Is it illegal to have Wireshark?

How do I capture packets without Wireshark?

My situation is I'm capturing packets in a live environment where there are many other things going on.

What I want to capture is only the traffic from my laptop to the router. I've seen that Wireshark allows for this by creating a filter, but I have no idea how. I'm looking for a way to do this with a simple command line program.

In Wireshark you can select the particular interfaces and then use the tcpdump filter "port dst port 80" to capture only traffic destined for your laptop's port 80. If you're running on Linux you can get tcpdump working with Wireshark by doing "sudo tcpdump -i eth0 -n -l -w tcpdump.pcap"
To do it in the command line you can use the tcptraceroute program. The "-I " option tells it to send traffic to the interface specified on the command line, and "-p " tells it to send traffic on port . So, for example, if you wanted to capture traffic destined for port 80 on your laptop you would do something like "tcptraceroute -I eth0 -p 80".

Is it illegal to have Wireshark?

Is it legal to intercept an 802.

11 packet, filter it down to payload only, and then send this through a Wifi module or an ethernet modem?
The project uses "legal devices" because it doesn't collect or process data (even though one could infer as much). And if there was any processing performed on packets it would be of a minimal nature (a basic string compare), so the user would be unaware of what was going on.

First off, I think we can all agree that it is not legal to monitor network traffic in some countries and at some times, eg Germany's G-10 / IT-10. Therefore, even in those countres, it is not legal to perform such activity, because you basically violate German laws regarding intercepting networks and sending it over the Internet.

So your project is clearly against the law, unless you can prove otherwise. You can't really "have wireshark", either by owning it or merely buying a physical copy.

As long as the law does not explicitly forbids the activities you are describing and if you are in certain jurisdictions (in fact almost anywhere), there is absolutely no problem with your proposed activity - except that you might get arrested or sued if others find out about your activities. Assuming you can legally carry out such interception and interception under such circumstances is completely in itself illegal per se, regardless of who performed it. However, if I could legally perform this particular interception but you could not then it would still be illegal for me to give you access to my equipment (for instance, you might be able to prove this equipment belongs to someone who is able to prove ownership) allowing you to carry out this interception yourself. In the US, we have similar law about interception of encrypted communication like the one you describe. It is referred to as the Electronic Communications Privacy Act or ECPI don't know about the rest of the world, but I suspect that many countries, including Canada and the UK, do not have an equivalent to ECPThe closest thing I can find here in Canada is the Lawful Access initiative which covers things other than just monitoring.

Is there a free version of Wireshark?

I need something similar to the free version (as in no need for a subscription) I understand the free edition limits you to certain categories (as in network protocol decoding only)

Re:? Hello, the only limitation that is not free, is that it cannot capture packets from the following protocols : DCE/RPC, SSL, SCTP, ICMPv6, PPP, SIP, GRE, RTP, UPnP, DNS, DDP, SMUX, UDP, AXFR and RTSP and more. And yes, there is also a pro version. However, you can try to download the windows installer(link provided above) and try to find out all its limitations.It depends on you, if this free version would be sufficient for you or not. For example, I also use this software to sniff wireless signals on my laptop.And one more question : you say "No need for a subscription"

What exactly do you mean

Is there a tool I can connect directly from Ubuntu to a Win7 box with which I can capture ethernet frames? I know if I have windows, I can setup Wireshark, but would really like to use a free package. I've looked into tcpmon, can use that, but the same thing, I still have to have Wireshark If you look at tcpmon, I believe that it does use Wireshark for decoding the captured traffic. You can configure it in order to capture your ethernet frames. However, tcpmon is just a packet analyzer, meaning that it captures any stream of data, and you have to configure it to what you are trying to capture. You can configure tcpmon in order to capture all kinds of things, including ethernet frames.

So there are a lot of possibilities and tools out there, but in order to use them you still have to have Wireshark. If you were to say "No need for a subscription" what exactly do you mean

What exactly did you subscribe to

If I understand you, you subscribed to a network packet analysis tool ?

Is there anything better than Wireshark?

I've been using Wireshark for the past couple of years, and I like it a lot.

My current employer has given me access to their network, and I use Wireshark to inspect their network traffic, to see where any bottlenecks are, and to do some security audits on their network.

I've even set up a virtual network to test various things, using VMs for the guest OSes, and using VMware's free version of vCenter Converter (for Windows guests), which gives me a VM running on ESX Server 4.1 that I can use to inspect the host network traffic, just as if I were using Wireshark on my laptop.

The only problem is that Wireshark doesn't have any sort of scripting support (I couldn't find an existing solution on Google that had a scripting component either), so if I want to automate some tasks, I have to write all of the scripts by hand. It would be nice to be able to save my scripts, and have Wireshark read them in and execute them, so that I can create scripts to automate common tasks.

So, the question is, is there any software that is better than Wireshark? Or is Wireshark good enough? (Note: This is NOT a question about which packet sniffer is better, or what the advantages of Wireshark are. This is a question about which software is better, or if Wireshark is good enough, or if there's something better than Wireshark.)
I've even set up a virtual network to test various things, using VMs for the guest OSes, and using VMware's free version of vCenter Converter (for Windows guests), which gives me a VM running on ESX Server 4.