During my Aruba SWDI Training in KL, my instructor Kevin Hamilton has teached us a little bit about network security analyst's toolkit using Wireshark. Immediately after the training session, I try to find a way where to got this analyzer (freedownload if possible) and how to install it.
According to the security expert in the University of Notre Dame, Mike Chapple... he said, Installing Wireshark is a piece of cake. Binary versions can be downloaded for Windows or Macintosh OS X. Wireshark is also available through the standard software distribution systems for most flavors of Unix/Linux, and the source code is also available for installation on other operating systems.
The Wireshark development team built the Windows version on top of the WinPcap packet capture library. Those running Windows must install WinPcap if they haven't already. One word of caution: If you're running an outdated version of WinPcap, remove it manually through the "Add/Remove Programs" control panel before running the Wireshark installer.
The installation process uses a familiar wizard-based sequence that only asks two significant questions: whether you want to install WinPcap and whether you want to start the WinPcap Netgroup Packet Filter (NPF) service at startup. Selecting the latter option allows users without administrator privileges to capture packets. If you don't start this service, only administrators will be able to run Wireshark.
Source: ERM Blog