Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.
The following vulnerabilities have been fixed:
The Wireshark dissection engine could crash.
The DCOM dissector could crash.
The LBMPDM dissector could crash.
The MMSE dissector could go into an infinite loop.
The IxVeriWave file parser could crash.
The PVFS dissector could crash.
The ZigBee ZCL dissector could crash.
The following bugs have been fixed:
VoIP Calls dialog doesn’t include RTP stream when preparing a filter.
Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive.
Closing Enabled Protocols dialog crashes wireshark.
Unable to Export Objects → HTTP after sorting columns.
DNS Response to NS query shows as malformed packet.
Encrypted Alerts corresponds to a wrong selection in the packet bytes pane.
Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled.
ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8.
text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header.
Wireshark tries to decode EAP-SIM Pseudonym Identity.
Infinite read loop when extcap exits with error and error message.
MATE unable to extract fields for PDU.
Malformed Packet: SV.
OPC UA Max nesting depth exceeded for valid packet.
TShark 2.6 does not print GeoIP information.
ISUP (ANSI) packets malformed in WS versions later than 2.4.8.
Handover candidate enquire message not decoded.
TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled.
ICMPv6 with routing header incorrectly placed.
IEEE 802.11 Vendor Specific fixed fields display as malformed packets.
text2pcap -4 and -6 option should require -i as well.
text2pcap direction sensitivity does not affect dummy ethernet addresses.
MLE security suite display incorrect.
Message for incorrect IPv4 option lengths is incorrect.
TACACS+ dissector does not properly reassemble large accounting messages.
NLRI of S-PMSI A-D BGP route not being displayed.
Updated Protocol Support
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE 802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa, PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support