Wireshark is a program that is used for network troubleshooting.
Some of the main features of this program include the following:
· There are two ways that data can be captured with this program. The first is “from the wire” which means that the data comes from a live network connection. The second is from data that has been made into a file of already-captured packets.
One key benefit of using this program is that it is completely free to use.
· There are multiple types of networks that data can be read from. These include Ethernet, IEEE 802.11, PPP, and loopback.
· This program uses GUI or TShark (the terminal/command line version) to browse the captured network data.
· Using the command-line switches, programs can be programmatically edited or converted to the editcap program.
· Using a display filter, data can be refined for a better display.
· This program allows dissecting new protocols can be created using plug-ins.
· This program allows VoIP calls can be detected and if the encoded data is a compatible encoding, can even be played back.
· This program allows raw USB traffic to be captured.
· This program allows the filtering of wireless connections as long as traverse the monitored Ethernet.
· This program utilizes multiple settings, timers, and filters in order to provide the facility of filtering any and all output of the captures traffic.
· This program does not require elevated privileges used for safety for their operators anymore due to the possibility of a bug in the system from using these privileges.
· This program uses color packets to help organize particular fields in packets which helps identify the different types of traffic at a glance.
· This program can also be used with network simulation tools in order to capture packets.
Wireshark requires Linxus, macOS, BSD, Solaris, some other Unix-like operating systems, or Microsoft Windows. There is also a terminal-based version call TShark. These programs are free programs released using the terms set forth by the GNU General Public License.