If you've ever wondered just how your network is being used, Wireshark may be the tool you have been looking for. Network analysers are nothing new, but they have a tendency to be impenetrable programs reliant on command line operations and provide information in a text-based form which can be difficult to interpret. Wireshark boasts a graphical front end which makes it easy to analyse all traffic which travels over a network using a variety of protocols.
Data packets can be captured from both wired and wireless network and this information can be viewed live as it is captured or analysed at a later date. The wealth of information that the program can reveal about network usage is staggering, and support for plugins means that the tool can be extended to add new protocols and features further down the line. Wireshark is available for Windows, Linux and Mac, making it ideal for mixed platform networks.
As well as working with data that has been captured directly through Wireshark itself, it is also possible to analyse data that has been captured with the likes of Aircrack, tcpdump and CA NetMaster. Easy to configure colouring and filtering makes it simple to make sense of complex data, and while this is not a tool for the average home user, it remains powerful yet approachable.
Please note, this is the portable version of Wireshark.
An immensely powerful tool which provides all of the information you could possibly need about network traffic
Version 4.2.0 changes (Release Notes):
- Wireshark supports dark mode on Windows.
- A Windows installer for Arm64 has been added.
- Packet list sorting has been improved.
- Wireshark and TShark are now better about generating valid UTF-8 output.
- A new display filter feature for filtering raw bytes has been added.
- Display filter autocomplete is smarter about not suggesting invalid syntax.
- Tools › MAC Address Blocks can lookup a MAC address in the IEEE OUI registry.
- The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.
- The installation target no longer installs development headers by default.
- The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
- Wireshark can be compiled on Windows using MSYS2. Check the Developer’s guide for instructions.
- Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions.
- Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
- Windows installer file names now have the format Wireshark-<version>-<architecture>.exe.
- Wireshark now supports the Korean language.
- Many other improvements have been made. See the “New and Updated Features” section below for more details.