Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, all that has changed. Wireshark is perhaps one of the best open source packet analyzers available today.
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark 3.4.4 bug fixes:
- NTP Version 3 Client Decode PDML output issue (Reference ID Issue) Issue 17112.
- 3.4.2: public wireshark include files are including build time "config.h" Issue 17190.
- wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array index ? Issue 17198.
- SIP protocol: P-Called-Party-ID header mixed up with P-Charge-Info header Issue 17215.
- Asterix CAT010 Decode Error Issue 17226.
- _ws.expert columns not populated for IPv4 Issue 17228.
- Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue 17233.
- gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024) that v3.2.6 succeeds. Issue 17250.
The following vulnerabilities have been fixed:
- wnpa-sec-2021-03 Wireshark could open unsafe URLs. Issue 17232. CVE-2021-22191.
Updated Protocol Support
- ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
New and Updated Capture File Support