Wireshark is a packet analyzing program. This type of software is called sniffer. It’s free and open source. It’s used for analysis, development, troubleshooting in network or just education. It’s original name is “Ethereal”, the name have been changed in May 2006 due to trademark issues.
This program is cross-platform – it means it runs on Windows, Linux, OS X and other Unix operating systems. There is also a non GUI, terminal version of Wireshark. It’s called TShark. It’s 100% free software, released under the terms of GNU General Public License. You can donwload Wireshark in our subpage named “Download”. Go and check it out.
After you finish downloading Wireshark, install it. The installation process is very simple so you are not going to be confused.
Now, when it’s launched you can click the name of an interface under “Interface List” to start capturing packets on that interface.
If you want to capture traffic on the wireless network just click your wireless interface. You can also configure advanced features. Click “Capture Options” to manage that.
When you click the interface’s name, you are going to see the packets start to appear in real time. Wireshark will capture each packet sent from your system or to your system.
To stop capturing traffic you have to click the stop capture button. It’s in the top left corner.
You’ll probably see packets highlighted in many colors. You have seen green ones, blue, or black.
The program uses various colors to help you identify the types of traffic at a glance.
By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black is a TCP packets with some issues.
If you want to open a capture file, you have to simply click “Open” on the main screen and look for a file.
If you’re trying to inspect something specific, for example the traffic a program sends when phoning away from home, it helps to close down all other applications using the network so you can narrow down the traffic.