Wireshark

The exchange of information between two or more networked computers is more complex than you would think. If you wish to see this process on a basic level, then Wireshark is something you should definitely try. Due to the continuous contribution of countless networking experts, this software is one of the most reliable protocol analyzers on the market. It comes with advanced analysis and live capturing capabilities for countless protocols and it gives you complete freedom when it comes to inspecting the gathered information. What's more, Wireshark is free, open source and cross-platform.

Despite the complex appearance of the user interface, its controls can be mastered after only a few minutes of experimenting with the available functions. Most operations can be performed through a series of options, located on a toolbar, but you can also find a series of links in the central region of the window, for starting a capturing process, making a few tweaks, downloading sample capture files and for accessing various documentation materials.

The software allows you to capture data from specific interfaces. You can select one or more interfaces on a small window, on which you can also hit a Start button, to begin the capturing process. Additional configurations can be made on a different panel. Wireshark allows you to choose where to store the capture files and you can also set it to create a new file after a certain amount of time if the current one exceeds a specified size. Furthermore, you can tick a series of options if you wish to resolve MAC addresses, network-layer or transport-layer names or if you want to use an external network name resolver. It is also possible to set Wireshark to stop capturing after it reaches a given number of packets, a certain amount of data or after a specified number of minutes.

Captured packets are displayed together with a huge amount of information, on three panels, on the main interface. All entries are color-coded, to make specific processes stand out and you can define your own coloring rules if you need to. It is also possible to apply one of many filters, to show only specific addresses, protocols and so on. You can either select a predefined filter or create your own filters.