Wireshark

wiresharkIt is a tool dedicated to network packets and is more suitable for the professions of network management and security engineering. By usingWiresharkFree open source analysis for today's and tomorrow's networksengineer, network architects, application engineers, network consultants and other IT professionals provide information onFaultTroubleshoot, protect, analyze and maintain best practices for efficient and effective network infrastructureeducational tools. Wireshark2024 free download.

Wireshark software features

The wireshark software contains strong displayfilterLanguage (rich display filter language) and the ability to view TCP session reconstruction streams;

​​ ​ Wireshark supports hundreds of protocols and media types;

There is a command line version called tethereal similar to tcpdump (a network protocol analysis tool under Linux);

In the past, network packet analysis software was very expensive or specialized for commercial applications;

The emergence of Ethereal changed everything;

Under the protection of the GNU GPL General License, users can obtain software and its code for free, and have the right to modify and customize its source code. Ethereal is one of the most extensive network packet analysis software in the world.

Wireshark installation tutorial

​ ​ 1. Please find the download address on this page and select any address to download the Wireshark software package locally. After downloading, double-click to decompress and run the .EXE format program in the package. As follows: Click [next] directly to start the installation.

2. Start the installation and enter the Wireshark installation agreement interface. Please understand the content of the agreement and agree to the agreement.

3. After agreeing to the agreement, enter the Wireshark installation accessory selection interface and select according to your needs.

​ ​ 4. This interface also requires everyone to select functions according to their own needs, and you can add them by checking.

5. Next you will enter the Wireshark installation path setting interface. Click [browse] to set it.

​​ 6. The following software screenshots require you to check to see if there is an old version of the software to prevent conflicts.

7. Finally, the Wireshark installation is complete. Click [Finish] to start experiencing Wireshark.

Wireshark usage tutorial

​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​:

​ ​ 1. Please run and open Wireshark first, and then select the required interface name from the interface list in the software interface. If you want to capture traffic, select the wireless interface, and then select [Capture Options] to customize the configuration information. It is not necessary to set these for the current operation.

​​ 2. After we select the interface name, we can see the messages received in real time.

​​ 3. The following software screenshots are the demonstration results taken by the editor. Each line corresponds to a network message, and also has the current reception time, target IP address and source of the message.

​​ 4. There is no need to select the stop button in the upper left corner of the interface to stop when continuing to capture messages.

Wireshark FAQ

​ ​ 1. Please run Wireshark first and capture a certain number of packages for later use in experiments. There will be data packets among the captured packets that we need to filter.

​​ 2. Please select [Help]-[Documentation] and select the Wireshark filter option. Because the Wireshark documentation will be presented in English, friends in need can use other third-party tools to translate and understand it.

3. After opening the Wireshark document, select the content filtering rule syntax and other content information. Use "[]" to extract the required content or make judgments.

​ ​ 4. Next, the editor will filter the content of the udp packet. The filter address is: *****. The first four bytes of udp data must be equal to 0x02:0x37:0x2d:0x01. For example: ip.addr==xx.xx.xx.xx && udp && udp[8:4] == 02:37:2d:01

5. Then you can see that all packets that match the rules are successfully filtered.

Which one is easier to use, wireshark or winpcap? What is the difference?

​​​​ Wireshark is a free and open source analysis tool. Wireshark can be used on multiple platforms: running on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many other platforms. Wireshark can also support decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. Wireshark can also apply coloring rules to packet lists for fast, intuitive analysis.

​ ​ WinPcap is a free and open software system. WinPcap contains a driver that extends the operating system to provide low-level network access and a library for easy access to low-level network layers. This library also contains the Windows version of the famous libpcap Unix API.

Over the years, WinPcap has been almost recognized by the industry as the industry standard tool for link layer network access in Windows environments. WinPcap allows applications to capture and transmit network packet information by bypassing the protocol stack, including kernel-level packet filtering, network Statistics engine and support for remote packet capture.

Summary: The functions of the two are different, and users can choose according to their actual needs. If you need the winpcap tool, you can get the software details page here:http://softwaredownload4.com/soft/2685.htm

Wireshark update log

The developer of GG said that there are really no bugs this time~