Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
* ISO SSAP: ActivityStart: Invalid decoding the activity parameter as a BER Integer.
* Forward slashes in URI need to be converted to backslashes if WIN32.
* Character echo pauses in Capture Filter field in Capture Options.
* Some PGM options are not parsed correctly.
* dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark).
* Unable to rearrange columns in preferences on Windows. (Bug 6077) (Note: this bug still affects the 64-bit package)
* No error for UDP/IPv6 packet with zero checksum.
* Wireshark installer doesn't add access_bpf in 10.5.8.
* Corrupted Diameter dictionary file that crashes Wireshark.
* packetBB dissector bug: More than 1000000 items in the tree -- possible infinite loop.
* ZEP dissector: Timestamp not always displayed correctly. Fractional seconds never displayed.
* GOOSE Messages don't use the length field to perform the dissection.
* Ethernet traces in K12 text format sometimes give bogus "malformed frame" errors and other problems.
* max_ul_ext isn't printed/decoded to the packet details log in GTP protocol packet.
* non-IPP packets to or from port 631 are dissected as IPP.
* lua proto registration fails for uppercase proto / g_ascii_strdown problem.
* no menu item Fle->Export->SSL Session Keys in GTK.
* IAX2 dissector reads past end of packet for unknown IEs.
* TShark 1.6.5 immediately crashes on SSL decryption (every time).
* USB: unknown GET DESCRIPTOR response triggers assert failure.
* IEEE1588 PTPv2 over IPv6.
* Patch to fix DTLS decryption.
* Expression... dialog crash.
* display filter "gtp.msisdn" not working.
* Multiprotocol Label Switching Echo - Return Code: Reserved (5).
* ISAKMP : VendorID CheckPoint : Malformed Packet.
* Adding a Custom HTTP Header Field with a trailing colon causes wireshark to immediately crash (and crash upon restart).
* Radiotap dissector lists a bogus "DBM TX Attenuation" bit.
* MySQL dissector assertion.
* Radiotap header format data rate alignment issues.
# Updated Protocol Support
* ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP
# New and Updated Capture File Support
* Endace ERF, Pcap-NG, Tektronix K12