Back to glossary

Wireshark

A widely-used network protocol analyzer that lets you see what's happening on your network at a microscopic level.

Categorysecurity

Overview

Wireshark is the world's foremost network protocol analyzer. It captures network traffic in real-time and displays it in a human-readable format, allowing users to examine individual packets and understand the underlying communication protocols.

Key Capabilities

  • Live Capture: Capturing traffic from various network interfaces (Ethernet, Wi-Fi, etc.).
  • Deep Inspection: Support for hundreds of protocols and sub-protocols.
  • Filtering: Powerful display filters to isolate specific traffic of interest.
  • Decryption: Ability to decrypt traffic for protocols like TLS, WPA/WPA2, and SNMPv3 (with appropriate keys).
  • Follow Stream: Reconstructing entire TCP or UDP conversations to see the data as the application sees it.

Use Cases

  • Troubleshooting network performance issues.
  • Analyzing malicious network activity and malware communication.
  • Learning and debugging network protocols.