WireShark is a network phishing program. It allows you to intercept traffic by putting the network adapter in "undecipherable" mode, when it receives all packets, regardless of to whom they are addressed. It is similar to TCPDump
, but has a friendly graphical interface and filters to display results according to user specified parameters. The program works on Windows, Linux, BSD, MacOS.
Key features WireShark for Windows:
- deep scanning of the local network using over 100 network protocols;
- identification of devices connected to the network, listing their IP, MAC addresses, ID, workgroup;
- realtime packet interception;
- analysis of traffic (including offline mode);
- internal packet decryptor (supports IPsec, WPA/WPA2, WEP, Kerberos);
- intercept and analyze VoIP (voice call data);
- file on the fly unzipping;
- hear selected port (or range);
- modeling network attacks on router, server including tools such as TCP SYN Flood;
- export scan data to XML.
The received data can be viewed both in the GUI and via the console (the TShark tool is integrated for this purpose).
Supports monitoring of WiFi as well as Ethernet, Bluetooth, ATM, USB, FDDI and Frame Relay. It doesn't require obligatory installation, can work in the portable mode. The interface is in Russian. There is also a detailed wiki instruction on the developer's official site on how to use the application.
What problems may be used for
Wireshark is used for testing resistance to hacking and DDoS attacks of local networks. It is also good for detecting hidden traffic channels connected to the LAN. Its ability to extract data from packets lets you know which sites and resources are being accessed by each of the connected devices. And the deep scan function will help to determine the type of network protocol used by each LAN client (including game consoles, standalone sensors).
Download WireShark current version in Russian on our website.