Wireshark is the world's foremost and widely-used network protocol analyzer. It lets you see what's happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998.

Features

  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer (compressed and uncompressed), Sniffer Pro, and NetXray, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript┬«, CSV, or plain text

What's New

We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release. Issue 17779

If you're running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you will likely have to open and run the "Uninstall ChmodBPF" package, then open and run "Install ChmodBPF" in order to reset the ChmodBPF Launch Daemon. Issue 18734.

Bug Fixes

  • The following vulnerabilities have been fixed:
  • wnpa-sec-2023-23 CBOR dissector crash. Issue 19144.
  • wnpa-sec-2023-24 BT SDP dissector infinite loop. Issue 19258.
  • wnpa-sec-2023-25 BT SDP dissector memory leak. Issue 19259.
  • wnpa-sec-2023-26 CP2179 dissector crash. Issue 19229.

The following bugs have been fixed:

  • TShark cannot capture to pipe on Windows correctly. Issue 17900.
  • Wireshark wrongly blames group membership when pcap capabilities are removed. Issue 18279.
  • Packet bytes window broken layout. Issue 18326.
  • RTP Player only shows waveform until sequence rollover. Issue 18829.
  • Valid Ethernet CFM DMM packets are shown as malformed. Issue 19198.
  • Crash on DICOM Export Objects window close. Issue 19207.
  • The QUIC dissector is reporting the quic_transport_parameters max_ack_delay with the title \"GREASE\" Issue 19209.
  • Preferences: Folder name editing behaves weirdly, cursor jumps. Issue 19213.
  • DHCPFO: Expert info list does not show all expert infos. Issue 19216.
  • Websocket packets not decoded and displayed for Field type=Custom and Field name websocket.payload.text. Issue 19220.
  • Cannot read pcapng file captured on OpenBSD and read on FreeBSD. Issue 19230.
  • UI: While capturing the Wireshark icon changes from green to blue when new file is created. Issue 19252.
  • Conversation: heap-use-after-free after wmem_leave_file_scope. Issue 19265.
  • IP Packets with DSCP 44 does not indicate "Voice-Admit" Issue 19270.
  • NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list. Issue 19273.
  • UI: Auto scroll button in the toolbar is turned on when manually scrolling to the end of packet list. Issue 19274.

New and Updated Features

  • There are no new or updated features in this release.

New Protocol Support

  • There are no new protocols in this release.

Updated Protocol Support

  • BT SDP, CBOR, CFM, CP2179, CQL, DHCPFO, DICOM, F1AP, GSM DTAP, IEEE 802.11, IPv4, NAS-5GS, PFCP, PKT CCC, QUIC, RTP, TFTP, WebSocket, and XnAP