What is Wireshark? Explain it's functionality.
1 Answer


  • Wireshark is a free and open source packet analyzer.

  • It is used for network troubleshooting, analysis, software and communication protocol development and education.

  • It runs on Linux, UNIX, os x, BSD, Solaris, and Microsoft windows.

  • It provides following functionality:

    • Wireshark is very similar to tcpdum, but has a graphical front-end, plus some integrated sorting and filtering options.

    • It lets the user put network interface controllers that support promiscuous mode into that mode, so they can see all traffic visible on that interface.

    • If a remote machine captures packets and sends the captured packets to a machine running Wireshark using the TZSP protocol or the protocol used by omnipeek, Wireshark dissects that packets.so it can analyze packets captured on a remote machine at the time they are captured.

    • It understands the structure of different networking protocols. It can parse and display the fields along with their meanings as specified by different protocols.

    • You can use it to review traffic captured by tools like tcpdump or WinDump or use it to capture traffic directly.

    • It also supports capture formats from several other commercial and open source network sniffers.

    • Use Wireshark to parse and examine the specific phases and packet types for protocols like SSL/TLS, SSH, SMB, and dozens more.

  • Wireshark has several features:

    • Data can be captured from the wire from a live network connection or read from a file of already captured packets.

    • Live data can be read from a number of types of networks including Ethernet, IEEE 802.11, PPP and loopback.

    • Data display can be refined using a display filter.

    • VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.

    • Raw USB traffic can be captured.

    • Various settings, timers, and filters can be set that ensure only triggered traffic appear.

Please log in to add an answer.