Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 3.4.1 bug fixes:
- wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739. CVE-2020-26418.
- wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.
- wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994. CVE-2020-26420.
- wnpa-sec-2020-19 Multiple dissector memory leak. Bug 17032. CVE-2020-26419.
New and Updated Features
- IETF QUIC TLS decryption errors when a NAT rebinding happens for a connection Bug 16915.
- IETF QUIC TLS decryption error with key update Bug 16916.
- IETF QUIC TLS decryption error after the second key update Bug 16920.
- SOME/IP: Wrong dissection of parameters after Array Bug 16951.
- Can editcap properly corrupt pcapng file with systemd journal export block? Bug 16965.
- Crash when a GIOP ior.txt file is present Bug 16984.
- Protobuf: failed to parse .proto file contains negative enum values or option values of number type Bug 16988.
- MMRP dissector bug Bug 17005.
- QUIC: "Loss bits" capability Bug 17010.
- Stdin capture fails on Windows Bug 17018.
- SSTP no longer recognized Bug 17024.
- RFC2190 encapsulated H.263 bitfields masked wrong in Mode A Bug 17025.
- editcap fails when splitting into multiple pcapng files Bug 17060.
Updated Protocol Support
- ACDR, DOCSIS, Ericsson HDLC, F5 Ethernet Trailer, GIOP, GSM A, GSM RLC MAC, HTTP, IEEE 802.11, Kafka, LLC, MBIM, MMRP, NAS 5GS, NAS EPS, Nordic BLE, ProtoBuf, QUIC, Radiotap, RFC 2190, RTCP, RTPS, S1AP, SOME/IP, STUN, and USB Video
New and Updated Capture File Support