Wireshark is the world's foremost and widely-used network protocol analyzer. It lets you see what's happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.


  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

What's New

Bug Fixes

  • Capture start fails when file set enabled and file extension not supplied if directory contains a period. Issue 14614.
  • Cannot drag and move custom filter buttons in toolbar. Issue 19447.
  • Not equal won't work when used with wlan.addr. Issue 19449.
  • sshdump fails to connect with private key (ssh-rsa) Issue 19510.
  • ChmodBPF installation fails on macOS Sonoma 14.1.2. Issue 19527.
  • Windows installers should check for Windows 8.1. Issue 19569.
  • Fuzz job crash output: fuzz-2024-01-05-7725.pcap. Issue 19570.
  • Fuzz job crash output: fuzz-2024-01-06-7734.pcap. Issue 19578.
  • Incorrect recursion depth assert failure when dissecting a legitimate GOOSE message. Issue 19580.
  • OPC UA - large read request is reported as malformed in 4.2.1 but not in 4.0.12. Issue 19581.
  • TFTP dissector bug type listed as netscii instead of netascii doesn't show all TFTP packets including TFTP blocks. Issue 19589.
  • SMB1 replies from LAN Drive app only show up as NBSS Continuation Message. Issue 19593.
  • ciscodump - older SSH key exchange algorithms not supported. Issue 19594.
  • Problem decoding LAPB/X.25/FTAM after adding X.75 decoding. Issue 19595.
  • Wireshark Filter not working. Issue 19604.
  • CFLOW: failure to decode 0 length data fields of IPFIX variable length data types. Issue 19605.
  • Copy …as Printable Text Feature Missing in 4.1/4.2. Issue 19607.
  • Export Objects - HTTP is missing some HTTP/2 files in a two-pass analysis. Issue 19609.
  • ASAM-CMP Plugin: Malformed message, length mismatch if vendor defined data of status messages has odd length. Issue 19626.
  • OSS-Fuzz 66561: wireshark:fuzzshark_ip_proto-udp: Null-dereference READ in wmem_map_lookup. Issue 19642.