Quick Start Guide

ManualsBrandsWireshark ManualsSoftware$model.subName

Wireshark Quickstart Guide

Refer to Appendix 1 for a discussion of the type of packets that

Wireshark captures. This discussion also explains how your

particular network configuration may affect the type of packets

you see.

I) Current Version

This documentation is based on Wireshark version 1.0.1

(released 30 June 2008), running on Windows Vista and XP.

Although you may find a newer release available when you

download the software, the concepts in this manual should still

be relevant.

Wireshark was in a “beta” mode for a very long time. The

maturity of the software might surprise many who may expect

software with such a low version number to be less than

complete. Far from being a recent development, Wireshark

(under the earlier name of Ethereal) was first released in 1998,

and has been in continuous development since that time.

Wireshark is supported in Unix (including Mac OSX), Linux,

and Windows (from Win9x and NT4 through to Vista and

Server 2008). The installation process will, of course, be

different for each operating system. But once installed the

operation should be very similar if not identical.

More detailed documentation can be found on the Wireshark

web site at: www.wireshark.com .

II) Installation

Wireshark can be downloaded directly from the Wireshark web

site at www.wireshark.com . The download is an exe file of

approximately 20MB. Save the file to an appropriate location,

such as your desktop. When the file is downloaded, double click

on it to start the installation process. The default installation

settings should work fine. WinPcap may need to run as

administrator, especially on Vista. There is a setting called

“NPF” which by default is turned on during the installation on

Vista, but not on XP. It would be unwise to change this setting

– keep the default installation settings unless you fully

understand the implications of changing something.

One option that is pre-selected is “WinPcap”. This is a required

component of Wireshark, and it must be installed for Wireshark

to work properly. WinPcap is essentially a driver which allows

the network packets to be intercepted and copied before the

The Wireshark web

site is a rich source of

help for both

beginners and experts.

Although this

QuickStart guide

recommends specific

items on the web site,

the reader is asked to

use the Wireshark

menu system to locate

the referenced items.

The Wireshark menu

system will remain

current as changes are

made to the web site.

The Wireshark

installation package

will also install

WinPcap unless you

override the settings.

Wireshark will not

work unless WinPcap

is also installed.