Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what"s going on inside a network cable, just like a voltmeter is used by an electrician to examine what"s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 4.2.5 changelog:
If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows you will need to download and install Wireshark 4.2.5 or later by hand.
The following vulnerabilities have been fixed:
- wnpa-sec-2024-07 MONGO and ZigBee TLV dissector infinite loops. Issue 19726. CVE-2024-4854.
- wnpa-sec-2024-08 The editcap command line utility could crash when chopping bytes from the beginning of a packet. Issue 19724. CVE-2024-4853.
- wnpa-sec-2024-09 The editcap command line utility could crash when injecting secrets while writing multiple files. Issue 19782. CVE-2024-4855.
The following bugs have been fixed:
- Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. Issue 12932.
- TCP Stream Window Scaling not working in version 2.6.1 and later. Issue 15016.
- TCP stream graphs (Window scaling) axis display is confusing. Issue 17425.
- LUA get_dissector does not give the correct dissector under 32-bit version. Issue 18367.
- Lua: Segfault when registering a field or expert info twice. Issue 19194.
- SSH can not decrypt when KEX is curve25519-sha256@libssh.org. Issue 19240.
- Wireshark crash related to Lua DissectorTable.heuristic_new() Issue 19603.
- MATE fails to extract HTTP2 User-Agent header. Issue 19619.
- Fuzz job issue: fuzz-2024-02-29-7169.pcap. Issue 19679.
- Fuzz job issue: fuzz-2024-03-02-7158.pcap. Issue 19684.
- Problem to Decode 5GC-N7 HTTP for payload Application/JSON. Issue 19723.
- Copying data as C String produces incorrect string. Issue 19735.
- Incorrect decoding of supported Tx HE-MCS. Issue 19737.
- reordercap: Fix packet reordering with multiple IDB’s not at the beginning of a pcapng file. Issue 19740.
- Wrong EPB lengths written if existing pcapng file has epb_hash options. Issue 19766.
- On Windows, Export Displayed Packets dialog does not have "include depended upon packets" checkbox. Issue 19772.
- vnd.3gpp.sms binary payload NOT decoded inside HTTP2 5GC. Issue 19773.
- NAS 5G message container dissection. Issue 19793.
- Incorrect interpretation of algorithm name in packet-tls-utils.c. Issue 19801.
Updated Protocol Support
- 5co_legacy, 5co_rap, BT Mesh, CQL, DOCSIS MAC MGMT, E.212, EPL, FC FZS, GQUIC, GRPC, GSM RP, HTTP2, ICMPv6, IEEE 1905, IEEE 802.11, IPARS, JSON-3GPP, LAPD, LLDP, MATE, MONGO, NAS 5GS, NR-RRC, PER, PFCP, PTP, QUIC, SSH, TIPC, and ZBD
New and Updated Capture File Support
- BLF and pcapng
Download: Wireshark 4.2.5 | 82.4 MB (Open Source)
Download: Portable Wireshark 4.2.5 | ARM64 Installer
View: Wireshark Website