Wireshark: The Spyware that the Bad Guys Hope You'll Never Discover

Wireshark is free, legal software that you can install on your desktop or laptop PC running Windows or LINUX.

It will capture, display, and analyze all of the traffic on your LAN segment, giving you unprecedented power to discover trouble. It is so powerful that its use has been banned, by policy, from many corporate campuses. There is some justification for this corporate paranoia: You need to be responsible and discreet as you use this tool. Don't use it at work without permission, but feel free to use it at home, on your own LAN.

With Wireshark, you can monitor the browsing activities of others on your LAN segment. You will be able to see unprotected email messages that traverse your LAN segment. You will sometimes see username and password combinations. More importantly, you will be able to see the IP and Ethernet addresses of all of the equipment transmitting on your LAN, and you'll quickly be able to identify a wide range of configuration problems.

Wireshark's effectiveness depends on your ability to physically tap into strategic locations of your network, because it can only capture data from a single network segment. If your LAN is organized like most, then at the "top level" you've got an Ethernet cable leading into your broadband modem. That's usually the best place to "tap in", but your ISP probably didn't set you up with an extra connector for that purpose. You might need to install a low-cost, old-fashioned Ethernet Hub at that point.

Arranging your LAN for monitoring with Wireshark can be tricky. Generally, you will tap into a wired Ethernet portion (and you may need to rewire a bit to create one if it doesn't already exist). You will need to understand the difference between Ethernet Hubs and Ethernet Switches, because hubs preserve all of the network activity within a single, Wireshark-compatible monitoring segment, while switches divide traffic into new, smaller segments, from which Wireshark monitoring will be restricted.

Some special WiFi adapters can be used with Wireshark to tap into all of your WiFi traffic, but most of the common WiFi adapters filter out the traffic that is addressed to others, limiting your WiFi monitoring. If your network is entirely WiFi, you will probably find that it is far less expensive to rewire it a bit to create a strategically located, Wireshark-compatible wired Ethernet segment than to buy one of those special WiFi adapters. Even if your WiFi network has no provision for wired Ethernet anywhere, it's easy and inexpensive to "daisy chain" an extra router into your setup for this purpose. You can learn more about these network architecture considerations in our "Advanced Network Architectures" section. Start HERE.

We've made a series of brief, highly focused video clips about Wireshark. The clips on this page will help you with a general introduction, and with a detailed record showing how we found it (free of charge) on the Internet and installed it on a Windows PC. If you're already comfortable with these basic concepts, click on the "NEXT" link below to proceed to more advanced Wireshark topics.