Setup and Features
Wireshark works by capturing packets. It can identify erroneous packets so network admins can hone in on problems like bottlenecks and maintain efficient network performance.

To capture packets using Wireshark, select the connection you want to see network information for; i.e. a wireless adapter on a laptop or an Ethernet adapter on a desktop.

You're not limited to capturing Wi-Fi or Ethernet packets, though. Depending on the operating system you're using, it's possible to capture in VLANs, Bluetooth, USB and other types of network traffic.

For novice Wireshark users, Expert Info is the feature to learn. It displays uncommon or notable network behavior. Each line of information is color-coded to signify the severity level—the color Cyan indicates an unusual occurrence like an HTTP 404 error. Red means something more serious is going on, like malformed packets which can be caused by something as innocent as a dying network card or something more malevolent like a Denial-of-Service attack.

As you get more accustomed to Wireshark you may want to specify exactly what type of traffic you want to see. For example, you may want to show only packets containing the TCP protocol. Wireshark has a simple yet powerful way to filter displays. To get you started, there are pre-built display filter expressions to view at wiki.wireshark.org.

Bottom Line
Packet capturing and analysis is a great way to understand what's going on under-the-hood of a network. Unfortunately, packet sniffing is also the way hackers find weaknesses in networks to exploit. That's why keeping one step ahead of (or at least on the same page as) the bad guys by using analysis tools like Wireshark gives you that much more of an edge in keeping your network secure as well as running at top efficiency.

More Networking Software Reviews: