Overview of Wireshark

Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

The program can read capture files from tcpdump (libpcap), NAI Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, snoop, Shomiti Surveyor, AIX s retrace, Microsoft Network Monitor, Novell s LANalyzer, RADCOM s WAN/LAN Analyzer, HP-UX nettl, ISDN4BSD, Cisco Secure IDS iplog, the pppd log (pppdump-format), and the AG Group s/Wildpacket Etherpeek.

Wireshark can also read traces from Lucent/Ascend WAN routers and Toshiba ISDN routers. It can compress files with gzip, and Wireshark will decompress them on the fly.

Features of Wireshark

Deep inspection of hundreds of protocols, with more being added all the time

Live capture and offline analysis

Standard three-pane packet browser

Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others

Captured network data can be browsed via a GUI or a TTY-mode TShark utility.

The most powerful display filters in the industry

Rich VoIP analysis

Read/write many different capture file formats

Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others

Capture files compressed with gzip can be decompressed on the fly

Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others

Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2

Coloring rules can be applied to the packet list for quick, intuitive analysis

Output can be exported to XML, PostScript, CSV, or plain text

System Requirements and Technical Details

Supported OS: Windows 11, Windows 10, Windows 8.1, Windows 7

RAM (Memory): 2 GB RAM (4 GB recommended)

Free Hard Disk Space: 200 MB or more