can someone answer this question in 2-3 pages dont copy from other sites plz :)

Question

can someone answer this question in 2-3 pages dont copy from other sites plz :) thank you i will rate! • One page Description of Wireshark and components – what does it do and how

Wireshark is an open source network protocol analyzer that enables users a two-way flow of information data traffic on a computer network. Wire Shark contains packet sniffer Computer application, it has GUI front-end, information sorting and filtering options. Initiated by Gerald Combs under the name Ethereal, but was renames Wireshark 2006.

This network protocol analyzer tool makes it easier for networking to troubleshoot the network by deliver information about who is on the network and decodes packets of information from a network. For example who is using bandwidth and where errors are occurring. Wireshark live captures of network traffic is presented in a format that the user can easily understand. For example who is using bandwidth and where errors are occurring and information who is on the network. In contrast, Wireshark is a dispensable tools for administration to diagnose and troubleshoot problems. But, it can also use by hackers to obtain unauthorized information.

THIS IS WHAT I HAVE SO FAR I NEED 2-3 PAGES

Explanation / Answer

Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.

Features

Wireshark has a rich feature set which includes the following:

==Functionality==
Wireshark is very similar to [[tcpdump]], but has a [[Graphical user interface|graphical]] [[front-end and back-end|front-end]], plus some integrated sorting and filtering options.

Wireshark lets the user put network interface controllers that support promiscuous mode into that mode, so they can see all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast traffic. However, when capturing with a packet analyzer in promiscuous mode on a port on a network switch, not all traffic through the switch is necessarily sent to the port where the capture is done, so capturing in promiscuous mode is not necessarily sufficient to see all network traffic. Port mirroring or various network taps extend capture to any point on the network. Simple passive taps are extremely resistant to tampering.

On GNU/Linux, BSD, and OS X, with [pcap|libpcap] 1.0.0 or later, Wireshark 1.4 and later can also put [wireless network interface controller]s into [monitor mode].

If a remote machine captures packets and sends the captured packets to a machine running Wireshark using the [TZSP] protocol or the protocol used by [OmniPeek], Wireshark dissects those packets, so it can analyze packets captured on a remote machine at the time that they are captured.

Security:

Capturing raw network traffic from an interface requires elevated privileges on some platforms. For this reason, older versions of Ethereal/Wireshark and tethereal/TShark often ran with superuser privileges. Taking into account the huge number of protocol dissectors that are called when traffic is captured, this can pose a serious security risk given the possibility of a bug in a dissector. Due to the rather large number of vulnerabilities in the past (of which many have allowed remote code execution) and developers' doubts for better future development, OpenBSD removed Ethereal from its ports tree prior to OpenBSD.

Elevated privileges are not needed for all operations. For example, an alternative is to run tcpdump or the dumpcap utility that comes with Wireshark with superuser privileges to capture packets into a file, and later analyze the packets by running Wireshark with restricted privileges. To emulate near realtime analysis, each captured file may be merged bymergecap into growing file processed by Wireshark. On wireless networks, it is possible to use the Aircrack wireless security tools to capture IEEE 802.11 frames and read the resulting dump files with Wireshark.

As of Wireshark 0.99.7, Wireshark and TShark run dumpcap to perform traffic capture. Platforms that require special privileges to capture traffic need only dumpcap run with those privileges. Neither Wireshark nor TShark need to or should be run with special privileges.

Components:

• Wireshark - The network protocol analyzer that we all know and mostly love.

• TShark - A command-line network protocol analyzer. If you haven’t tried it you should.

• Wireshark 1 Legacy - The old (GTK+) user interface in case you need it.

• Plugins & Extensions - Extras for the Wireshark and TShark dissection engines

• Dissector Plugins - Plugins with some extended dissections.

• Tree Statistics Plugins - Extended statistics.

• Mate - Meta Analysis and Tracing Engine - User configurable extension(s) of the display filter engine.

• SNMP MIBs - SNMP MIBs for a more detailed SNMP dissection.

• Tools - Additional command line tools to work with capture files

• Editcap - Reads a capture file and writes some or all of the packets into another capture file.

• Text2Pcap - Reads in an ASCII hex dump and writes the data into a pcap capture file.

• Reordercap - Reorders a capture file by timestamp.

• Mergecap - Combines multiple saved capture files into a single output file.

• Capinfos - Provides information on capture files. • Rawshark - Raw packet filter

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.