Wireshark For PC | Windows OS
Overview - Wireshark
- Wireshark is the world's foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions.
- Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Features - Wireshark
- Deep inspection of hundreds of protocols, with more being added all the time.
- Live capture and offline analysis.
- Standard three-pane packet browser.
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others.
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility.
- The most powerful display filters in the industry.
- Rich VoIP analysis.
- Read/write many different capture file formats.
- Capture files compressed with gzip can be decompressed on the fly.
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis.
- Output can be exported to XML, PostScript®, CSV, or plain text.
What's new? Change Log - Wireshark
- # Bug Fixes
- Upgrading to latest version uninstalls Microsoft Visual C++ redistributable.
- Extcap errors not reported back to UI.
- # New and Updated Features
- "Decode As" supports SSL (TLS) over TCP.
- Invalid coloring rules are now disabled instead of discarded.
- Added -d option for Decode As support in Wireshark (mimics TShark functionality)
- The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
- The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
- The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
- The RTP player now allows up to 30 minutes of silence frames.
- Packet bytes can now be displayed as EBCDIC.
- The Qt UI loads captures faster on Windows.
- proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.
- The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
- You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
- You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
- You can now use regular expressions in Find Packet and in the advanced preferences.
- Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
- The byte under the mouse in the Packet Bytes pane is now highlighted.
- TShark supports exporting PDUs via the -U flag.
- The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
- Most dialogs in the Qt UI now save their size and positions.
- The Follow Stream dialog now supports UTF-16.
- The Firewall ACL Rules dialog has returned.
- The Flow (Sequence) Analysis dialog has been improved.
- We no longer provide packages for 32-bit versions of OS X.
- The Bluetooth Device details dialog has been added.
- # New Protocol Support
- Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag, Digital Equipment Corporation Local Area Transport, Distributed Object Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol (automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network Service Header for Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service, STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters (Closures Lighting General Measurement & Sensing HVAC Security & Safety)
Technical Specification :
||→ Wireshark 2.2.0 (32-bit)|
||→ Windows 2000 / XP / Vista / Windows 7 / Windows 8 / Windows 10|
||→ Open Source.|
||→ 42.72 MB|
||→ September 10, 2016|
||→ Wireshark.org "www.wireshark.org"|