Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.
The following vulnerabilities have been fixed:
The 6LoWPAN dissector could crash.
The P_MUL dissector could crash.
The RTSE dissector and other dissectors could crash.
The ISAKMP dissector could crash.
The following bugs have been fixed:
console.lua not found in a folder with non-ASCII characters in its name.
Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles.
UDP Multicast Stream double counts.
text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB.
Builds without libpcap fail if the libpcap headers aren’t installed.
TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message.
macOS DMG appears to have duplicate files.
Wireshark jumps behind other windows when opening UAT dialogs.
Pathnames containing non-ASCII characters are mangled in error dialogs on Windows.
Executing -z http,stat -r file.pcapng throws a segmentation fault.
IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58.
In DNS statistics, response times > 1 sec not included.
GTPv2 APN dissect problem.