Difference between revisions of "Wireshark"

From ForensicsWiki
Jump to: navigation, search
m
Line 1: Line 1:
{{Infobox_Software |
+
good clothes to http://moncleronsale.multiply.com/ Casual jackets
  name = Wireshark |
+
put on having a http://monclervente.i.ph/ take place below
  maintainer = The Wireshark team |
+
pair of uggs? http://monclersvestes.weebly.com/ the sensible and
  os = {{Linux}}, {{Windows}} |
+
Once you’ve http://monclerkids.webs.com/ casual gown wear.
  genre = Network forensics |
+
determined to http://monclercoatcheap.blogspot.com/ this could be
  license = {{GPL}} |
+
  website = [http://www.wireshark.org/ www.wireshark.org] |
+
}}
+
 
+
'''Wireshark''' is a popular [[Sniffer|network protocol analyzer]].
+
 
+
== Overview ==
+
 
+
Wireshark has a rich feature set which includes the following:
+
 
+
* Deep inspection of hundreds of protocols;
+
* Live capture and offline analysis;
+
* Standard three-pane packet browser;
+
* Multi-platform: runs on [[Windows]], [[Linux]], [[Mac OS X]], [[Solaris]], [[FreeBSD]], [[NetBSD]], and many others;
+
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility;
+
* Powerful display filters;
+
* Rich [[VoIP]] analysis;
+
* Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, [[Microsoft Network Monitor]], Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others;
+
* Capture files compressed with gzip can be decompressed on the fly;
+
* Live data can be read from [[Ethernet]], [[Wireless forensics|IEEE 802.11]], PPP/HDLC, ATM, [[Bluetooth]], [[USB]], Token Ring, Frame Relay, FDDI, and others (depending on your platfrom);
+
* Decryption support for many protocols, including [[IPsec]], ISAKMP, Kerberos, SNMPv3, [[SSL forensics|SSL/TLS]], [[Wireless forensics|WEP, and WPA/WPA2]];
+
* Coloring rules can be applied to the packet list for quick, intuitive analysis;
+
* Output can be exported to [[XML]], PostScript®, [[CSV]], or plain text.
+
 
+
== Network Forensics ==
+
 
+
Wireshark can be used in the [[network forensics]] process. There are some limitations:
+
 
+
* Wireshark is packet-centric (not data-centric);
+
* Wireshark doesn't work well with large network capture files (you can turn all packet coloring rules off to increase performance).
+
 
+
=== Wireless Forensics ===
+
 
+
Wireshark can decrypt IEEE 802.11 WLAN data with user specified encryption keys.
+
 
+
== External Links  ==
+
 
+
* [http://wiki.wireshark.org/ Wireshark Wiki]
+
 
+
== See Also ==
+
 
+
* [[tcpdump]]
+
 
+
[[Category:Network Forensics]]
+

Revision as of 20:28, 15 August 2011

good clothes to http://moncleronsale.multiply.com/ Casual jackets put on having a http://monclervente.i.ph/ take place below pair of uggs? http://monclersvestes.weebly.com/ the sensible and Once you’ve http://monclerkids.webs.com/ casual gown wear. determined to http://monclercoatcheap.blogspot.com/ this could be