Non-Linux FOSS: Dive Deep with Wireshark

Before you say anything, yes, I know Wireshark is available for Linux. This time, however, Windows and OS X users get to play too. Wireshark is an open-source network analyzation tool that is really an amazing tool for troubleshooting a network.

Running Wireshark on OS X does require an X11 server (see my Non-Linux FOSS article in the December 2012 issue of LJ on XQuartz.) It also looks a bit dated once it's up and running, but rest assured, the latest version is functioning behind the scenes. If you're thinking this program looks a lot like Ethereal, you're absolutely correct. It's the same program, but six or so years ago the name changed.

Wireshark is strictly a wired-ethernet inspection tool, but if you're trying to solve a network issue, it's the de facto standard tool. It's not a new tool by any means, but if you're on a foreign operating system (that is, not Linux), it's nice to know some old standbys are available. Check it out today at http://www.wireshark.org.

UPDATE: Shawn comments HERE regarding reader frustration/feedback.

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

It appears I may be wrong. I

e-papierosy's picture

It appears I may be wrong. I tried for years to get anything useful from a wireless interface with Ethereal, but was never successful. Then a product for wireless ("airshark" I think it was called) was available, so I wrongly assumed wireless just wasn't in Ethereal's bag of tricks.

Cut Shawn some slack!

Jerremy's picture

To everybody bashing this article:
The section "Non-Linux FOSS" has had short articles in the past. Nothing new.
And do you remember when you were a rookie at Linux? I do, and that was 2 years ago. I've known about wireshark before I started using Linux, but maybe somebody else is just starting out and never knew about Wireshark until reading Shawn's article. By him even 'mentioning' these programs can help people find what's out there in the real world to help them. Shawn has helped me TREMENDOUSLY with his articles ever since I've used linux, and it's nice to know that these programs also exist for other O.S.'s too. He may have been wrong about the wireless part, but we all make mistakes. Give him a break!

Shawn, keep up the great work! As always, your articles kick ass!

-Jerremy

Hasn't Wireshark been

GeorgeKuan's picture

Good post and thanks for sharing this!

Carlie is sure nice to look

Anonymous's picture

Carlie is sure nice to look at!

Shawn busts his ass writing

Anonymous's picture

Shawn busts his ass writing articles for lj. Simmer down, trolls.

yeah Shawn

Carlie Fairchild's picture

And your hair is funny looking too.

Carlie Fairchild is the publisher of Linux Journal.

So...

Shawn Powers's picture

I've apparently poked the bee's nest here...

1) "Dive Deep" is a play on the word "Shark" -- perhaps it was misleading, but the intent was nothing more than to play off the product name.

2) The point of the "Non-Linux FOSS" posts is to give Windows/Mac users a little glimpse into the world of Open Source. Sometimes I pick Windows-only programs, sometimes I pick something available cross-platform.

3) When I say it's a wired-only, I meant as opposed to wireless, which is the most common question I get about Ethereal (Wireshark). Perhaps I should have clarified my meaning better, my bad.

4) If I "dove deep" with an article intended for a Windows audience (again, refer to point 2), I'd get tarred and feathered.

All that said, thanks for the feedback. My intent wasn't to bamboozle anyone. :)

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

So 802.11 wireless is not wireless?

Anonymous's picture

"3) When I say it's a wired-only, I meant as opposed to wireless, which is the most common question I get about Ethereal (Wireshark). Perhaps I should have clarified my meaning better, my bad."

Since, according to the webpage posted, Wireshark on Linux, Windows, and Mac OSX supports sniffing 802.11 Wireless LAN, how is that possibly "wired-only?"

I may be absolutely wrong here...

Shawn Powers's picture

It appears I may be wrong. I tried for years to get anything useful from a wireless interface with Ethereal, but was never successful. Then a product for wireless ("airshark" I think it was called) was available, so I wrongly assumed wireless just wasn't in Ethereal's bag of tricks.

So while it appears I was incorrect, I can say, "I've only ever had luck using it as a wired-ethernet tool, YMMV."

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

deep dive ?

Recettes Thai's picture

as everyone else i totally agree on this... what a joke !

hey, today is april 1st and no one told me :(

Seriously? Is this, like, a

Anonymous's picture

Seriously?

Is this, like, a placeholder for an *actual* article on Wireshark?

HEY EVERYONE!!! Here's a "deep dive" on Ubuntu:

ubuntu.png

Check it out at www.ubuntu.com

Wireshark: "Deep Dive"??

robert williams's picture

Shawn, Shawn, Shawn . . . I'm surprised & disappointed!! Even I, a 62-yr. old 'hacker-wanna-be' (can't be...time constraints: got 2 ea. teenagers!!) know *better* than this!! Next time you've had one too many, or simply need time off --- take the day off!! Even I know wireshark is capable of more than "strictly a wired-ethernet inspection tool..." I've been reading your pieces since about the mid-1990's and you are more resourceful than this!! Re-make this sandwich, and put some meat on it!
Take Care. Have A Healthy, Prosperous Day!!
---rob

the thing is that i expected

Dzak's picture

the thing is that i expected too something more about this program. I am sure that there's more of this kind if you google it.

What a waste of a mouse click...

Anonymous's picture

I agree with most of the posters - I was hoping to see something about filters and all the other protocols it supports - even RTP recording! No mention of any of this. Stop sending SPAM to increase mouse clicks to your site...

Lost in translation ...

Anonymous's picture

Got this from my RSS feed and was expecting a "a dive deep" review of wireshark but all I've got was:

1. A screenshot
2. A link to wireshark website

Thanks to Linux Journal for wasting our time ...oh btw: my niece can do a much better job if this kind of quality goes into LJ. where the heck is the editor anyway ?

It's for more than just wired ethernet

Anonymous's picture

From http://wiki.wireshark.org/CaptureSetup/NetworkMedia, Wireshark on both OSX and Windows supports Ethernet, PPP, 802.11 Wireless LAN, and VLAN. On Mac it supports loopback (Windows does not have), and on Windows it supports Tokenring.

Of course, on Linux, it supports ATM, Bluetooth, CiscoHDLC, Ethernet, FDDI, FrameRelay, IrDA, PPP, TokenRing, USB, 802.11 Wireless LAN, Loopback, VLAN Tags

So it is NOT "strictly a wired-ethernet inspection tool" - not by a longshot.

misleading title

Anonymous's picture

Why is this titled "Dive Deep...". I came here expecting some cool things you could do with wireshark. Filters and such. This is worthless.

Hasn't Wireshark been

Anonymous's picture

Hasn't Wireshark been available for Windows for years?

Yes. Yes it has.

Anonymous's picture

Yes. Yes it has.

I thought so, I recall

Anonymous's picture

I thought so, I recall experimenting with it.

This article makes no sense at all, I think someone accidentally posted a draft article.

really?

Anonymous's picture

Thanks for spending 5 minutes posting a screenshot and URL for Wireshark, that was really worthwhile.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix