Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# Bug Fixes
* A large loop in the OpenSafety dissector could cause a crash.
* A malformed IKE packet could consume excessive resources.
* A malformed capture file could result in an invalid root tvbuff and cause a crash.
* Wireshark could run arbitrary Lua scripts.
* The CSN.1 dissector could crash.
* configure ignores (partially) LDFLAGS.
* Build fails when it tries to #include <getopt.h>, not present in Solaris 9.
* Unable to configure zero length SNMP Engine ID.
* BACnet who-is request device range values are not decoded correctly in the packet details window.
* H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call.
* Wireshark crashes if sercosiii module isn't installed.
* Editcap could create invalid pcap files when converting from JPEG.
* Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows.
* Malformed Packet in decode for BGP-AD update.
* Wrong display of CSN_BIT in CSN.1.
* Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c.
* Wireshark cannot display Reachable time & Retrans timer in IPv6 RA messages.
* ReadPropertyMultiple-ACK not correctly dissected.
* GTPv2 dissectors should treat gtpv2_ccrsi as optional.
* BGP : AS_PATH attribute was decode wrong.
* Fixes for SCPS TCP option.
* Offset calculated incorrectly for sFlow extended data.
* [Enter] key behavior varies when manually typing display filters.
* Contents of pcapng EnhancedPacketBlocks with comments aren't displayed.
* Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo.
* Mis-spelled word "unknown" in assorted files.
* tshark run with -Tpdml makes a seg fault.
* btl2cap extended window shows wrong bit.
* NDMP dissector incorrectly represents "ndmp.bytes_left_to_read" as signed.
* TShark/dumpcap skips capture duration flag occasionally.
* File types with no snaplen written out with a zero snaplen in pcap-ng files.
* Wireshark improperly parsing 802.11 Beacon Country Information tag.
* ERF records with extension headers not written out correctly to pcap or pcap-ng files.
* RTPS2: MAX_BITMAP_SIZE is defined incorrectly.
* Copying from RTP stream analysis copies 1st line many times.
* Wrong display of CSN_BIT under CSN_UNION.
* MEGACO context tracking fix - context id reuse.
# Updated Protocol Support
* BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP
# New and Updated Capture File Support
* CommView, pcap-ng, JPEG.