WireShark 2.4.6

Wireshark is a network protocol analyzer. It allows to inspect network traffic or capture it for offline analysis. It allows to deeply analyze protocols, provides a three pane package browser or a console tool. It can filter and colorize according to complex and custom rule sets. It also allows VoIP analysis, and understands a plethora of capture and compression formats. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others network types. It also includes decryption support for common protocols, and can export results.

Tags internet network-inspection capturing system-administrators
License GNU GPL
State beta

Recent Releases

2.4.604 Apr 2018 10:45 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-15 The MP4 dissector could crash. ( 2 ). 3 wnpa-sec-2018-16 The ADB dissector could crash. ( 4 ). 5 wnpa-sec-2018-17 The IEEE 802.15.4 dissector could crash. ( 6 ). 7 wnpa-sec-2018-18 The NBAP dissector could crash. ( 8 ). 9 wnpa-sec-2018-19 The VLAN dissector could crash. ( 10 ). 11 wnpa-sec-2018-20 The LWAPP dissector could crash. ( 12 ). 13 wnpa-sec-2018-21 The TCP dissector could crash. ( 14 ). 15 wnpa-sec-2018-22 The CQL dissector could to into an infinite loop. ( 16 ). 17 wnpa-sec-2018-23 The Kerberos dissector could crash. ( 18 ). 19 wnpa-sec-2018-24 Multiple dissectors and other modules could leak memory. The TN3270. 20 ), ISUP ( 21 ), LAPD ( 22 ), SMB2. 23 ), GIOP ( 24 ), ASN.1 ( 25 ), MIME multipart ( 26 ), H.223 ( 27 ), and PCP ( 28 14488) dissectors were susceptible along with Wireshark and TShark. 29 ). The following have been : TRANSUM doesn't account for DNS retries in the Request Spread. 30 ). BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not able to decode the packet correctly. ( 31 ). Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes in later releases. ( 32 ). PEEKREMOTE dissector lacks 80mhz support, short preamble support and spatial streams encoding. ( 33 ). Statistics UDP Multicast Streams Copy Save as.. is broken. 34 ). Typo error in enumeration value of speech version identifier. 35 ). In "Unsaved packets" dialog one can NOT use keyboard to choose. Continue without Saving". ( 36 ). WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ( 37 14538). Buildbot crash output: fuzz-2018-03-19-19114.pcap. ( 38 ). alloca() used in wsutil/getopt_long.c without inclusion. 39 ). HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ( 40 14554). Makefile.in uses non-portable "install" command. ( 41 ). HP-UX HP ANSI C doesn't support assigning to a variable in epan/app_mem_usage.c. ( 42 ). PPP in SSTP, HDLC framing not parsed properly. ( 43 ). Usi
2.4.518 Mar 2018 03:15 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. 2 . 3 CVE-2018-7335. 4 wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors ( 5 ), along with the DICOM ( 6 ), DMP ( 7 ), LLTD ( 8 ), OpenFlow ( 9 ), RELOAD ( 10 ), RPCoRDMA ( 11 ), RPKI-Router. 12 ), S7COMM ( 13 ), SCCP ( 14 ), Thread ( 15 ), Thrift ( 16 ), USB ( 17 14421), and WCCP ( 18 ) dissectors were susceptible. 19 wnpa-sec-2018-07 The UMTS MAC dissector could crash. 20 . 21 CVE-2018-7334. 22 wnpa-sec-2018-08 The DOCSIS dissector could crash. 23 , 24 CVE-2018-7337. 25 wnpa-sec-2018-09 The FCP dissector could crash. 26 , 27 CVE-2018-7336. 28 wnpa-sec-2018-10 The SIGCOMP dissector could crash. 29 , 30 CVE-2018-7320. 31 wnpa-sec-2018-11 The pcapng file parser could crash. 32 . 33 CVE-2018-7420. 34 wnpa-sec-2018-12 The IPMI dissector could crash. 35 , 36 CVE-2018-7417. 37 wnpa-sec-2018-13 The SIGCOMP dissector could crash. 38 , 39 CVE-2018-7418. 40 wnpa-sec-2018-14 The NBAP disssector could crash. 41 , 42 CVE-2018-7419. The following have been : Change placement of "double chevron" in Filter Toolbar to eliminate overlap. ( 43 ). AutoScroll does not work. ( 44 ). BOOTP/DHCP: malformed packet - when user class option (77) is present. ( 45 ). GET MAX LUN wLength decoded as big-endian - USB Mass Storage. 46 ). Unable to create Filter Expression Button for a yellow filter. 47 ). Buildbot crash output: fuzz-2018-01-28-15874.pcap. ( 48 ). NetScaler RPC segmentation fault / stack overflow. ( 49 ). oss-fuzz #6028 RPC_NETLOGON: Direct-leak in g_malloc. generate_hash_key). ( 50 ). Newline " n" in packet list field increase line height for all rows. ( 51 ). ieee80211-radio.c preamble duration calculation not correct. 52 ). DIS: Malformed packet in SISO-STD-002 transmitter. ( 53 ). New and Updated Features. There are no new features in this release. New Protocol Support. There are no new protocols in this release. U
1.99.629 May 2015 09:05 major feature: The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k). TShark now resets its state when changing files in ring-buffer mode. Expert Info severities can now be configured. Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet. Qt port: The Qt UI is now the default (program name is wireshark). A Polish translation has been added. The Interfaces dialog has been added. The interface list is now updated when interfaces appear or disappear. The Conversations and Endpoints dialogs have been added. A Japanese translation has been added. It is now possible to manage remote capture interfaces. Windows: taskbar progress support has been added. Most toolbar actions are in place and work. More command line options are now supported. New Protocol Support: (LISP) TCP Control Message, AllJoyn Reliable Datagram Protocol, Android ADB, Android Logcat text, Apache Tribes Heartbeat, BGP Monitoring Prototol (BMP), C15 Call History Protocol dissection (C15ch), ceph, corosync/totemnet corosync cluster engine ( lowest levelencryption/decryption protocol), corosync/totemsrp corosync cluster engine ( totem single ring protocol), Couchbase, CP "Cooper" 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC 4728), Elasticsearch, ETSI Card Application Toolkit - Transport Protocol, Generic Network Virtualization Encapsulation (Geneve), Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM) Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace, iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft Pocket Edition), OCFS2, OptoMMP, QNEX6 (QNET), RakNet games library, Remote Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA, Stateless Transport
1.99.008 Oct 2014 11:10 major feature: Version 1.99.0 is an experimental development prerelease in preparation of Wireshark 2.0, which adds significantly updated features. The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k). TShark now resets its state when changing files in ring-buffer mode. Expert Info severities can now be configured. Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet. Qt port: The Qt UI is now the default (program name is wireshark). A Polish translation has been added. The Interfaces dialog has been added. The interface list is now updated when interfaces appear or disappear. The Conversations and Endpoints dialogs have been added. A Japanese translation has been added. It is now possible to manage remote capture interfaces. Windows: taskbar progress support has been added. Most toolbar actions are in place and work. More command line options are now supported
1.12.118 Sep 2014 23:54 minor bugfix: This release fixes some security bugs. Wireshark can crash during remote capture (rpcap) configuration. 802.11 capture does not decrypt/decode DHCP response. Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or =s. No progress line in "VOIP RTP Player". MIPv6 Service Selection Identifier parse error. Probably wrong length check in proto_item_set_end. 802.11 BA sequence number decode is broken. wmem_alloc_array() "succeeds" (and clobbers memory) when requested to allocate 0xaaaaaaaa items of size 12. Different dissection results for same file. Mergecap wildcard breaks in version 1.12.0. Diameter TCP reassemble. TRILL NLPID 0xc0 unknown to Wireshark. BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly. Ethernet OAM (CFM) frames including TLV s are wrongly decoded as malformed. BGP4: Wireshark skipped some potion of AS_PATH. MAC address name resolution is broken. Wrong decoding of RPKI RTR End of Data PDU. SSL/TLS dissector incorrectly interprets length for status_request_v2 hello extension. Misparsed NTP control assignments with empty values. 6LoWPAN multicast address decompression problems. Netflow v9 flowset not decoded if options template has zero-length scope section. GUI Hangs when Selecting Path to GeoIP Files. AX.25 dissector prints unprintable characters. 6LoWPAN context handling not working. SIP: When export to a CSV, Info is changed to differ. Typo in packet-netflow.c. Incorrect MPEG-TS decoding (OPCR field).
1.12.004 Aug 2014 21:37 major feature: The limitation of 64K for "on-the-wire" packet lengths has been fixed. Expert information is now filterable when the new API is in use. Transport name resolution is now disabled by default. Support has been added for all versions of the DCBx protocol. Several SCTP dialogs have been added. The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added. The I/O Graph dialog has been added. The ASN1 plugin has been removed as it s deemed obsolete. There's also broad new protocol support, and some updates. Additionally 1.12.x contains many API changes, and is likely to be the last Gtk release.