Wireshark

Wireshark is a network protocol analyzer that has become a standard across several industries. Supported protocols are still growing, the number going by the hundreds. It can do live captures and off-line analysis, VoIP analysis, and protocol decryption.

This protocol analyzer reads and writes in many different capture file formats, exports output to XML, PostScript, CSV, or plain text, and browses captured network data by using a GUI or of TShark utility.

Said to offer the most powerful display filters in the industry, this one can also decompress gzip files on the fly and display results intuitively by using colors and full listing.

• Data can be captured "off the wire" from a live network connection or read from a capture file
• Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms)
• Captured network data can be browsed via a GUI or the TTY-mode "tethereal" program
• Capture files can be programmatically edited or converted via command-line switches to the "editcap" program
• 602 protocols can currently be dissected
• Output can be saved or printed as plain text or PostScript
• Data display can be refined using a display filter
• Display filters can also be used to highlight and color packet summary information selectively
• All or part of each captured network trace can be saved to disk