Download Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.

Wireshark is cross-platform, using the Qt Widget toolkit in current releases to implement its user interface and using pcap to capture packets; it runs on Linux, macOS BSD, Solaris some other Unix-like operating systems and Microsoft Windows. There is also a terminal-based version called TShark. Wireshark and the other programs distributed with it such as TShark, are free software, released under the terms of the GNU General Public License version 2 any later version. You can also check out Adobe Digital Editions.

What is Wireshark?

Wireshark® is a network protocol analyzer. It lets you capture and interactively browser the traffic running on a computer network. It has a rich and powerful feature set and is world’s most popular tool of its kind. It runs on most computing platforms including Windows, macOS, Linux and UNIX.

Network professionals, security experts, developers and educators around the world use it regularly. It is freely available as open source and is released under the GNU General Public License version 2.

It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology.

Wireshark used to be known as Ethereal®. See the next question for details about the name change. If you’re still using Ethereal, it is strongly recommended that you upgrade to Wireshark as Ethereal is unsupported and has known security vulnerabilities.

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.

Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Wireshark 3.6.1 is free to download from our software library. Wireshark.exe, WiresharkPortable.exe, wireshark-1.exe, Wireshark-gtk.exe and wireshark-win32-1.7.0.exe are the most common filenames for this program’s installer. The program belongs to Internet & Network Tools.

The most popular versions among the software users are 3.2, 3.0 and 2.6. “.syc”, “.tpc” and “.erf” are the extension this free PC software can open. You can execute Wireshark on Windows 7/ Windows 8 & Windows 10 compatible with 32-bit & 64-bit. The current setup file available for download occupies 58.5 MB on disk. This free program is an intellectual property of Wireshark Foundation Gerald Combs.

Installing Wireshark under Windows

Windows installer names contain the platform and version. For example, Wiresh-win64-3.6.2.exe installs Wireshark 3.6.2 for 64-bti Windows. The Wireshark installer includes Npcap which is required for packet capture.

Simply download the Wireshark installer from https://www.wireshark.org/download.html and execute it. Official packages are signed by the Wireshark Foundation, Inc. You can choose to install several optional components and select the location of the installed package. The default settings are recommended for most users.

Key of Features:

  • Deep inspection of hundreds of protocols, with more being added all the time.
  • Live capture and offline analysis.
  • Standard three-pane packet browser.
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD and many others.
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
  • The most powerful display filters in the industry.
  • Rich VoIP analysis.
  • Read/Write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer, Sniffer Pro and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others.
  • Capture files compressed with gzip can be decompressed on the fly.
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI and others (depending on your platform).
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP and WPA/WPA2.
  • Coloring rules can be applied to the packet list for quick, intuitive analysis.
  • Output can be exported to XML, PostScript, CSV or plain text.

Frequently Asked Questions

How to Use Wireshark?

How to read Wireshark Capture Packets?

Once you have captured some packets or you have opened a previously saved capture file, you can view the packets that are displayed in the packet list pane by simply clicking on a packet in the packet list pane, which will bring up the selected packet in the tree view and byte view panes.

How to use Wireshark to Get the IP?

  • Start Promiscuous Mode on Wireshark.
  • In the filter toolbar, type in “dhcp” or “bootp,” depending on your Wireshark version.
  • Select one of the packets filtered out.
  • Go to the packet details pane.
  • Expand the “Bootstrap Protocol” line.

Technical Setup Details

Minimum System Requirements

  • Operating System: Windows XP/7/8/8.1/10
  • Memory (RAM): 2 GB
  • Hard Disk Space: 500 GB
  • Processor: Intel Pentium or above

