Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what"s going on inside a network cable, just like a voltmeter is used by an electrician to examine what"s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
What’s new in Wireshark 3.6.1:
Bug Fixes
The following vulnerabilities have been fixed
- wnpa-sec-2021-17 RTMPT dissector infinite loop. Issue 17745. CVE-2021-4185.
- wnpa-sec-2021-18 BitTorrent DHT dissector infinite loop. Issue 17754. CVE-2021-4184.
- wnpa-sec-2021-19 pcapng file parser crash. Issue 17755. CVE-2021-4183.
- wnpa-sec-2021-20 RFC 7468 file parser infinite loop. Issue 17801. CVE-2021-4182.
- wnpa-sec-2021-21 Sysdig Event dissector crash. CVE-2021-4181.
- wnpa-sec-2021-22 Kafka dissector infinite loop. Issue 17811.
The following bugs have been fixed:
- Allow sub-second timestamps in hexdumps Issue 15562.
- GRPC: An unnecessary empty Protobuf tree item is displayed if the GRPC message body length is 0 Issue 17675.
- Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue 17757.
- TECMP: LIN Payload is cut off by 1 byte Issue 17760.
- Wireshark crashes if a 64 bit field of type BASE_CUSTOM is applied as a column Issue 17762.
- Command line option "-o console.log.level" causes wireshark and tshark to exit on start Issue 17763.
- Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue 17764.
- Unable to build without tshark Issue 17766.
- IEEE 802.11 action frames are not getting parsed and always seen as malformed Issue 17767.
- IEC 60870-5-101 link address field is 1 byte, but should have configurable length of 0,1 or 2 bytes Issue 17775.
- dfilter: "tcp.port not in {1}" crashes Wireshark Issue 17785.
New and Updated Features
- The "console.log.level" preference was removed in Wireshark 3.6.0. This release adds an "-o console.log.level:" backward-compatibilty option on the CLI that maps to the new logging sub-system. Note that this does not have bitmask semantics and does not correspond to any actual preference. It is just a transition mechanism for users that were relying on this CLI option and will be removed in the future. To see the new diagnostic output options consult the manpages or the output of "--help".
Updated Protocol Support
- ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11, IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig Event, and TECMP
New and Updated Capture File Support
- BLF and RFC 7468
Download: Wireshark 3.6.1 | Wireshark 32-bit | ~50.0 MB (Open Source)
Download: Portable Wireshark 3.6.1 | Portable Wireshark 32-bit | Wireshark for macOS
View: Wireshark Website | Wireshark 3.6.1 changelog