The amount of resources Wireshark needs depends on your environment and on the size of the capture file you are analyzing. The values below should be fine for small to medium-sized capture files no more than a few hundred MB. Larger capture files will require more memory and disk space.
Busy networks mean large captures | |
---|---|
Working with a busy network can easily produce huge capture files. Capturing on a gigabit or even 100 megabit network can produce hundreds of megabytes of capture data in a short time. A fast processor, lots of memory and disk space is always a good idea. |
If Wireshark runs out of memory it will crash. See https://wiki.wireshark.org/KnownBugs/OutOfMemory for details and workarounds.
Although Wireshark captures packets using a separate process the main interface is single-threaded and won’t benefit much from multi-core systems.
- The current version of Wireshark should support any version of Windows that is still within its extended support lifetime. At the time of writing this includes Windows 10, 8, 7, Vista, Server 2016, Server 2012 R2, Server 2012, Server 2008 R2, and Server 2008.
- Any modern 64-bit AMD64/x86-64 or 32-bit x86 processor.
- 400 MB available RAM. Larger capture files require more RAM.
- 300 MB available disk space. Capture files require additional disk space.
- 1024×768 (1280×1024 or higher recommended) resolution with at least 16 bit color. 8 bit color should work but user experience will be degraded. Power users will find multiple monitors useful.
-
A supported network card for capturing
- Ethernet. Any card supported by Windows should work. See the wiki pages on Ethernet capture and offloading for issues that may affect your environment.
- 802.11. See the Wireshark wiki page. Capturing raw 802.11 information may be difficult without special equipment.
- Other media. See https://wiki.wireshark.org/CaptureSetup/NetworkMedia.
Older versions of Windows which are outside Microsoft’s extended lifecycle support window are no longer supported. It is often difficult or impossible to support these systems due to circumstances beyond our control, such as third party libraries on which we depend or due to necessary features that are only present in newer versions of Windows (such as hardened security or memory management).
Wireshark 1.12 was the last release branch to support Windows Server 2003. Wireshark 1.10 was the last branch to officially support Windows XP. See the Wireshark release lifecycle page for more details.
Wireshark runs on most UNIX and UNIX-like platforms including macOS and Linux. The system requirements should be comparable to the Windows values listed above.
Binary packages are available for most Unices and Linux distributions including the following platforms:
- Apple macOS
- Debian GNU/Linux
- FreeBSD
- Gentoo Linux
- HP-UX
- Mandriva Linux
- NetBSD
- OpenPKG
- Red Hat Enterprise/Fedora Linux
- Sun Solaris/i386
- Sun Solaris/SPARC
- Canonical Ubuntu
If a binary package is not available for your platform you can download the source and try to build it. Please report your experiences to wireshark-dev[AT]wireshark.org.