Wireshark 1.11.1 Beta
Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# Bug Fixes
* "On-the-wire" packet lengths are limited to 65535 bytes.
* "Follow TCP Stream" shows only the first HTTP req+res.
* Files with pcap-ng Simple Packet Blocks can't be read.
# New and Updated Features
* Qt port:
- The Follow Stream dialog now supports packet and TCP stream selection.
- A Flow Graph (sequence diagram) dialog has been added.
- The main window now respects geometry preferences.
* Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
* A more flexible, modular memory manger (wmem) has been added. It was available experimentally in 1.10 but is now mature and has mostly replaced the old API.
* Expert info is now filterable and now requires a new API.
* The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
* The "Number" column shows related packets and protocol conversation spans (Qt only).
* When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
* You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
* You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
* "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
# New Protocol Support
* 802.1AE Secure tag, ASTERIX, ATN, BT 3DS, CARP, Cisco MetaData, ELF file format, EXPORTED PDU, HTTP2, IDRP, ILP, Kafka, MBIM, MiNT, MP4 / ISOBMFF file format, NXP PN532 HCI, OpenFlow, Picture Transfer Protocol Over IP, QUIC (Quick UDP Internet Connections), SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection, Sippy RTPproxy, STANAG 4607, STANAG 5066 SIS, Tinkerforge, UDT, URL Encoded Form Data, WHOIS, and Wi-Fi Display
# Updated Protocol Support
* Too many protocols have been updated to list here.
# New and Updated Capture File Support
* Netscaler 2.6, and STANAG 4607