Wireshark

Wireshark is a protocol analyzer using which you can capture and analyze traffic in your network. It is written by Gerald Combs. The first version was released in 1998. It is a Free and Open Source software. It was initially called Ethereal and renamed due to a trademark issue.

Back in the day, to analyse network traffic, they hook up an oscilloscope to the network which captures the electrical wave form which is converted into binary and then decoded manually.

In Linux and other nix , it uses libpcap library which is also used by tcpdump. In Windows, it uses WinPcap driver. The libpcap or WinPcap receives every data incoming and outgoing at the NIC, passes one copy to Wireshark and the other to the network application.

It has a command line version called tshark. The syntax is quite similar to tcpdump. You can capture packets with tcpdump and tshark, save it to a file and load it in Wireshark for analysis.

I took these notes while going through this introductory course on Wireshark at Pluralsight.

Advertisements