Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.


  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

What's New:

  • The Windows installers now ship with Npcap 1.10. They previously shipped with Npcap 1.00.

Bug Fixes

The following vulnerabilities have been fixed:

  • wnpa-sec-2021-01 USB HID dissector memory leak. Bug 17124. CVE-2021-22173.
  • wnpa-sec-2021-02 USB HID dissector crash. Bug 17165. CVE-2021-22174.

The following bugs have been fixed:

  • SIP response single-line multiple Contact-URIs decoding error Bug 13752.
  • Adding filter while "Telephony→VoIP Calls→Flow Sequence" open causes OOB memory reads and potential crashes. Bug 16952.
  • QUIC packet not fully dissected Bug 17077.
  • SOMEIP-SD hidden entries are off Bug 17091.
  • Problem with calculation on UDP checksum in SRv6 Bug 17097.
  • Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098.
  • Wireshark 3.4.0: build failure on older MacOS releases, due to 'CLOCK_REALTIME' Bug 17101.
  • TECMP: Status Capture Module messages shows 3 instead of 2 bytes for HW version Bug 17133.
  • Documentation - editorial error - README.dissector bad reference Bug 17141.
  • Cannot save capture with comments to a format that doesn’t support it (no pop-up) Bug 17146.
  • AUTOSAR-NM: PNI TF-String wrong way around Bug 17154.
  • Fibre Channel parsing errors even with the fix for #17084 Bug 17168.
  • f5ethtrailer: Won’t find a trailer after an FCS that begins with a 0x00 byte Bug 17171.
  • f5ethtrailer: legacy format, low noise only, no vip name trailers no longer detected Bug 17172.
  • Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug 17174.
  • Dissection error on large ZVT packets Bug 17177.
  • TShark crashes with -T ek option Bug 17179.

New and Updated Features

Updated Protocol Support


New and Updated Capture File Support

  • f5ethtrailer and pcapng

Getting Wireshark

  • Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

Vendor-supplied Packages

  • Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

  • Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About → Folders to find the default locations on your system.