Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
- The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- The TCP dissector could hang or crash while reassembling HTTP
packets. (Bug 1200)
Versions affected: 0.99.2 to 0.99.4
- The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
- On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
- On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
The following bugs have been fixed:
- On Windows systems the packet list scroll bar could sometimes
disappear or become unusable. (Bug 220)
- The end of HTTP chunked encoding wasn't being displayed.
- The Follow TCP Stream window could omit characters. (Bug
- Opening a flow graph could crash Wireshark. (Bug 1117)
- Follow TCP Stream would sometimes get the direction wrong.
- The foreground text in the coloring rules editor was always
black.. (Bug 1164)
- The CSV export format was incorrect. (Bug 1173)
- On some Windows systems Wireshark could take a long time to
- Malformed UDLD packets could cause an exception.
- The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
- We are now offering Wireshark as a U3 package for Windows.
U3 packages are suitable for using on USB drives and CD-ROMs.
It's still experimental, but you're welcome to try it out and
report any problems or successes.
- Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
- 64-bit file handling has been improved.
- The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL stream dialogs.
- Main window keyboard navigation has been improved.
- Windows file dialogs now show the "places" bar (Desktop, My
Documents, My Computer, My Network Places, etc). File dialogs
now default to "My Documents" in accordance with Microsoft's
- AirPcap support (which provides raw mode capture under
Windows) has been enhanced to allow capturing on multiple
AirPcap adapters simultaneously.
- You can no longer install Wireshark on Windows 95, 98, or ME.
(OK, so it's not a feature per se, but it's an important
change). The last version known to work on these systems is
- ASN.1 BER-encoded files can now be dissected according to a
New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
New and Updated Capture File Support
- Catapult DCT2000, Netttl, Windows Sniffer / NetXray