Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The following vulnerabilities have been fixed.
* The GSM A RR dissector could crash. (Bug 3893) Versions affected: 1.2.0 to 1.2.1
* The OpcUa dissector could use excessive CPU and memory. (Bug 3986) Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
* The TLS dissector could crash on some platforms. (Bug 4008) Versions affected: 1.2.0 to 1.2.1
* The "Capture->Interfaces" window can't be closed. (Bug 1740)
* tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)
* Memory leak fixes. (Bug 3330)
* Display filter autocompletion doesn't work for some RADIUS and WiMAX ASNCP fields. (Bug 3538)
* Wireshark Portable includes wrong WinPcap installer. (Bug 3547)
* Crash when loading a profile. (Bug 3640)
* The proto,colinfo tap doesn't work if the INFO column isn't being printed. (Bug 3675)
* Flow Graph adds too much unnecessary garbage. (Bug 3693)
* The EAP Diameter dictionary file was missing in the distribution. (Bug 3761)
* Graph analysis window is behind other window. (Bug 3773)
* IKEv2 Cert Request payload dissection error. (Bug 3782)
* DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified domain-name. (Bug 3792)
* Malformed RTCP Packet error while sending Payload specific RTCP feedback packet( as per RFC 4585). (Bug 3800)
* 802.11n Block Ack packet Bitmap field missing. (Bug 3806)
* Wireshark doesn't decode WBXML/ActiveSync information correctly. (Bug 3811)
* Malformed packet when IPv6 packet has Next Header == 59. (Bug 3820)
* Wireshark could crash while reading an ERF file. (Bug 3849)
* Minor errors in gsm rr dissectors. (Bug 3889)
* WPA Decryption Issues. (Bug 3890)
* GSM A RR sys info dissection problem. (Bug 3901)
* GSM A RR inverts MEAS-VALID values. (Bug 3915)
* PDML output leaks ~300 bytes / packet. (Bug 3913)
* Incorrect station identifier parsing in Kingfisher dissector. (Bug 3946)
* DHCPv6, Vendor-Specific Informantion, SubOption"Option Request" parser incorrect. (Bug 3987)
* Wireshark could leak memory while analyzing SSL.
* Wireshark could crash while updating menu items after reading a file in some cases.
* The Mac OS X ChmodBPF script now works correctly under Snow Leopard.
##New and Updated Features
* There are no new or updated features in this release.
* New Protocol Support
* There are no new protocols in this release.
##Updated Protocol Support
* DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11, IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP, SSL, TCP, WBXML, ZRTP
##Updated Capture File Support