Wireshark version 0.99.6 is a free, flexible program for protocol capture and analysis that is available for Windows, Mac OS X, Linux and Unix systems.

We installed the Windows version, and within five minutes we were able to capture network traffic on our Windows XP Professional Dell Precision M50 notebook. For comparison, we also installed the software on Windows 2000 Professional, Windows Server 2003, Vista Enterprise, and Mandriva and Red Hat Linux, and again experienced no problems.

On firing up Wireshark, the user is presented with a menu bar underneath which is a blank grey pane. Choosing a network interface under the “Capture” tab and pressing “Start” sets off the packet capture process. The screen then divides into three panes, with the main one on top displaying a range of useful information, including the frame number of the packet, time, packet source, packet destination and protocol type.

Once packet data has been captured, it was easy to set up a display filter to only show packets of a certain protocol, to check, for example, whether any system on the network was using IPv6. Filters are also useful when connecting to mirror or span ports of routers and switches because they make it easy for users to pull out the specific protocol or protocols that they are looking for. Wireshark also allows users to set up expressions using Boolean-type operators, making it easy to check for packets containing certain MAC addresses.

Captured data can be analysed while still connected to the interface or saved offline for later analysis. Most packet capture formats are supported, including tcpdump (libpcap), Network General (now NetScout) Sniffer, Network Instruments Observer, Visual Networks Visual UpTime, and the WildPackets Peek family.

Clicking on the “Statistics” tab brings a wealth of analysis tools, such as flow graphs, I/O data transfer rate graphed over time and many others. Wireshark also has voice over IP (VoIP) call capture features for troubleshooting IP telephony problems.

Overall, this is an impressive package. The GUI is not as polished as others we have seen, but is still pretty good for a free application.