CISSP Fix

Wireshark is an open source protocol analyzer that can capture traffic in real time. Wireshark is a free packet sniffer computer application. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Wireshark is very similar to tcpdump, but it has a graphical front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

Wireshark uses pcap to capture packets, so it can only capture the packets on the networks supported by pcap. It has the following features:

• Data can be captured “from the wire” from a live network connection or read from a file that records the already-captured packets.
• Live data can be read from a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback.
• Captured network data can be browsed via a GUI, or via the terminal (command line) version of the utility, tshark.
• Captured files can be programmatically edited or converted via command-line switches to the “editcap” program.
• Data display can be refined using a display filter.
• Plugins can be created for dissecting new protocols.
  
  •