Wireshark

Wireshark (English wire " wire ", " wire " and shark " shark " ), formerly Ethereal (English " heavenly ", " ethereal " ) called, is a free program for the analysis of network communication links ( sniffer).

Technical details

The tool Wireshark provides either during or after the recording of data traffic of a network interface ( usually an Ethernet network card with TCP / IP) represents the data in the form of individual packets The data are clearly and analyzed for humans to understand. Thus, the content of the captured packets considered or filtered by content. Wireshark can generate statistics for data flow or extract binary content (images, etc.).

Under Microsoft Windows Wireshark distinguishes the traffic transparently to using WinPcap.

The recording format of the measured data was borrowed or taken over by tcpdump. However, Wireshark can also read in the formats of other LAN Analyzer.

Wireshark was initially developed as Ethereal by a team led by Gerald Combs under the GNU General Public License as free open source software ( FOSS ).

History

As Gerald Combs joined by Ethereal Software Inc. CACE Technologies, he started a private follow-up project, calling it Wireshark. The first version of Wireshark was published on 7 June 2006 with the version number 0.99.1. The precursor, Ethereal, is still available in version 0.99.0, but is no longer being developed.

Version 1.0 of Wireshark was published on March 31, 2008.

Special Features

Wireshark adds various protocols meta information into packets which will result only from the context of data flow. Thus, an SMB packets originating from file operations, the file or directory name is added when opening the file was recorded.

Past and future

Precursor of Ethereal and Wireshark network analysis products were commercial manufacturers. In appearance and function of many things reminiscent of these precursors, some of which now Ethereal / Wireshark displaced by the successful open source project from the market and have been adjusted as a result.

However, the old question of whether expert analysis can be replaced by automation is not answered by Ethereal / Wireshark. Since in practice the automation of critical processes ( and, indeed, the analysis of these processes ) key significance that strongly manually created using Wireshark is an obstacle for certain forms of strategic use. While there is with tshark as part of Wireshark a scriptable command-line based tool, but this does not have all the features of Wireshark itself

Ultimately Wireshark is but a packet and not data-oriented sniffer, whose focus is the analysis of specific problems.

Remark on the legal situation in Germany

The intentional interception and logging of foreign radio links is prohibited unless it has been explicitly allowed by the network operator. Unintended listening is not punishable under the German Telecommunications Act, however, storage, distribution or use of the data thus obtained is also not permitted.