Features of Wireshark
Data can be captured ‘from the wire’ from a live network connection, or read from a file of alreadycaptured packets. Live data can be read from various types of networks including Ethernet, IEEE 802.11 and PPP. Captured network data can be browsed via a GUI or via the terminal (command line) version of the utility, TShark. Captured files can be programmatically edited or converted via command-line switches to the editcap program. Data display can be refined using a display filter.
Plugins can be created for dissecting new protocols. Voice over Internet Protocol (VoIP) calls in the captured traffic can be detected. If encoded in compatible encoding, media flow can even be played. Raw USB traffic can be captured, packets on many criteria filtered/searched and captured packet data saved.