Wireshark Analyzer v3.3.1 released: open-source network protocol analyzer
Wireshark Analyzer is a fantastic multi-platform open-source network protocol analyzer. It can be used to check the analysis of data from the network host to survive, but also look to capture files from the disk. You can interactively browse the capture data, just capture details of the package, you need to analyze. Wireshark has some powerful features, including the ability to rich display filter language and view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. It includes a similar tcpdump named tshark the console version. Note that Wireshark emergence of a few dozens of remotely exploitable vulnerabilities, and thus needs to be updated to the latest version, and do not run in an insecure network environment.
Introduction Video: https://www.wireshark.org/video/wireshark/introduction-to-wireshark/
New and Updated Features
The following features are new (or have been significantly updated) since version 3.3.0:
- The Windows installers now ship with Npcap 1.00. They previously shipped with Npcap 0.9997.
- The Windows installers now ship with Qt 5.15.1. They previously shipped with Qt 5.12.8.
The following features are new (or have been significantly updated) since version 3.2.0:
- Windows executables and installers are now signed using SHA-2 only.
- Save RTP stream to .au supports any codec with 8000 Hz rate supported by Wireshark (shown in RTP player). If save of audio is not possible (unsupported codec or rate), silence of same length is saved and warning is shown.
- Asynchronous DNS resolution is always enabled. As a result, the c-ares library is now a required dependency.
- Protobuf fields can be dissected as Wireshark (header) fields that allows user input the full names of Protobuf fields or messages in Filter toolbar for searching.
- Dissectors based on Protobuf can register themselves to a new ‘protobuf_field’ dissector table, which is keyed with the full names of fields, for further parsing fields of BYTES or STRING type.
- Wireshark is able to decode, play, and save iLBC payload on platforms where the iLBC library is available.
- “Decode As” entries can now be copied from other profiles using a button in the dialog.
- sshdump can now be copied to multiple instances. Each instance will show up a different interface and will have its own profile.
- The main window now supports a packet diagram view, which shows each packet as a textbook-style diagram.
- Filter buttons (“Preferences → Filter Buttons”) can be grouped by using “//” as a path separator in the filter button label.
New Protocol Support
Arinc 615A (A615A), Asphodel Protocol, AudioCodes Debug Recording (ACDR), Bluetooth HCI ISO (BT HCI ISO), Cisco MisCabling Protocol (MCP), Community ID Flow Hashing (CommunityID), DCE/RPC IRemoteWinspool SubSystem, (IREMOTEWINSPOOL), Dynamic Link Exchange Protocol (DLEP), EAP Generalized Pre-Shared Key (EAP-GPSK), EAP Password Authenticated Exchange (EAP-PAX), EAP Pre-Shared Key (EAP-PSK), EAP Shared-secret Authentication and Key Establishment (EAP-SAKE), Fortinet Single Sign-on (FSSO), FTDI Multi-Protocol Synchronous Serial Engine (FTDI MPSSE), Hypertext Transfer Protocol Version 3 (HTTP3), ILDA Digital Network (IDN), ILDA Digital Network (IDN), Java Debug Wire Protocol (JDWP), LBM Stateful Resolution Service (LBMSRS), Lithionics Battery Management, OBSAI UDP-based Communication Protocol (UDPCP), Palo Alto Heartbeat Backup (PA-HB-Bak), ScyllaDB RPC, Technically Enhanced Capture Module Protocol (TECMP), Tunnel Extensible Authentication Protocol (TEAP), UDP based FTP w/ multicast V5 (UFTP5), and USB Printer (USBPRINTER)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
MP4 (ISO/IEC 14496-12)