Wireshark

The World's Leading Network Protocol Analyser

Dive deep into network traffic analysis with the most powerful open-source packet sniffer

What is Wireshark?

Wireshark is a free and open-source packet analyser used for network troubleshooting, analysis, software and communications protocol development, and education. It lets you see what's happening on your network at a microscopic level.

Key Features

Deep Packet Inspection

Examine hundreds of protocols, with more being added all the time. Wireshark dissects protocol structures to reveal every bit and byte of network communication.

Powerful Filtering

Create complex display filters to isolate the traffic you're interested in. Zero in on specific packets with Wireshark's robust filtering language.

Live Capture & Analysis

Capture packets in real-time from various network interfaces including Ethernet, IEEE 802.11, Bluetooth, and more. Watch traffic as it flows.

Export Capabilities

Save captured packet data in multiple formats. Generate detailed reports and statistics from your captured traffic.

Wireshark in Action

Live Traffic Capture

# Starting Wireshark capture on interface eth0
> sudo wireshark -i eth0 -k

# Capturing packets...
No.     Time           Source                Destination           Protocol Length Info
1       0.000000000    192.168.1.5           8.8.8.8              DNS      83     Standard query 0x1a2b A www.example.com
2       0.034512000    8.8.8.8               192.168.1.5           DNS      99     Standard query response 0x1a2b A www.example.com A 93.184.216.34
3       0.035102000    192.168.1.5           93.184.216.34        TCP      74     52361 → 80 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=8
4       0.075698000    93.184.216.34        192.168.1.5           TCP      74     80 → 52361 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=8
5       0.075823000    192.168.1.5           93.184.216.34        TCP      66     52361 → 80 [ACK] Seq=1 Ack=1 Win=64240 Len=0
6       0.076102000    192.168.1.5           93.184.216.34        HTTP     162    GET / HTTP/1.1

Packet Analysis

Frame 6: 162 bytes on wire (1296 bits), 162 bytes captured
Ethernet II, Src: Dell_1a:2b:3c (00:25:64:1a:2b:3c), Dst: Cisco_4d:5e:6f (00:18:ba:4d:5e:6f)
Internet Protocol Version 4, Src: 192.168.1.5, Dst: 93.184.216.34
Transmission Control Protocol, Src Port: 52361, Dst Port: 80, Seq: 1, Ack: 1
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
    Host: www.example.com\r\n
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\r\n
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n
    Accept-Language: en-US,en;q=0.5\r\n
    Connection: keep-alive\r\n
    \r\n

Advanced Filtering

# Common Wireshark Display Filters

# Filter for HTTP traffic
http

# Filter for a specific host
ip.addr == 192.168.1.5

# Filter for DNS traffic
dns

# Filter for failed HTTP requests
http.response.code >= 400

# Filter for specific protocols
tcp.port == 443 or tcp.port == 80

# Complex filter example
(ip.src == 192.168.1.5 and ip.dst == 8.8.8.8) and dns

# Exclude certain traffic
!(arp or icmp)

# Filter by conversation
tcp.stream eq 1

Why Learn Wireshark?

Supported Protocols

Million Downloads

Years of Development

Wireshark is an essential tool for network administrators, security professionals, developers, and anyone interested in understanding how networks operate. It provides unparalleled visibility into network communications.

Common Use Cases:

Troubleshooting network problems
Examining security issues
Debugging protocol implementations
Learning network protocol internals
Network forensics and penetration testing

Ready to elevate your security posture?

Request A Cyber Security Assessment

PARLAR

WIRESHARK