Wireshark 2 preview

Introduction

I recently updated my Wireshark installation to version 1.12.0 and during my normal happy-clicky install process, noticed one of the options to install was something called ‘Wireshark 2 Preview’. Intrigued, I carried on clicking, making sure there were no further boxes wanting to install the Ask Toolbar. (Die Java, just die!)

Wireshark 2 preview

As those of you who use Wireshark regularly will probably know, the developers announced a big change that was on its way back with the release of 1.11.0 in October 2013, that change being they were switching the user interface library from GTK+ to Qt. I believe this decision was arrived at to provide a more standardised feel for the app across multiple platforms. Also, support for GTK+ was waning.

First thoughts

When you install version 1.12.0, you will also get the option to add start menu and desktop icons for the version 2 preview. Upon opening the preview, the word that immediately sprung to mind was ‘clean’. It’s much less cluttered than the current version. In fact, it takes  a little getting used to, but that’s change for you.

I encourage you to go and try it out for yourself but a couple of things that I have noticed from playing with it that I like are:

  • The interface selection screen shows a mini utilisation graph so you can see at a glance which interfaces have traffic going over them. Useful if you have many NICs on your machine e.g. VMware installed
  • The IO graphs seem to be better scaled without any tinkering, plus have guidelines that make reading graphs easier. As these are exportable also, it makes reporting look prettier

Summary

Overall, I like the new version. As expected, there are a couple of bugs I’ve found that I’ll be feeding back to Gerald and his gang, but this definitely feels like a step in the right direction.

Till the next time.

Please let me know your thoughts!