Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The following vulnerabilities have been fixed:
BGP dissector large loop.
ISMP dissector crash.
Multiple dissectors could crash.
ASN.1 BER dissector crash.
MMSE dissector infinite loop.
DICOM dissector crash.
Bazaar dissector infinite loop.
HTTP2 dissector crash.
CoAP dissector crash.
The following bugs have been fixed:
ISMP.EDP "Tuples" dissected incorrectly.
Wireshark - Race issue when switching between files using Wireshark’s "Files in Set" dialog.
Sorting on "Source port" or "Destination port" column sorts alphabetically, not numerically.
Wireshark crashes when changing profiles.
Crash when starting capture while saving capture file or rescanning file after display filter change.
Crash when switching to TRANSUM enabled profile.
TCP retransmission with additional payload leads to incorrect bytes and length in stream.
Wireshark crashes with single quote string display filter.
Randpkt can write packets that libwiretap can’t read.
Wireshark crashes when loading new file before previous load has finished.
Valid packet produces Malformed Packet: OpcUa.
Error received from dissect_wccp2_hash_assignment_info().
CRC checker wrong for FPP.
Cross-build broken due to make-dissectors and make-taps.
Extraction of SMB file results in wrong size.
6LoWPAN dissector merges fragments from different sources.
IP address to name resolution doesn’t work in TShark.
"Decode as" Modbus RTU over USB doesn’t work with 2.6.0 but with 2.4.6.
Proto_tree_add_protocol_format might leak memory.
Tostring for NSTime objects in lua gives wrong results.
Media type "application/octet-stream" registered for both Thread and UASIP.
Crash related to SCTP tap.
Formatting of OSI area addresses/address prefixes goes past the end of the area address/address prefix.
ICMPv6 Router Renumbering - Packet Dissector - malformed.
WiMAX HARQ MAP decoder segfaults when length is too short.
HTTP PUT request following a HEAD request is not correctly decoded.
SYNC PDU type 3 miss the last PDU length.
Reversed 128 bits service UUIDs when Bluetooth Low Energy advertisement data are dissected.
Issues with Wireshark when the user doesn’t have permission to capture.
Wrong description when LE Bluetooth Device Address type is dissected.
LE Role advertisement type (0x1c) is not dissected properly according to the Bluetooth specification.
Regression: Wireshark 2.6.0 and 2.6.1 are unable to read NetMon files which were readable by previous versions.
Wireshark doesn’t properly display (deliberately) invalid 220 responses from Postfix.
Follow TCP Stream and click reassembled content moves you to incorrect current packet.
Crash when changing profiles while loading a capture file.
Duplicate PDU during C Arrays Output Export.
DCE/RPC not dissected when "reserved for use by implementations" flag bits set.
Follow TCP Stream truncates output on missing (but ACKed) segments.
There’s no option to include column headings when printing packets or exporting packet dissections with Qt Wireshark.
Qt: SCTP Graph Dialog: Abort when doing analysis.
CMake is unable to find LUA libraries.
Updated Protocol Support:
6LoWPAN, ASN.1 BER, Bazaar, BGP, Bluetooth, Bluetooth HCI_CMD, CIGI, Cisco ttag, CoAP, Data, DCERPC, Diameter 3GPP, DICOM, DOCSIS, FPP, GSM A GM, GTPv2, HTTP, HTTP2, IAX2, ICMPv6, IEEE 1722, IEEE 802.11, IPv4, ISMP, LISP, MMSE, MTP3, MySQL, NFS, OpcUa, PPI GPS, Q.931, RNSAP, RPCoRDMA, S1AP, SCTP, SMB, SMTP, STUN, SYNC, T.30, TCP, TRANSUM, WAP, WCCP, Wi-SUN, WiMax HARQ Map Message, and WSP.