As a systems administrator, or even any other user who wants to monitor and analyze network protocol, sometimes traditional troubleshooting may just not cut it at all. Sometimes despite all the ordinary troubleshooting processes you still cannot get a certain website to work over your network, while it easily opens over a different network. Or you may want to capture traffic flow over your network at the office. Either way, a network protocol comes in handy.
Why should you use Wireshark?
Wireshark monitors network interface cards in order to capture the traffic flowing through. These packets of data on NICs are then analyzed for information or possible solutions to problems. In addition, it has the ability to negotiate multiple protocols on the open systems interconnection layer. You can also capture network interface cards for many two-layer protocols such as PPP, Ethernet as well as ARP requests and routing protocols.
It can capture different media traffic whether you are looking at VOIP calls, USB or application layer protocols. You can also see data such usernames and passwords when somebody signs in over a network where you are equipped with Wireshark. Malicious activity on your network can also be detected. You can set filters to capture only the kind of traffic you are interested in, which, given how much traffic flows over a network ordinarily, is a useful function.
Key Features of Wireshark Include:
- It has a live capture and offline analysis capability;
- Deep inspection of hundreds of protocols, and more being added as time goes by;
- A three-pane packet browser;
- It is multi-platform, running on Windows, Mac, Solaris, Linux, FreeBSD, and many more;
- You can browse captured data via a Graphic User Interface or the TTY model TShark utility;
- Very powerful display filters;
- Rich VoIP analysis;
- It can read and write different capture file formats;
- You can read live data as it is captured;
- It has decryption support for many protocols;
- You can export output to XML, Postscript, CSV or plain text.
This tool is useful for learning about how network protocols work. It can also be useful for solving problems over the network that ordinary black box approaches cannot solve. Over shared networks such as public Wi-Fi, you can use it to hack and retrieve passwords and usernames from other users
What's new in 3.0.2 version?
- The Windows installers now ship with Qt 5.12.3. They previously shipped with Qt 5.12.1.
- The Windows installers now ship with Npcap 0.995. They previously shipped with Npcap 0.992.
- The macOS packages are now notarized.
- wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
- Add (IETF) QUIC Dissector. Bug 13881.
- Wireshark Hangs on startup initializing external capture plugins. Bug 14657.
- [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree — possible infinite loop. Bug 14978.
- Wireshark can call extcap with empty multicheck argument. Bug 15065.
- CMPv2 KUR message disection gives unexpected value for serialNumber under OldCertId fields. Bug 15154.
- "(Git Rev Unknown from unknown)" in version string for official tarball. Bug 15544.
- External extcap does not get all arguments sometimes. Bug 15586.
- Help file doesn’t display for extcap interfaces. Bug 15592.
- Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug 15604.
- Building only libraries on windows fails due to CLEAN_C_FILES empty. Bug 15662.
- Statistics→Conversations→TCP→Follow Stream - incorrect behavior. Bug 15672.
- Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field). Bug 15687.
- ws_pipe: leaks pipe handles on errors. Bug 15689.
- Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706.
- ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie. Bug 15709.
- extcap: non-boolean call arguments can be appended without value on selector Reload. Bug 15725.
- Incorrectly interpreted format of MQTT PUBLISH payload data. Bug 15738.
- print.c: Memory leak in ek_check_protocolfilter. Bug 15758.
- IETF QUIC dissector incorrectly parses retry packet. Bug 15764.
- Bacnet(app): fix wrong value for id 183 (logging-device → logging-object). Bug 15767.
- The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine. Bug 15772.
- tshark -G folders leaves mmdbresolve process behind. Bug 15777.
- Dissector bug, protocol TLS - failed assertion "data". Bug 15780.
- WSMP : header_opt_ind field is not correctly set. Bug 15786.
Updated Protocol Support:
- BACapp, DDP, EPL, Frame, IEEE 802.11, IS-IS CLV, ISAKMP, K12, KNXIP, MQTT, PNIO, QUIC, RTCP XR RR, SCTP, SMB2, TDS, TLS, WSMP, and ZEBRA
New and Updated Capture File Support:
Last Updated: 2019-07-01
File size: 51.61 MB
Operating system: Windows 10, Windows 8/8.1, Windows 7, Windows Vista, Windows XP
MD5 Checksum: a29440e176f895474ec9d6b7da96d00d