Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
# The following bugs have been fixed:
- Lua pinfo.cols.protocol not holding value in postdissector.
- data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs.
- HTTP application/json-rpc should be decoded/shown as application/json.
- Maximum value of 802.11-2012 Duration field should be 32767.
- Voice RTP player crash if player is closed while playing.
- Display Filter Macros crash.
- RRC RadioBearerSetup message decoding issue.
- R-click filters add ! in front of field when choosing "apply as filter>selected".
- BACnet - Loop Object - Setpoint-Reference property does not decode correctly.
- WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number.
- Incorrect RTP statistics (Lost Packets indication not ok).
- Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames.
- Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC.
- [BACnet] UCS-2 strings longer than 127 characters do not decode correctly.
- Malformed IEEE80211 frame triggers DISSECTOR_ASSERT.
- Decoding of GSM MAP SMS Diagnostics.
- Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP).
- Netflow dissector flowDurationMicroseconds nanosecond conversion wrong.
- BE (3) AC is wrongly named as "Video" in (qos_acs).
# Updated Protocol Support
- ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP