Textbook of Linux

Dr Chris Paton

← Software

Wireshark

A graphical network protocol analyser.

Wireshark captures network traffic from a live interface or reads it from a saved capture file, then decodes it into human-readable form across hundreds of protocols. The hierarchical packet view lets users drill down from Ethernet frame to TCP segment to application payload, with each layer's fields named and explained — invaluable when debugging an unfamiliar protocol or verifying that a TLS handshake is doing what you expect.

The dissectors — small modules that parse one protocol each — make Wireshark unusually capable. Users can write their own in Lua, and the project ships dissectors for everything from HTTP/3 and gRPC to obscure industrial automation protocols. The display filter language is its own small DSL specifically designed for narrowing huge captures to the packets that matter.

Gerald Combs started Wireshark (then Ethereal) in 1998 while at Network Integration Services. The Wireshark Foundation governs the project today, with substantial sponsorship from CACE and Riverbed. It is the indispensable tool for network engineers, security researchers, and anyone diagnosing strange application behaviour over the wire.

Wireshark screenshot
Screenshot: MeekMark, CC BY-SA 4.0, via Wikimedia Commons.

License: GPL-2.0-or-later

Category: Networking

Website: https://www.wireshark.org/

Install

Debian/Ubuntu: sudo apt install wireshark
Fedora/RHEL:   sudo dnf install wireshark
Arch:          sudo pacman -S wireshark-qt
macOS:         brew install --cask wireshark

Authors

  • Gerald Combs (creator)
  • Wireshark Foundation and contributors
PreviousWireGuard Nextwl-clipboard

This site is currently in Beta. Contact: Chris Paton

Textbook of AI · Textbook of Usability · Textbook of Digital Health

Auckland Maths and Science Tutoring