Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 3.2.6 changelog:
The following vulnerabilities have been fixed
wnpa-sec-2020-10 Kafka dissector crash. Bug 16672. CVE-2020-17498.
The following bugs have been fixed
- Kafka dissector fails parsing FETCH responses. Bug 16623.
- Dissector for ASTERIX Category 001 / 210 does not recognize bit 1 as extension. Bug 16662.
- "invalid timestamp" for Systemd Journal Export Block. Bug 16664.
- Decoding Extended Emergency number list IE length. Bug 16668.
- Some macOS Bluetooth PacketLogger capture files aren’t recognized as PacketLogger files (regression, bisected). Bug 16670.
- Short IMSIs (5 digits) lead to wrong decoding+warning. Bug 16676.
- Decoding of PFCP IE 'PFD Contents' results in "malformed packet". Bug 16704.
- RFH2 Header with 32 or less bytes of NameValue will not parse out that info. Bug 16733.
- CDP: Port ID TLV followed by Type 1009 TLV triggers [Malformed Packet]. Bug 16742.
- tshark crashed when processing opcda. Bug 16746.
- tshark with –export-dicom gives “Segmentation fault (core dumped)”. Bug 16748.
Updated Protocol Support
ASTERIX, BSSAP, CDP, CoAP, DCERPC SPOOLSS, DCOM, DICOM, DVB-S2, E.212, GBCS, GSM RR, GSM SMS, IEEE 802.11, Kafka, MQ, Nano, NAS 5GS, NIS+, NR RRC, PacketLogger, PFCP, RTPS, systemd Journal, TDS, TN3270, and TN5250
New and updated capture file support
PacketLogger and pcapng
Get alerted to all of our Software updates on Twitter at @NeowinSoftware