Wireshark 4.6.0 / 4.4.10 – Free Network Protocol Analyzer

Wireshark is the world’s leading network protocol analyzer, trusted by professionals for network troubleshooting, analysis, software and communication protocol development, and educational purposes. It provides deep insight into network traffic, helping users diagnose issues and optimize performance efficiently.

This tool captures and analyzes network traffic live, providing interactive insights. It is cross-platform, built with the GTK+ interface and powered by the pcap library for fast packet capture.

Wireshark is recognized as the de facto and, in many cases, the de jure standard across industries and educational institutions. While it functions similarly to tcpdump, it stands out with its intuitive graphical interface and advanced, built-in filtering and sorting capabilities for streamlined network analysis.

Wireshark enables users to place network interfaces that support promiscuous mode into that state, allowing them to view all network traffic on the interface, not just packets addressed to the interface’s configured addresses or broadcast and multicast traffic. This feature presents a clear and detailed picture of network operations for in-depth examination.

However, when capturing traffic with a packet analyzer in promiscuous mode on a port of a network switch, not all traffic traveling through the switch will necessarily be sent to the port on which the capture is being performed. So, capturing in promiscuous mode will not necessarily be sufficient to see all traffic on the network. Port mirroring or various network taps extend capture to any point on the network. Simple passive taps are extremely resistant to malware tampering.

Wireshark Features:

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform. Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Can browse the captured network data via a GUI or the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read and write various capture file formats, including tcpdump (libpcap), Pcap NG, Catapult DCT2000, and Cisco Secure IDS iplog. Microsoft Network Monitor, Network General Sniffer, Sniffer Pro, and NetXray. Also, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, and Shomiti/Finisar Surveyor. Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Can read the Live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others
• Decryption support for many protocols. Including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Applies the coloring rules to the packet list for quick, intuitive analysis
• Allows the Output to export to XML, PostScript, CSV, or plain text