The Ethereal network protocol analyzer has changed its name to Wireshark. The name might be new, but the software is the same. Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide. Wireshark was written by networking experts around the world, and is an example of the power of open source
Wireshark is used by network professionals around the world for analysis, troubleshooting, software and protocol development and education. The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.
- Data can be captured "off the wire" from a live network connection, or read from a capture file.
- Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HPUX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdumpformat), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
- Live data can be read from Ethernet, FDDI, PPP, Token*Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
- Captured network data can be browsed via a GUI, or via the TTY*mode "tethereal" program.
- Capture files can be programmatically edited or converted via command*line switches to the "editcap" program.
- 602 protocols can currently be dissected
- Output can be saved or printed as plain text or PostScript.
- Data display can be refined using a display filter.
- Display filters can also be used to selectively highlight and color packet summary information.
- All or part of each captured network trace can be saved to disk.
The following vulnerabilities have been fixed:
- wnpa-sec-2020-10 Kafka dissector crash. Bug 16672. CVE-2020-17498.
The following bugs have been fixed:
- Kafka dissector fails parsing FETCH responses. Bug 16623.
- Dissector for ASTERIX Category 001 / 210 does not recognize bit 1 as extension. Bug 16662.
- "invalid timestamp" for Systemd Journal Export Block. Bug 16664.
- Decoding Extended Emergency number list IE length. Bug 16668.
- Some macOS Bluetooth PacketLogger capture files aren’t recognized as PacketLogger files (regression, bisected). Bug 16670.
- Short IMSIs (5 digits) lead to wrong decoding+warning. Bug 16676.
- Decoding of PFCP IE 'PFD Contents' results in "malformed packet". Bug 16704.
- RFH2 Header with 32 or less bytes of NameValue will not parse out that info. Bug 16733.
- CDP: Port ID TLV followed by Type 1009 TLV triggers [Malformed Packet]. Bug 16742.
- tshark crashed when processing opcda. Bug 16746.
- tshark with --export-dicom gives “Segmentation fault (core dumped)”. Bug 16748.