Wireshark 2 preview


I recently updated my Wireshark installation to version 1.12.0 and during my normal happy-clicky install process, noticed one of the options to install was something called ‘Wireshark 2 Preview’. Intrigued, I carried on clicking, making sure there were no further boxes wanting to install the Ask Toolbar. (Die Java, just die!)

Wireshark 2 preview

As those of you who use Wireshark regularly will probably know, the developers announced a big change that was on its way back with the release of 1.11.0 in October 2013, that change being they were switching the user interface library from GTK+ to Qt. I believe this decision was arrived at to provide a more standardised feel for the app across multiple platforms. Also, support for GTK+ was waning.

First thoughts

When you install version 1.12.0, you will also get the option to add start menu and desktop icons for the version 2 preview. Upon opening the preview, the word that immediately sprung to mind was ‘clean’. It’s much less cluttered than the current version. In fact, it takes  a little getting used to, but that’s change for you.

I encourage you to go and try it out for yourself but a couple of things that I have noticed from playing with it that I like are:

  • The interface selection screen shows a mini utilisation graph so you can see at a glance which interfaces have traffic going over them. Useful if you have many NICs on your machine e.g. VMware installed
  • The IO graphs seem to be better scaled without any tinkering, plus have guidelines that make reading graphs easier. As these are exportable also, it makes reporting look prettier


Overall, I like the new version. As expected, there are a couple of bugs I’ve found that I’ll be feeding back to Gerald and his gang, but this definitely feels like a step in the right direction.

Till the next time.

Please let me know your thoughts!