Situations may occur in which Wireshark is not able to interpret certain protocols due to a lack of documentation or standardizations. It is also important to mention that the functions detailed in this document to represent only a small proportion of what Wireshark can do and is meant as a guide for any administrator who needs to detect, analyse and resolve network anomalies. Similarly to Tcpdump, Wireshark includes a command line version, called Tshark, although this document focuses on its graphical-front end version. Wireshark "understands" the structure of different networking protocols, so you are able to view the fields of each one of the headers and layers of the packets being monitored, providing a wide range of options to net work administrators when performing certain traffic analysis tasks. It is the continuation of a project that started in 1998. Wireshark is the world's foremost network protocol analyzer, and is the standard in many industries.
Wireshark implements a range of filters that facilitate the definition of search criteria and currently supports over 1100 protocol, all with a simple and intuitive front-end that enables you to break down the captured packets by layer. Originally known as Ethereal, its main objective is to analyse traffic as well as being an excellent, easy-to-use application for analysing communications and resolving network problems. Wireshark is an open-source protocol analyser designed by Gerald Combs that runs on Windows and Unix platforms.
0 kommentar(er)
