that are designed to supports the deep inspection of hundreds of network protocols.
  • Decryption support is provided for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.
  • Network data captured can be browsed by either a GUI or a Command Line Interpreter (CLI) utility
  • Supports a wide range of capture file formats
  • Free and open source.
CONS
  • GUI and documentation are mediocre
  • Steep learning curve
BOTTOM LINE
  • If you are looking at a low-cost/high-quality network protocol analyzer, there is no better solution available.

DOWNLOAD LINKS

CYBERSECURITY FORUM and CyberSecurityForum.com are trademarks of PivotPoint Technology Corporation. All other product and service names mentioned are the trademarks of their respective companies.