Knowing what Wireshark can do will help you determine if it is the right tool for the job.
Wireshark is the world’s most popular network analysis tool with an average of over 1 million downloads per
month. Wireshark is also ranked #1 in the world as a security tool1. Named one of the “Most Important Open-
Source Apps of All Time”2, Wireshark runs on Windows, Mac OS X, and *NIX. Wireshark can even be run as a
Wireshark is a free open source software program available at wireshark.org. When run on a host that can see a
wired or wireless network, Wireshark captures and decodes the network frames, offering an ideal tool for
network troubleshooting, optimization, security (network forensics), and application analysis. Captured traffic
can be saved in numerous trace file formats (defaulting to the .pcapng format).
Wireshark’s decoding process uses dissectors that can identify and display the various fields and values in
network frames. In many instances, Wireshark’s dissectors offer an interpretation of frame contents as well—a
feature that significantly reduces the time required to locate the cause of poor network performance or to
validate security concerns.
The open source development community has created thousands of dissectors to interpret the most commonly
seen applications and protocols on networks. A core set of Wireshark developers is led by Gerald Combs, the
original creator of Ethereal (Wireshark’s development name prior to May 2006). As an open source project,
Wireshark’s source code is open to anyone for review or enhancement.
Wireshark can be used to easily determine who the top talkers are on the network, what applications are
currently in use, which protocols are supported on a network, whether requests are receiving error responses,
and whether packets are being dropped or delayed along a path. In addition, numerous filters can be applied
to target a specific address (or address range), application, response code, conversation, keyword, etc.
The Wireshark installation package includes numerous tools used to capture packets at the command line,
merge trace files, split trace files, and more.
Based on SLOCCount (Source Lines of Code Count), created by David A. Wheeler, Wireshark has over 2.4
million total lines of code (SLOC)4 and the total estimated cost to develop Wireshark is over $95 million.
The following is a quick list of some tasks that can be performed using Wireshark.
1 SecTools.Org: Top 125 Network Security Tools, sectools.org.
2 eWEEK/eWEEK Labs, May 28, 2012, see www.eweek.com/c/a/Linux-and-Open-Source/The-Most-Important-OpenSource-
3 See portableapps.com to learn more about this platform and to download the Portable App launcher. Download the
Wireshark portable application from www.wireshark.org.
4 See www.wireshark.org/download/automated/sloccount.txt for the current SLOCCount estimates.