See our complete list of top penetration testing tools.
Bottom Line
Wireshark is often found in the security toolkit. Pen testers use it to point out what is happening with the network and to assess traffic for vulnerabilities in real time. By reviewing connection-level information as well as the constituents of data packets, it highlights their characteristics, origin, destination, and more. While it flags potential weaknesses, a pen testing tool is still required to exploit them.
Type of tool: Packet sniffer/networks/ protocol analyzer
Key features: Wireshark is a network protocol analyzer that lets you see what’s happening on the network down to the finest detail. It is an open source project developed by contributions over the last twenty years. It conducts deep inspection of hundreds of protocols, with more added regularly. It runs Windows, Linux, Mac and most other OSes. It can also deal with most capture file formats. Features include live capture, offline analysis, display filters, VoIP analysis and decryption support. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others. Output can be exported to XML, PostScript, CSV or plain text.
Wireshark’s packet sniffing, network analysis and protocol analysis capabilities make it useful when assessing traffic vulnerabilities in real time. It can scrutinize connection-level information as well as the various pieces that constitute data packets. By capturing such packets, IT teams can determine their characteristics, see their origin and destination, and what protocol is being used. This helps to flag weaknesses within the network.
The results of analysis are provided in a way that is easy to understand at a glance. Testers can use Wireshark to look more closely at traffic flows and zero in on potentially troublesome packets. Security risks it deals with include data parameter pollution, SQL injection and memory buffer overflows. It is also useful in assessing the security of wireless networks, as it can capture live over-the-air wireless traffic.
Differentiator: Ability to analyze network traffic down to a granular level.
What it can’t do: It isolates problem areas, but does not conduct penetration testing to exploit those weaknesses.
Cost: Free