Wireshark is an open‐source tool used for capturing network traffic and analyzing packets at an extremely granular level. Sometimes Wireshark is called a network analyzer or a sniffer. Wireshark is a powerful tool and technically can be used for eavesdropping. Wireshark shows packet details captured from different network media, breaking down the Open Systems Interconnection model into the data link, network, transport, and application layers. Wireshark uses display filters to concentrate on interesting packets while hiding the boring ones. Wireshark has predefined coloring rules in the Edit menu under Preferences. Wireshark can run on Windows and Linux machines. Most of the Wireshark menu has the standard File, Edit, View, and Capture options. Stories abound of network administrators capturing usernames, passwords, email addresses, and other sensitive user data. Wireshark is legal to use, but it can become illegal if cybersecurity professionals attempt to monitor a network that they do not have explicit authorization to monitor.