Wireshark 2.4.6

Network protocol analyzer.

55.2 MB
4.7 15 votes

The Ethereal network protocol analyzer has changed its name to Wireshark. The name might be new, but the software is the same. Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide. Wireshark was written by networking experts around the world, and is an example of the power of open source

Wireshark is used by network professionals around the world for analysis, troubleshooting, software and protocol development and education. The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.


  • Data can be captured "off the wire" from a live network connection, or read from a capture file.
  • Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HPUX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdumpformat), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
  • Live data can be read from Ethernet, FDDI, PPP, Token*Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
  • Captured network data can be browsed via a GUI, or via the TTY*mode "tethereal" program.
  • Capture files can be programmatically edited or converted via command*line switches to the "editcap" program.
  • 602 protocols can currently be dissected
  • Output can be saved or printed as plain text or PostScript.
  • Data display can be refined using a display filter.
  • Display filters can also be used to selectively highlight and color packet summary information.
  • All or part of each captured network trace can be saved to disk.

What's New:

The following bugs have been fixed:

  • wnpa-sec-2017-47
  • The IWARP_MPA dissector could crash. (Bug 14236)
  • wnpa-sec-2017-48
  • The NetBIOS dissector could crash. (Bug 14249)
  • wnpa-sec-2017-49
  • The CIP Safety dissector could crash. (Bug 14250)
  • "tshark -G ?" doesn’t provide expected help. (Bug 13984)
  • File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
  • packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
  • packet-q931.c:1306: bad compare ?. (Bug 14116)
  • SSL Dissection bug. (Bug 14117)
  • Wireshark crashes when exporting various files to .csv, txt and other ‘non-capture file’ formats. (Bug 14128)
  • RLC reassembly doesn’t work for RLC over UDP heuristic dissector. (Bug 14129)
  • HTTP Object export fails with long extension (possibly query string). (Bug 14130)
  • 3GPP Civic Address not displayed in Packet Details. (Bug 14131)
  • Wireshark prefers packet.dll in System32\\Npcap over the one in System32. (Bug 14134)
  • PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
  • Visual Studio Community Edition 2015 lacks tools named in developer guide. (Bug 14147)
  • TCP: Malformed data with Riverbed Probe option. (Bug 14150)
  • Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
  • Right click on SMB2 Message ID and then Apply as Column causes Runtime Error. (Bug 14169)
  • Return [Enter] should apply change (Column title - Button Label toolbars). (Bug 14191)
  • Wireshark crashes if "rip.display_routing_domain" is set to TRUE in preferences file. (Bug 14197)
  • Entry point inflatePrime not found for androiddump.exe and randpktdump.exe. (Bug 14207)
  • BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly. (Bug 14241)
  • Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication). (Bug 14243)
  • Frame direction isn’t always set if it comes from the pcapng record header rather than the packet pseudo-header. (Bug 14245)