Register  |  Update details
Wireshark 0.99.6
Click here for a larger image
Similar articles
Reviews section
More from IT Week
ADVERTISEMENT
Reviews Disclaimer
Readers are reminded that the opinions expressed, and the results published in connection with reviews and/or laboratory test reports carried out on computing systems and/or related items are confined to, and representative of, only those goods supplied and should not be construed as a recommendation to purchase.

Review : Protocol analysis for the masses

Wireshark 0.99.6 is a free, flexible and feature-packed network protocol analyser

Price: Free
Manufacturer: Wireshark



Ratings
Overall rating: Overall rating
Rate this product
Verdict

Wireshark version 0.99.6 offers network managers a versatile network protocol analyser that is easy to set up and use and can dissect almost all protocols The range of features and the wealth of analysis tools make it unbeatable for a free program.

Pros : Free; versions available for most platforms.

Cons : GUI not as polished as paid-for competitor programs.


Dave Bailey, IT Week 06 Nov 2007

ADVERTISEMENT

Wireshark version 0.99.6 is a free, flexible program for protocol capture and analysis that is available for Windows, Mac OS X, Linux and Unix systems.

We installed the Windows version, and within five minutes we were able to capture network traffic on our Windows XP Professional Dell Precision M50 notebook. For comparison, we also installed the software on Windows 2000 Professional, Windows Server 2003, Vista Enterprise, and Mandriva and Red Hat Linux, and again experienced no problems.

On firing up Wireshark, the user is presented with a menu bar underneath which is a blank grey pane. Choosing a network interface under the “Capture” tab and pressing “Start” sets off the packet capture process. The screen then divides into three panes, with the main one on top displaying a range of useful information, including the frame number of the packet, time, packet source, packet destination and protocol type.

Once packet data has been captured, it was easy to set up a display filter to only show packets of a certain protocol, to check, for example, whether any system on the network was using IPv6. Filters are also useful when connecting to mirror or span ports of routers and switches because they make it easy for users to pull out the specific protocol or protocols that they are looking for. Wireshark also allows users to set up expressions using Boolean-type operators, making it easy to check for packets containing certain MAC addresses.

Captured data can be analysed while still connected to the interface or saved offline for later analysis. Most packet capture formats are supported, including tcpdump (libpcap), Network General (now NetScout) Sniffer, Network Instruments Observer, Visual Networks Visual UpTime, and the WildPackets Peek family.

Clicking on the “Statistics” tab brings a wealth of analysis tools, such as flow graphs, I/O data transfer rate graphed over time and many others. Wireshark also has voice over IP (VoIP) call capture features for troubleshooting IP telephony problems.

Overall, this is an impressive package. The GUI is not as polished as others we have seen, but is still pretty good for a free application.

See also:

An acute observer of LAN behaviour
The latest version of the Observer packet analyser can now troubleshoot MPLS systems  08 Oct 2007
Growth of VoIP boosts EPM prospects
As more real-time apps are run over networks, enterprise performance management tools are becoming vital  03 Oct 2007

All Networking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links