Wireshark Analyzer v3.1.1 released: Open source network protocol analyzer

Wireshark Analyzer is a fantastic multi-platform open-source network protocol analyzer. It can be used to check the analysis of data from the network host to survive, but also look to capture files from the disk. You can interactively browse the capture data, just capture details of the package, you need to analyze. Wireshark has some powerful features, including the ability to rich display filter language and view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. It includes a similar tcpdump named tshark the console version. Note that Wireshark emergence of a few dozens of remotely exploitable vulnerabilities, and thus needs to be updated to the latest version, and do not run in an insecure network environment.

Introduction Video: https://www.wireshark.org/video/wireshark/introduction-to-wireshark/

                                 https://www.wireshark.org/video/wireshark/custom-shortcuts/

Changelog

New and Updated Features

The following features are new (or have been significantly updated) since version 3.1.0:

• Automatic updates are supported on macOS.
• You can now select multiple packets in the packet list at the same time
  • They can be exported as Text by “Ctrl+C” or “Cmd+C” and the corresponding menu in “Edit › Copy › As …​”
  • They can be marked/unmarked or ignored/unignored at the same time
  • They can be exported and printed using the corresponding menu entries “File › Export Specified Packets”, “File › Export Packet Dissections” and “File › Print”
• You can now follow HTTP/2 and QUIC streams.
• You can once again mark and unmark packets using the middle mouse button. This feature went missing around 2009 or so.
• The Windows packages are now built using Microsoft Visual Studio 2019.
• IOGraph automatically adds a graph for the selected display filter if no previous graph exists
• Action buttons for the display filter bar may be aligned left via the context menu
• Allow extcaps to be loaded from the personal configuration directory
• The Windows installers now ship with Qt 5.12.6. They previously shipped with Qt 5.12.4.

The following features are new (or have been significantly updated) since version 3.0.0:

• You can drag and drop a field to a column header to create a column for that field, or to the display filter input to create a display filter. If a display filter is applied, the new filter can be added using the same rules as “Apply Filter”
• You can drag and drop a column entry to the display filter to create a filter for it.
• You can import profiles from a .zip archive or an existing directory.
• Dark mode support on macOS and dark theme support on other platforms has been improved.
• Brotli decompression support in HTTP/HTTP2 (requires the brotli library).
• The build system now checks for a SpeexDSP system library installation. The bundled Speex resampler code is still provided as a fallback.
• WireGuard decryption can now be enabled through keys embedded in a pcapng in addition to the existing key log preference (Bug 15571).
• A new tap for extracting credentials from the capture file has been added. It can be accessed through the -z credentials option in tshark or from the “Tools › Credentials” menu in Wireshark.
• Editcap can now split files on floating point intervals.
• Windows .msi packages are now signed using SHA-2. .exe installers are still dual-signed using SHA-1 and SHA-2.
• The “Enabled Protocols” Dialog now only enables, disables and inverts protocols based on the set filter selection. The protocol type (standard or heuristic) may also be choosen as a filter value.
• The “Analyze › Apply as Filter” and “Analyze › Prepare a Filter” packet list and detail popup menus now show a preview of their respective filters.
• Protobuf files (*.proto) can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC).
• HTTP2 support streaming mode reassembly. To use this feature, subdissectors can register itself to “streaming_content_type” dissector table and return pinfo→desegment_len and pinfo→desegment_offset to tell HTTP2 when to start and how many additional bytes requires when next called.
• The message of stream gRPC method can now be parsed with supporting of HTTP2 streaming mode reassembly feature.
• The Windows installers now ship with Qt 5.12.4. They previously shipped with Qt 5.12.1.

New Protocol Support

3GPP BICC MST (BICC-MST), 3GPP log packet (LOG3GPP), 3GPP/GSM Cell Broadcast Service Protocol (cbsp), Bluetooth Mesh Beacon, Bluetooth Mesh PB-ADV, Bluetooth Mesh Provisioning PDU, Bluetooth Mesh Proxy, CableLabs Layer-3 Protocol IEEE EtherType 0xb4e3 (CL3), DCOM IProvideClassInfo, DCOM ITypeInfo, Diagnostic Log and Trace (DLT), Distributed Replicated Block Device (DRBD), Dual Channel Wi-Fi (CL3DCW), EBHSCR Protocol (EBHSCR), EERO Protocol (EERO), evolved Common Public Radio Interface (eCPRI), File Server Remote VSS Protocol (FSRVP), FTDI FT USB Bridging Devices (FTDI FT), Graylog Extended Log Format over UDP (GELF), GSM/3GPP CBSP (Cell Broadcast Service Protocol), Linux net_dm (network drop monitor) protocol, MIDI System Exclusive DigiTech (SYSEX DigiTech), Network Controller Sideband Interface (NCSI), NR Positioning Protocol A (NRPPa) TS 38.455, NVM Express over Fabrics for TCP (nvme-tcp), OsmoTRX Protocol (GSM Transceiver control and data), and Scalable service-Oriented MiddlewarE over IP (SOME/IP)

Updated Protocol Support

Too many protocols have been updated to list here.

New and Updated Capture File Support

3gpp phone, Android Logcat Text, Ascend, Candump, Endace ERF, NetScaler, pcapng, and Savvius *Peek

The following features are new (or have been significantly updated) since version 3.0.0:

New Protocol Support

3GPP BICC MST (BICC-MST), 3GPP log packet (LOG3GPP), 3GPP/GSM Cell Broadcast Service Protocol (cbsp), Bluetooth Mesh Beacon, Bluetooth Mesh PB-ADV, Bluetooth Mesh Provisioning PDU, Bluetooth Mesh Proxy, CableLabs Layer-3 Protocol IEEE EtherType 0xb4e3 (CL3), DCOM IProvideClassInfo, DCOM ITypeInfo, Diagnostic Log and Trace (DLT), Distributed Replicated Block Device (DRBD), Dual Channel Wi-Fi (CL3DCW), EBHSCR Protocol (EBHSCR), EERO Protocol (EERO), evolved Common Public Radio Interface (eCPRI), File Server Remote VSS Protocol (FSRVP), FTDI FT USB Bridging Devices (FTDI FT), Graylog Extended Log Format over UDP (GELF), GSM/3GPP CBSP (Cell Broadcast Service Protocol), Linux net_dm (network drop monitor) protocol, MIDI System Exclusive DigiTech (SYSEX DigiTech), Network Controller Sideband Interface (NCSI), NR Positioning Protocol A (NRPPa) TS 38.455, NVM Express over Fabrics for TCP (nvme-tcp), OsmoTRX Protocol (GSM Transceiver control and data), and Scalable service-Oriented MiddlewarE over IP (SOME/IP)