Wireshark is a free cross-platform open-source network traffic capture and analysis utility. It began as a project called “Ethereal” in the late 1990s, but its name was changed to “Wireshark” in 2006 due to trademark issues. The initial code was written by Gerald Combs, a computer science graduate of the University of Missouri-Kansas City, today the Wireshark website now lists over 600 contributors. The program is GUI-based and uses pcap to capture packets, although there is also a command-line version of Wireshark called TShark with the same functionality.
Wireshark essentially “understands” the formats of various types of network packets, and is able to display the header and content information of captured packets in an easy-to-read format with various filtering options. Packets can be either captured directly with Wireshark, or captured with a separate utility and later viewed within Wireshark. As a powerful (and free) network analysis tool, Wireshark has become an industry standard utility for network traffic analysis.