Wireshark Review (by Chris Sanders)
“The Wireshark interface is one of the easiest to understand of any packet sniffing application. Wireshark is a GUI-based application with very clearly written context menus and a straightforward layout. It also provides several features designed to enhance usability, such as protocol-based color coding and detailed graphical representations of raw data. Unlike some of the more complicated command-line driven alternatives like tcpdump, the Wireshark GUI is great for those who are just entering the world of protocol analysis.”
-- Chris Sanders, author of Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Reviewer Profile - Chris Sanders is a 21 year old college senior at Murray State University and a network consultant for KeeFORCE, one of western Kentucky's largest technical consulting firms. In this role Chris works with businesses of all sizes, consulting on issues including network planning, traffic analysis, and general network administration. He also hosts his own website, ChrisSanders.org, which offers tutorials, guides, and technical commentary, including the very popular Packet School 101. In addition, Chris is a staff writer for WindowsNetworking.com and WindowsDevCenter.com. For the last few years, he has used Wireshark for packet analysis almost daily. Recently, Chris authored his second book, entitled Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems.
Vendor Profile - Wireshark (formerly known as Ethereal) is a free software protocol analyzer, or “packet sniffer” application, used for network troubleshooting, analysis, software and protocol development, and education. Wireshark has all of the standard features of a protocol analyzer. This open source project was started by Gerald Combs (a computer science graduate of the University of Missouri-Kansas City) who out of necessity, started writing a program on his own called Ethereal so that he could have a tool to capture and analyze packets. Released on a GPL license in 1998, this open source protocol analyzer Immediately caught on. As of today there are over 500 contributing authors while Gerald continues to maintain the overall code and issues releases of new versions. On May 2, 2007, eWEEK Labs named Wireshark one of “The Most Important Open-Source Apps of All Time”.
The following is Chris' brief review of Wireshark (reprinted with permission from his book).
The Benefits of Wireshark
Wireshark offers several benefits that make it appealing for everyday use. It is aimed at both the journeyman and the expert packet analyst and offers a variety of features to entice each.
Supported Protocols
Wireshark excels in the number of protocols that it supports—over 850 as of this writing. These protocols run from common ones like IP and DHCP to more advanced proprietary protocols like AppleTalk and BitTorrent. And because Wireshark is developed under an open source model, new protocol support is added with each update. If there is a protocol that Wireshark doesn’t support, you can code that support yourself and submit your code to the Wireshark developers for inclusion in the application (if your code is accepted, of course). That said, there is really almost no protocol that Wireshark isn’t capable of supporting.
User Friendliness
The Wireshark interface is one of the easiest to understand of any packet sniffing application. Wireshark is a GUI-based application with very clearly written context menus and a straightforward layout. It also provides several features designed to enhance usability, such as protocol-based color coding and detailed graphical representations of raw data. Unlike some of the more complicated command-line driven alternatives like tcpdump, the Wireshark GUI is great for those who are just entering the world of protocol analysis.
Cost
Since it is open source, Wireshark’s pricing can’t be beat. Wireshark is released as free software under the GPL. You can download and use Wireshark for any purpose, whether personal or commercial.
Program Support
A software package’s level of support can make or break it. When dealing with freely distributed software such as Wireshark, there is often no formal support, which is why the open source community often relies on its user base to provide support. Luckily for us, the Wireshark community is one of the best and most active of any open source project. The Wireshark web page links directly to several forms of support, including online documentation, a support and development wiki, FAQs, and a place to sign up for the Wireshark mailing list, which is monitored by most of the program’s top developers. These developers, along with Wireshark’s massive user base, provide support that leaves no question unanswered.
Operating System Support
Wireshark supports all major modern operating systems, including Windows, Mac OS X, and Linux-based platforms. You can view a complete list of supported operating systems on the Wireshark home page.
Continue reading other LoveMyTool entries related to Open Source Tools University (OSTU) »
Comments