SC Labs Reviews
Reviews from our expert team
I am a real fan of open source software, if and only if it is well-supported. Wireshark, formerly Ethereal, certainly fits that requirement nicely. Wireshark started life as Ethereal in 1998 and it depends for its capabilities on the libpcap library in its original Unix/Linux iteration. Today it is available for other platforms, including Windows.
Wireshark can identify virtually all communications protocols in common use, including VoIP and wireless. So why would a security practitioner need a protocol analyzer? In my case, Ethereal has always – until the introduction of Wireshark – been a core tool in my kit. Tracing exact behavior on networks has become an important security function. Picking out, through accurate protocol translation, the behavior of malware and attackers is a critical aspect of security analysis. The only way to do that dependably is to use a solid network sniffer. Wireshark does that nicely and it does it with an acceptably small footprint.
I regularly am faced with hooking my notebook up to a network and examining the traffic. Using Wireshark, I can identify source and destination addresses and ports, decipher payloads and watch malware behavior. Tracing data leakage can be expedited with a sniffer and, as long as the hardware supports the speed of the network well, we can get a good window into the traffic passing over the network.
The list of contributors to this tool over the 11 years since it was born is truly remarkable. With the exceptions of Nessus and Snort, Wireshark is supported by what may be the largest open source community in the security world. Literally hundreds of programmers and engineers have participated in its development and support, thereby rendering the display and filtering capabilities a lot of flexibility in how the tool can be used.
As a general purpose workhorse, Wireshark is a great tool. The price is right, the support is good and it does exactly what it is supposed to do without misbehaving along the way. One can get reports in XML, PostScript, CSV or text. There’s nothing better than that.