Wireshark is a
network protocol analyzer that enables you to capture and examine data
from a live network or from a capture file on disk. You can
interactively browse the capture data and view summary and detail
information for each packet. Wireshark has several powerful features,
including a rich display filter language and the ability to view the
reconstructed stream of a TCP session. The program,can read
capture files from tcpdump (libpcap), NAI Sniffer (compressed and
uncompressed), Sniffer Pro, NetXray, snoop, Shomiti Surveyor, AIX s
iptrace, Microsoft Network Monitor, Novell s LANalyzer, RADCOM s WAN/LAN
Analyzer, HP-UX nettl, ISDN4BSD, Cisco Secure IDS iplog, the pppd log
(pppdump-format), and the AG Group s/Wildpacket Etherpeek. Wireshark
can also read traces made from Lucent/Ascend WAN routers and Toshiba
ISDN routers. Any of these files can be compressed with gzip and
Wireshark will decompress them on the fly. Features
• Data can be captured "off the wire" from a live network connection, or read from a capture file.
•
Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer
(compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and
atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network
Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HPUX nettl,
i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log
(pppdumpformat), the AG Group's/WildPacket's
EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can
also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN
routers, as well as the text output from VMS's TCPIPtrace utility and
the DBS Etherwatch utility for VMS. Any of these files can be compressed
with gzip and Ethereal will decompress them on the fly.
• Live data
can be read from Ethernet, FDDI, PPP, Token*Ring, IEEE 802.11, Classical
IP over ATM, and loopback interfaces (at least on some platforms; not
all of those types are supported on all platforms).
• Captured network data can be browsed via a GUI, or via the TTY*mode "tethereal" program.
• Capture files can be programmatically edited or converted via command*line switches to the "editcap" program.
• 602 protocols can currently be dissected
• Output can be saved or printed as plain text or PostScript.
• Data display can be refined using a display filter.
• Display filters can also be used to selectively highlight and color packet summary information.
• All or part of each captured network trace can be saved to disk.
|
No comments:
Post a Comment