Wireshark

The world's most trusted and widely used network protocol analyzer

Packet-level visibility • Forensic analysis • Secure network design

Protocol Analysis at Your Fingertips

Wireshark is a layer-2 through layer-7 protocol analyzer that captures and visualizes network traffic in real time. It provides unprecedented insight into network communications, making it an essential tool for network professionals, security experts, and developers alike.

As a passive tool, Wireshark doesn't generate or alter traffic but reveals everything happening on the wire or air, including plaintext credentials, malware beacons, misconfigured devices, and attacks in progress.

Wireshark interface showing network protocol analysis with color-coded packet streams

Key Features

Packet Capture

Capture live traffic via libpcap/Npcap across Ethernet, Wi-Fi, Bluetooth, USB, and virtual interfaces with promiscuous and monitor mode support.

Protocol Dissection

Over 2,400 protocol dissectors parse traffic into human-readable format, handling fragmentation, encryption (with keys), and tunneling protocols.

Powerful Filtering

Capture and display filters enable precise traffic analysis, with conversation views, flow graphs, and follow stream functionality.

CLI Tools

TShark, dumpcap, editcap, mergecap, and capinfos provide command-line alternatives for capture, analysis, and PCAP manipulation.

Scripting Support

Lua scripting enables custom dissectors and automation. Export formats include PCAP, PCAPNG, JSON, CSV, and XML.

Security Analysis

Detect anomalies, malware communications, reconnaissance activities, and attacks in progress through comprehensive protocol analysis.

Legitimate Uses

  • Diagnose network latency and performance issues
  • Detect malware beacons and C2 traffic
  • Reconstruct forensic timeline of security incidents
  • Debug proprietary protocol implementations
  • Teach TCP/IP stack and protocol behavior
  • Validate firewall and IDS/IPS configurations
  • Monitor VoIP and video streaming quality

Malicious Use Cases

  • Unauthorized credential harvesting
  • Session token interception
  • WPA2 handshake capture for cracking
  • Network reconnaissance and fingerprinting
  • Data exfiltration monitoring
  • VoIP conversation interception

Wireshark 4.x Features

Latest stable version: Wireshark 4.4.8 (July 2025)

  • Enhanced dissectors for DTLS, TLS 1.3, UDS, ECMP, HTTP/3, QUIC
  • Native multi-threaded dissection for improved performance
  • Redesigned user interface with dark mode support
  • Improved wireless capture and analysis capabilities
  • Fixed segmentation faults on malformed packets
  • Patched CVE-2025-x in dissector buffer handling
  • Improved privilege separation architecture
  • Enhanced encrypted session analysis capabilities
  • Windows 11 support with Npcap 2.0
  • macOS Sonoma optimized build
  • Ubuntu 24.04+ package availability
  • Android capture via Termux + TCPDump

Platform Support

Windows

Built with Npcap for optimized packet capture on Windows 10/11

macOS

Native libpcap support with seamless integration

Linux/BSD

Comprehensive package support for major distributions

Android

Remote capture via Termux + TCPDump with GUI analysis

Security Considerations

Dissector Vulnerabilities

Parsing complex or malformed protocols can trigger buffer overflows, use-after-free conditions, and null dereferencing vulnerabilities.

Privilege Risk

Never run Wireshark as root. Use dumpcap with limited permissions for capture while analyzing PCAPs as a standard user.

Privacy Exposure

Captured packets may reveal plaintext credentials, session tokens, DNS queries, and sensitive communications.

Legal Implications

Passive sniffing may violate data protection laws (GDPR, HIPAA) depending on jurisdiction and consent requirements.

Protocol Dissection Example

Frame 1234: 152 bytes on wire (1216 bits)
Ethernet II Src: 00:1a:2b:3c:4d:5e, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol Src: 192.168.1.100, Dst: 8.8.8.8
User Datagram Protocol Src Port: 54123, Dst Port: 53
Domain Name System (query)
Query: example.com
Type: A (Host Address)
Class: IN (0x0001)

Project Information

Category Description
License GNU General Public License v2
Source Code Available on GitHub
Contributors Global open-source community
Documentation Comprehensive user guide available
User Base Millions of network professionals worldwide