Wireshark is a multiplatform, open-source packet analyzer designed for network troubleshooting, analysis, software and communications protocol development, and education.
If you notice any network issues like a potential security threat, increased delay, lost data packets, or problems with data retransmission, this tool allows you to examine and address the problem. With Wireshark, you have the capability to capture real-time network traffic and analyze the data flowing within and outside your network in a passive manner.
Wireshark is free, open-source, and supports all major operating systems. In this review, I’ll show you how to download and install Wireshark for free, and how to use Wireshark to capture and analyze traffic on your network.
How to Download and Install Wireshark Latest Version on Your PC for Free
- Click on the Download button on the sidebar to go to the official Wireshark download page.
- Click on a suitable download based on your operating system to get the desktop application.
![Wireshark download options screenshot]()
- Go to your download folder and double-click the .exe file you downloaded (I used the Windows installer here) to start the installation.
![Wireshark installing progress screenshot]()
- Follow the installation prompt, accept the END USER LICENSE AGREEMENT, and Wait for the installation to complete. Note that the installation of the program might take a few minutes.
- After the installation is complete, launch the software. Note that you’ll be asked to restart your computer after installing the software.
How to Use Wireshark
Now that you’ve installed the Wireshark application, let’s look at how to enable the Wireshark packet sniffer and then analyze the network traffic.
- Once you have started the application, you should see a screen similar to the one below. This screen shows you all the network connections that you can monitor. It also shows a capture filter field that allows you to capture the network traffic you want to see.
![Wireshark capture filter screenshot]()
The Wireshark Network Analyzer interface - To select one or more of the network interfaces, use the combination shift+left-click. Once you have selected the network interfaces you want to capture, right-click on your mouse and click on Start capture.
![Wireshark start capture screenshot]()
Alternatively, you can click the Start Capturing Packets button on the toolbar after selecting the interfaces you want to investigate.
![Wireshark start capturing packets screenshot]()
- Under the Capture menuclick Start. Click the red “Stop” button to stop capturing.
![Wireshark stop capturing packets screenshot]()
- After gathering the data you want, Wireshark also enables you to analyze it.
You’ll notice that Wireshark shows you three different panes for inspecting captured packet data.
- The Packet List, which is the top pane, is a list of all the packets in the capture. If you click on any of the packets displayed, the other two panes below will change to show you more details about the packet you selected. This pane includes columns for No.,Time, Source, Destination, Protocol, Length, and Info to show you more details.
- The Packet Details, which is the middle pane, displays all the available readable information about each packet. You can right-click and create filters depending on the text highlighted in this field.
- The Last Pane (Packet Bytes), which is at the bottom, shows you the packet exactly as it was captured in hexadecimal.
See features below for the additional functionalities offered by Wireshark.
How to Uninstall Wireshark
If you’re no longer interested in using Wireshark to troubleshoot your network issues, you can follow the simple guide below to uninstall the software from your computer.
- Type Add or Remove Programs in the Windows search bar and click the Enter key.
![Wireshark add or remove programs screenshot]()
- Scroll and locate Wireshark in the list of installed programs. Click the Uninstall button.
![Wireshark uninstall screenshot]()
- Once the uninstallation wizard opens, confirm that you want to remove the software, and it will be uninstalled from your computer.
If you prefer to use other protocol analyzers, feel free to check the free alternatives below.
Overview of Wireshark
Wireshark is an open-source and cross-platform network protocol analyzer that you can use to determine or troubleshoot the issues affecting your network. Wireshark allows you to capture live network traffic and analyze traffic running on or off the network. Wireshark is absolutely free, plus it is constantly being updated owing to its open-source status.
When analyzing your captured packet data, you can apply filters for further analyses. When you select a packet that is part of a conversation, you can see just the packets belonging to that conversation by right-clicking the packet and selecting “Follow”.
Generally, for many administrators, Wireshark is like a be-all and end-all tool when it comes to troubleshooting network issues. The tool is used by individuals and organizations, corporations, including government agencies, non-profits, and educational institutions for both troubleshooting and educational purposes.
Note that during installation, each Windows package of the software comes with the latest stable release of Npcap (required for live packet capture). You can also use WinPcap to capture packets, but keep in mind that Wireshark no longer maintains or supports it.
Features of Wireshark
- Read and write several capture file formats including tcpdump (libpcap), Cisco Secure IDS iplog, Pcap NG, Catapult DCT2000, Microsoft Network Monitor, NetScreen snoop, Novell LANalyzer, and many more.
- Performs thorough inspection of hundreds of protocols.
- Perform live capture and offline packet data analysis.
- Displays captured packet in a standard three-pane browser.
- Runs on multiple platforms including Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, etc.
- Uses powerful display filters.
- Features in-depth VoIP analysis.
- Browse captured network data via a GUI, or the TTY-mode TShark utility.
- Supports reading of live data from Ethernet, ATM, Bluetooth, USB, Token Ring, IEEE 802.11, and several others, depending on your platform.
- Supports decryption for many protocols, including IPsec, ISAKMP, WEP, Kerberos, SNMPv3, SSL/TLS, and WPA/WPA2
- Export your output data to XML, PostScript®, CSV, or plain text.
Free Alternatives to Wireshark
Ettercap: Ettercap is one of the protocol analyzers designed to facilitate hacking and it is free to use. Ettercap matches Wireshark’s portability since it runs on multiple platforms (Windows, Linux, Unix, and Mac OS). Ettercap is very useful to network administrators. It uses the libpcap library to capture data packet traces.
SmartSniff: SmartSniff works only on Windows PCs (on wired networks) and is free to use. However, the program includes a collector that can work on wireless networks, though only on Wi-Fi systems that include the computer hosting the program. But SmaertSniff’s native system isn’t really a match for Wireshark, as you’ll have to install WinPcap to gather packets.
EtherApe: EtherApe is a cross-platform utility that runs on Linux, Unix, and Mac OS. It is free like Wireshark but it creates a network map by picking up messages from connected devices. EtherApe captures all of the packets traveling between hosts and displays them on real-time network maps. EtherApe can track both wired and wireless networks.
