Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
* Mark retransmitted SYN and FIN packets as retransmissions.
* Wireshark hides under Taskbar.
* IEEE 802.15.4 frame check sequence in "Chipcon mode" not displayed correctly.
* Mask in Lua ProtoField.uint32() does not work as expected.
* Crash when applying filter with Voip calls.
* Delta time regressions to tshark introduced with SVN 45071.
* Add MAC-DATA support to TETRA dissector and other minor improvements.
* Crash analyzing VoIP Calls (T38).
* Wireshark writes empty NRB FQDN which makes trace unloadable.
* Quick launch icon is absent, so it shows up as a generic icon.
* Wrong encoding for 2 pod files, UTF-8 characters in another.
* SCSI (SPC) sense key specific information field must not include SKSV.
* Wireshark crashes when closing Flow Graph with Graph Analysis opened.
* Wrong size of LLRP ProtocolID Parameter in Accessspec Parameter.
* Detection of IPv6 works only on Solaris 8.
* ip.opt.type triggers for TCP NOP option.
* DCOM-SYSACT dissector crash.
* Incorrect decoding of MPLS Echo Request with BGP FEC.
* Buggy IEC104 dissector caused by commit r48958.
* ansi_637_tele dissector displays MSB as MBS for Call-Back Number.
* LISP Map-Notify flags I and R shown incorrectly.
* ONTAP_V4 fhandle decoding leads to dissector bug.
* Dropped bytes in imap dissector.
* Kismet drone/server dissector improvements.
* TShark iostat_draw sizeof mismatch.
* SCTP bytes graph crash.
* Patch to Wireshark/tshark usage info and man pages to document all timestamp (-t) options.
* Strange behavior of tree expand/collapse in packet details.
* Graph Filter field limited to 256 characters.
* Filter doesn’t support cflow ASN larger than 65535.
* Wireshark crashes when switching from a v1.11.0 profile to a v1.4.6 prof and then to a v1.5.1 prof.
* SIP stats shows incorrect values for Max/Ave setup times.
* NFSv4 delegation not reported correctly.
* Issue with Capture Options Adapter List.
* RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility option IPv4 DHCP Support Mode Option malformed packet.
* RFC 3775 - Mobility Support in IPv6 - Mobility option PadN incorrectly highlights + 2 bytes.
* All mongodb query show as [Malformed Packet: MONGO].
# Updated Protocol Support
* ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB, DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP, DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE 802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,, Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1, PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI, SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
# New and Updated Capture File Support
* and Microsoft Network Monitor, pcap-ng.