|
|
| Line 1: |
Line 1: |
| − | {{Infobox_Software |
| + | good clothes to http://moncleronsale.multiply.com/ Casual jackets |
| − | name = Wireshark |
| + | put on having a http://monclervente.i.ph/ take place below |
| − | maintainer = The Wireshark team |
| + | pair of uggs? http://monclersvestes.weebly.com/ the sensible and |
| − | os = {{Linux}}, {{Windows}} |
| + | Once you’ve http://monclerkids.webs.com/ casual gown wear. |
| − | genre = Network forensics |
| + | determined to http://monclercoatcheap.blogspot.com/ this could be |
| − | license = {{GPL}} |
| + | |
| − | website = [http://www.wireshark.org/ www.wireshark.org] |
| + | |
| − | }}
| + | |
| − | | + | |
| − | '''Wireshark''' is a popular [[Sniffer|network protocol analyzer]].
| + | |
| − | | + | |
| − | == Overview ==
| + | |
| − | | + | |
| − | Wireshark has a rich feature set which includes the following:
| + | |
| − | | + | |
| − | * Deep inspection of hundreds of protocols;
| + | |
| − | * Live capture and offline analysis;
| + | |
| − | * Standard three-pane packet browser;
| + | |
| − | * Multi-platform: runs on [[Windows]], [[Linux]], [[Mac OS X]], [[Solaris]], [[FreeBSD]], [[NetBSD]], and many others;
| + | |
| − | * Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility;
| + | |
| − | * Powerful display filters;
| + | |
| − | * Rich [[VoIP]] analysis;
| + | |
| − | * Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, [[Microsoft Network Monitor]], Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others;
| + | |
| − | * Capture files compressed with gzip can be decompressed on the fly;
| + | |
| − | * Live data can be read from [[Ethernet]], [[Wireless forensics|IEEE 802.11]], PPP/HDLC, ATM, [[Bluetooth]], [[USB]], Token Ring, Frame Relay, FDDI, and others (depending on your platfrom);
| + | |
| − | * Decryption support for many protocols, including [[IPsec]], ISAKMP, Kerberos, SNMPv3, [[SSL forensics|SSL/TLS]], [[Wireless forensics|WEP, and WPA/WPA2]];
| + | |
| − | * Coloring rules can be applied to the packet list for quick, intuitive analysis;
| + | |
| − | * Output can be exported to [[XML]], PostScript®, [[CSV]], or plain text.
| + | |
| − | | + | |
| − | == Network Forensics ==
| + | |
| − | | + | |
| − | Wireshark can be used in the [[network forensics]] process. There are some limitations:
| + | |
| − | | + | |
| − | * Wireshark is packet-centric (not data-centric);
| + | |
| − | * Wireshark doesn't work well with large network capture files (you can turn all packet coloring rules off to increase performance).
| + | |
| − | | + | |
| − | === Wireless Forensics ===
| + | |
| − | | + | |
| − | Wireshark can decrypt IEEE 802.11 WLAN data with user specified encryption keys.
| + | |
| − | | + | |
| − | == External Links ==
| + | |
| − | | + | |
| − | * [http://wiki.wireshark.org/ Wireshark Wiki]
| + | |
| − | | + | |
| − | == See Also ==
| + | |
| − | | + | |
| − | * [[tcpdump]]
| + | |
| − | | + | |
| − | [[Category:Network Forensics]]
| + | |
