Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Too many bugs have been fixed since the 1.0 release to list here. Some notable fixes are:
* Type-ahead search now works properly.
* Several bugs that affected capture from pipes have been fixed.
* Many Lua-related bugs have been fixed.
* Several memory leaks have been found and fixed.
* The "Follow TCP Stream" feature could show two streams at the same time The hex dump view has been narrowed.
* WPA and SSL decryption bugs have been fixed.
* Readability problems on 256-color displays on Windows have been fixed.
New and Updated Features
The following features are new (or have been significantly updated) since version 1.0:
* Wireshark has a spiffy new start page.
* Display filters now autocomplete.
* A 64-bit Windows (x64) installer is now provided.
* Support for the c-ares resolver library has been added. It has many advantages over ADNS.
* Many new protocol dissectors and capture file formats have been added (see below for a complete list).
* Macintosh OS X support has been improved.
* GeoIP database lookups.
* OpenStreetMap + GeoIP integration.
* Improved PostscriptÂ® print output.
* The preference handling code is now much smarter about changes.
* Support for Pcap-ng, the next-generation capture file format.
* Support for process information correlation via IPFIX.
* Column widths are now saved.
* The last used configuration profile is now saved.
* Protocol preferences are changeable from the packet details context menu.
* Support for IP packet comparison.
* Capinfos now shows the average packet rate.
* GTK1 is no longer supported. (Yes, this is a feature.)
* Official Windows packages are now built using Microsoft Visual C++ 2008 SP1.
New Protocol Support
Anything in Anything Protocol, ATM PW, N-to-one Cell Mode, B.A.T.M.A.N. Layer 3 Protocol, BACnet MS/TP, BSS LCS Assistance Protocol, Canon BJNP, CESoPSN basic NxDS0 mode (no RTP support), Charging ASE, Cimetrics MS/TP, DECT Protocol, Digital Private Signalling System No 1 Link Layer, DOCSIS Mac Domain Description, DOCSIS Registration Request Multipart, DOCSIS Registration Response Multipart, DOCSIS Synchronisation Message, E100 Encapsulation, EHS, Enhanced Variable Rate Codec, Ethernet Global Data, Ethernet PW, Exchange 2003 Directory Request For Response, Far End Failure Detection, FCoE Initialization Protocol, GOOSE, GPEF, GPRS Tunneling Protocol V2, GSM A-I/F COMMON, GSM A-I/F GPRS Mobility and Session Management, GSM SACCH, GSM Um Interface, HDLC PW, FR port mode (no CW), HDLC-like framing for PPP, IEC 60870-5-104,Apci, IEC 60870-5-104,Asdu, IEEE 802.15.4 Low-Rate Wireless PAN non-ASK PHY, IEEE C37.118 Synchrophasor Protocol, Intelligent Platform Management Interface (Session Wrapper), Inter-Integrated Circuit, Internal TDM, IPSICTL, ISMACryp Protocol, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, iWARP Marker Protocol data unit Aligned framing, Kontiki Delivery Protocol, LANforge Traffic Generator, Layer 1 Event Messages, Lb-I/F BSSMAP LE, LeCroy VICP, Link Access Procedure, Channel Dm (LAPDm), Local Download Sharing Service, LTE Radio Resource Control (RRC) protocol, MAC-LTE, Memcache Protocol, Mesh Header, MP4V-ES, Nasdaq TotalView-ITCH, Nasdaq-SoupTCP version 2.0, NAT Port Mapping Protocol, Netdump Protocol, Non-Access-Stratum (NAS)PDU, PacketLogger, Paltalk Messenger Protocol, PDCP-LTE, PW Associated Channel Header, PW Ethernet Control Word, PW Frame Relay DLCI Control Word, PW MPLS Control Word (generic/preferred), Real-Time Publish-Subscribe Wire Protocol 2.x, Remote Packet Capture, RLC-LTE, SAToP (no RTP support), SERCOS III V1.1, SIMULCRYPT Protocol, Subnetwork Dependent Convergence Protocol XID, Teamspeak2 Protocol, TTEthernet, TTEthernet Protocol Control Frame, Turbocell Aggregate Data, Turbocell Header, TURN Channel, Unreliable Multicast Inter-ORB Protocol, VCDU, Wave Short Message Protocol(IEEE P1609.3), Wireless Access Station Session Protocol, Wireshark Expert Info, World of Warcraft, Xpress Transport Protocol, ZigBee Application Framework, ZigBee Application Support Layer, ZigBee Device Profile, ZigBee Encapsulation Protocol, ZigBee Network Layer, Zipped Inter-ORB Protocol, ZRTP
Updated Protocol Support
There are too many updates to list here.
New Capture File Support
Apple Bluetooth PacketLogger, Daintree's Sensor Network Analyzer, dct3trace, Pcap-NG, TNEF (yes, those silly winmail.dat attachments)