wireshark – a powerful sniffer, with a GUI, which can decode lots of protocols, lots of filters. tshark – command line version of wireshark dumpcap (part of wireshark) – can only capture traffic and can be used by wireshark / tshark tcpdump – limited protocol decoding but available on most *NIX platforms
Category: Packet analyzers
What is Wireshark?
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. How to use Wireshark to inspect packets and isolate network and system problems [pdf] Wireshark Display Filters via Packetlife [pdf]
What is tcpdump?
tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software. Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS […]