Wireshark is a network protocol analyzer. It allows to inspect network traffic or capture it for offline analysis. It allows to deeply analyze protocols, provides a three pane package browser or a console tool. It can filter and colorize according to complex and custom rule sets. It also allows VoIP analysis, and understands a plethora of capture and compression formats.
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others network types. It also includes decryption support for common protocols, and can export results.
1.99.008 Oct 2014 11:10
Version 1.99.0 is an experimental development prerelease in preparation of Wireshark 2.0, which adds significantly updated features.
The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
TShark now resets its state when changing files in ring-buffer mode.
Expert Info severities can now be configured.
Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.
The Qt UI is now the default (program name is wireshark).
A Polish translation has been added.
The Interfaces dialog has been added.
The interface list is now updated when interfaces appear or disappear.
The Conversations and Endpoints dialogs have been added.
A Japanese translation has been added.
It is now possible to manage remote capture interfaces.
Windows: taskbar progress support has been added.
Most toolbar actions are in place and work.
More command line options are now supported
1.12.118 Sep 2014 23:54
This release fixes some security bugs.
Wireshark can crash during remote capture (rpcap) configuration.
802.11 capture does not decrypt/decode DHCP response.
Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or =s.
No progress line in "VOIP RTP Player".
MIPv6 Service Selection Identifier parse error.
Probably wrong length check in proto_item_set_end.
802.11 BA sequence number decode is broken.
wmem_alloc_array() "succeeds" (and clobbers memory) when requested to
allocate 0xaaaaaaaa items of size 12.
Different dissection results for same file.
Mergecap wildcard breaks in version 1.12.0.
Diameter TCP reassemble.
TRILL NLPID 0xc0 unknown to Wireshark.
BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly.
Ethernet OAM (CFM) frames including TLV s are wrongly decoded as malformed.
BGP4: Wireshark skipped some potion of AS_PATH.
MAC address name resolution is broken.
Wrong decoding of RPKI RTR End of Data PDU.
SSL/TLS dissector incorrectly interprets length for status_request_v2 hello
Misparsed NTP control assignments with empty values.
6LoWPAN multicast address decompression problems.
Netflow v9 flowset not decoded if options template has zero-length scope
GUI Hangs when Selecting Path to GeoIP Files.
AX.25 dissector prints unprintable characters.
6LoWPAN context handling not working.
SIP: When export to a CSV, Info is changed to differ.
Typo in packet-netflow.c.
Incorrect MPEG-TS decoding (OPCR field).
1.12.004 Aug 2014 21:37
The limitation of 64K for "on-the-wire" packet lengths has been fixed. Expert information is now filterable when the new API is in use. Transport name resolution is now disabled by default. Support has been added for all versions of the DCBx protocol. Several SCTP dialogs have been added. The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added. The I/O Graph dialog has been added. The ASN1 plugin has been removed as it s deemed obsolete. There's also broad new protocol support, and some updates. Additionally 1.12.x contains many API changes, and is likely to be the last Gtk release.