Wireshark is the world's foremost and widely-used network protocol analyzer. It lets you see what's happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Features

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

What's New

In 4.2.4 one vulnerability has been fixed. See the release notes for details.

For a complete list of changes, please refer to the 4.2.4 release notes.

Bug Fixes

  • wnpa-sec-2024-06 T.38 dissector crash. Issue 19695. CVE-2024-2955.

Additionally, CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476 were recently assigned to Wireshark without any coordination with the Wireshark project. As far as we can determine, each one is based on invalid assumptions and we have requested that they be rejected.

The following bugs have been fixed:

  • Extcap with configuration never starts; "Configure all extcaps before start of capture." is shown instead. Issue 18487.
  • Packet Dissection CSV Export includes last column even if hidden. Issue 19666.
  • Inject TLS secrets closes Wireshark on Windows. Issue 19667.
  • Fuzz job issue: fuzz-2024-02-27-7196.pcap. Issue 19674.
  • Wireshark crashes when adding another port to the HTTP dissector. Issue 19677.
  • Fuzz job issue: fuzz-2024-03-03-7204.pcap. Issue 19685.
  • Fuzz job issue: randpkt-2024-03-05-8004.pcap. Issue 19688.
  • When adding a new row to a table an error report may be inserted. Issue 19705.
  • '--export-objects' does not work as expected on tshark version later than 3.2.10. Issue 19715.
  • Fuzz job issue: fuzz-2024-03-21-7215.pcap. Issue 19717.