What you'll need to get Wireshark up and running ...
-
The values below are the minimum requirements and only "rules of thumb" for use on a moderately used network
-
Working with a busy network can easily produce huge memory and disk space usage! For example: Capturing on a fully saturated 100MBit/s Ethernet will produce ~ 750MBytes/min! Having a fast processor, lots of memory and disk space is a good idea in that case.
-
If Wireshark is running out of memory it crashes, see: http://wiki.wireshark.org/KnownBugs/OutOfMemory for details and workarounds
-
Wireshark won't benefit much from Multiprocessor/Hyperthread systems as time consuming tasks like filtering packets are single threaded. No rule is without exception: during an "Update list of packets in real time" capture, capturing traffic runs in one process and dissecting and displaying packets runs in another process - which should benefit from two processors.
-
Windows XP Home, XP Pro, XP Tablet PC, XP Media Center, Server 2003, Vista, 2008, 7, or 2008 R2
-
Any modern 32-bit x86 or 64-bit AMD64/x86-64 processor.
-
128MB available RAM. Larger capture files require more RAM.
-
75MB available disk space. Capture files require additional disk space.
-
800*600 (1280*1024 or higher recommended) resolution with at least 65536 (16bit) colors (256 colors should work if Wireshark is installed with the "legacy GTK1" selection of the Wireshark 1.0.x releases)
-
A supported network card for capturing:
-
Ethernet: Any card supported by Windows should work. See the wiki pages on Ethernet capture and offloading for issues that may affect your environment.
-
802.11: See the Wireshark wiki page. Capturing raw 802.11 information may be difficult without special equipment.
-
Other media: See http://wiki.wireshark.org/CaptureSetup/NetworkMedia
-
Remarks:
-
Many older Windows versions are no longer supported for three reasons: None of the developers use those systems which makes support difficult. The libraries Wireshark depends on (GTK, WinPcap, …) have dropped support for older releases. Microsoft has also dropped support for these systems.
-
Windows 95, 98 and ME are no longer supported. The "old technology" releases of Windows lack memory protection (specifically VirtualProtect) which we use to improve program safety and security. The last known version to work was Ethereal 0.10.14 (which includes WinPcap 3.1). You can get it from http://ethereal.com/download.html. According to this bug report, you may need to install Ethereal 0.10.0 on some systems.
Microsoft retired support for Windows 98 and ME in 2006.
-
Windows NT 4.0 no longer works with Wireshark. The last known version to work was Wireshark 0.99.4 (which includes WinPcap 3.1). You still can get it from http://www.wireshark.org/download/win32/all-versions/wireshark-setup-0.99.4.exe.
Microsoft retired support for Windows NT 4.0 in 2004.
-
Windows 2000 no longer works with Wireshark. The last known version to work was Wireshark 1.2.x (which includes WinPcap 4.1.2). You still can get it from http://www.wireshark.org/download/win32/all-versions/.
Microsoft retired support for Windows 2000 in 2010.
-
Windows CE and the embedded versions of Windows are not currently supported.
-
Multiple monitor setups are supported but may behave a bit strangely.
Wireshark currently runs on most UNIX platforms. The system requirements should be comparable to the Windows values listed above.
Binary packages are available for at least the following platforms:
-
Apple Mac OS X
-
Debian GNU/Linux
-
FreeBSD
-
Gentoo Linux
-
HP-UX
-
Mandriva Linux
-
NetBSD
-
OpenPKG
-
Red Hat Enterprise/Fedora Linux
-
rPath Linux
-
Sun Solaris/i386
-
Sun Solaris/Sparc
-
Canonical Ubuntu
If a binary package is not available for your platform, you should download the source and try to build it. Please report your experiences to wireshark-dev[AT]wireshark.org .