Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.
The following vulnerabilities have been fixed:
wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.
The following bugs have been fixed:
[oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439.
Duplicated TCP SEQ field in ICMP packets. Bug 15533.
Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542.
Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.
GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.
%T not supported for timestamps. Bug 15565.
LWM2M: resource with \r\n badly shown. Bug 15572.
When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578.
Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.
Windows console log output delay. Bug 15605.
Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.
NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.
randpkt -r causes segfault when count > 1. Bug 15627.
Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628.
Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.
BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.
Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.
Typo: broli → brotli. Bug 15647.
Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648.
Windows CHM (help file) title displays quoted HTML characters. Bug 15656.
Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667.