Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
- The Windows installer and uninstaller does a better job of detecting running executables.
- Library mismatch when compiling on a system with an older Wireshark version.
- SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO.
- A console window is never opened.
- GSM_MAP show malformed Packets when two IMSI.
- Fix include and libs search path when cross compiling.
- PER dissector crash.
- pcap-ng: name resolution block is not written to file on save.
- Incorrect RTP statistics (Lost Packets indication not ok).
- Decoding of GSM MAP E164 Digits.
- Silent installer and uninstaller not silent.
- Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools.
- Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x).
- IO Graph should not be limited to 100k points (NUM_IO_ITEMS).
- geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits.
- IRC message with multiple params causes malformed packet exception.
- Part of Ping Reply Message in ICMPv6 Reply Message is marked as "Malformed Packet".
- MP2T wiretap heuristic overriding ERF.
- Cannot read content of Ran Information Application Error Rim Container.
- Endian error and IP:Port error when decoding BT-DHT response message.
- "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be "ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY".
- wireshark crashes while displaying I/O Graph.
- GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly.
- DTLS 1.2 uses wrong PRF.
- RTP DTMF digits are no longer displayed in VoIP graph analysis.
- Universal port not accepted in RSA Keys List window.
- Wireshark Dissector bug with HSRP Version 2.
- LISP control packet incorrectly identified as LISP data based when UDP source port is 4341.
- Bad tcp checksum not detected.
- AMR Frame Type uses wrong Value String.
# Updated Protocol Support
- AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
# New and Updated Capture File Support
- Endace ERF, NetScreen snoop.