Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
* new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled.
* TLS decryption fails with XMPP start_tls.
* Wrong Interpretation of GTS starting slot.
* "Follow TCP Stream" shows only the first HTTP req+res.
* The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1.
* Crash then try to delete the same entry (length range) twice.
* Crash if wrong "packet lengths range" entered.
* Bssgp ⇒ SGSN-INVOKE-TRACE use the wrong function…
* Minor correction to dissection of DLR frames in Ethernet/IP dissector.
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC.
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c.
* Files with pcap-ng Simple Packet Blocks can’t be read.
* Bug in RTP dissector if RTP extension is present.
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request.
* "make debian-package" fails, missing wsicon32.xpm.
* Fix typo in MODCOD list of DVB-S2 dissector.
* Ring buffer crash when tshark gets too far behind dumpcap.
* PTP Dissector Wrongfully Reports Malformed Packet.
* Wireshark lua dissector unable to load for media_type=application/octet-stream.
* Wireshark crash when dissecting packet with NTLMSSP.
* Padding in uint64 field in DCERPC protocol wrongly reported.
* DCERPC data_blobs are not correctly dissected when NDR64 encoding is used.
* Multiple PDUs in the same DCERPC packet are not correctly decrypted.
* The tshark summary line doesn’t display the frame number or displays it sporadically.
* Bluetooth: SDP improvements and minor fixes.
* Duplicate IRC header field abbreviation breaks filter (example: irc.response.command).
# Updated Protocol Support
* 3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP