Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues
3. .MehrdadLinux@Gmail Com
عباسی مهرداد
What is packet analyzer?
● packet analyzer
– network analyzer
– protocol analyzer
– packet sniffer
● particular types of networks
– Ethernet sniffer
– wireless sniffer
4. .MehrdadLinux@Gmail Com
عباسی مهرداد
Packet sniffers can
● Analyze network problems
● Detect network intrusion attempts
● Detect network misuse by internal and external users
● Documenting regulatory compliance through logging all perimeter and endpoint traffic
● Gain information for effecting a network intrusion
● Isolate exploited systems
● Monitor WAN bandwidth utilization
● Monitor network usage (including internal and external users and systems)
● Monitor data-in-motion
● Monitor WAN and endpoint security status
● Gather and report network statistics
● Filter suspect content from network traffic
● Serve as primary data source for day-to-day network monitoring and management
● Spy on other network users and collect sensitive information such as login details or users cookies (depending on any content encryption methods that may be in use)
● Reverse engineer proprietary protocols used over the network
● Debug client/server communications
● Debug network protocol implementations
● Verify adds, moves and changes
● Verify internal control system effectiveness (firewalls, access control, Web filter, spam filter, proxy)
5. .MehrdadLinux@Gmail Com
عباسی مهرداد
Notable packet analyzers
● Cain and Abel
● Capsa Network Analyzer
● Carnivore (FBI)
● CommView
● dSniff
● ettercap
● Fiddler
● Kismet
● Lanmeter
● Microsoft Network Monitor
● Microsoft Message Analyzer
● NarusInsight
● NetScout Systems nGenius Infinistream
● ngrep, Network Grep
● OmniPeek
● Riverbed SteelCentral Packet Analyzer (formerly known as Cascade Pilot)
● Riverbed SteelCentral Transaction Analyzer (formerly known as OPNET ATX and ACE)
● SkyGrabber
● snoop
● tcpdump
● Wireshark (formerly known as Ethereal)
● Xplico Open source Network Forensic Analysis Tool
6. .MehrdadLinux@Gmail Com
عباسی مهرداد
What is Wireshark?
● Wireshark is a free and open-source packet analyzer.
● Developer(s) The Wireshark team
● Stable release 1.12.7 / 12 August 2015; 45 days ago
● Written in C (and C++ in the development version)
● Operating system Cross-platform
● Type Packet analyzer
● License GNU GPL
● Website www.wireshark.org
7. .MehrdadLinux@Gmail Com
عباسی مهرداد
Wireshark History
● 1990s, Gerald Combs
● a computer science graduate of the University of Missouri–Kansas City
● was working for a small Internet service provider
● The commercial protocol analysis products at the time were priced around $1500
● did not run on the company's primary platforms (Solaris and Linux
● began writing Ethereal and released the first version around 1998
● The Ethereal trademark is owned by Network Integration Services
● In May 2006, Combs accepted a job with CACE Technologies. Combs still held copyright on most of Ethereal's
source code (and the rest was re-distributable under the GNU GPL), so he used the contents of the Ethereal
Subversion repository as the basis for the Wireshark repository. However, he did not own the Ethereal
trademark, so he changed the name to Wireshark
● In 2010 Riverbed Technology purchased CACE and took over as the primary sponsor of Wireshark. Ethereal
development has ceased, and an Ethereal security advisory recommended switching to Wireshark
8. .MehrdadLinux@Gmail Com
عباسی مهرداد
Wireshark Developer
● Over 850 Developer
● Windows Installer (64-bit)
● Windows Installer (32-bit)
● Windows PortableApps (32-bit)
● OS X 10.6 and later Intel 64-bit .dmg
● OS X 10.6 and later Intel 32-bit .dmg
● Source Code