Difference between revisions of "Wireshark"

From Forensics Wiki
Jump to: navigation, search
(Undo revision 11624 by Xiaoqiu (talk) - Removed spam and restored article)
 
Line 1: Line 1:
good clothes to http://moncleronsale.multiply.com/ Casual jackets
+
{{Infobox_Software |
put on having a http://monclervente.i.ph/ take place below
+
  name = Wireshark |
pair of uggs? http://monclersvestes.weebly.com/ the sensible and
+
  maintainer = The Wireshark team |
Once you’ve http://monclerkids.webs.com/ casual gown wear.
+
  os = {{Linux}}, {{Windows}} |
determined to http://monclercoatcheap.blogspot.com/ this could be
+
  genre = Network forensics |
 +
  license = {{GPL}} |
 +
  website = [http://www.wireshark.org/ www.wireshark.org] |
 +
}}
 +
 
 +
'''Wireshark''' is a popular [[Sniffer|network protocol analyzer]].
 +
 
 +
== Overview ==
 +
 
 +
Wireshark has a rich feature set which includes the following:
 +
 
 +
* Deep inspection of hundreds of protocols;
 +
* Live capture and offline analysis;
 +
* Standard three-pane packet browser;
 +
* Multi-platform: runs on [[Windows]], [[Linux]], [[Mac OS X]], [[Solaris]], [[FreeBSD]], [[NetBSD]], and many others;
 +
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility;
 +
* Powerful display filters;
 +
* Rich [[VoIP]] analysis;
 +
* Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, [[Microsoft Network Monitor]], Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others;
 +
* Capture files compressed with gzip can be decompressed on the fly;
 +
* Live data can be read from [[Ethernet]], [[Wireless forensics|IEEE 802.11]], PPP/HDLC, ATM, [[Bluetooth]], [[USB]], Token Ring, Frame Relay, FDDI, and others (depending on your platfrom);
 +
* Decryption support for many protocols, including [[IPsec]], ISAKMP, Kerberos, SNMPv3, [[SSL forensics|SSL/TLS]], [[Wireless forensics|WEP, and WPA/WPA2]];
 +
* Coloring rules can be applied to the packet list for quick, intuitive analysis;
 +
* Output can be exported to [[XML]], PostScript®, [[CSV]], or plain text.
 +
 
 +
== Network Forensics ==
 +
 
 +
Wireshark can be used in the [[network forensics]] process. There are some limitations:
 +
 
 +
* Wireshark is packet-centric (not data-centric);
 +
* Wireshark doesn't work well with large network capture files (you can turn all packet coloring rules off to increase performance).
 +
 
 +
=== Wireless Forensics ===
 +
 
 +
Wireshark can decrypt IEEE 802.11 WLAN data with user specified encryption keys.
 +
 
 +
== External Links  ==
 +
 
 +
* [http://wiki.wireshark.org/ Wireshark Wiki]
 +
 
 +
== See Also ==
 +
 
 +
* [[tcpdump]]
 +
 
 +
[[Category:Network Forensics]]

Latest revision as of 20:44, 18 August 2011

Wireshark
Maintainer: The Wireshark team
OS: Linux,Windows
Genre: Network forensics
License: GPL
Website: www.wireshark.org

Wireshark is a popular network protocol analyzer.

Contents

Overview

Wireshark has a rich feature set which includes the following:

  • Deep inspection of hundreds of protocols;
  • Live capture and offline analysis;
  • Standard three-pane packet browser;
  • Multi-platform: runs on Windows, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, and many others;
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility;
  • Powerful display filters;
  • Rich VoIP analysis;
  • Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others;
  • Capture files compressed with gzip can be decompressed on the fly;
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom);
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2;
  • Coloring rules can be applied to the packet list for quick, intuitive analysis;
  • Output can be exported to XML, PostScript®, CSV, or plain text.

Network Forensics

Wireshark can be used in the network forensics process. There are some limitations:

  • Wireshark is packet-centric (not data-centric);
  • Wireshark doesn't work well with large network capture files (you can turn all packet coloring rules off to increase performance).

Wireless Forensics

Wireshark can decrypt IEEE 802.11 WLAN data with user specified encryption keys.

External Links

See Also