Slashdot Mirror
Wireshark 1.0 Released
katterjohn writes "After almost 10 years of work, Wireshark 1.0 has been released. Wireshark is the award-winning protocol analyzer, formerly known as Ethereal. The release features several security fixes and an experimental package for Max OS X Intel."
Wireshark is far from being an egghead tool that only professionals might use. It's also useful for running aircrack-ng. I'm happy they've finally reached 1.0.
I'll be off to update mine today. It's the best improvement on tcpdump I've ever used.
In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
The site is slow at the moment, if you want to download the thing, skip the chase and go straight to http://sourceforge.net/projects/wireshark/
Now come on! What sort of a lede is that? Just a tease and no candy? What does Wireshark 1.0 DO for pete's sake?
A quick read: "Network protocol analyzer for Windows and Unix that allows examination of data from a live network, or from a capture file on disk." Basically it is tcpdump with a GUI.
Jumpstart the tartan drive.
wireshark-setup-1.0.0.exe
You can capture multiple interfaces with tcpdump or what have you, and merge them with wireshark. There is also the "any" interface in wireshark.
:Or just add localhost to a bridge.. why I can't do this is outside my understanding (until someone gives a crafty answer)
It's a simple reason. Bridging is a layer 2 technology, as IP is layer 3. As I expected, a "localhost" on Linux does not have a MAC address (required for layer 2).
Since there aren't any court decisions based on that relatively new law, nobody knows. (The point of the law actually is that you can interpret it in basically any way you want.) The state attorney dismissed a case against the Bundesamt für Sicherheit in der Informationstechnik (Federal Bureau for Security in Information Technology) because they are distibuting software of the kind via the Web, though.
Couldn't have put it better myself. Wireshark gives you a ton of tools for filtering through all the ongoing connections, and really looking at what's going on with your network.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
http://wireshark.zing.org/download/osx/Wireshark%201.0.0%20Intel.dmg
I think they just decided that Scientology wasn't a religion, but a business cum Ponzi scheme in clerical collars.
Also I think what they prohibited wasn't the practice of Scientology per se, but the Church of Scientology as an organization. That the CoS believes you can't practice the 'religion' without them is kind of a separate issue. But if you want to sit in your house and think Scientology thoughts in Germany, I think you'd be protected. They just take a dim view of the whole converting-others-and-fleecing-them bit. Historically, even religiously tolerant societies have had different reactions to aggressive proselyting.
It is a bit arbitrary, since I could think of a few other religions that aren't a ton better, but you have to admit the CoS is particularly bald-faced.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
you're wrong, this would have made it 0.99.10. 1.-99.0 must have been added.
One of the most useful features of wireshark is its breakdown of (known) protocols. It makes it a lot easier to follow a DHCP address acquisition or a DNS request and to dig into the individual flags of said DNS request (was it an update? did it have any prerequisites?)
However, probably the best use I've found for Wireshark was troubleshooting VoIP with SIP and RTP. Wireshark has great plugins for visually laying out each step of the SIP conversation, including showing you where the RTP stream initidated at. If you've ever tried to troubleshoot SIP via a NAT setup with various proxies like SER throughout, it's an invaluable tool. It'll even graph jitter for you. Just tcpdump to an output file and load it up in Wireshark.