Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course).
-
network administrators use it to troubleshoot network problems
-
network security engineers use it to examine security problems
-
developers use it to debug protocol implementations
-
people use it to learn network protocol internals
Beside these examples, Wireshark can be helpful in many other situations too.
The following are some of the many features Wireshark provides:
-
Available for UNIX and Windows.
-
Capture live packet data from a network interface.
-
Display packets with very detailed protocol information.
-
Open and Save packet data captured.
-
Import and Export packet data from and to a lot of other capture programs.
-
Filter packets on many criteria.
-
Search for packets on many criteria.
-
Colorize packet display based on filters.
-
Create various statistics.
-
... and a lot more!
Wireshark - 64bit software