Domnic Mendes, who had a positive experience with this tool, thought Wireshark would be a good addition to Cool Tools.

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry.

It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser

• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others

• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting

• The most powerful display filters in the industry

• VoIP analysis

• Live capture and offline analysis are supported

• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray , Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others

• Capture files compressed with gzip can be decompressed on the fly

• Hundreds of protocols are supported, with more being added all the time

• Coloring rules can be applied to the packet list, which eases analysis