Wireshark is the world’s leading network protocol analyzer. This open-source tool allows users to see what is happening on their network at a microscopic level, providing deep inspection of hundreds of protocols. Network administrators, security professionals, and developers rely on its capabilities for troubleshooting, analysis, and communications protocol development.
By capturing live data from various network interfaces, the software provides granular insight into the flow of information across a system. It is an essential utility for anyone needing to diagnose complex network issues or study protocol interactions in detail.
In This Post
Wireshark Quick Start & Pro Tips
Creating and Managing Configuration Profiles
- Navigate to Edit > Configuration Profiles.
- Click the plus icon to create a new profile, or select an existing one to modify.
- Name the new profile (e.g., Security Audit or VoIP Troubleshooting).
- Adjust settings like column layouts, coloring rules, and enabled protocols within this profile.
- Switch between profiles using the menu or the profile selector in the status bar to quickly change your entire analysis environment.
Why: Configuration profiles allow power users to save and rapidly switch between different sets of preferences, display filters, and coloring rules tailored for specific analysis tasks, such as security auditing versus general network troubleshooting.
Enabling Physical Address Resolution
- Go to the View menu in the main application toolbar.
- Hover over Name Resolution in the dropdown menu.
- Ensure that the Resolve Physical Addresses option is checked.
Why: By default, Wireshark shows MAC addresses. Enabling this option attempts to resolve physical (MAC) addresses to known vendor names or hostnames, making it easier to identify the manufacturer of network interface cards or specific devices in the packet list.
Following a TCP or UDP Stream
- Select any packet belonging to the conversation you wish to analyze.
- Navigate to the Analyze menu.
- Select Follow and then choose TCP Stream or UDP Stream from the submenu.
- A new window will open showing the reconstructed data stream in its entirety.
Why: This advanced feature reconstructs the entire conversation between two endpoints from the individual packets, which is essential for viewing the actual application-layer data, such as HTTP requests or FTP commands, in a readable format.
Download Wireshark
Size – 92 MB
Windows
Download Wireshark for Windows – x64
Download Wireshark for Windows – ARM64
Download Wireshark for Windows – Portable
Mac
Download Wireshark for Mac – Universal
Ubuntu
Source Code
Recent Changes in New Version
- Updated support for numerous protocols including DCT2000, DHCP, H.248, H.265, HTTP3, IEEE 802.11, LTE RRC, NAS-5GS, PKCS12, QUIC, RTPS, SOME/IP-SD, SSH, and Thrift.
- Fixed crashes related to the BLF file parser, IEEE 802.11 dissector, and SOME/IP-SD dissector.
- Resolved an infinite loop issue within the HTTP3 dissector.
- Addressed a bug that prevented RTP Player streams from being stopped.
- Fixed four documented vulnerabilities.
For complete changelog, visit the official release notes.
Required Specs
Minimum
- OS: Windows 10, Server 2016, or later; macOS 11 or later
- Processor: Any modern 64-bit Intel or Arm processor
- RAM: 500 MB available RAM
- Disk Space: 500 MB available disk space
Recommended
- Processor: Fast processor for busy networks
- RAM: More RAM for larger capture files
- Disk Space: Additional disk space for capture files
- Graphics: 1280 × 1024 or higher resolution
Software Specifications
| Software Name | Wireshark |
|---|---|
| Version | 4.6.3 |
| License | Free / Open Source |
| File Size | 92 MB |
| OS Support | Windows 11, 10; macOS 11+; Linux; UNIX; *BSD; Solaris |
| Language | Multi-language (Supported in over 20 languages) |
| Developer | Wireshark Foundation |
| Homepage | https://www.wireshark.org |
| Changelogurl | https://www.wireshark.org/docs/relnotes/ |
| Last Updated | January 14, 2026 |
What Sets It Apart
- Deep Protocol Inspection: The software provides deep inspection for hundreds of protocols, with new ones constantly being added by the active community. This allows users to analyze traffic at the application layer, not just the network layer.
- Live Capture and Offline Analysis: Users can capture live network data from various interfaces, including Ethernet and IEEE 802.11, or load and analyze previously saved capture files (PCAP, Pcap NG, etc.).
- Powerful Display Filters: Industry-leading display filters enable users to quickly narrow down vast amounts of captured data to focus on specific packets, protocols, or conversations. This is crucial for efficient network troubleshooting.
- Multi-Platform Support: Wireshark runs natively on Windows, macOS, and various Linux and UNIX distributions, ensuring a consistent network protocol analyzer experience across different operating systems.
- VoIP and Decryption Support: Rich Voice over IP (VoIP) analysis features are included. The tool also supports decryption for numerous protocols, such as IPsec, SSL/TLS, and WPA/WPA2, provided the necessary keys are available.
- Colorized Packet Display: Customizable coloring rules can be applied to the packet list, allowing for quick, intuitive analysis and identification of different traffic types or error states at a glance.
FAQ
Is Wireshark free to download and use?
Yes, Wireshark is free software released under the GNU General Public License version 2. It is the full version, not a limited demo.
What is the primary use of the Wireshark application?
The primary use is network protocol analysis, allowing users to capture and interactively examine network traffic for troubleshooting, security analysis, and education.
Does Wireshark support decryption of secure traffic?
Yes, the tool supports decryption for several protocols, including SSL/TLS and WPA/WPA2, provided the user has the necessary session keys or passwords.
What is the TShark utility?
TShark is the terminal-based (non-GUI) version of Wireshark, which allows users to capture and analyze network data via the command line.
Discover more from Software Wave
Subscribe to get the latest posts sent to your email.