Wireshark

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Wireshark 3.4.10 fixes the following vulnerabilities:

  • wnpa-sec-2021-07 Bluetooth DHT dissector crash. Issue 17651. CVE-2021-39929.
  • wnpa-sec-2021-08 Bluetooth HCI_ISO dissector crash. Issue 17649. CVE-2021-39926.
  • wnpa-sec-2021-09 Bluetooth SDP dissector crash. Issue 17635. CVE-2021-39925.
  • wnpa-sec-2021-10 Bluetooth DHT dissector large loop. Issue 17677. CVE-2021-39924.
  • wnpa-sec-2021-11 PNRP dissector large loop. Issue 17684.
  • wnpa-sec-2021-12 C12.22 dissector crash. Issue 17636. CVE-2021-39922.
  • wnpa-sec-2021-13 IEEE 802.11 dissector crash. Issue 17704. CVE-2021-39928.
  • wnpa-sec-2021-14 Modbus dissector crash. Issue 17703. CVE-2021-39921.
  • wnpa-sec-2021-15 IPPUSB dissector crash. Issue 17705. CVE-2021-39920.

The following bugs have been fixed:

  • OSS-Fuzz: Heap-use-after-free in ROS Issue 16342.
  • Allow for '\0' (NULL) character as filter instead of requiring 0x00 for the character match Issue 16525.
  • Dumpcap with threads reports double received count vs captured Issue 17089.
  • I/O Graphs values reset to default with 3.5 due to change of UAT Issue 17623.
  • HTTP2 dissector reports an assertion error on large data frames Issue 17633.
  • TShark stops capturing when capturing with multiple files and packet printing enabled Issue 17654.
  • Wireshark is unable to decode the IMSI IE received in BSSMAP Perform Location request Issue 17667.
  • WSLUA: Crash on reload if Proto has no fields Issue 17668.
  • Crash in flow analysis for TCP Issue 17722.

Updated Protocol Support

  • BT HCI_ISO, BT SDP, BT-DHT, C12.22, CAN FD, CSN1, EAPOL-MKA, EVS, GSM BSSMAP LE, HTTP2, IDMP, IEEE 1905.1a, IEEE 802.11, IPPUSB, Modbus, PNRP, and TCP

New and Updated Capture File Support

  • pcap

Download: Wireshark 3.4.10 | Wireshark 32-bit | ~50.0 MB (Open Source)
Download: Portable Wireshark 3.4.10 | Wireshark for macOS
View: Wireshark Website | Wireshark 3.4.10 changelog