Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 3.2.2 changelog:
The following vulnerabilities have been fixed
- wnpa-sec-2020-03 LTE RRC dissector memory leak. Bug 16341.
- wnpa-sec-2020-04 WiMax DLMAP dissector crash. Bug 16368.
- wnpa-sec-2020-05 EAP dissector crash. Bug 16397.
- wnpa-sec-2020-06 WireGuard dissector crash. Bug 16394.
The following bugs have been fixed
- Add (IETF) QUIC Dissector. Bug 13881.
- Support for CoAP over TCP and WebSockets (RFC 8323). Bug 15910.
- SMB IOCTL response packet with BUFFER_OVERFLOW status is dissected improperly. Bug 16261.
- Wireshark fails to build with GCC-9. Bug 16319.
- NVMe/TCP ICReq PDU Not Interpreted Correctly. Bug 16333.
- ICMP: No response if ICMP reply packet has an ICMP checksum of 0x0000. Bug 16334.
- Display filter parsing broken after upgrade from 3.0.7. Bug 16336.
- IPv4 fragment offset value is incorrect in IPv4 header decode. Bug 16344.
- RTCP frame length warning for SAT>IP APP packets. Bug 16345.
- RTP export to rtpdump file doesn’t work. Bug 16351.
- CFDP dissector skips a byte. Bug 16361.
- ISAKMP: IKEv2 transforms and proposal have critical bit (BUG). Bug 16364.
- No IPv4/IPv6 hosts in Resolved Addresses dialog. Bug 16366.
- Lack of Check for Updates option in the Windows GUI. Bug 16381.
- LLDP dissector consumes all octets to the end of the TVB and eth trailer dissector does not get called. Bug 16387.
- LACP dissector consumes all octets to the end of the TVB and eth trailer dissector does not get called. Bug 16388.
Updated Protocol Support
- ARTNET, CFDP, CoAP, EAP, GTP, ICMP, ICMPv6, IPv4, ISAKMP, LACP, LLDP, LTE RRC, NBAP, NVME-TCP, QUIC, RDM, RTCP, RTP, SMB, SOME/IP, TLS, WiMax DLMAP, and WireGuard
Get alerted to all of our Software updates on Twitter at @NeowinSoftware