Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The following vulnerabilities have been fixed:
wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
The following bugs have been fixed:
Add (IETF) QUIC Dissector. Bug 13881.
Wireshark Hangs on startup initializing external capture plugins. Bug 14657.
[oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree — possible infinite loop. Bug 14978.
Wireshark can call extcap with empty multicheck argument. Bug 15065.
CMPv2 KUR message disection gives unexpected value for serialNumber under OldCertId fields. Bug 15154.
"(Git Rev Unknown from unknown)" in version string for official tarball. Bug 15544.
External extcap does not get all arguments sometimes. Bug 15586.
Help file doesn’t display for extcap interfaces. Bug 15592.
Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug 15604.
Building only libraries on windows fails due to CLEAN_C_FILES empty. Bug 15662.
Statistics→Conversations→TCP→Follow Stream - incorrect behavior. Bug 15672.
Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field). Bug 15687.
ws_pipe: leaks pipe handles on errors. Bug 15689.
Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706.
ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie. Bug 15709.
extcap: non-boolean call arguments can be appended without value on selector Reload. Bug 15725.
Incorrectly interpreted format of MQTT PUBLISH payload data. Bug 15738.
print.c: Memory leak in ek_check_protocolfilter. Bug 15758.
IETF QUIC dissector incorrectly parses retry packet. Bug 15764.
Bacnet(app): fix wrong value for id 183 (logging-device → logging-object). Bug 15767.
The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine. Bug 15772.
tshark -G folders leaves mmdbresolve process behind. Bug 15777.
Dissector bug, protocol TLS - failed assertion "data". Bug 15780.
WSMP : header_opt_ind field is not correctly set. Bug 15786.