Wireshark was written by networking experts around the world, and is an example of the power of open source. Portable Wireshark can be used by network professionals around the world for analysis, troubleshooting, software and protocol development and education.
· Data can be captured "off the wire" from a live network connection, or read from a capture file.
· Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
· Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
· Captured network data can be browsed via a GUI, or via the TTY-mode "tethereal" program.
· Capture files can be programmatically edited or converted via command-line switches to the "editcap" program.
· 602 protocols can currently be dissected
· Output can be saved or printed as plain text or PostScript.
· Data display can be refined using a display filter.
· Display filters can also be used to selectively highlight and color packet summary information.
· All or part of each captured network trace can be saved to disk.
Requirements:
· WinPcap 4.x
What's New in This Release:
The following vulnerabilities have been fixed:
· The NFS dissector could crash on Windows. (Bug 5209)
· The X.509if dissector could crash. (Bug 5754, Bug 5793)
· Paul Makowski from SEI/CERT discovered that the DECT dissector could overflow a buffer. He verified that this could allow remote code execution on many platforms.
The following bugs have been fixed:
· Cygwin make fails after updating to bash v 4.1.9.2
· Export HTTP > All - System Appears Hung (but isn't). (Bug 1671)
· Some HTTP responses don't decode with TCP reassembly on. (Bug 3785)
· Wireshark crashes when cancelling a large sort operation. (Bug 5189)
· Wireshark crashes if SSL preferences RSA key is actually a DSA key. (Bug 5662)
· tshark incorrectly calculates TCP stream for some syn packets. (Bug 5743)
· Wireshark not able to decode the PPP frame in a sflow (RFC3176) flow sample packet because Wireshark incorrectly read the protocol in PPP frame header. (Bug 5746)
· Mysql protocol dissector: all fields should be littl...