Wireshark is a free tool that should be part of every networking professional’s arsenal. While it can be a rather intimidating and cumbersome tool, it allows for inspection of packets in their dissected form.
The beauty of that is packets never lie. When you’re experiencing networking issues or just need to know what’s going on in your network you can trust the data from Wireshark.
Wireshark is potentially one of the best packet analyzer tools available today.
Fortunately, downloading and installing Wireshark is super simple.
How to Download Wireshark for Windows 10 (or Windows Server 2016)
- Head over to https://www.wireshark.org/download.html and click on the appropriate installer for your operating system (Windows 10 64-bit in this example).
- Note that a Wireshark-win64-2.6.1.exe file (file name as of July 2018) will be saved to your default downloads location.
How to Install Wireshark for Windows 10 (or Windows Server 2016)
- Run the exe installer that was downloaded.
- Click Next on the Welcome to Wireshark screen.
- Read the license agreement and click I Agree.
- At the Choose Components screen leave the defaults checked and click Next. You can read more about the different components here.
- At the Select Additional Tasks screen choose your preferred shortcuts and leave the radio button for “associate trace file extensions to Wireshark” selected. Click Next.
- Choose the install location you prefer and click Next.
- At the Packet Capture page make sure Install WinPcap 4.1.3 is selected. You need this to capture traffic with Wireshark. Without it you can still view Wireshark capture files. Click Next.
- At the USB Capture page you can choose to Install USBPcap. Check the box next to Install USBPcap 126.96.36.199 if you desire to capture raw usb traffic as well. Click Install.
- The software will begin installing.
- Eventually the installer will pause at “Execute: “C:\Program Files\Wiresharek\WinPcap_4_1_3.exe” and lunch a new installer window for WinPcap. Click Next in this window.
- Read the license agreement and click I Agree.
- Make sure the check box is checked next to “Automatically start the WinPcap driver at boot time” unless you have a good reason for disabling this and click Install.
- The install will begin and eventually complete. Click Finish.
- Next the installer for USBPcap will launch. Read the USBPcap Driver license agreement, check the “I accept” box, and click Next.
- Read the USBPcapCMD license, check the “I accept” box, and click Next.
- Leave the Installation Options set to Full and click Next.
- Choose your Installation Folder and click Install. The install will begin.
- When the USBpcap install finishes click close and the Wireshark install will continue.
- At the Installation Complete screen click Next.
- Wireshark will now ask to reboot your machine to complete installation. You can either choose to reboot now or manually reboot later. You will not be able to run packet captures until you reboot your machine. I suggest rebooting right away.
Once your machine has rebooted you should find the Wireshark shortcuts in the locations you specified in the install. For this example the shortcut was found in the Start Menu.
Things You Can Do with Wireshark
- Deep inspection of numerous protocols
- Live capture with offline analysis
- Standard three-pane packet browser
- Run it on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Browse captured network data via a GUI, or via the TTY-mode TShark utility
- Rich VoIP analysis
- Read/write numerous capture file formats
- Read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, and FDDI
- Apply coloring rules to the packet list for quick, intuitive analysis
- Export output to XML, PostScript, CSV, or plain text
What’s new in Wireshark 2.6.1
- The Windows installers are now shipped with Qt 5.9.5.
- Wireshark 2.6 last version that supports the legacy (GTK+) UI. Wireshark 3.0 will not support it.
- Many UI improvements
- Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
New and updated Wireshark features since 2.5.0
- HTTP Request sequences now supported
- Wireshark supports MaxMind DB files
- Support for GeoIP and GeoLite Legacy databases removed
- Windows packages built using Microsoft Visual Studio 2017
- IP map has been removed
- Display filter buttons can be edited, disabled, and removed directly from the toolbar
- Drag & Drop filter fields to the display filter toolbar or edit to create a button on the fly or apply the filter as a display filter
- TShark now supports color
- Matches display filter operator is now case-insensitive
- Display expression preferences converted to a UAT
- SMI private enterprise numbers now read from the enterprises.tsv config file
- QUIC dissector renamed to Google QUIC (quic → gquic)
- Show selected packet number in the Status Bar by enabling Preferences → Appearance → Layout → Show selected packet number
- File load time in Status Bar is disabled by default
- Support for G.729A codec in RTP Player is added through the bcg729 library
- Support for hardware-timestamping of packets
See the full release notes for 2.6.1 here.
Recommended for You: Solarwinds Network Performance Monitor (NPM)Do you know the health of your networking equipment? Know when something goes down before a user reports problems? Know where your bandwidth is going or where you’re losing your packets?
Automate data collection and alerting of your networking infrastructure with Solarwinds NPM so you know exactly what is going on in your network and can sleep easy.
Unlike other tools, NPM is ready to out of the box with most common makes and models of networking equipment. No messing around with custom templates, xml files, or code to extract important information.