Wireshark 3.6.0

2021-11-23 By admin



Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

New and Updated Features

The following features are new (or have been significantly updated) since version 3.6.0rc3:

  • The macOS Intel packages now ship with Qt 5.15.3 and require macOS 10.13 or later.
  • The following features are new (or have been significantly updated) since version 3.6.0rc2:
  • Display filter set elements must now be comma-separated. See below for more details.
  • The following features are new (or have been significantly updated) since version 3.6.0rc1:
  • The display filter expression “a != b” now has the same meaning as “!(a == b)”.

The following features are new (or have been significantly updated) since version 3.4.0:

Several changes have been made to the display filter syntax:

  • The expression “a != b” now always has the same meaning as “!(a == b)”. In particular this means filter expressions with multi-value fields like “ip.addr != 1.1.1.1” will work as expected (the result is the same as typing “ip.src != 1.1.1.1 and ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a != b) being true.
  • It is possible to use the syntax “a ~= b” or “a any_ne b” to recover the previous (inconsistent with “==”) logic for not equal.
  • Literal strings can now be specified using raw string syntax, identical to raw strings in the Python programming language. This can be used to avoid the complexity of using two levels of character escapes with regular expressions.
  • Set elements must now be separated using a comma. A filter such as http.request.method in {“GET” “HEAD”} must be written as …​ in {“GET”, “HEAD”}. Whitespace is not significant. The previous use of whitespace as separator is deprecated and will be removed in a future version.
  • Support for the syntax “a not in b” with the same meaning as “not a in b” has been added.

Packaging updates:

  • A macOS Arm 64 (Apple Silicon) package is now available.
  • The macOS Intel packages now ship with Qt 5.15.3 and require macOS 10.13 or later.
  • The Windows installers now ship with Npcap 1.55.
  • A 64-bit Windows PortableApps package is now available. [full release notes]

Download: Wireshark 3.6.0 | Wireshark 32-bit | ~50.0 MB (Open Source)
Download: Portable Wireshark 3.6.0 | Portable Wireshark 32-bit | Wireshark for macOS
View: Wireshark Website | Wireshark 3.6.0 changelog

Get alerted to all of our Software updates on Twitter at @NeowinSoftware