Wireshark, originally known as Ethereal, displays data from hundreds of different protocols on all major network types. Data packets can be viewed in real time or analyzed offline. Wireshark supports dozens of capture/trace file formats, including CAP and ERF. Integrated decryption tools display encrypted packets for several common protocols, including WEP and WPA/WPA2.

Wireshark is available for free download from the Wireshark Foundation website for both macOS and Windows. You will see the latest stable release and the current development release. Unless you are an advanced user, download the stable version.

During the Windows installation process, you can choose to install WinPcap or Npcap if prompted, as these contain the libraries needed for live data capture.

You must be logged in to the device as an administrator to use Wireshark. In Windows 10, search for Wireshark and select Run as administrator. In macOS, right-click the app icon and select Get Info. In the Sharing & Permissions settings, give the administrator read and write permissions.