Wireshark is a free, open-source network protocol analyzer that captures and displays packet data in real time Wireshark operates at the packet level, dissecting traffic across all OSI layers using over 500 protocol dissectors to decode everything from Ethernet frames to application-layer protocols like HTTP, DNS, and TLS. The tool runs on Windows, macOS, Linux, and Unix systems, leveraging capture libraries like pcap (Linux/macOS), Npcap (Windows), and WinPcap (legacy Windows) to intercept network traffic at the interface level before operating system processing. Wireshark's display filter engine uses a powerful multi-pass analysis system that allows retrospective filtering and reassembly of fragmented packets, TCP streams, and encrypted sessions when decryption keys are provided—making it indispensable for troubleshooting network performance, diagnosing protocol issues, and analyzing security incidents.