Anda di halaman 1dari 5

1/15/2016

WiresharkWikipedia,thefreeencyclopedia

Wireshark
FromWikipedia,thefreeencyclopedia

Wiresharkisafreeandopensourcepacket
analyzer.Itisusedfornetworktroubleshooting,
analysis,softwareandcommunicationsprotocol
development,andeducation.Originallynamed
Ethereal,theprojectwasrenamedWiresharkinMay
2006duetotrademarkissues.[4]
Wiresharkiscrossplatform,usingtheQtwidget
toolkitincurrentreleasestoimplementitsuser
interface,andusingpcaptocapturepacketsitruns
onLinux,OSX,BSD,Solaris,someotherUnixlike
operatingsystems,andMicrosoftWindows.Thereis
alsoaterminalbased(nonGUI)versioncalled
TShark.Wireshark,andtheotherprograms
distributedwithitsuchasTShark,arefreesoftware,
releasedunderthetermsoftheGNUGeneralPublic
License.

Contents
1 Functionality
2 History
3 Features
4 Security

Wireshark

WiresharkGUI
Originalauthor(s) GeraldCombs[1]
Developer(s)

TheWiresharkteam

Initialrelease

Around1998

Stablerelease

2.0.1/29December2015[2]

Writtenin

C,C++

Operatingsystem Crossplatform
Type

Packetanalyzer

License

GNUGPL[3]

Website

www.wireshark.org
(https://www.wireshark.org/)

5 Colorcoding
6 Seealso
7 Notes
8 References
9 Externallinks

Functionality
Wiresharkisverysimilartotcpdump,buthasagraphicalfrontend,plussomeintegratedsortingand
filteringoptions.

https://en.wikipedia.org/wiki/Wireshark

1/5

1/15/2016

WiresharkWikipedia,thefreeencyclopedia

Wiresharkletstheuserputnetworkinterfacecontrollersthatsupportpromiscuousmodeintothatmode,
sotheycanseealltrafficvisibleonthatinterface,notjusttrafficaddressedtooneoftheinterface's
configuredaddressesandbroadcast/multicasttraffic.However,whencapturingwithapacketanalyzerin
promiscuousmodeonaportonanetworkswitch,notalltrafficthroughtheswitchisnecessarilysentto
theportwherethecaptureisdone,socapturinginpromiscuousmodeisnotnecessarilysufficienttosee
allnetworktraffic.Portmirroringorvariousnetworktapsextendcapturetoanypointonthenetwork.
Simplepassivetapsareextremelyresistanttotampering.
OnLinux,BSD,andOSX,withlibpcap1.0.0orlater,Wireshark1.4andlatercanalsoputwireless
networkinterfacecontrollersintomonitormode.
IfaremotemachinecapturespacketsandsendsthecapturedpacketstoamachinerunningWireshark
usingtheTZSPprotocolortheprotocolusedbyOmniPeek,Wiresharkdissectsthosepackets,soitcan
analyzepacketscapturedonaremotemachineatthetimethattheyarecaptured.

History
Inthelate1990s,GeraldCombs,acomputersciencegraduateoftheUniversityofMissouriKansas
City,wasworkingforasmallInternetserviceprovider.Thecommercialprotocolanalysisproductsat
thetimewerepricedaround$1500[5]anddidnotrunonthecompany'sprimaryplatforms(Solarisand
Linux),soGeraldbeganwritingEtherealandreleasedthefirstversionaround1998.[1]TheEthereal
trademarkisownedbyNetworkIntegrationServices.
InMay2006,CombsacceptedajobwithCACETechnologies.Combsstillheldcopyrightonmostof
Ethereal'ssourcecode(andtherestwasredistributableundertheGNUGPL),soheusedthecontentsof
theEtherealSubversionrepositoryasthebasisfortheWiresharkrepository.However,hedidnotown
theEtherealtrademark,sohechangedthenametoWireshark.[6]In2010RiverbedTechnology
purchasedCACE[7]andtookoverastheprimarysponsorofWireshark.Etherealdevelopmenthas
ceased,andanEtherealsecurityadvisoryrecommendedswitchingtoWireshark.[8]
Wiresharkhaswonseveralindustryawardsovertheyears,[9]includingeWeek,[10]
InfoWorld,[11][12][13][14][15]andPCMagazine.[16]Itisalsothetopratedpacketsnifferinthe
Insecure.Orgnetworksecuritytoolssurvey[17]andwastheSourceForgeProjectoftheMonthinAugust
2010.[18]
CombscontinuestomaintaintheoverallcodeofWiresharkandissuereleasesofnewversionsofthe
software.Theproductwebsitelistsover600additionalcontributingauthors.

Features
Wiresharkissoftwarethat"understands"thestructure(encapsulation)ofdifferentnetworkingprotocols.
Itcanparseanddisplaythefields,alongwiththeirmeaningsasspecifiedbydifferentnetworking
protocols.Wiresharkusespcaptocapturepackets,soitcanonlycapturepacketsonthetypesof
networksthatpcapsupports.
Datacanbecaptured"fromthewire"fromalivenetworkconnectionorreadfromafileof
alreadycapturedpackets.
Livedatacanbereadfromanumberoftypesofnetworks,includingEthernet,IEEE802.11,PPP,
andloopback.
https://en.wikipedia.org/wiki/Wireshark

2/5

1/15/2016

WiresharkWikipedia,thefreeencyclopedia

CapturednetworkdatacanbebrowsedviaaGUI,orviatheterminal(commandline)versionof
theutility,TShark.
Capturedfilescanbeprogrammaticallyeditedorconvertedviacommandlineswitchestothe
"editcap"program.
Datadisplaycanberefinedusingadisplayfilter.
Pluginscanbecreatedfordissectingnewprotocols.[19]
VoIPcallsinthecapturedtrafficcanbedetected.Ifencodedinacompatibleencoding,themedia
flowcanevenbeplayed.
RawUSBtrafficcanbecaptured.[20]
WirelessconnectionscanalsobefilteredaslongastheytransversethemonitoredEthernet.
Varioussettings,timers,andfilterscanbesetthatensureonlytriggeredtrafficappear.
Wireshark'snativenetworktracefileformatisthelibpcapformatsupportedbylibpcapandWinPcap,so
itcanexchangecapturednetworktraceswithotherapplicationsthatusethesameformat,including
tcpdumpandCANetMaster.Itcanalsoreadcapturesfromothernetworkanalyzers,suchassnoop,
NetworkGeneral'sSniffer,andMicrosoftNetworkMonitor.

Security
Capturingrawnetworktrafficfromaninterfacerequireselevatedprivilegesonsomeplatforms.Forthis
reason,olderversionsofEthereal/Wiresharkandtethereal/TSharkoftenranwithsuperuserprivileges.
Takingintoaccountthehugenumberofprotocoldissectorsthatarecalledwhentrafficiscaptured,this
canposeaserioussecurityriskgiventhepossibilityofabuginadissector.Duetotheratherlarge
numberofvulnerabilitiesinthepast(ofwhichmanyhaveallowedremotecodeexecution)and
developers'doubtsforbetterfuturedevelopment,OpenBSDremovedEtherealfromitsportstreepriorto
OpenBSD3.6.[21]
Elevatedprivilegesarenotneededforalloperations.Forexample,analternativeistoruntcpdumpor
thedumpcaputilitythatcomeswithWiresharkwithsuperuserprivilegestocapturepacketsintoafile,
andlateranalyzethepacketsbyrunningWiresharkwithrestrictedprivileges.Toemulatenearrealtime
analysis,eachcapturedfilemaybemergedbymergecapintogrowingfileprocessedbyWireshark.On
wirelessnetworks,itispossibletousetheAircrackwirelesssecuritytoolstocaptureIEEE802.11
framesandreadtheresultingdumpfileswithWireshark.
AsofWireshark0.99.7,WiresharkandTSharkrundumpcaptoperformtrafficcapture.Platformsthat
requirespecialprivilegestocapturetrafficneedonlydumpcaprunwiththoseprivileges.Neither
WiresharknorTSharkneedtoorshouldberunwithspecialprivileges.

Colorcoding
Theusertypicallyseespacketshighlightedingreen,blue,andblack.Wiresharkusescolorstohelpthe
useridentifythetypesoftrafficataglance.Bydefault,greenisTCPtraffic,darkblueisDNStraffic,
lightblueisUDPtraffic,andblackidentifiesTCPpacketswithproblemsforexample,theycould
havebeendeliveredoutoforder.Userscanchangeexistingrulesforcoloringpackets,addnewrules,or
removerules.

Seealso
Comparisonofpacketanalyzers
Capsa
https://en.wikipedia.org/wiki/Wireshark

3/5

1/15/2016

WiresharkWikipedia,thefreeencyclopedia

Fiddler(software)
EtherApe
netsniffng
Ngrep
Omnipeek
Packetsquare
Tcptrace

Notes
1. "Q&AwiththefounderofWiresharkandEthereal".InterviewwithGeraldCombs.protocolTesting.com.
Retrieved20100724.
2. "Wireshark2.0.1and1.12.9Released".Wireshark.TheWiresharkFoundation.20151229.Retrieved
20151229.
3. "WiresharkFAQLicense".
4. "WiresharkFAQ".Retrieved31December2011.
5. InfoWorldNov17,1997(http://books.google.com/books?id=PzwEAAAAMBAJ&pg=PA101
IA9&dq=netXray&hl=en&ei=7sCYTs2ALaTy0gGt3fmbBA&sa=X&oi=book_result&ct=result&resnum=2&v
ed=0CDIQ6AEwAQ#v=onepage&q=netXray&f=false)
6. "What'supwiththenamechange?IsWiresharkafork?".Wireshark:FrequentlyAskedQuestions.Retrieved
20071109.
7. "RiverbedExpandsFurtherIntoTheApplicationAwareNetworkPerformanceManagementMarketwiththe
AcquisitionofCACETechnologies".RiverbedTechnology.20101021.Retrieved20101021.
8. "enpasa00024".Ethereal.20061110.Retrieved20100608.
9. "AwardsandAccolades".Wireshark:About.Retrieved20100920.
10. eWEEKLabs(20120528)."Wireshark".TheMostImportantOpenSourceAppsofAllTime.eWEEK.
Retrieved20120812.
11. Yager,Tom(20070910)."Bestofopensourceinnetworking".InfoWorld.Retrieved20141201.
12. "Wireshark".VoIPmonitoring.InfoWorld.Retrieved20150428.
13. Mobley,High(20120918)."BossieAwards2012:Thebestopensourcenetworkingandsecuritysoftware".
InfoWorld.Retrieved20150428.
14. Ferrill,Paul(20130917)."BossieAwards2013:Thebestopensourcenetworkingandsecuritysoftware".
InfoWorld.Retrieved20150428.
15. Garza,VictorR.(20140929)."BossieAwards2014:Thebestopensourcenetworkingandsecurity
software".InfoWorld.Retrieved20150428.
16. Lynn,Samara."Wireshark1.2.6".Wireshark1.2.6Review&Rating(PCMagazine).Retrieved20100920.
17. "WiresharkisNo.1ofTop14PacketSniffers".Insecure.Org.Retrieved20120812.
18. "Wireshark,SourceForgeProjectoftheMonth,August2010".SourceForge.Retrieved20120812.
19. "Dissectorcompilationexample".OmniIDL.Retrieved18April2013.
20. "USBcapturesetup".WiresharkWiki.Retrieved31December2011.
21. "CVSlogforports/net/ethereal/Attic/Makefile".Openbsd.org.Retrieved20100608.

References
Orebaugh,AngelaRamirez,GilbertBeale,Jay(February14,2007)."Wireshark&EtherealNetwork
ProtocolAnalyzerToolkit".Syngress:448.ISBN1597490733.
Sanders,Chris(May23,2007)."PracticalPacketAnalysis:UsingWiresharktoSolveRealWorldNetwork
Problems".NoStarchPress:192.ISBN1593271492.
Chappell,Laura(March31,2010)."WiresharkNetworkAnalysis:TheOfficialWiresharkCertifiedNetwork
AnalystStudyGuide".ProtocolAnalysisInstitute,dbaChappellUniversity:800.ISBN1893939995.

Cheok,Roy(July1,2014)."Wireshark:AGuidetoColorMyPackets".SANSInstitute.

Externallinks
https://en.wikipedia.org/wiki/Wireshark

4/5

1/15/2016

WiresharkWikipedia,thefreeencyclopedia

Officialwebsite(https://www.wireshark.org/)
Retrievedfrom"https://en.wikipedia.org/w/index.php?
title=Wireshark&oldid=698604544"

WikimediaCommonshas
mediarelatedtoWireshark.

Categories: PacketanalyzersoftwarethatusesGTK+ SoftwarethatusesQt


SoftwarethatwasportedfromGTK+toQt FreesoftwareprogrammedinC
FreesoftwareprogrammedinC++ Crossplatformfreesoftware Luascriptablesoftware
Networkanalyzers Freenetworkmanagementsoftware Unixnetworkrelatedsoftware
Windowsnetworkrelatedsoftware OSXnetworkrelatedsoftware Webscraping
Thispagewaslastmodifiedon7January2016,at04:00.
TextisavailableundertheCreativeCommonsAttributionShareAlikeLicenseadditionalterms
mayapply.Byusingthissite,youagreetotheTermsofUseandPrivacyPolicy.Wikipediaisa
registeredtrademarkoftheWikimediaFoundation,Inc.,anonprofitorganization.

https://en.wikipedia.org/wiki/Wireshark

5/5

Anda mungkin juga menyukai