A
protocol analyzer (packet sniffer) captures and decodes network traffic for troubleshooting and forensics. Wireshark is the most widely used tool.
Wireshark decodes hundreds of protocols. Can decrypt TLS traffic if you have the session keys. Filter syntax: 'tcp.port==443', 'ip.addr==192.168.1.1'. Promiscuous mode captures all traffic on a segment.