2011-05-08 16:51:26 +02:00
|
|
|
Wireshark (aka Ethereal) is a free packet sniffer computer application. It
|
|
|
|
is used for network troubleshooting, analysis, software and communications
|
|
|
|
protocol development, and education. In June 2006, the project was renamed
|
|
|
|
from Ethereal due to trademark issues.
|
2010-05-11 15:01:39 +02:00
|
|
|
|
2010-11-24 23:03:54 +01:00
|
|
|
The functionality Wireshark provides is very similar to tcpdump, but it has
|
2011-05-08 16:51:26 +02:00
|
|
|
a graphical front-end and many more information sorting and filtering
|
|
|
|
options. It allows the user to see all traffic being passed over the network
|
2010-11-24 23:03:54 +01:00
|
|
|
(usually an Ethernet network but support is being added for others) by
|
2010-05-11 22:26:00 +02:00
|
|
|
putting the network interface into promiscuous mode.
|
2010-05-11 15:01:39 +02:00
|
|
|
|
2011-05-08 16:51:26 +02:00
|
|
|
Wireshark uses the cross-platform GTK+ widget toolkit. Its powerful features
|
2010-11-24 23:03:54 +01:00
|
|
|
make it the tool of choice for network troubleshooting, protocol development,
|
2010-05-11 22:26:00 +02:00
|
|
|
and education worldwide.
|
2010-11-24 23:03:54 +01:00
|
|
|
|
2011-05-08 16:51:26 +02:00
|
|
|
If you use a filesystem that supports posix capabilities, an easy way to
|
|
|
|
start wireshark as a normal user, while still providing it with all of the
|
|
|
|
access permissions it requires, is by issuing the following command:
|
|
|
|
$ setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap
|