One of Wireshark's greatest strengths is its clean depiction of network traffic at varying levels of detail. The tool's top pane lists frames individually, with key data ready for inspection on a single line. Any single frame selected in the top pane is further explained in the tool's middle pane. In this section of the display, Wireshark explains how various aspects of the frame can be understood as belonging to the data link layer, Internet layer, transport layer, or application layer. Finally, Wireshark's bottom pane displays the raw frame, with a hexadecimal rendition on the left and the corresponding ASCII values on the right.
The key to Wireshark's real power is its ability to decode a wide variety of network protocols. No protocol seems to be beyond Wireshark's knowledge. The incredible assortment of protocol dissectors means users will most likely find their production traffic expertly decoded rather than simply displayed as a series of binary or text values. Beyond raw protocol analysis, Wireshark also includes a variety of supplementary tools to profile traffic. The main graphical tool also ships with multiple command line components, such as the non-graphical version called Tshark.
Wireshark is an essential tool for service providers because knowledge of network health is critical for customer success. By capturing and analyzing full content traffic, service providers can directly inspect real evidence. Rather than trying to derive indicators of network status from log messages or other sources, service providers can perceive ground truth in the packets themselves. Wireshark is your friend -- check it out!
Use "Wireshark filter tutorial: A Wireshark guide" from Laura Chappell to further your knowledge of Wireshark, the open source network analyzer.
This was first published in July 2010