Just discovered this:
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
Still haven’t but looking forward to use it. Also looking to setup my own fake CA authority so I can analyze HTTPS traffic. Might even put it on my router and do some stats. 
Would be very curious about what other people think of Wireshark.
Why use wireshark, when we already have tcpdump ?
Yes, I used Wireshark… in 2001. Very useful. Did you have a question?
Just general curiosity - did you find anything unexpected Dave?
What about you Koko?
Dimi, there are some extra controls by default on Mac’s which allow you to enable wifi logging (hold down option while clicking on the wifi icon in the menu bar).
In the company I’m working for it is used on a regular basis to analyse and debug long running tcpdumps.
Though, we really use it as viewer only.
Maybe, as we now have to support some windows VMs as well, we might use it for actual captures as well in the future, though I doubt it, as those VMs purpose is not even close to the purpose of the machines were we usually have to do that kind of long time captures.
I don’t recall any particular surprises, but then again, that was the first time I had used such a tool much.
We used WireShark for some of our assignments when I was doing a network course at university. Haven’t heard about it since.
Yeah I used to use wireshark (and under its prior name of ethereal or whatever it was) a lot and less so nowadays as I do less network development, but it was super useful. tcpdump is also useful but need other tools to parse through it, lol.
I’ve used Wireshark at home, and at work. At work it was very useful for analyzing a (relatively unique) network protocol for some older systems. You can extend it so that it recognizes different protocols and can breakdown the packets (so that our custom protocol stopped being a hex blob and became actual useful information). With that, we could do a lot of filtering in Wireshark to monitor things during test and development.
I used it in high school to sniff traffic and read the communication on the most popular IM in Poland at the time (it used plain-text communication so it was dumb easy with ARP spoofing).
