What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release. Issue 17779
-
The Windows installers now ship with Qt 5.12.2. They previously shipped with Qt 6.2.3.
Bug Fixes
The following bugs have been fixed:
-
Comparing a boolean field against 1 always succeeds on big-endian machines. Issue 12236.
-
Qt: MaxMind GeoIP columns not added to Endpoints table. Issue 18320.
-
Fuzz job crash output: fuzz-2022-10-04-7131.pcap. Issue 18402.
-
The RTP player might not play audio on Windows. Issue 18413.
-
Wireshark 4.0 breaks display filter expression with > sign. Issue 18418.
-
Capture filters not working when using SSH capture and dumpcap. Issue 18420.
-
Packet diagram field values are not terminated. Issue 18428.
-
Packet bytes not displayed completely if scrolling. Issue 18438.
-
Fuzz job crash output: fuzz-2022-10-13-7166.pcap. Issue 18467.
-
Decoding bug H.245 userInput Signal. Issue 18468.
-
CFDP dissector doesn’t handle \"destination filename\" only. Issue 18495.
-
Home page capture button doesn’t pop up capture options dialog. Issue 18506.
-
Missing dot in H.248 protocol name. Issue 18513.
-
Missing dot for protocol H.264 in protocol column. Issue 18524.
-
Fuzz job crash output: fuzz-2022-10-23-7240.pcap. Issue 18534.
New and Updated Features
Removed Features and Support
-
The experimental display filter syntax for literals using angle brackets <…> that was introduced in Wireshark 4.0.0 has been removed. For byte arrays a colon prefix can be used instead. See the User’s Guide for details.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP, H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS, PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM
New and Updated Capture File Support
BLF
New File Format Decoding Support
There is no new or updated file format support in this release.
Getting Wireshark
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform.
You can use tshark -G folders
to find the default locations on your system.
Getting Help
The User’s Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Bugs and feature requests can be reported on the issue tracker.
You can learn protocol analysis and meet Wireshark’s developers at SharkFest.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.