19.99MB
OverviewChange Log Screenshots
Wireshark is a free network protocol analyzer for Windows and Unix The Ethereal network protocol analyzer has changed its name to Wireshark. The name might be new, but the software is the same. Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide.

Wireshark was written by networking experts around the world, and is an example of the power of open source.

Wireshark is used by network professionals around the world for analysis, troubleshooting, software and protocol development and education.

The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.4:

Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets.

Large file (greater than 2 GB) support has been improved.
Wireshark and TShark can import text dumps, similar to text2pcap.
You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.

Wireshark can export SSL session keys via File→Export→SSL Session Keys...
TShark can show a specific occurrence of a field when using '-T fields'.
Custom columns can show a specific occurrence of a field.

You can hide columns in the packet list.
Wireshark can now export SMB objects.
dftest and randpkt now have manual pages.

TShark can now display iSCSI, ICMP and ICMPv6 service response times.
Dumpcap can now save files with a user-specified group id.
Syntax checking is done for capture filters.

You can display the compiled BPF code for capture filters in the Capture Options dialog.
Packet length is (finally
Bug Fixes:
· The HSRP dissector could go into an infinite loop. (Bug 7581)
· Versions affected: 1.8.0 to 1.8.2.
· The PPP dissector could abort. (Bug 7316, bug 7668)
· Versions affected: 1.8.0 to 1.8.2.
· An infinite loop in the DRDA dissector. (Bug 7666)
· Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
· A buffer overflow in the LDP dissector. (Bug 7567)
· Versions affected: 1.8.0 to 1.8.2.
The following bugs have been fixed:
· The HTTP dissector does not reassemble headers when the first TCP segment does not contain a full header line.
· HDCP2 uses the wrong protocol id.
· Several I/O graph problems have been fixed.
· No markers show up when maps are displayed. (Bug 5016)
· Assertion when using tshark/wireshark on large captures. (Bug 5699)
· Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume level" reply packet is not displayed correctly due alignment issue. (Bug 5778)
· 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit Windows. (Bug 5979)
· Truncated/partial JPEG files are not dissected. (Bug 6230)
· Support for MPLS Packet Loss and Delay Measurement, RFC 6374. (Bug 6881)
· Memory leak in voip_calls.c. (Bug 7320)
· When listing protocols available for "Decode As", plugins are sorted after built-ins. (Bug 7348)
· Hidden columns should not be printed when printing packet summary line. (Bug 7356)
· Size wrong in "File Set List" for just-finished captures. (Bug 7370)
· Error: no dependency information found for debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used by debian/wireshark/usr/bin/wireshark). (Bug 7408)
· Parse and properly display LTE RADIUS AVP 3GPP-User-Location-Info. (Bug 7474)
· [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
· BACnet GetEnrollmentSummary-ACK does not decode correctly. (Bug 7556)
· epan/dissectors/packet-per.c dissect_per_constrained_integer_64b fails for 64 bits. (Bug 7624)
· New SCTP PPID 48. (Bug 7635)
· dissector of Qos attribute "Reliability Class" in GMM/SM message. (Bug 7670)
· Performance regression in tshark -z io,stat. (Bug 7674)
· Incorrect io-stat table format when unsupported "-t" operand is specified and when using AVG of relative_time fields. (Bug 7685)
· IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
· Homeplug AV dissectors does not properly dissect short frames. (Bug 7707)
· mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not dissected properly in ContextResponse message in Gtpv2. (Bug 7718)
· This trace causes Wireshark to crash when VoIP Calls selected. (Bug 7724)
· Some diameter Gx enumerations are missing values or value is incorrect. (Bug 7727)
· Wireshark 1.8.2 is only displaying 2 filters from the drop-down menu even when preferences are set to higher integer. (Bug 7731)
· BGP bad decoding for Graceful Restart Capability with only helper support & for Enhanced Route Refresh Capability. (Bug 7734)
· Dissection error of D-RELEASE and D-CONNECT in TETRA dissector. (Bug 7736)
· DND can cause Wireshark to crash. (Bug 7744)
· SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)

Updated Protocol Support:
· ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE 802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP, PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
More Apps to Consider
  • 49K
    Users

    WireShark

    Latest Version: 1.8.3
    WireShark is for network troubleshooting, protocol development, and education.

  • 212.5K
    Users

    File Scavenger

    Latest Version: 4.0
    File Scavenger is a file "undelete" and data recovery utility.

  • 186.3K
    Users

    Hamster Free Zip Archiver

    Latest Version: 2.0.0.25
    Supports all compression formats, totally free, multilanguages, easy interface.

  • 153K
    Users

    Easy GIF Animator

    Latest Version: 5.4
    Powerful yet easy to use software for creating and editing animated GIF images.

  • 172.2K
    Users

    PostgreSQL

    Latest Version: 9.2.0
    PostgreSQL is a powerful, open source relational database system.

  • 177.7K
    Users

    Comodo Geekbuddy

    Latest Version: 3.1
    Your GeekBuddy can remotely fix your computer while you watch.

Share your opinion about WireShark