Wireshark For Linux

Wireshark is an open source, sophisticated and highly acclaimed network analyzer software used by network professionals around the world for network traffic troubleshooting, analysis, software and protocol development.

With Wireshark, you can capture data "off the wire" from a live network connection, as well as to read from and write to popular capture file formats, including the tcpdump data outputted by the libpcap library, Pcap NG, Cisco Secure IDS iplog, Microsoft Network Monitor, Novell LANalyzer, and Network Instruments Observer.

The program can read/write both uncompressed and compressed capture file formats of Network General Sniffer, Catapult DCT2000, Finisar/Shomiti Surveyor, Sniffer Pro, NetScreen snoop, NetXray, RADCOM WAN/LAN Analyzer, Tektronix K12xx, WildPackets AiroPeek/EtherPeek/TokenPeek, Visual Networks Visual UpTime, and many others.

Captured network data can be then browsed via an easy-to-use GUI (Graphical User Interface) or via the command-line. Capture files can be automatically edited or converted via command-line switches of the "editcap" program.

Output can be saved/printed as PostScript, CSV (Comma Separated Value), XML or Plain Text files, and network data can be refined using the so-called “display filters” which allows users to selectively color and highlight summary information of the captured network packets.

Another interesting feature is the ability to decrypt various well known protocols, including WPA/WPA2, WEP, IPsec, Kerberos, TLS, SSL, SNMP version 3, and ISAKMP. Further more, the software can read live network data from IEEE 802.11, Ethernet, FDDI, ATM, USB, Bluetooth, Token Ring, and Frame Relay interfaces.

It is a multi-platform application that runs well on Linux, FreeBSD, NetBSD, Solaris, Microsoft Windows, and Mac OS X operating systems. We strongly recommend to use Wireshark for any type of network protocol analysis. It can deeply inspect hundreds of network protocols and it has been declared the world’s most popular network analyzer.