Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Features

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript®, CSV, or plain text

What’s New

We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release. Issue 17779

If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you will likely have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” in order to reset the ChmodBPF Launch Daemon. Issue 18734.

Bug Fixes

The following vulnerabilities have been fixed:

• wnpa-sec-2023-09 RPCoRDMA dissector crash. Issue 18852.
• wnpa-sec-2023-10 LISP dissector large loop. Issue 18900.
• wnpa-sec-2023-11 GQUIC dissector crash Issue 18947.

The following bugs have been fixed:

• Wireshark ITS Dissector RTCMEM wrong protocol version selector 2 – should use 1. Issue 18862.
• Wireshark treats the letter E in SSRC as an exponential representation of a number. Issue 18879.
• VNC RRE Parser skips over data. Issue 18883.
• sshdump coredump when –remote-interface is left empty. Issue 18904.
• Fuzz job crash output: fuzz-2023-03-17-7298.pcap. Issue 18917.
• Fuzz job crash output: fuzz-2023-03-27-7564.pcap. Issue 18934.
• RFC8925 support (dhcp option 108) Issue 18943.
• DIS dissector shows an incorrect state in the packet list info column. Issue 18967.
• RTP analysis shows incorrect timestamp error when timestamp is rolled over. Issue 18973.
• Asterisk (*) key crash on Endpoint/Conversation dialog. Issue 18975.
• The RTP player waveform now synchronizes better with audio.