2006-05-22 08:14:01 +00:00
Wireshark is a GUI network protocol analyzer.
2003-11-18 23:11:49 +00:00
It lets you interactively browse packet data from a live network or from a previously saved capture file.
2006-05-31 19:12:15 +00:00
See: http://www.wireshark.org for new versions, documentation, ...
2003-11-18 23:11:49 +00:00
2006-06-07 04:37:26 +00:00
Wireshark's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. So Wireshark can read capture files from:
2003-11-18 23:11:49 +00:00
2004-04-25 09:02:04 +00:00
-libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
2003-11-18 23:11:49 +00:00
-snoop and atmsnoop
2004-04-25 09:02:04 +00:00
-Shomiti/Finisar Surveyor captures
-Novell LANalyzer captures
-Microsoft Network Monitor captures
-AIX's iptrace captures
-Cinco Networks NetXRay captures
-Network Associates Windows-based Sniffer captures
-Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
-AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
-RADCOM's WAN/LAN analyzer captures
-Network Instruments Observer version 9 captures
2003-11-18 23:11:49 +00:00
-Lucent/Ascend router debug output
2004-04-25 09:02:04 +00:00
-files from HP-UX's nettl
-Toshiba's ISDN routers dump output
2003-11-18 23:11:49 +00:00
-the output from i4btrace from the ISDN4BSD project
2004-04-25 09:02:04 +00:00
-traces from the EyeSDN USB S0.
-the output in IPLog format from the Cisco Secure Intrusion Detection System
2003-11-18 23:11:49 +00:00
-pppd logs (pppdump format)
2004-04-25 09:02:04 +00:00
-the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities
2003-11-18 23:11:49 +00:00
-the text output from the DBS Etherwatch VMS utility
2004-04-25 09:02:04 +00:00
-Visual Networks' Visual UpTime traffic capture
2003-11-18 23:11:49 +00:00
-the output from CoSine L2 debug
2004-04-25 09:02:04 +00:00
-the output from Accellent's 5Views LAN agents
-Endace Measurement Systems' ERF format captures
-Linux Bluez Bluetooth stack hcidump -w traces
2003-11-18 23:11:49 +00:00
2006-06-07 04:37:26 +00:00
There is no need to tell Wireshark what type of file you are reading; it will determine the file type by itself. Wireshark is also capable of reading any of these file formats if they are compressed using gzip. Wireshark recognizes this directly from the file; the '.gz' extension is not required for this purpose.