Wireshark for Mac

Wireshark for Mac 2.4.6

Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level.

40.5 MB
More votes needed

It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Wireshark was written by networking experts around the world, and is an example of the power of open source. Wireshark is used by network professionals around the world for analysis, troubleshooting, software and protocol development and education. The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.


  • Data can be captured "off the wire" from a live network connection, or read from a capture file.
  • Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HPUX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdumpformat), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
  • Live data can be read from Ethernet, FDDI, PPP, Token*Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
  • Captured network data can be browsed via a GUI, or via the TTY*mode "tethereal" program.
  • Capture files can be programmatically edited or converted via command*line switches to the "editcap" program.
  • 602 protocols can currently be dissected
  • Output can be saved or printed as plain text or PostScript.
  • Data display can be refined using a display filter.
  • Display filters can also be used to selectively highlight and color packet summary information.
  • All or part of each captured network trace can be saved to disk.

What's New:

  • Wireshark crash when end capturing with "Update list of packets in real-time" option off. (Bug 13024)
  • Diameter service response time statistics broken in 2.2.4. (Bug 13442)
  • Sequence number isn’t shown as the X axis in TCP Stream Graph - RTT. (Bug 13740)
  • Using an SSL subdissector will cause SSL data to not be decoded (related to reassembly of application data). (Bug 13885)
  • Wireshark 2.4.0 doesn’t build with Qt 4.8. (Bug 13909)
  • Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
  • Voip Flow Sequence button crash. (Bug 14010)
  • wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in wrong place ?. (Bug 14016)
  • wireshark-2.4.1/ui/qt/tcp_stream_dialog.cpp:1206: sanity check in odd place ?. (Bug 14017)
  • [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). (Bug 14025)
  • [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). (Bug 14032)
  • Own interface toolbar logger dialog for each log command. (Bug 14033)
  • Wireshark crashes when dissecting DOCSIS REGRSPMP which contains UCD. (Bug 14038)
  • Broken installation instructions for Visual Studio Community Edition. (Bug 14039)
  • RTP Analysis "save as CSV" saves twice the forward stream, if two streams are selected. (Bug 14040)
  • VWR file read ends early with vwr: Invalid data length 0. (Bug 14051)
  • reordercap fails with segmentation fault 11 on MacOS. (Bug 14055)
  • Cannot Apply Bitmask to Long Unsigned. (Bug 14063)
  • text2pcap since version 2.4 aborts when there are no arguments. (Bug 14082)
  • gtpprime: Missing in frame.protocols. (Bug 14083)
  • HTTP dissector believes ICY response is a request. (Bug 14091)