What is Wireshark?

What does this thing do?
1 min |  Ross Jacobs |  August 8, 2019

Table of Contents

Quicklinks: User Guide: What is Wireshark?

What is Wireshark?

Wireshark is a tool used to visualize network issues (see below).

Part of the power of Wireshark is that it makes Network Analysis easy by making it visual. You can search for packets with display filters and then use the packet details pane to look at the relevant info. Wireshark is well documented with the Official Documentation and the Wireshark Forums, among others.

Parts of Wireshark

Here we see the details and bytes of the selected packet.

In addition to a GUI version, Wireshark comes with many command-line utilities like tshark.

What is Tshark?

tshark (Terminal wireSHARK) is the command line tool (CLI) that has most, but not all, of the features of Wireshark. What features tshark lacks is often found in other CLI tools that are bundled with Wireshark. All are documented online with manpages.

Most existing documentation on Wireshark focuses on the GUI. Wireshark’s CLI is just as good for most tasks and far better for scripting. This guide’s focus is tshark for these reasons.

Tshark Example