1 | initial version |
Wireshark, depending on the capture setup, is capable to show the contents of unencrypted network packets at their greatest detail. Even some encrypted traffic can be decrypted first, given the relevant encryption keys. This allows the user to inspect all aspects of the network traffic, and thus analyse the performance of the network itself and applications using the network to communicate.
Unencrypted communications may expose operations performed by the users of the applications, e.g., web site addresses entered (through DNS), VoIP calls made (SIP/SDP/RTP). Most web site traffic itself (HTTP) is encrypted (HTTPS) nowadays, therefore hidden, unless the encryption keys are available.