Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
- The Windows installers now ship with Qt 5.12.4. They previously shipped with Qt 5.12.3.
- The Windows installers now ship with Npcap 0.996. They previously shipped with Npcap 0.995.
- The macOS installer now ships with Qt 5.12.4. It previously shipped with Qt 5.12.1.
The following vulnerabilities have been fixed:
- wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619.
The following bugs have been fixed:
- "ninja install" installs help/faq.py instead of help/faq.txt. Bug 15543.
- In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match the filter "eth.dst". Bug 15731.
- Developer’s Guide section 3.9 "Contribute your changes" should incorporate or link "Writing a good commit message" from the Wiki. Bug 15752.
- RSL dissector bugs in presence of optional IEs. Bug 15789.
- The "Media Attribute Value" field is missed in rtcp SDP dissection (packet-sdp.c). Bug 15791.
- BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug 15807.
- Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are swapped. Bug 15821.
- tshark: Display filter error message references "-d" when it should reference "-Y". Bug 15825.
- Open "protocol" preferences … does not work for protocol in subtree. Bug 15836.
- Problems with sshdump "Error by extcap pipe: sh: sudo: command not found". Bug 15845.
- editcap won’t change encapsulation type when writing pcap format. Bug 15873.
- ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in the 3.0.2. Bug 15887.
Updated Protocol Support:
- AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet, ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL, SDP, SMB, TNEF, and Wi-SUN
New and Updated Capture File Support:
Get alerted to all of our Software updates on Twitter at @NeowinSoftware