Working with a busy network can easily produce huge capture files.

Capturing on a gigabit or even 100 megabit network can produce hundreds of megabytes of capture data in a short time.

Wireshark can capture traffic from many different network media types - and despite its name - including wireless LAN as well.

However, to really appreciate its power you have to start using it.

Figure 1.1, “Wireshark captures packets and lets you examine their contents.” shows Wireshark having captured some packets and waiting for you to examine them.

As Wireshark has become a very complex program since the early days, not every feature of Wireshark may be explained in this book.

This book is not intended to explain network sniffing in general and it will not provide details about specific network protocols.

Older versions of Windows which are outside Microsoft’s extended lifecycle support window are no longer supported.

It is often difficult or impossible to support these systems due to circumstances beyond our control, such as third party libraries on which we depend or due to necessary features that are only present in newer versions of Windows (such as hardened security or memory management).

Because of that, it is very easy for people to add new protocols to Wireshark, either as plugins, or built into the source, and they often do!

The amount of resources Wireshark needs depends on your environment and on the size of the capture file you are analyzing.

However, with the advent of Wireshark, all that has changed.

