WireShark (formerly Ethereal)

[Scarecrow Man]

Wireshark is an award-winning network protocol analyzer developed by an international team of networking experts.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Wireshark has a rich feature set which includes the following:

• Deep inspection of hundreds of protocols, with more being added all the time
  
• Live capture and offline analysis
  
• Standard three-pane packet browser
  
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  
• The most powerful display filters in the industry
  
• Rich VoIP analysis
  
• Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  
• Capture files compressed with gzip can be decompressed on the fly
  
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
  
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  
• Coloring rules can be applied to the packet list for quick, intuitive analysis
  
• Output can be exported to XML, PostScript®, CSV, or plain text
  

http://www.wireshark.org/