Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what’s going on inside a network cable, just like a voltmeter is used by an electrician to examine what’s going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 4.2.0 changelog:
This is the first major Wireshark release under the Wireshark Foundation, a nonprofit which hosts Wireshark and promotes protocol analysis education. The foundation depends on your contributions in order to do its work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org.
- Wireshark supports dark mode on Windows.
- A Windows installer for Arm64 has been added.
- Packet list sorting has been improved.
- Wireshark and TShark are now better about generating valid UTF-8 output.
- A new display filter feature for filtering raw bytes has been added.
- Display filter autocomplete is smarter about not suggesting invalid syntax.
- Tools › MAC Address Blocks can lookup a MAC address in the IEEE OUI registry.
- The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.
- The installation target no longer installs development headers by default.
- The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
- Wireshark can be compiled on Windows using MSYS2. Check the Developer’s guide for instructions.
- Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions.
- Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
- Windows installer file names now have the format Wireshark–.exe.
- Wireshark now supports the Korean language.
- Many other improvements have been made. See the “New and Updated Features” section.
Download: Wireshark 4.2.0 | 82.2 MB (Open Source)
Download: Portable Wireshark 4.2.0 | ARM64 Installer
View: Wireshark Website
Get alerted to all of our Software updates on Twitter at @NeowinSoftware