Live data can be read from Ethernet, IEEE 802.11, Bluetooth, USB, and others (depending on your platform).Capture files compressed with gzip can be decompressed on the fly.Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Cisco Secure IDS iplog, Microsoft Network Monitor, and many others.The most powerful display filters in the industry.Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others.Deep inspection of hundreds of protocols, with more being added all the time.On its website, Wireshark describes its rich feature set as including the following: It supports the same options as Wireshark. TShark is a terminal-oriented version of Wireshark designed to capture and display packets when an interactive user interface isn't necessary or available. It enables you to see what's happening on your network at a microscopic level. It lets you interactively browse packet data from a live network or a previously saved capture file. Wireshark is a GUI network protocol analyzer.