from Wikipedia, the free encyclopedia

Wireshark 3.0.3 when recording network traffic
Basic data

developer Wireshark community
Publishing year 1998
Current  version 2.6.19
( August 12, 2020 )
operating system Unix , Linux , Solaris , Mac , Windows and various BSD versions
programming language C.
category Network analysis and sniffers
License GPL ( free software )
German speaking Yes

Wireshark ( English wire " wire ", " cable " and shark " Hai ") is free software for the analysis and graphic processing of data logs ( sniffer ), which was launched in 2006 as a fork of the program Ethereal (English "heavenly", " ethereal ", allusion on Ethernet ). Computers use such data protocols on a wide variety of communication media such as the local network, Bluetooth or USB . The network analysis tool can help administrators, network experts and security experts in finding network problems, identifying botnet connections or in network management.

Wireshark shows both the protocol header and the transported content when recording. For the graphic processing, the program relies on the output of small sub- programs such as pcap or usbpcap in order to record the content of the communication on the respective transmission medium.

Technical details

The Wireshark tool displays the data in the form of individual packets either during or after the recording of data traffic on a network interface . The data is clearly prepared with filters that are adapted to the respective protocols. The content of the recorded packets can be viewed or filtered according to this. Wireshark can also generate statistics on the flow of data or extract binary content such as images using special filters.

The network interfaces whose data traffic can be analyzed are primarily Ethernet with the various Internet protocol families such as TCP / IP. In addition, Wireshark can also record and analyze wireless data traffic in the Wireless Local Area Network (WLAN) and Bluetooth connections. Other common interfaces such as USB can be integrated into Wireshark via appropriate modules . Under Windows , Wireshark records the data traffic from version 3.0 transparently with the help of Npcap. Up to version 3.0 WinPcap was used. The prerequisite for this is always that the respective computer on which Wireshark is operated has the appropriate physical interfaces and the user has appropriate access rights to these interfaces.

In addition to the graphical Wireshark version, there is also Tshark , which is based on the same network code and is controlled via command line options. For both versions, the recording format of the measurement data was borrowed from or adopted by tcpdump . Nevertheless, Wireshark can also read in the formats of other LAN analyzers.


Wireshark was originally developed as Ethereal by a team around Gerald Combs under the GNU General Public License as free open source software ( FOSS ).

When Gerald Combs switched from Ethereal Software Inc. to CACE Technologies , he started his own follow-up project and called it Wireshark . The first version of Wireshark was released on June 7, 2006 with the version number 0.99.1. The predecessor, Ethereal, is still available in version 0.99.0, but is no longer being developed.

Version 1.0 of Wireshark was released on March 31, 2008.

Version 2.0 of Wireshark was released on November 19, 2015. The whole program was converted to Qt and given a new, more intuitive user interface.

Special features

With various protocols, Wireshark adds meta information to packets that only results from the context of the data flow. For example , the file or directory name is added to SMB packets that originate from operations in Windows file shares , if the opening of the file was recorded. The user can also create these special filters and protocol modules himself, for example to be able to efficiently examine transmission protocols he has designed himself using Wireshark.

Past and future

Ethereal and Wireshark were precursors to network analysis products from commercial manufacturers. In terms of appearance and mode of action, some of them are reminiscent of these forerunners, some of which have since been pushed out of the market by the successful open source project Ethereal / Wireshark and have been discontinued as a result.

Ultimately, Wireshark is a packet-oriented and not a data-oriented sniffer whose focus is the analysis of specific problems.


  • Bernhard J. Hauser: Wireshark - Introduction to Network Analysis. Open Source Press, 2015, ISBN 978-3-95539-124-9 .
  • Bernhard J. Hauser: Network Analysis with Wireshark 2.0 - Introduction to Protocol Analysis. Europa-Lehrmittel-Verlag, 2016, ISBN 978-3-8085-5408-1 .
  • Bernhard J. Hauser: Network Analysis with Wireshark - Introduction to Protocol Analysis. 2nd expanded edition, Europa-Lehrmittel-Verlag, 2018, ISBN 978-3-8085-5409-8 .

Web links

Commons : Wireshark  - album with pictures, videos and audio files



Individual evidence

  1. Wireshark 2.6.19 is now available . August 12, 2020 (accessed August 13, 2020).
  2. USB capture setup. Retrieved June 17, 2018 .
  3. Wireshark · Wireshark 3.0.0 Released. Retrieved May 15, 2019 .
  4. Ethereal is now Wireshark (English) - Report to Wireshark. June 7, 2006.
  5. Wireshark network sniffer version 1.0 published - Heise , on March 31, 2008.