Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The SCTP dissector could crash.
Versions affected: 0.99.5 to 0.99.7
o The SNMP dissector could crash.
Versions affected: 0.99.6 to 0.99.7
o The TFTP dissector could crash Wireshark on Ubuntu 7.10. (This
appears to be a bug in the Cairo library on that platform.)
Reported by Noam Rathaus.
Versions affected: 0.6.0 to 0.99.7
The following bugs have been fixed:
o Wireshark could crash when saving I/O graphs.
o Wireshark could crash when editing table-based preferences.
o Wireshark could crash when trying to play RTP streams.
o Wireshark could crash when trying to apply a display filter
o Wireshark could crash in Turkish and other locales.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o You can now have multiple configuration profiles.
o Temporary coloring rules have been added, which let you color
or filter on a conversation.
o I/O graphs have been improved.
o Wireshark now has WLAN traffic statistics.
o The Wireshark GUI now supports RPCAP.
o Conversations and endopoints can now be limited to the current
o Experimental support for the NTAR/PcapNG file format has been
New Protocol Support
AiroPeek Remote Capture, China Mobile Point to Point, Distributed
Lock Manager 3, EUTRAN X2 Application Protocol, Fieldbus
Foundation, International Passenger Airline Reservation
System/Airline Link Control, Microsoft DirectPlay, Path
Computation Element communication Protocol, Real Time Messaging
Protocol, S1 Application Protocol, Scripting Service Protocol,
Societe Internationale de Telecommunications Aeronautiques, Unisys
Transmittal System, Wi-fi Protected Setup,
Updated Protocol Support
3G A11, 3GPP, ACN, ACP133, ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI
MAP, ARP, ASAP, AVS WLAN, BACapp, BER, BOOTP, Bluetooth (HCI ACL,
HCI CMD, HCI EVT, HCI SCO, L2CAP, SDP), CDP, CFM, CMS, COPS,
Camel, Cisco ERSPAN, DAP, DCERPC SPOOLSS, DCERPC, DHCP, DHCPv6,
DIAMETER, DMP, DTLS, E.164, EAP, ENIP, ENRP, EtherCAT, Ethernet,
FMP, FTAM, GMRP, GRE, GSM MAP, GSM SMS, GSS-API, GTP, Gryphon,
H.223, H.225, H.245, H.263, H.264, H.460, HCI H1, HTTP, ICMP, IEEE
802.11, IGMP, IPP, ISAKMP, ISUP, JFIF, JPEG, JXTA, Kerberos, LDAP,
MP2T, MS MMS, MTP3MG, NBAP, NFS, NHRP, NetFlow, P7, PER, PIM,
PKCS12, PPPoE, PTP, P_Mul, Q.932, Quakeworld, RANAP, RMT ALC, RMT
LCT, ROS, RPC, RPL, RRC, RTCP, RTP, SCCP, SCTP, SDP, SLL, SMB,
SMB2, SMPP, SMTP, SNMP, SRVLOC, SSL, STUN2, T.38, TCAP, TCP, TFTP,
TiVoConnect, UCP, UDP-Lite, USB, VLAN, WBXML, X.411, X.420,
New and Updated Capture File Support
Catapult DCT2000, DBS Etherwatch, NTAR/PcapNG, TamoSoft CommView,