Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following vulnerabilities have been fixed.
- The Bluetooth HCI ACL dissector could crash.
- The NBAP dissector could crash.
- The ASSA R3 dissector could go into an infinite loop.
- The RTPS dissector could overflow a buffer.
- The MQ dissector could crash.
- The LDAP dissector could crash.
- The Netmon file parser could crash.
# The following bugs have been fixed:
- Lua ByteArray:append() causes wireshark crash.
- Lua script can not get "data-text-lines" protocol data.
- Lua: Trying to use Field.new("tcp.segments") to get reassembled TCP data is failed.
- "Edit Interface Settings": "Capture Filter" combo box is not populated across Wireshark sessions.
- PER normally small non-negative whole number decoding is wrong when >= 64.
- Strange behavior of tree expand/collapse in packet details.
- Incorrect parsing of IPFIX *IpTotalLength elements.
- IO graph/advanced, max/min/summ error on frames with multiple Diameter messages.
- pod2man error on reordercap.pod.
- SGI Nsym disambiguation is unconditionally displayed when dissecting VHT.
- The Wireshark icon doesn’t show up in OS X 10.5.
- Build fails if system Python is version 3+.
- SCSI dissector does not parse PERSISTENT RESERVE commands correctly.
- SDP messages throws an assert.
- Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses.
- PN_MRP LinkUp Message is shown as LinkDown in info.
- Dissector for EtherCAT: ADS highlighting in the Packet Bytes Pane is incorrect.
- 802.11 HT Extended Capabilities B10 decode incorrect.
- Wrong dissection of MSTI Root Identifiers for all MSTIs.
- Weird malformed HTTP error.
- Warning for attempting to install 64-bit Wireshark on a 32-bit machine has an embedded "\n".
- Wireshark crashes when using "Export Specified Packets" > "Displayed".
# Updated Protocol Support
- ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2, HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS, PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
# New and Updated Capture File Support
- Microsoft Network Monitor, pcap-ng.