Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 3.6.2 changelog:
The following vulnerabilities have been fixed
- wnpa-sec-2022-01 RTMPT dissector infinite loop. Issue 17813.
- wnpa-sec-2022-02 Large loops in multiple dissectors. Issue 17829, Issue 17842, Issue 17847, Issue 17855, Issue 17891, Issue 17925, Issue 17926, Issue 17931, Issue 17932, Issue 17933.
- wnpa-sec-2022-03 PVFS dissector crash. Issue 17840.
- wnpa-sec-2022-04 CSN.1 dissector crash. Issue 17882.
- wnpa-sec-2022-05 CMS dissector crash. Issue 17935.
The following bugs have been fixed:
- Support for GSM SMS TPDU in HTTP2 body Issue 17784.
- Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer from libwsutil Issue 17822.
- Fedora RPM package build failing with RPATH of /usr/local/lib64 Issue 17830.
- macos-setup.sh: ftp.pcre.org no longer exists Issue 17834.
- nmap.org/npcap → npcap.com: domain/URL change Issue 17838.
- MPLS ECHO FEC stack change TLV not dissected correctly Issue 17868.
- Attempting to open a systemd journal export file segfaults Issue 17875.
- Dissector bug on 802.11ac packets Issue 17878.
- The Info column shows only one NGAP/S1AP packet of several packets inside an SCTP packet Issue 17886.
- Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the installation directory because it doesn’t remove the User’s Guide subdirectory and all its contents. Issue 17898.
- 3.6 doesn’t build without zlib Issue 17899.
- SIP Statistics no longer properly reporting method type accounting Issue 17904.
- Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909.
- SCTP retransmission detection broken for the first data chunk of each association with relative TSN Issue 17917.
- “Show In Folder” doesn’t work correctly for filenames with spaces Issue 17927.
Updated Protocol Support
- AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP, GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5, P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP, Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
Download: Wireshark 3.6.2 | Wireshark 32-bit | ~50.0 MB (Open Source)
Download: Portable Wireshark 3.6.2 | Portable Wireshark 32-bit | Wireshark for macOS
View: Wireshark Website | Wireshark 3.6.2 changelog
Get alerted to all of our Software updates on Twitter at @NeowinSoftware