Wireshark
What is Wireshark?
WiresharkAn open-source network protocol analyzer that captures and inspects packets in real time for troubleshooting, security analysis, and education.
Wireshark is the leading open-source packet analyzer, originally written by Gerald Combs in 1998 as Ethereal and maintained by a global developer community under the Wireshark Foundation. It captures live traffic from wired, wireless, USB, and other interfaces and decodes thousands of protocols, from Ethernet and TCP/IP to industrial and crypto protocols. Network engineers, blue teamers, malware analysts, and threat hunters use it to diagnose performance issues, validate firewalls, reconstruct attack timelines, and extract files from packet captures (PCAPs). Capturing traffic on networks you do not own or administer can violate wiretap and privacy laws, so authorization is essential.
● Examples
- 01
Filtering with http.request to triage a suspected web exfiltration channel.
- 02
Following a TCP stream to extract a malicious payload from a captured session.
● Frequently asked questions
What is Wireshark?
An open-source network protocol analyzer that captures and inspects packets in real time for troubleshooting, security analysis, and education. It belongs to the Defense & Operations category of cybersecurity.
What does Wireshark mean?
An open-source network protocol analyzer that captures and inspects packets in real time for troubleshooting, security analysis, and education.
How does Wireshark work?
Wireshark is the leading open-source packet analyzer, originally written by Gerald Combs in 1998 as Ethereal and maintained by a global developer community under the Wireshark Foundation. It captures live traffic from wired, wireless, USB, and other interfaces and decodes thousands of protocols, from Ethernet and TCP/IP to industrial and crypto protocols. Network engineers, blue teamers, malware analysts, and threat hunters use it to diagnose performance issues, validate firewalls, reconstruct attack timelines, and extract files from packet captures (PCAPs). Capturing traffic on networks you do not own or administer can violate wiretap and privacy laws, so authorization is essential.
How do you defend against Wireshark?
Defences for Wireshark typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Wireshark?
Common alternative names include: Ethereal, tshark.
● Related terms
- network-security№ 295
Deep Packet Inspection (DPI)
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
- forensics-ir№ 722
Network Forensics
The capture, recording, and analysis of network traffic and metadata to investigate security events and reconstruct adversary activity.
- network-security№ 547
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
- defense-ops№ 1261
Zeek
An open-source network security monitor (formerly Bro) that turns network traffic into structured, protocol-aware logs and scripts for threat detection.
- defense-ops№ 1117
Suricata
An open-source, high-performance network IDS, IPS, and security-monitoring engine maintained by the Open Information Security Foundation (OISF).
- defense-ops№ 1147
Threat Hunting
Proactive, hypothesis-driven search through telemetry to uncover threats that have evaded existing detections.
● See also
- № 577Kali Linux
- № 806PCAP
- № 719NetFlow
- № 686mitmproxy