Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.
Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type, and header data. Data can be captured “from the wire” from a live network connection or read from a file of already-captured packets. Live data can be read from different types of networks, including Ethernet, IEEE 802.11, PPP, and loopback. In Wireshark, live USB traffic can be captured as well. Wireless connections can also be filtered. Captured files can be edited or used by programming.
The user typically sees packets highlighted in green, blue, and black. It uses colors to help the user identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic. And black identifies TCP packets with problems.
Wireshark is licensed under the GNU General Public License.