About Wireshark
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.
Wireshark has a rich feature set which includes the following:
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
What is SharkFest?
SharkFest™, launched in 2008, is a series of annual educational conferences staged in various parts of the globe and focused on sharing knowledge, experience and best practices among the Wireshark® developer and user communities.
SharkFest attendees hone their skills in the art of packet analysis by attending lecture and lab-based sessions delivered by the most seasoned experts in the industry. Wireshark core code contributors also gather during the conference days to enrich and evolve the tool to maintain its relevance in ensuring the productivity of modern networks.
Learn more about SharkFest in our FAQ PDF.
SharkFest Mission
SharkFest’s aim is to support ongoing Wireshark development, to educate and inspire current and future generations of computer science and IT professionals responsible for managing, troubleshooting, diagnosing and securing legacy and modern networks, and to encourage widespread use of the free analysis tool. Per Gerald Combs, Wireshark project Founder …“Wireshark is a tool and a community. My job is to support both”.
SharkFest GOALS
- To educate current and future generations of network engineers, network architects, application engineers, network consultants, and other IT professionals in best practices for troubleshooting, securing, analyzing, and maintaining productive, efficient networking infrastructures through use of the Wireshark free, open source analysis tool.
- To share use cases and knowledge among members of the Wireshark user and developer communities in a relaxed, informal milieu.
- To remain a self-funded, independent, educational conference hosted by a corporate sponsor.
SharkFest Conferences
SharkFest’22
- TBD
- Location: TBD
Learn Wireshark
Wireshark Training
Wireshark University USA Training - Packet Pioneer - Chris Greer
- Udemy: Getting Started with Wireshark – The Ultimate Hands-On Course
- LIVE - June 20-21, 2022: TCP/IP Deep Dive with Wireshark - Virtual Classroom
- On-Demand Wireshark Training :
- Private Wireshark Training - Anywhere in USA and Latin America. Contact Packet Pioneer today!
Wireshark University Europe/EMEA - SCOS Training Europe
- June 27 – July 1st 2022: Classroom Training, Amsterdam/Netherlands: TCP/IP Analysis and Troubleshooting with Wireshark
Classroom and Virtual Courses:
- TCP/IP Analysis and Troubleshooting with Wireshark (5 days)
- Advanced Network/Security Analysis using Open Source Tools (5 days)
- WiFi / 802.11 Network Analysis and Security (5 days)
- Network Forensics Analysis Using Wireshark (5 days)
For in-company and Special Law Enforcement/Forensics Courses, contact [email protected]
User Documentation
User's Guide
The Wireshark User's Guide is available in several formats:
Web pages (browseable): One
huge page or multiple
pages
Web pages (ZIP file): One huge
page or multiple
pages
EPUB
PDF
Command-line Manual Pages
UNIX-style man pages for Wireshark, TShark, dumpcap, and other utilities
Display Filter Reference
All of Wireshark's display filters, from version 1.0.0 to present.
Release Notes
Version 0.99.2 to present.
Security Advisories
Information about vulnerabilities in past releases and how to report a vulnerability
Bibliography
Books, articles, videos and more!
Mirroring Instructions
How to set up a wireshark.org mirror
Export Regulations
Our primary distribution point and how it affects you
Development
Developer's Guide
The Wireshark Developers's Guide is available in several formats:
Web pages (browseable): One
huge page or multiple
pages
Web pages (ZIP file): One huge
page or multiple
pages
EPUB
PDF
Videos and Presentations
SharkFest Retrospective Pages
SharkFest features presentations from a variety of knowledgeable, informative speakers.
Videos
Take the free “Introduction to Wireshark” Tutorial series with Chris
Top 10 Wireshark Filters Follow Chris as he shows you the top filters you need to know to start shredding
TCP Fundamentals Part 1 - Sharkfest Talks Join Chris at Sharkfest when he covered the core concepts of TCP Analysis shredding
Back to the Packet Trenches (Hansang Bae)
For more "Packet Trenches" resources, check out these links:
- Watch the replay of the 2016 & 2017 Packet Trenches series and get access to Hansang's traces files.
- The trace files, DB troubleshooting tips, Column setup information, and recommended books are in Hansang's trace files The file to download is: “BackToBasics-Part-1.zip”
More Resources
Wireshark and SharkFest blogs
Dedication
and Disagreements (Gerald Combs)
How I use
Wireshark (Julia Evans)
Download Wireshark
The current stable release of Wireshark is 3.6.6.
You can also download a development release (3.7.1) and documentation.
