This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark as a Protocol Analyzer

0

I was reading a Networking book that talks about packet sniffers and protocol analyzers. The book was basically saying these are two diffrent things but often get confused between one another. My question is; Is wireshark a Packet Sniffer or Protocol Analyzer or a combination of the two? I did also read some products really are both a paket sniffer and protocol analyzer.

Thnak You.

asked 28 Nov '12, 10:34

I_GEEK_IT's gravatar image

I_GEEK_IT
1556
accept rate: 0%

edited 28 Nov '12, 11:41

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

1

My question is; Is wireshark a Packet Sniffer or Protocol Analyzer or a combination of the two?

It's both. Before you can analyze a protocol, you need to capture (sniff) some packets.

If you want to be really precise, then you would call Wireshark just a protocol analyzer, as the current version does not capture (sniff) the packets itself. It uses another tool, that is part of Wireshark: dumpcap. So one could say: dumpcap is the packet capture tool (the sniffer) and Wireshark is the analyzer.

I did also read some products really are both a paket sniffer and protocol analyzer.

most products (if not all) are a combination of both, due to what I said above.

Regards
Kurt

answered 28 Nov '12, 11:35

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 28 Nov '12, 11:40