TABLE OF CONTENTS Wireshark is the best open-source network analyzer available. It is packed with features comparable to commercial network analyzers, and with a large, diverse collection of authors, new enhancements are continually developed. Wireshark is a stable and useful component for all network toolkits, and new features and bug fixes are always being developed. A lot of progress has been made since the early days of Wireshark (when it was still called Ethereal); the application now performs comparably (and in some regards) better than commercial sniffing software.
In this chapter, you will gain an understanding of what Wireshark is, what its features are, and how to use it for troubleshooting on your network architecture. Additionally, you will learn the history of Wireshark, how it came to be such a popular network analyzer, and why it remains a top pick for system and security administration. Along the way, we go over some tips for running Wireshark in a secure manner, optimizing it so that it runs advanced techniques smoothly.
Wireshark is a network analyzer. It reads packets from the network, decodes them, and presents them in an easy-to-understand format. Some of the most important aspects of Wireshark is that it is open source, actively maintained, and free. The following are some of the other important aspects of Wireshark:
It is distributed under the Gnu s Not UNIX (GNU) General Public License (GPL) opensource license.
It works in promiscuous and non-promiscuous modes.
It can capture data from the...
