Wireshark (formerly known as Ethereal) is a free software protocol analyzer, or “packet sniffer” application, used for network troubleshooting, analysis, software and protocol development, and education. It has all of the standard features of a protocol analyzer.
Wireshark is released under the GNU General Public License, and it uses the cross-platform GTK+ widget toolkit. It runs on Unix and Unix-like systems, including Linux, Solaris, FreeBSD, NetBSD, OpenBSD and Mac OS X (although GTK+ only works with X11 on Mac OS X, so the user will need to run a X server such as X11.app), and on Windows.
Wireshark is software that “understands” the structure of different network protocols. Thus it’s able to display encapsulation and single fields and interpret their meaning. Wireshark uses pcap to capture packets, so it can only capture on networks supported by pcap.