Wireshark : Sniffing the glue that holds the Internet together
Wireshark(known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).
Wireshark是网络包分析工具。网络包分析工具的主要作用是尝试捕获网络包, 并尝试显示包的尽可能详细的情况。你可以把网络包分析工具当成是一种用来测量有什么东西从网线上进出的测量工具,就好像使电工用来测量进入电信的电量的电度表一样。(当然比那个更高级) 过去的此类工具要么是过于昂贵,要么是属于某人私有,或者是二者兼顾。 Wireshark出现以后,这种现状得以改变。Wireshark可能算得上是今天能使用的最好的开元网络分析软件。
主要应用:
网络管理员用来解决网络问题
网络安全工程师用来检测安全隐患
开发人员用来测试协议执行情况
用来学习网络协议
特性:
支持UNIX和Windows平台
在接口实时捕捉包
能详细显示包的详细协议信息
可以打开/保存捕捉的包
可以导入导出其他捕捉程序支持的包数据格式
可以通过多种方式过滤包
多种方式查找包
通过过滤以多种色彩显示包
创建多种统计分析
