Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what"s going on inside a network cable, just like a voltmeter is used by an electrician to examine what"s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 2.6.3 bug fixes:
- Wireshark Hangs on startup initializing external capture plugins. Bug 14657.
- Qt: SCTP Analyse Association Dialog: Segmentation fault when clicking twice the Filter Association button. Bug 14970.
- Incorrect presentation of dissected data item (NETMASK) in ISAKMP dissector. Bug 14987.
- Decode NFAPI: CONFIG.request Error. Bug 14988.
- udpdump frame too long error. Bug 14989.
- ISDN - LAPD dissector broken since version 2.5.0. Bug 15018.
- ASTERIX Category 062 / 135 Altitude has wrong value. Bug 15030.
- Wireshark cannot decrypt SSL/TLS session if it was proxied over HTTP tunnel. Bug 15042.
- TLS records in a HTTP tunnel are displayed as "Encrypted Handshake Message". Bug 15043.
- BTATT Dissector: Temperature Measurement: Celsius and Fahrenheit swapped. Bug 15058.
- Diameter AVP User Location Info, Mobile Network Code decoded not correctly. Bug 15068.
- Heartbeat message "Info" displayed without comma separator. Bug 15079.
The following vulnerabilities have been fixed:
- wnpa-sec-2018-44
- Bluetooth AVDTP dissector crash. Bug 14884. CVE-2018-16058.
- wnpa-sec-2018-45
- Bluetooth Attribute Protocol dissector crash. Bug 14994. CVE-2018-16056.
- wnpa-sec-2018-46
- Radiotap dissector crash. Bug 15022. CVE-2018-16057.
Updated Protocol Support
- ASTERIX, Bluetooth, Bluetooth ATT, Bluetooth AVDTP, DHCP, DTLS, E.212, FP, GSM A RR, HTTP, HTTP2, IEEE 802.11, ISAKMP, ISDN, K12, NFAPI, Nordic BLE, PFCP, Radiotap, SSL, Steam IHS Discovery, and TLS 1.3
New and Updated Capture File Support
- pcapng
New and Updated Capture Interfaces support
- ciscodump, udpdump
Download: Wireshark 2.6.3 | Wireshark 64-bit | ~50.0 MB (Open Source)
Download: Portable Wireshark 2.6.3 | Wireshark for macOS
View: Wireshark Website