Solution

• Wireshark is a free and open source packet analyzer.

• It is used for network troubleshooting, analysis, software and communication protocol development and education.

• It runs on Linux, UNIX, os x, BSD, Solaris, and Microsoft windows.

• It provides following functionality:

  • Wireshark is very similar to tcpdum, but has a graphical front-end, plus some integrated sorting and filtering options.

  • It lets the user put network interface controllers that support promiscuous mode into that mode, so they can see all traffic visible on that interface.

  • If a remote machine captures packets and sends the captured packets to a machine running Wireshark using the TZSP protocol or the protocol used by omnipeek, Wireshark dissects that packets.so it can analyze packets captured on a remote machine at the time they are captured.

  • It understands the structure of different networking protocols. It can parse and display the fields along with their meanings as specified by different protocols.

  • You can use it to review traffic captured by tools like tcpdump or WinDump or use it to capture traffic directly.

  • It also supports capture formats from several other commercial and open source network sniffers.

  • Use Wireshark to parse and examine the specific phases and packet types for protocols like SSL/TLS, SSH, SMB, and dozens more.

• Wireshark has several features:

  • Data can be captured from the wire from a live network connection or read from a file of already captured packets.

  • Live data can be read from a number of types of networks including Ethernet, IEEE 802.11, PPP and loopback.

  • Data display can be refined using a display filter.

  • VoIP calls in the captured traffic can be detected. If encoded in a compatible encoding, the media flow can even be played.

  • Raw USB traffic can be captured.

  • Various settings, timers, and filters can be set that ensure only triggered traffic appear.