wireshark

Wireshark is a network protocol analyzer, or an application that captures packets from a network connection, such as from your computer to your home office or the internet.

Wireshark has many uses, including troubleshooting networks that have performance issues. Cybersecurity professionals often use Wireshark to trace connections, view the contents of suspect network transactions and identify bursts of network traffic.

Wireshark is primarily used to capture packets of data moving through a network. The tool allows users to put network interface controllers (NICs) into promiscuous mode to observe most traffic, even unicast traffic, which is not sent to a controller’s MAC address.

Warning

However, doing this normally requires superuser permissions and may be restricted on some networks.

Even without that ability, Wireshark is able to sniff out most packets flowing through a network, no matter the OS, the networking protocol, encryption method or file format.