Analyzing data packets is one way to monitor for problems in your network traffic or to detect connection problems.
Wireshark is a professional protocol analyzer aimed to help users in troubleshooting, analysis, software and protocol development, and education. All of the standard features you expect to find in a protocol analyzer are here but Wireshark also has a few added extras because it's open source and has been enhanced by it's community of users. The contribution of global networking consultants across the globe are what make Wireshark a particularly powerful analyzer.
If you don't have any network analyzing knowledge, Wireshark might make you feel a bit lost. The program does have an extensive manual and forum but unless you are familiar with protocol analysis, they won't mean much to you. For those that are in the know, Wireshark features deep inspection of hundreds of protocols, live capture and offline analysis and even VoIP analysis. Any captured network data can be browsed via an easy to use GUI or alternatively via the TTY-mode TShark utility. In addition, live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform).
Wireshark is a highly specialized tool that the average user won't find much use for but for any network administrators out there, it's an essential addition to your toolkit.
- Bug Fixes
- * The following bugs have been fixed:
- * Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
- * Ring buffers are no longer turned on by default when using multiple capture files.
- New and Updated Features
- * The following features are new (or have been significantly updated) since version 1.4:
- * Wireshark can import text dumps, similar to text2pcap.
- * You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
- * TShark can show a specific occurrence of a field when using '-T fields'.
- * Custom columns can show a specific occurrence of a field.
- * You can hide columns in the packet list.
- * Wireshark can now export SMB objects.
- * dftest and randpkt now have manual pages.
- * TShark can now display iSCSI service response times.
- * Dumpcap can now save files with a user-specified group id.
- * Syntax checking is done for capture filters.
- * You can display the compiled BPF code for capture filters in the Capture Options dialog.
- * You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
- * Packet length is (finally) a default column.
- * TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
- * 802.1q VLAN tags are now shown by the Ethernet II dissector.
- * Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
- * The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
- * The RTP player now shows why media interruptions occur.
- * Graphs now save as PNG images by default.
- * TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via
- * [-z hosts].
- * The tshark -z option now uses the
- [-z ,srt]
- syntax instead of
- [-z ,rtt]
- * for all protocols that support service response time statistics. This syntax now matches Wireshark's syntax for this option.
- New Protocol Support
- * ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, Constrained Application Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol, Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol (SDP), JSON, LISP Data, MikroTik MAC-Telnet, Mongo Wire Protocol, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, RSIP, SAMETIME, SCoP, SGSAP, Tektronix Teklink, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)
- Updated Protocol Support
- * New and Updated Capture File Support
- o Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView
- Getting Wireshark
- * Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
- Vendor-supplied Packages
- * Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
- File Locations
- * Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About