Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
* When saving the displayed packets, packets which are dependencies (e.g., due to reassembly) of the displayed packets are included in the list of saved packets.
* Rearranging columns in preferences doesn't work on 64-bit Windows.
# New and Updated Features
* Wireshark supports capturing from multiple interfaces at once.
* You can now add, edit, and save packet and capture file annotations.
* Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.)
* Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier.
* OID resolution is now supported on 64-bit Windows.
* When saving packets, the default choice is now to save only the displayed packets rather than all packets.
* TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are.
* TCP window updates are no longer colorized as "Bad TCP".
* TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets.
* GeoIP IPv6 databases are now supported.
# New Protocol Support
* Aastra Signalling Protocol (AASP), ActiveMQ OpenWire, Bandwidth Reservation Protocol (BRP), Bazaar, Binary Floor Control Protocol, BitTorrent DHT, C12.22, CANopen, CIP Motion, CIP Safety, Cisco FabricPath MiM, DMX Channel Data, DMX SIP, DMX Test, DMX Text, DMX, DVB Application Information Table, DVB Bouquet Association Table, DVB Event Information Table, DVB MultiProtocol Encapsulation (DVB-MPE), DVB Network Information Table, DVB Service Description Table, DVB Time and Date Table, DVB Time Offset Table, DVB/ETSI IP Data Cast (IPDC) Electronic Service Guide (ESG), ECP VDP, EIA-709.1 (LonTalk), EIA-852 (CN/IP), ELCOM, Ericsson A-bis OML (OM 2000), Ericsson HDLC, Ericsson Proprietary PCAP, ETSI CAT, ETV-AM Data, ETV-AM EISS Section, Flight Message Transfer Protocol (FMTP), Gadu-Gadu, GEO-Mobile Radio (1) BCCH, GEO-Mobile Radio (1) Common, GEO-Mobile Radio (1) DTAP, GEO-Mobile Radio (1) Radio Resource, Gluster Callback, Gluster CLI, Gluster Dump, Gluster Portmap, GlusterD, GlusterFS Callback, GlusterFS Handshake, GlusterFS, GSM A-bis OML, GSM CBCH, GSM Cell Broadcast Service, GSM SIM, H.248.2, Hadoop Distributed File System (HDFS), HART/IP, Hazelcast, HDFS Data, High bandwidth Digital Content Protection (HDCP), High-availability Seamless Redundancy (HSR), HomePlug AV, HSR/PRP, IEEE 1722.1, ISO 7816, ixveriwave, Kismet drone/server protocol, KristalliNet, LCS-AP, Link Access Procedure, Satellite channel (LAPSat), LLRP, LTE Positioning Protocol A (LPPa), LTE Positioning Protocol, M3 Application Protocol (M3AP), MAC Address Acquisition Protocol, MBMS synchronisation protocol, Microsoft Credential Security Support Provider (CredSSP), MoldUDP, MoldUDP64, MPEG Conditional Access, MPEG descriptors, MPEG DSM-CC, MPEG Program Association Table (PAT), MPEG Program Map Table, MPEG Section, MPLS Packet Loss and Delay Measurement, MPLS-TP Protection State Coordination, Multiple VLAN Registration Protocol (MRVP), Netfilter LOG, NOE, NXP MiFare, NXP PN532, Open IPTV Forum openSAFETY, Performance Co-Pilot (PCP), PPI Sensor, RDP, RTP-MIDI, SBc Application Part (SBc-AP), SDH/SONET, Solaris IP over InfiniBand, Sony FeliCa, T.124, UA (Universal Alcatel), UA3G, UASIP, UAUDP, USB Integrated Circuit Card Interface Device Class (CCID), V5 Data Link Layer (V5DL), V5 Envelope Function (V5EF), Virtual eXtensible Local Area Network (VXLAN), VSS-Monitoring, Vuze DHT, WaveAgent, WebSocket, WSE Remote Ethernet, XMCP, YAMI
# Updated Protocol Support
* Too many protocols have been updated to list here.
# New and Updated Capture File Support
* Aethra Telecommunications' PC108, Catapult DCT2000, Citrix NetScaler, Cisco Secure IDS IPLog, Endace ERF, Gammu DCT3, Generic MIME, IBM iSeries, InfoVista 5View, Ixia IxVeriWave, LANalyzer, Microsoft NetMon, MPEG2-TS, Network Instruments Observer, Nokia DCT3, pcap, pcap-ng, Solaris snoop, TamoSoft CommView, Tektronix K12xx, XML