Wireshark is a open-source packets analyzer which is free, and used by network administrators. It used for network analysis, troubleshooting, software and communications protocol development, as well as for educational purposes. Wireshark runs on various operating systems (platforms) such as Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows; requiring GTK+, GLib, libpcap and some other libraries in order to run.
Image via Wikipedia
Being released under the GNU General Public License (SPL), Wireshark can be freely used on any number of computers without worrying about fees, license keys etc…Moreover, as the source code is freely available under the GPL, it is very easy for people to add new protocols to Wireshark: plug-ins, or building into the source. In addition to modifying Wireshark to suit individual needs, by contributing the improvements back to the community:
• Developers of Wireshark might improve the changes even more, or they may implement some advanced things.
• Maintainers and developers of Wireshark will maintain your code, fixing it when API changes or when other changes are made. Generally keeping it in sync with what is happening with Wireshark.
Though Wireshark has similarities with tcpdump, it has more information sorting and filtering options, and uses pcap to capture packets, so it can only capture the packets on the types of networks that pcap supports. With has a GUI (Graphical user interface) which makes it easier to use, Wireshark allows users to see all traffic being passed over the network (usually an Ethernet), and is able to display the encapsulation and the fields along with their meanings of different packets specified by different networking protocols.
With Wireshark, data can be captured “from the wire” – a live network connection or read from a file that has recorded already-captured packets, live data can also be read from a number of types of network such as Ethernet, IEEE 802.11, PPP, and loopback; the display can be refined using the display filter. The captured network data can then be browsed via a GUI (Graphical User Interface), or via the terminal command line version of the utility, tshark. In addition, the captured files can be edited or converted via command-line switches to the “editcap” program programmatically; with the possibility of plug-ins being created for dissecting new protocols.