Wireshark is a tool that performs packet and protocol analysis on a network. Packets are the virtual transport mechanism that moves data from sender to receiver. Each packet has a header and payload – the header contains information about where the packet came from and where it’s going, as well as the protocols being used. The payload has our actual digitized data – parts of a website, text, a section of a photo, or a clip of audio from an MP3 or a phone call. If you don’t get all of the packets then a phone call may sound choppy or it may take a while to download a complete file. Wireshark allows you to take a look at the packets you are sending and receiving and learn a lot more about what is happening and what’s breaking down. Wireshark is not for the lighthearted, as the tool requires knowledge of protocols and a deep understanding of OSI, IP, and TCP/UDP at the very least. But, with time, Wireshark becomes invaluable to the troubleshooting process. I have relied on the tool for my work supporting Voice-over-IP (VoIP) and system and application connectivity. The only side-effect of Wireshark is that you will soon realize why it’s not a good idea to surf the web in a public spot (without a VPN or encryption).
The new version of Wireshark includes more protocols that it will decode, supports 64-bit Windows, and has GeoIP integrated support. Also, Wireshark works perfectly with my passive network cable. Visit www.wireshark.org to download the latest version and learn more about it.