Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Why Migrate?

Since Ethereal® was renamed to Wireshark® in May 2006, many new features have been added, and protocol support has continued at its usual breakneck pace. Several important bugs have been fixed as well. A complete list of updates for each version of Wireshark can be found in the release notes. The top ten reasons to switch are listed below:

  1. Wireshark is under active development. It receives security updates and new features.
  2. Wireshark supports full 802.11 capture on Windows when used with AirPcap.
  3. VoIP call playback.
  4. Decryption support has been added and updated for 802.11, SSL, ESP, SNMP, and Kerberos.
  5. Keyboard navigation is much easier, and the packet list context menu has many more features.
  6. Wireshark is available as a U3 package.
  7. Windows support has been greatly improved.
  8. Expert analysis has been expanded.
  9. Wireshark lets you export HTTP objects.
  10. Display filters are more powerful, with the addition of macros, upper(), and lower().

Migrating

Migrating from Ethereal to Wireshark is a long and arduous process. A typical migration project requires the following resources:

  • 1 (one) project manager (PMP certification preferred)
  • 1 (one) assistant project manager
  • 2 (two) pirate hats
  • 2 (two) system administrators
  • 1 (one) duck
  • 2 (two) network administrators
  • 4 (four) support staff
  • 2 (three) bags of hammers

If you allocate full-time staff to the migration, it can take as little as six weeks for preparation and planning, and four weeks for the migration itself. Past migrations have resulted in some maiming and blood loss. A recent survey of human resources directors found that the amounts were within acceptable tolerances.

The complete migration procedure is detailed below:

  1. Place the pirate hats near the project manager, assistant project manager, and system administrators. Allow time for them to start fighting over the hats (about 3.5 seconds).
  2. Place the duck on top of a core switch and allow it to nest.
  3. Casually mention to a support person that you heard a quacking noise near the data center. Allow time for word to get to the network administrators, and for the support staff to gather together to watch the spectacle.
  4. To ensure that you're not disturbed, keep the bags of hammers nearby and maintain a stern expression.
  5. Uninstall Ethereal.
  6. Install Wireshark.

Note: Steps 5 and 6 should take about three minutes.

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation