WireShark 2.4.10

Wireshark is a network protocol analyzer. It allows to inspect network traffic or capture it for offline analysis. It allows to deeply analyze protocols, provides a three pane package browser or a console tool. It can filter and colorize according to complex and custom rule sets. It also allows VoIP analysis, and understands a plethora of capture and compression formats. Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others network types. It also includes decryption support for common protocols, and can export results.

Tags internet network-inspection capturing system-administrators
License GNU GPL
State beta

Recent Releases

2.4.1012 Oct 2018 09:25 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-47 MS-WSP dissector crash. 2 . 3 CVE-2018-18227. 4 wnpa-sec-2018-50 OpcUA dissector crash. 5 CVE-2018-12086. The following have been : HTTP2 dissector decodes first SSL record only. 6 . Undocumented sub-option for -N option in man page and tshark -N help. 7 . Mishandling of Port Control Protocol option padding. 8 . MGCP: parameter lines are case-insensitive. 9 . details of 2nd sub-VSA in bundled RADIUS VSA are incorrect. 10 15073. Heuristic DPLAY dissector fails to recognize DPLAY packets. 11 15092. gsm_rlcmac_dl dissector exception. 12 . Buildbot crash output: fuzz-2018-09-07-29306.pcap. 13 . Wildcard expansion doesn't work on Windows 10 for command-line programs in cmd.exe or PowerShell. 14 . SSL Reassembly Error New fragment past old data limits. 15 15158. New and Updated Features. There are no new features in this release. New Protocol Support. There are no new protocols in this release. Updated Protocol Support. ASN.1 PER, CIP, DPLAY, HTTP, MGCP, MS-WSP, OpcUa, PCP, RADIUS, and TLS. New and Updated Capture File Support. Ascend, and pcapng. New and Updated Capture Interfaces support. There are no new or updated capture interfaces supported in this release.
2.4.930 Aug 2018 06:45 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-44 Bluetooth AVDTP dissector crash. 2 . 3 CVE-2018-16058. 4 wnpa-sec-2018-45 Bluetooth Attribute Protocol dissector crash. 5 . 6 CVE-2018-16056. 7 wnpa-sec-2018-46 Radiotap dissector crash. 8 . 9 CVE-2018-16057. The following have been : Incorrect presentation of dissected data item (NETMASK) in ISAKMP dissector. 10 . udpdump frame too long error. 11 . ASTERIX Category 062 / 135 Altitude has wrong value. 12 . Wireshark cannot decrypt SSL/TLS session if it was proxied over HTTP tunnel. 13 . TLS records in a HTTP tunnel are displayed as "Encrypted Handshake Message". 14 . BTATT Dissector: Temperature Measurement: Celsius and Fahrenheit swapped. 15 . Diameter AVP User Location Info, Mobile Network Code decoded not correctly. 16 . Heartbeat message "Info" displayed without comma separator. 17 15079. DTAP CC Start DTMF keypad information parsing error. 18 . New and Updated Features. There are no new features in this release. New Protocol Support. There are no new protocols in this release. Updated Protocol Support. ASTERIX, Bluetooth ATT, Bluetooth AVDTP, DHCP, DTLS, E.212, HTTP, ISAKMP, K12, Nordic BLE, Radiotap, and SSL. New and Updated Capture File Support. pcapng. New and Updated Capture Interfaces support. ciscodump udpdump.
2.4.819 Jul 2018 20:45 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-34 BGP dissector large loop. 2 . 3 CVE-2018-14342. 4 wnpa-sec-2018-35 ISMP dissector crash. 5 . 6 CVE-2018-14344. 7 wnpa-sec-2018-36 Multiple dissectors could crash. 8 . 9 CVE-2018-14340. 10 wnpa-sec-2018-37 ASN.1 BER dissector crash. 11 . 12 CVE-2018-14343. 13 wnpa-sec-2018-38 MMSE dissector infinite loop. 14 . 15 CVE-2018-14339. 16 wnpa-sec-2018-39 DICOM dissector crash. 17 . 18 CVE-2018-14341. 19 wnpa-sec-2018-40 Bazaar dissector infinite loop. 20 . 21 CVE-2018-14368. 22 wnpa-sec-2018-41 HTTP2 dissector crash. 23 . 24 CVE-2018-14369. 25 wnpa-sec-2018-42 CoAP dissector crash. 26 . 27 CVE-2018-14367. 28 wnpa-sec-2018-43 IEEE 802.11 dissector crash. 29 . The following have been : ISMP.EDP "Tuples" dissected incorrectly. ( 30 ). Wireshark crashes when changing profiles. ( 31 ). Crash when switching to TRANSUM enabled profile. ( 32 ). Wireshark crashes with single quote string display filter. ( 33 14084). randpkt can write packets that libwiretap can't read. ( 34 14107). Crafted UDP packet causes large memory usage. ( 35 ). Error received from dissect_wccp2_hash_assignment_info(). ( 36 14573). Extraction of SMB file results in wrong size. ( 37 ). Crafted UDP packet causes large memory usage. ( 38 ). IP address to name resolution doesn't work in TShark. ( 39 14711). proto_tree_add_protocol_format might leak memory. ( 40 ). tostring for NSTime objects in lua gives wrong results. ( 41 14720). DICOM dissector needs to check for packet offset overflow. ( 42 14742). Formatting of OSI area addresses/address pregoes past the end of the area address/address pre. ( 43 ). ICMPv6 Router Renumbering - Packet Dissector - malformed. ( 44 14755). WiMAX HARQ MAP decoder segfaults when length is too short. ( 45 14780). HTTP PUT request following a HEAD request is not correctly decoded. 46 ). SYNC PDU type 3 miss the last PDU length. ( 47 ). Reversed 128 bits service UUIDs when Bluetooth Low Energy adve
2.4.723 May 2018 16:45 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-25 The LDSS dissector could crash. ( 2 ). 3 wnpa-sec-2018-28 Multiple dissectors could consume excessive memory. ( 4 ). 5 wnpa-sec-2018-29 The DNS dissector could crash. ( 6 ). 7 wnpa-sec-2018-30 The GSM A DTAP dissector could crash. ( 8 ). 9 wnpa-sec-2018-31 The Q.931 dissector could crash. ( 10 ). 11 wnpa-sec-2018-33 Multiple dissectors could crash. ( 12 ). The following have been : Double "Full Screen" menu item on macOS. ( 13 ). Segmentation fault when switching profiles. ( 14 ). extcap: InterfaceToolbar control pipe broken. ( 15 ). SIP Response-time not being well calculated. ( 16 ). HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ( 17 14554). Power Capability tag interpreted incorrectly. ( 18 ). while building latest version of wireshark 2.4.6. ( 19 14597). SMB2 Write requests not displayed. ( 20 ). Wrong default file format chosen in when saving a capture with comments added if the original format doesn't support comments. 21 ). ui/macosx directory missing from source release tarball. ( 22 14627). Wireshark 2.9.0 snapshot crashes/segfaults on Windows when launched with -k or -i. ( 23 ). File missing from release tarball. ( 24 ). Remove: HACK to support UHD's weird header offset on data packets. 25 ). WinSparkle 0.5.6 is out of date and is gy. ( 26 ). RTMPT: incorrect dissection of multiple RTMP packets within a single TCP packet. ( 27 ). Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets. 28 ). Files missing from docbook CMake file. ( 29 ). New and Updated Features. There are no new features in this release. New Protocol Support. There are no new protocols in this release. Updated Protocol Support. BATADV, BT LE LL, BVLC, DLT_USER, DNS, GSM A BSSMAP, GSM A DTAP, GSM A GM, GTP, GTPv2, IEEE 802.11, LAPDm, LDSS, Logcat Text, LwM2M-TLV, MAC LTE, MP2T, MPEG PES, NBSS, Q.931, RSL, RTMPT, S7COMM, SIP, TCP, and VITA 49. New and Updated Capture File Support. 3GPP TS 32.423 Trace, and And
2.4.604 Apr 2018 10:45 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-15 The MP4 dissector could crash. ( 2 ). 3 wnpa-sec-2018-16 The ADB dissector could crash. ( 4 ). 5 wnpa-sec-2018-17 The IEEE 802.15.4 dissector could crash. ( 6 ). 7 wnpa-sec-2018-18 The NBAP dissector could crash. ( 8 ). 9 wnpa-sec-2018-19 The VLAN dissector could crash. ( 10 ). 11 wnpa-sec-2018-20 The LWAPP dissector could crash. ( 12 ). 13 wnpa-sec-2018-21 The TCP dissector could crash. ( 14 ). 15 wnpa-sec-2018-22 The CQL dissector could to into an infinite loop. ( 16 ). 17 wnpa-sec-2018-23 The Kerberos dissector could crash. ( 18 ). 19 wnpa-sec-2018-24 Multiple dissectors and other modules could leak memory. The TN3270. 20 ), ISUP ( 21 ), LAPD ( 22 ), SMB2. 23 ), GIOP ( 24 ), ASN.1 ( 25 ), MIME multipart ( 26 ), H.223 ( 27 ), and PCP ( 28 14488) dissectors were susceptible along with Wireshark and TShark. 29 ). The following have been : TRANSUM doesn't account for DNS retries in the Request Spread. 30 ). BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not able to decode the packet correctly. ( 31 ). Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes in later releases. ( 32 ). PEEKREMOTE dissector lacks 80mhz support, short preamble support and spatial streams encoding. ( 33 ). Statistics UDP Multicast Streams Copy Save as.. is broken. 34 ). Typo error in enumeration value of speech version identifier. 35 ). In "Unsaved packets" dialog one can NOT use keyboard to choose. Continue without Saving". ( 36 ). WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ( 37 14538). Buildbot crash output: fuzz-2018-03-19-19114.pcap. ( 38 ). alloca() used in wsutil/getopt_long.c without inclusion. 39 ). HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ( 40 14554). Makefile.in uses non-portable "install" command. ( 41 ). HP-UX HP ANSI C doesn't support assigning to a variable in epan/app_mem_usage.c. ( 42 ). PPP in SSTP, HDLC framing not parsed properly. ( 43 ). Usi
2.4.518 Mar 2018 03:15 minor feature: The following vulnerabilities have been : 1 wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. 2 . 3 CVE-2018-7335. 4 wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors ( 5 ), along with the DICOM ( 6 ), DMP ( 7 ), LLTD ( 8 ), OpenFlow ( 9 ), RELOAD ( 10 ), RPCoRDMA ( 11 ), RPKI-Router. 12 ), S7COMM ( 13 ), SCCP ( 14 ), Thread ( 15 ), Thrift ( 16 ), USB ( 17 14421), and WCCP ( 18 ) dissectors were susceptible. 19 wnpa-sec-2018-07 The UMTS MAC dissector could crash. 20 . 21 CVE-2018-7334. 22 wnpa-sec-2018-08 The DOCSIS dissector could crash. 23 , 24 CVE-2018-7337. 25 wnpa-sec-2018-09 The FCP dissector could crash. 26 , 27 CVE-2018-7336. 28 wnpa-sec-2018-10 The SIGCOMP dissector could crash. 29 , 30 CVE-2018-7320. 31 wnpa-sec-2018-11 The pcapng file parser could crash. 32 . 33 CVE-2018-7420. 34 wnpa-sec-2018-12 The IPMI dissector could crash. 35 , 36 CVE-2018-7417. 37 wnpa-sec-2018-13 The SIGCOMP dissector could crash. 38 , 39 CVE-2018-7418. 40 wnpa-sec-2018-14 The NBAP disssector could crash. 41 , 42 CVE-2018-7419. The following have been : Change placement of "double chevron" in Filter Toolbar to eliminate overlap. ( 43 ). AutoScroll does not work. ( 44 ). BOOTP/DHCP: malformed packet - when user class option (77) is present. ( 45 ). GET MAX LUN wLength decoded as big-endian - USB Mass Storage. 46 ). Unable to create Filter Expression Button for a yellow filter. 47 ). Buildbot crash output: fuzz-2018-01-28-15874.pcap. ( 48 ). NetScaler RPC segmentation fault / stack overflow. ( 49 ). oss-fuzz #6028 RPC_NETLOGON: Direct-leak in g_malloc. generate_hash_key). ( 50 ). Newline " n" in packet list field increase line height for all rows. ( 51 ). ieee80211-radio.c preamble duration calculation not correct. 52 ). DIS: Malformed packet in SISO-STD-002 transmitter. ( 53 ). New and Updated Features. There are no new features in this release. New Protocol Support. There are no new protocols in this release. U
1.99.629 May 2015 09:05 major feature: The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k). TShark now resets its state when changing files in ring-buffer mode. Expert Info severities can now be configured. Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet. Qt port: The Qt UI is now the default (program name is wireshark). A Polish translation has been added. The Interfaces dialog has been added. The interface list is now updated when interfaces appear or disappear. The Conversations and Endpoints dialogs have been added. A Japanese translation has been added. It is now possible to manage remote capture interfaces. Windows: taskbar progress support has been added. Most toolbar actions are in place and work. More command line options are now supported. New Protocol Support: (LISP) TCP Control Message, AllJoyn Reliable Datagram Protocol, Android ADB, Android Logcat text, Apache Tribes Heartbeat, BGP Monitoring Prototol (BMP), C15 Call History Protocol dissection (C15ch), ceph, corosync/totemnet corosync cluster engine ( lowest levelencryption/decryption protocol), corosync/totemsrp corosync cluster engine ( totem single ring protocol), Couchbase, CP "Cooper" 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC 4728), Elasticsearch, ETSI Card Application Toolkit - Transport Protocol, Generic Network Virtualization Encapsulation (Geneve), Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM) Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace, iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft Pocket Edition), OCFS2, OptoMMP, QNEX6 (QNET), RakNet games library, Remote Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA, Stateless Transport
1.99.008 Oct 2014 11:10 major feature: Version 1.99.0 is an experimental development prerelease in preparation of Wireshark 2.0, which adds significantly updated features. The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k). TShark now resets its state when changing files in ring-buffer mode. Expert Info severities can now be configured. Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet. Qt port: The Qt UI is now the default (program name is wireshark). A Polish translation has been added. The Interfaces dialog has been added. The interface list is now updated when interfaces appear or disappear. The Conversations and Endpoints dialogs have been added. A Japanese translation has been added. It is now possible to manage remote capture interfaces. Windows: taskbar progress support has been added. Most toolbar actions are in place and work. More command line options are now supported
1.12.118 Sep 2014 23:54 minor bugfix: This release fixes some security bugs. Wireshark can crash during remote capture (rpcap) configuration. 802.11 capture does not decrypt/decode DHCP response. Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or =s. No progress line in "VOIP RTP Player". MIPv6 Service Selection Identifier parse error. Probably wrong length check in proto_item_set_end. 802.11 BA sequence number decode is broken. wmem_alloc_array() "succeeds" (and clobbers memory) when requested to allocate 0xaaaaaaaa items of size 12. Different dissection results for same file. Mergecap wildcard breaks in version 1.12.0. Diameter TCP reassemble. TRILL NLPID 0xc0 unknown to Wireshark. BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly. Ethernet OAM (CFM) frames including TLV s are wrongly decoded as malformed. BGP4: Wireshark skipped some potion of AS_PATH. MAC address name resolution is broken. Wrong decoding of RPKI RTR End of Data PDU. SSL/TLS dissector incorrectly interprets length for status_request_v2 hello extension. Misparsed NTP control assignments with empty values. 6LoWPAN multicast address decompression problems. Netflow v9 flowset not decoded if options template has zero-length scope section. GUI Hangs when Selecting Path to GeoIP Files. AX.25 dissector prints unprintable characters. 6LoWPAN context handling not working. SIP: When export to a CSV, Info is changed to differ. Typo in packet-netflow.c. Incorrect MPEG-TS decoding (OPCR field).
1.12.004 Aug 2014 21:37 major feature: The limitation of 64K for "on-the-wire" packet lengths has been fixed. Expert information is now filterable when the new API is in use. Transport name resolution is now disabled by default. Support has been added for all versions of the DCBx protocol. Several SCTP dialogs have been added. The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added. The I/O Graph dialog has been added. The ASN1 plugin has been removed as it s deemed obsolete. There's also broad new protocol support, and some updates. Additionally 1.12.x contains many API changes, and is likely to be the last Gtk release.