Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
The Windows installers now ship with Qt 5.9.5. Previously they shipped with Qt 5.9.4.
The following vulnerabilities have been fixed:
The LDSS dissector could crash.
The IEEE 1905.1a dissector could crash.
The RTCP dissector could crash.
Multiple dissectors could consume excessive memory.
The DNS dissector could crash.
The GSM A DTAP dissector could crash.
The Q.931 dissector could crash.
The IEEE 802.11 dissector could crash.
Multiple dissectors could crash.
The following bugs have been fixed:
Qt GUI does not snap to exactly half of screen in Windows.
Segmentation fault when switching profiles.
QUIC dissector produces incorrect packet numbers (wrong-endian).
Wrong default file format chosen in when saving a capture with comments added if the original format doesn’t support comments.
Lua: Error during loading [AppData directory]:1: bad argument #1 to dofile (dofile: file does not exist).
Crash when selecting text.
ui/macosx directory missing from source release tarball.
Wireshark 2.9.0 snapshot crashes/segfaults on Windows when launched with -k or -i.
"Copy as printable text" isn’t copying non-alphanumeric characters.
File missing from release tarball.
NEWS is out of date and does not display properly in Notepad.
l16mono.so is installed in the wrong place.
Remove: HACK to support UHD’s weird header offset on data packets.
WinSparkle 0.5.6 is out of date and is buggy.
Unable to create or open VOIP captures.
RTMPT: incorrect dissection of multiple RTMP packets within a single TCP packet.
Endpoints dialog displays invalid GeoIP information due to incorrect byte order.
Qt: Crash in ShowPacketBytesDialog().
Statistics ? Resolved addresses show IP addresses without domain.
Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets.
Files missing from docbook CMake file.
Wireshark hangs when opening certain files if it’s been configured to use the new GeoIP databases.
The “Open”, “Save”, and other file dialogs should now be shown at the correct size on HiDPI Windows systems.
Updated Protocol Support:
BATADV, BT LE LL, CoAP, DNS, DTLS, GSM A DTAP, GSM A GM, GTP, GTPv2, IEEE 1905.1a, IEEE 802.11, LDSS, LwM2M-TLV, MAC LTE, NAS EPS, Q.931, RTCP, RTMPT, SDP, TCP, and VITA 49.
New and Updated Capture File Support:
3GPP TS 32.423 Trace and Android Logcat.