Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
- Menu and Title bars inaccessible using GTK2 (non-legacy) with two monitors.
- 802.11 Probe Response fails to parse.
- Tshark - decimal symbol.
- Malformed tpncp.dat file can crash Wireshark.
- SSL decryption not work even with example capture file and key.
- Info line is incorrect on SIP message containing another SIP message in body.
- OOPS: dissector table "sctp.ppi" doesn't exist Protocol being registered is "Datagram Transport Layer Security".
- Dissection of IEEE 802.11 Channel Switch Announcement element fails.
- Invalid memory accesses when loading RADIUS captures.
- ISUP CIC should have format BASE_DEC, not BASE_HEX.
- We don't handle pcap-ng files with IDBs that come after packet blocks.
- '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA dialog does not work.
- nas_eps dissector does not decode some esm message.
- WLAN decryption status not updated after updating WEP/WPA keys.
- IPv6 Option Pad1 Incorrect dissection.
- Print GNUTLS error message if PEM import fails.
- GSM classmark3 8-PSK decode error.
- Parsing the Server Name Indication extension in SSL/TLS traffic reads some fields incorrectly.
- Lua code crashes wireshark after update to 1.8.3.
- 2 bugs in Ran-Information-Error Rim Container.
- Misspelling (typo) in IPv6 display filter field name.
- Two BSSGP dissector bugs.
- Core dump during SCTP association analysis.
# Updated Protocol Support
- 3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE 802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism, RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
# New and Updated Capture File Support
- CommView NCF, iSeries, pcap-ng.