Wireshark 4.6.6

It puts your network interface into capture mode and records every packet in real time, then decodes each one against a library of thousands of protocol dissectors so you can read the conversation between machines instead of guessing at it.

Version 4.6.6 is the current stable release, distributed free under the GNU GPL v2 by the Wireshark Foundation, and the Windows installer on this page bundles everything you need to start capturing immediately.

What Wireshark Actually Does

At its core Wireshark answers one question: what is really happening on this network connection?

It captures packets straight from a live interface (Ethernet, Wi-Fi, loopback, USB, and more) and parses them layer by layer - Ethernet frame, IP header, TCP or UDP segment, and the application protocol riding on top, whether that is HTTP, DNS, TLS, SMB2, RDP, or one of the hundreds of others it recognizes.

You can apply display filters to isolate a single conversation, follow a TCP or TLS stream to read an exchange end to end, color-code traffic by rule, and export captures for later analysis. The same engine ships as the command-line tool TShark for scripted and headless capture, and editcap and mergecap for trimming and combining capture files.

What's New in 4.6.6

The 4.6.6 release is primarily a maintenance and security update. It fixes one security vulnerability and resolves a DLL conflict that affected older Windows 10 installations. It sits on the 4.6 branch, which the Wireshark project has designated as the final release series to support Windows 10, Red Hat Enterprise Linux 8, and Qt 5 - worth knowing if you are planning longer-term tooling on an older OS.

Each Windows package ships with the current stable build of Npcap, the capture driver Wireshark needs to read live traffic, so a clean install gives you a working capture environment out of the box. If you have an older Wireshark installed, note that Windows upgrades do not automatically retain optional features unless you ask for them during setup.

Installing on Windows

Run the installer and accept the bundled Npcap component when prompted - without a capture driver, Wireshark can still open saved .pcap and .pcapng files but cannot capture live traffic. The installer is a standard 64-bit Windows package.

One compatibility note straight from the project: this branch does not run on Windows 10 version 1809, including Server 2019 and some LTSC builds, so a current Windows 10 or Windows 11 install is what you want. After installation, launch Wireshark, pick your active interface from the welcome screen, and packets start scrolling immediately.

Where Wireshark Fits in Your Security Toolkit

Wireshark shows you what is moving across your network; the rest of a privacy setup is about controlling it.

The natural companion is a VPN: where Wireshark reads traffic in the clear on a network you are authorized to analyze, Proton VPN encrypts your own connection so that nobody running a packet capture on the same network can read yours.

The two sit side by side in our Security Tools category for exactly that reason - one diagnoses, the other defends. If you spend time on public Wi-Fi, capturing a few minutes of your own traffic in Wireshark is an eye-opening way to see precisely what a VPN hides.

Who Should Look Elsewhere

Wireshark is a diagnostic and analysis tool, not a download manager, a VPN, or a media utility, and it is overkill if your actual need is something simpler. If you are trying to manage torrent traffic rather than inspect it, a client like qBittorrent or uTorrent is the right tool.

If you only want to know what codecs and streams are inside a media file rather than what is moving across your network, MediaInfo reads container and codec metadata directly, and the browser-based online tools do the same with nothing to install. And if your goal is grabbing video off a site rather than analyzing the traffic, yt-dlp is built for that.

Where Wireshark Fits Alongside Your Other Tools

Packet analysis often sits next to media and streaming work. If you are reverse-engineering or debugging a stream URL, Wireshark shows you the raw network requests, and the in-browser Stream Extractor can pull a playable URL once you have located it.

For developers and power users who script around captured data, FFmpeg handles any media the traffic carries. On the Windows runtime side, most media and capture applications expect DirectX and the standard system libraries to be current. If you came here trying to fix playback rather than inspect a network, the Codec Finder will get you sorted faster than a packet capture will. For broader playback setups, a bundle like K-Lite Codec Pack or a player such as VLC Media Player covers what most people actually need.

Is Wireshark Safe and Legal?

Wireshark itself is legitimate, open-source software trusted by enterprises, universities, and security teams worldwide, and the build here is the unmodified official release.

What matters is how you use it: capturing traffic on networks you own or are authorized to analyze is standard practice, while sniffing networks you do not have permission to monitor is not.

Because Wireshark can place an interface in promiscuous mode and read traffic it sees, treat it as the powerful diagnostic instrument it is - and if your goal is to protect your own traffic rather than study someone else's, that is what the rest of our Security Tools are for. As always, browse our guides if you need something more specialized.