Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
o The SMTP dissector could consume excessive amounts of CPU and
Versions affected: 1.0.4
o The WLCCP dissector could go into an infinte loop.
Versions affected: 0.99.7 to 1.0.4
The following bugs have been fixed:
o Missing CRLF during HTTP POST in the "packet details" window
o Memory assertion in time_secs_to_str_buf() when compiled with
GCC 4.2.3 (Bug 2777)
o Diameter dissector fails RFC 4005 compliance (Bug 2828)
o LDP vendor private TLV type is not correctly shown (Bug 2832)
o Wireshark on MacOS does not run when there are spaces in its
path (Bug 2844)
o OS X Intel package incorrectly claims to be Universal (Bug
o Compilation broke when compiling without zlib (Bug 2993)
o Memory leak: saved_repoid (Bug 3017)
o Memory leak: follow_info (Bug 3018)
o Memory leak: follow_info (Bug 3019)
o Memory leak: tacplus_data (Bug 3020)
o Memory leak: col_arrows (Bug 3021)
o Memory leak: col_arrows (Bug 3022)
o Incorrect address structure assigned for find_conversation()
in WSP (Bug 3071)
o Memory leak with unistim in voip_calls (Bug 3079)
o Error parsing the BSSGP protocol (Bug 3085)
o Assertion thrown in fvalue_get_uinteger when decoding TIPC
o LUA script : Wireshark crashes after closing and opening again
a window used by a listener.draw() function. (Bug 3090)
New and Updated Features
There are no new or updated features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ANSI MAP, BSSGP, CIP, Diameter, ENIP, GIOP, H.263, H.264, HTTP,
MPEG PES, PostgreSQL, PPI, PTP, Rsync, RTP, SMTP, SNMP, STANAG
5066, TACACS, TIPC, WLCCP, WSP
New and Updated Capture File Support
Wireshark source code and installation packages are available from
the download page on the main web site.
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
packages can be found on the download page on the Wireshark web
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.
Wireshark may appear offscreen on multi-monitor Windows systems.
Wireshark might make your system disassociate from a wireless
network on OS X. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Wireshark can't dynamically update the packet list. This means
that host name resolutions above a certain response time threshold
won't show up in the packet list. (Bug 1605)
Capture filters aren't applied when capturing from named pipes.
Wireshark might freeze when reading from a pipe. (Bug 2082)
Capturing from named pipes might be delayed on Windows. (Bug 2200)
Filtering tshark captures with display filters (-R) no longer
works. (Bug 2234)
Community support is available on the wireshark-users mailing
list. Subscription information and archives for all of Wireshark's
mailing lists can be found on the web site.
Commercial support and development services are available from
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.