What is Wireshark used for?

Wireshark (pronounced 'wire shark') is a free, open source packet analyzer designed for network administrators, system engineers and security professionals. This article was last updated in July 2024. For more recent information, see What's New In Wireshark 2.8

Wireshark is designed to be useful in several of the most commonly performed tasks in the networking world: Network traffic capturing. Wireshark can be used to capture a wide variety of network traffic, including Internet traffic, local networks, and even VPN connections, making it popular for capturing the data that a network administrator might need.

Packet analysis. Wireshark can also help you understand packets on the wire by examining them for detailed information. This lets you track down errors and other issues on your network faster than you could otherwise.

Network troubleshooting. Finally, it can also help you find out what's wrong with your network, and how to fix it. Most of the time, this involves locating your computer or networking device on a network map or troubleshooting log.

Wireshark is free, open source software that runs on Linux, Windows, Mac OS X and FreeBSD. It works on any network protocol-level data, such as IP, Ethernet, TCP, UDP and TLS/SSL.

For a more in-depth view of Wireshark, you might also like to read our other top Wireshark articles: Why capture traffic? Sometimes, when we think about the purpose of a network device like a router, for example, we can get carried away with all of its abilities. Maybe we'll add the device to our firewall and use it for intrusion detection and packet filtering. Maybe we'll assign it to watch a few network channels and perform DHCP server duties.

After being in business for over twenty years, however, we should quickly realize that when it comes to our network devices, it's all about throughput. Even when we do have to watch some network channels to prevent malware from using them, our main goal should be throughput - which, of course, means speed.

There are a few other things that we need to consider as well.

What is the best way to learn Wireshark?

I have seen a lot of tutorial videos online, but they all seem to make things very complicated.

Is there a single best way to start learning Wireshark? I would like to learn this as soon as possible.

For example, I would like to know what tool to use to do protocol dissections. ZacApr 6 '13 at 18:23. 2

@Zachary T.Bennett: I'm sure you'll find plenty of tutorials that get too far in, but there are plenty of videos that skip past the basics and start to get into more advanced stuff. You don't have to watch everything - just pick up on the basics and go from there. For example, take a look at the tutorial on youtube.com, as well as this link here on SE.org.

JamesqfAug 27 '13 at 17:47. 1 Answer.
The question comes up quite frequently, so I decided to put it all in one answer. I will cover some topics in depth to really make you understand what is going on, but I can only do so much. For many, many tools, the best way to learn is by playing with them.

It's not really necessary to read each and every tutorial. They usually cover important subjects in great depth, and give examples. You just need to make your choice of what you want to learn from.

If you want to be a network specialist, then it's good to know what protocols you're supposed to work with, what they can offer to your system and what you are expected to deal with them. This does not need to be extremely precise, but it is the best for you to learn what you are doing. If you want to be a Networking Specialist, I advise you to have some experience and knowledge in networking before you jump into Wireshark.

So I hope that this question will help people in future and I will add more content to this answer. Let's start with wireshark and what it is. It is a network protocol analyzer. It gives you the ability to capture and analyse packets that your computer sends and receives. So for example, you can run Wireshark on the server side and watch your web traffic.

Is Wireshark still useful?

From time to time, people ask about Wireshark.

Do I still use it, even though I can get my network traffic on OS X with NetProtocolAnalyzer, or on Linux with tcpdump? I'm not sure what's the situation today.

I was considering to put up a survey about networking tools. It's not entirely clear to me, if Wireshark is still interesting.

What would you do? It is certainly more useful than ever, I know of no other product that has so many features. I use wireshark to view captured packets on a physical network monitor such as VNX and the capability to view packets in real time is an amazing addition to my toolset. Wireshark is not only useful, but also very easy to use. If you do not understand a packet you can open it with the "Open In." button. Just click on it. This opens a dialog, where you can change the options for the file.

You can change the file-format, the file-name and all other options. You can change any file just by clicking on the desired entry. No menu, just click it, and the changes apply. You can do this for any kind of file.

If you want to change any option of any kind, you click on "Help". This opens a browser, where you can read about all available options.

I use Wireshark for everything - server-side debugging, analysis and monitoring. If you just want to see how to inspect packets, that is simple. Just right-click on the one you are interested in and click on "Open packet." If you want to change the information, just use the information panel in the middle. For me, it is much faster and easier than Netcat and pcap-ng. And it is still being updated.

EDIT: Since the above answer was posted I have done some research on what Wireshark can actually do. Nc -l 2024 TCP dump is active. IP ICMP IP6 ICMP.