I've never used Wireshark before, and for that matter, any network protocol analyzer. I now need to do so to troubleshoot an IP protocol called BACnet. I just installed Wireshark 2.0 on my Windows PC, but didn't know what to do next. Search for tutorials, and found a bunch, but they looked different that what I was seeing. Then, I found out that I was using the new (and presumably improved) 2.0 version. I see that I could also launch "Wireshark Legacy". Questions...
Thanks! asked 15 Dec '15, 16:59  NotionCommotion edited 15 Dec '15, 17:26 |
2 Answers:
The functionality is pretty much the same, it's the UI that has changed mostly, although some things haven't yet been implemented in the new UI. The legacy link offers the same functionality using the old UI, which is likely to be dropped for 2.2, maybe. If you're happy to work things out yourself when the UI differs from all the old tutorials I think you'll actually learn more using the new UI. If you're getting stuck, then by all means use the legacy UI but remember it's likely to go away at some time. answered 16 Dec '15, 04:21  grahamb ♦ |
If it helps I have a lot of Wireshark training videos on my website and starting posting Wireshark 2.0 stuff. No registration, all free, no gimmicks, just enjoy. answered 28 Dec '15, 04:35  thetechfirm |
Isn't the "legacy link" and the "old UI" the same? Recommendations on any "get started" documentation for the new 2.0 UI? Thanks
Yes, legacy is the old UI (or GTK). The new UI is also know as the Qt UI.
Wireshark University has a Webinar on Wireshark 2.0 listed on their front page.