Chapter 1. Introduction

Wireshark 2.1

Chapter 1. Introduction

1.1. What is Wireshark?

1.1.1. Some intended purposes

  • Network administrators use it to troubleshoot network problems
  • Network security engineers use it to examine security problems
  • Developers use it to debug protocol implementations
  • People use it to learn network protocol internals

1.1.2. Features

  • Available for UNIX and Windows.
  • Capture live packet data from a network interface.
  • Open files containing packet data captured with tcpdump/WinDump, Wireshark, and a number of other packet capture programs.
  • Import packets from text files containing hex dumps of packet data.
  • Display packets with very detailed protocol information.
  • Save packet data captured.
  • Export some or all packets in a number of capture file formats.
  • Filter packets on many criteria.
  • Search for packets on many criteria.
  • Colorize packet display based on filters.
  • Create various statistics.
  • …and a lot more!

1.1.3. Live capture from many different network media

1.1.4. Import files from many other capture programs

1.1.5. Export files for many other capture programs

1.1.6. Many protocol dissectors

1.1.7. Open Source Software

1.1.8. What Wireshark is not

  • Wireshark isn’t an intrusion detection system. It will not warn you when someone does strange things on your network that he/she isn’t allowed to do. However, if strange things happen, Wireshark might help you figure out what is really going on.
  • Wireshark will not manipulate things on the network, it will only "measure" things from it. Wireshark doesn’t send packets on the network or do other active things (except for name resolutions, but even that can be disabled).