Login

Main Site

Wireshark and WinPcap

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, in May 2006 the project was renamed Wireshark due to trademark issues.

 

Wireshark is cross-platform, using the GTK+ widget toolkit to implement its user interface, and using pcap to capture packets; it runs on various Unix-like operating systems including Linux, Mac OS X, BSD, and Solaris, and on Microsoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License.

 

Learn WireShark video archive:
Wireshark has a rich feature set which includes the following:
Deep inspection of hundreds of protocols, with more being added all the time

 

WinPcap is released under the BSD open source licence. This means that you have total freedom to modify and use it with your application, even if it’s commercial. The binary and source code are available here.

 

High performance. WinPcap implements all of the classic optimizations described in the packet capture literature (e.g., kernel-level filtering and buffering, context switch mitigation, partial packet copy), plus some original ones, like JIT filter compilation and kernel-level statistic processing. For these reasons, WinPcap outperforms other comparable approaches.

 

Popular. WinPcap is used as the network interface by many tools — both free and commercial including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators, network testers, etc. Some of these tools, like Wireshark, Nmap, Snort, WinDump, ntop are very well known in the networking community. WinPcap is downloaded thousands of times every day.

 

Portable. WinPcap is completely compatible with libpcap. This means that you can use it to port your existing Unix or Linux tools to Windows. This also means that your Windows applications will be easily portable to Unix.

 

Well documented. The WinPcap manual documents the API and the internals in an easy-to-follow hyperlinked manner. The documentation includes a tutorial that takes you step-by-step through all of the features of WinPcap.

This entry was posted in Open Source and tagged , , . Bookmark the permalink.

Comments are closed.