What's New
Wireshark 4.4.1 and 4.2.8 Released
October 9, 2024
Wireshark 4.4.1 and 4.2.8 have been released. Installers for Windows, macOS, and source code are now available.
In 4.4.1
Two vulnerabilities have been fixed. See the release notes for details.
For a complete list of changes, please refer to the 4.4.1 release notes.
In 4.2.8
One vulnerability has been fixed. See the release notes for details.
For a complete list of changes, please refer to the 4.2.8 release notes.
Official releases are available right now from the download page.Wireshark 4.4.0 Released
August 28, 2024
What’s New
Many improvements and fixes to the graphing dialogs, including I/O Graphs, Flow Graph / VoIP Calls, and TCP Stream Graphs.
Wireshark now supports automatic profile switching. You can associate a display filter with a configuration profile, and when you open a capture file that matches the filter, Wireshark will automatically switch to that profile.
Support for Lua 5.3 and 5.4 has been added, and support for Lua 5.1 and 5.2 has been removed. The Windows and macOS installers now ship with Lua 5.4.6.
Improved display filter support for value strings (optional string representations for numeric fields).
Display filter functions can be implemented as plugins, similar to protocol dissectors and file parsers.
Display filters can be translated to pcap filters using if each display filter field has a corresponding pcap filter equivalent.
Custom columns can be defined using any valid field expression, such as display filter functions, packet slices, arithmetic calculations, logical tests, raw byte addressing, and protocol layer modifiers.
Custom output fields for tshark -e can also be defined using any
valid field expression.
Wireshark can be built with the zlib-ng instead of zlib for compressed file support. Zlib-ng is substantially faster than zlib. The official Windows and macOS packages include this feature.
Many other improvements have been made. See the “New and Updated Features” section below for more details.
New and Updated Features
The following features are either new or have been significantly updated since version 4.2.0:
-
The Windows installers now ship with Npcap 1.79. They previously shipped with Npcap 1.78.
-
Improvements to the "I/O Graphs" dialog:
-
A number of crasher bugs have been fixed.
-
The protocol tree context menu can open a I/O graph of the currently selected field. Issue 11362
-
Smaller intervals can be used, down to 1 microsecond. Issue 13682
-
A larger number of I/O Graph item buckets can be used, up to 225 (33 million) items. Issue 8460
-
The size of individual graph items has been reduced, which reduces memory utilization.
-
When the Y field or Y axis changes, the graph displays the new graph correctly, retapping if necessary, instead of displaying information based on stale data.
-
The graph is smarter about choosing whether to retap (expensive), recalculate (moderately intensive), or replot (cheap) in order to display the newly chosen options correctly with the least amount of calculations. For instance, a graph that has previously been plotted and is disabled and then reenabled without any other changes will not require a new retap. Issue 15822
-
LOAD graphs are graphed properly again. Issue 18450
-
Y axes have human readable units with SI prefixes. Issue 12827
-
Bar widths are scaled to the size of the interval.
-
Bar border colors are a slightly darker color than that of the graph itself, instead of always black. Issue 17422
-
Time values have the correct width when axes are automatically reset.
-
The precision of the interval time shown in the hint message depends on the interval.
-
The tracer follows the currently selected row on the table of graphs, and does not appear on an invisible graph.
-
The tracer moves to the frame selected in the main window. Issue 12909
-
Pending graph changes are saved when changing profiles when the I/O Graphs dialog is open.
-
I/O Graph dialog windows for closed capture files are no longer affected by changing the list of graphs (either in that dialogs or in other dialogs for the currently open file.)
-
Newly created temporary graphs, which will not be saved unless the configuration has changed, are more clearly marked with italics.
-
When "Time of Day" is selected for a graph, the absolute time will be saved to CSV exports instead of the relative time. Issue 13717
-
Graphs can be reordered by dragging and dropping their list entries. Issue 13855
-
The graph layer order and legend order always matches the order in the graph list. Legends also appear properly. Issue 13854
-
The legend can be moved to other corners of the graph by right-clicking on it and selecting its new location from a menu.
-
For purposes of displaying zero values, graphs with both lines and data point symbols are treated as line graphs, not scatter plots.
-
Logarithmic ticks are used when the Y axis is logarithmic.
-
The graph crosshairs context menu option works.
-
You can resize the graph list columns to their contents by right clicking on the list header. Issue 18102
-
The graph is more responsive to mouse movement, especially on Linux Wayland.
-
-
Improvements to the Sequence Diagram (Flow Graphs and VoIP Calls):
-
When exporting the graph as an image, the entire graph is shown with up to 1000 items instead of only what was visible on-screen. This value can be increased in the preferences. Issue 13504
-
Endpoints that share the same address now have two distinct nodes with a line between them. Issue 12038
-
The "Comment" column can be resized by selecting the axis between the "Comment" column and the graph and dragging, and auto-resized by double-clicking the column. Issue 4972
-
Tooltips are shown for elided comments.
-
The scroll direction via keyboard is no longer reversed. Issue 12932
-
The column widths are fixed instead of resizing slightly depending on the visible entries. Issue 12931
-
The Y axis labels stay in the correct position without having to click the Reset button.
-
The progress bar appears correctly in the Flow Graph (non VoIP Calls).
-
The behavior of the "Any" and "Network" combobox is corrected. Issue 19818
-
"Limit to Display Filter" is checked if a display filter is applied when the Flow Graph is opened, per the documentation.
-
-
TCP Stream Graphs:
-
A better decision is made about which side is the server and thus the initially chosen direction in the graph.
-
The "Window Scaling" graph axis labels are corrected and show both graphs.
-
The graph crosshairs context menu option works.
-
Switching between relative and absolute sequence numbers works again.
-
-
The "Follow Stream" dialog can now show delta times between turns and all packets and events.
-
A number of graphs using the QCustomPlot widget ("I/O Graphs", "Flow Graph", "TCP Stream Graphs", and "RTP Player") are more responsive to mouse movement, especially on Linux when Wayland is used.
-
The "Find Packet" dialog can search backwards and find additional occurrences of a string, hex value, or regular expression in a single frame.
-
When using "Go To Packet" with an undisplayed frame, the window goes to nearest displayed frame by number. Issue 2988
-
Display filter syntax enhancements:
-
Better handling of comparisons with value strings. Now the display filter engine can correctly handle cases where multiple different numeric values map to the same value string, including but not limited to range-type value strings.
-
Fields with value strings now support regular expression matching.
-
Date and time values now support arithmetic, with some restrictions: the multiplier/divisor must be an integer or floating point number and appear on the right-hand side of the operator.
-
The keyword "bitand" can be used as an alternative syntax for the bitwise-and operator.
-
Functions alone can now be used as an entire logical expression. The result of the expression is the truthiness of the function return value (or of all values if more than one). This is useful for example to write "len(something)" instead of "len(something) != 0". Even more so if a function returns itself a boolean value, it is now possible to write "bool_test(some.field)" instead of having to write "bool_test(some.field) == True". Both forms are now valid.
-
Display filter references can be written without curly braces. It is now possible to write
$frame.numberinstead of${frame.number}for example. -
There are new display filter functions which test various IP address properties. Check the wireshark-filter(5) man page for more information.
-
There are new display filter functions which convert unsigned integer types to decimal or hexadecimal, and convert fields with value strings into the associated string for their value, which can be used to produce results similar to custom columns. Check the wireshark-filter(5) man page for more information.
-
Display filter macros can be written with a semicolon after the macro name before the argument list, e.g.
${mymacro;arg1;…;argN}, instead of${mymacro:arg1;…;argN}. The version with semicolons works better with pop-up suggestions when editing the display filter, so the version with the colon might be removed in the future. -
Display filter macros can be written using a function-like notation. The macro
${mymacro:arg1;…;argN}can be written$mymacro(arg1,…,argN). -
AX.25 addresses are now filtered using the "CALLSIGN-SSID" string syntax. Filtering based on the raw bytes values is still possible, like other field types, with the
@operator. Issue 17973
-
-
Display filter functions can be implemented as libwireshark plugins. Plugins are loaded during startup from the usual binary plugin configuration directories. See the
ipaddr.csource file in the distribution for an example of a display filter C plugin and the doc/plugins.example folder for generic instructions how to build a plugin. -
Display filter autocompletions now also include display filter functions.
-
The display filter macro configuration file has changed format. It now uses the same format as the "dfilters" file and has been renamed accordingly to "dmacros". Internally it no longer uses the UAT API and the display filter macro GUI dialog has been updated. There is some basic migration logic implemented but it is advisable to check that the "dfilter_macros" (old) and "dmacros" (new) files in the profile directory are consistent.
-
Custom columns can be defined using any valid field expression:
-
Display filter functions, like
len(tcp.payload), including nested functions likemin(len(tcp.payload), len(udp.payload))and newly defined functions using the plugin system mentioned above. Issue 15990 Issue 16181 -
Arithmetic calculations, like
ip.len * 8ortcp.srcport + tcp.dstport. Issue 7752 -
Slices, like
tcp.payload[4:4]. Issue 10154 -
The layer operator, like
ip.proto#1, which will return the protocol field in the first IPv4 layer if there is tunneling. Issue 18588 -
Raw byte addressing, like
@ip, which will return the bytes of protocol or FT_NONE fields, among others. Issue 19076 -
Logical tests, like
tcp.port == 443, which produce a check mark if the test matches (similar to protocol and FT_NONE fields without@.) This works with all logical operators, including e.g. regular expression matching (matchesor~.) -
Defined display filter macros.
-
Any combination of the above also works.
-
Multifield columns are still available. For backwards compatibility,
X or Yis interpreted as a multifield column as before. To represent a logical test for the presence of multiple fields instead of concatenating values, use parenthesis, e.g.(tcp.options.timestamp or tcp.options.nop). -
Field references are not implemented because there’s no sense of a currently selected frame. "Resolved" column values (such as host name resolution or value string lookup) are not supported for any of the new expressions yet.
-
-
Custom output fields for
tshark -e <field>can also be defined using any valid field expression as above.-
For custom output fields,
X or Yis the usual logical test; to output multiple fields use multiple-eterms as before. -
The various
-Eoptions, including-E occurrence, all work as expected.
-
-
When selecting "Manage Interfaces" from "Capture Options", Wireshark only attempts to reconnect to rpcap hosts that were active in the last session, instead of every remote host that the current profile has ever connected to. Issue 17484
-
The "Resolved Addresses" dialog only shows what addresses and ports are present in the file (not including information from static files), and selected rows or the entire table can be saved or copied to the clipboard in several formats. Issue 16419
-
Dumpcap and Wireshark support the
-Foption when capturing a file on the command line. Issue 18009 -
When capturing on the command line dumpcap accepts a
-Qoption that is quieter than-qand prints only errors to standard error, similar to tshark. Issue 14491 -
When capturing a file and requesting the
pcapformat, nanosecond resolution time stamps will be written if the device and version of libpcap supports it. -
When capturing using a file size autostop or ring buffer condition, the maximum value is now 2 TB, up from 2GiB. Note that you may have problems when the number of packets gets larger than 231 or 232, though that is also true when no limit is set.
-
When capturing files in multiple file mode, a pattern that places the date and time before the index number can be used (e.g., foo_20240714110102_00001.pcap instead of foo_00001_20240714110102.pcap). This makes file names sortable in chronological order across file sets from different captures. The "File Set" dialog has been updated to handle the new pattern, which has been capable of being produced by tshark since version 3.6.0.
-
Adding interfaces at startup is about twice as fast, and has many fewer UAC pop-ups when Npcap is installed with access restricted to Administrators on Windows.
-
The Lua version included with the Windows and macOS installers has been updated to 5.4. While we have tried to help with backward compatibility by including lua_bitop library with Lua 5.3 and 5.4 in addition to the native Lua support for bit operations present in those versions, different versions of Lua are not guaranteed to be compatible. If a Lua dissector has issues, check the manuals for Lua 5.4, Lua 5.3, and Lua 5.2 for incompatibilities and suggested workarounds. Note that features marked as deprecated in one version are removed in the subsequent version without additional notice, so it can be worth checking the manual for previous versions.
-
Lua scripts in the plugins directories are now initially loaded via the same internal Lua methods as
require(). This avoids errors from loading plugins twice, once by scanning the directory initially, and once byrequire(), and also results in globals defined in plugins entering the global namespace. Previously globals defined in plugins only entered the global namespace when placed in the global plugins directory, but not the personal plugins directory. Using globals in plugins remains deprecated style (both by Wireshark and in Lua generally), that should be avoided via using other methods. Issue 18589 -
Lua functions have been added to decompress and decode TvbRanges with other compression types besides zlib, such as Brotli, Snappy, Zstd, and others, matching the support in the C API. tvbrange:uncompress() has been deprecated in favor of tvbrange:uncompress_zlib().
-
Lua Dumper now defaults to the pcapng file type, and to per-packet encapsulation (creating interfaces on demand as necessary) when writing pcapng Issue 16403
-
Editcap has an
--extract-secretsoption to extract embedded decryption secrets from a capture file. Issue 18197 -
Global profiles can be used in tshark by using
--global-profileoption. -
Capture files can be saved with LZ4 compression. LZ4 has an emphasis on speed and may be particularly useful for large files.
-
Fast random access is supported with LZ4 compressed files when compressed with independent blocks, which is the default. This provides much more responsive GUI performance when jumping to different packets. Fast random access has been supported with gzip compressed files since version 1.8.0, but this is not supported for Zstd compressed files.
-
Mergecap, Editcap, TShark and Text2pcap have an
--compressoption to compress output to different formats. For now, it supports the gzip and LZ4 compression formats. When the option is not given, the desired compression format can also be deduced from the output filename extension, e.g. gzip for .gz. -
Wireshark’s Git repostory tags are now signed using SSH. See the Developer’s Guide for more details.
Removed Features and Support
-
The tshark
-Goption with no argument is deprecated and will be removed in a future version. Usetshark -G fieldsto produce the same report.
Removed Dissectors
The Parlay dissector has been removed.
New Protocol Support
Allied Telesis Resiliency Link (AT RL), ATN Security Label, Bit Index Explicit Replication (BIER), Bus Mirroring Protocol, EGNOS Message Server (EMS) file format, Galileo E1-B I/NAV navigation messages, IBM i RDMA Endpoint (iRDMA-EDP), IWBEMSERVICES, MAC NR Framed (mac-nr-framed), Matter Bluetooth Transport Protocol (MatterBTP), MiWi P2P Star, Monero, NMEA 0183, PLDM, RDP authentication redirection virtual channel protocol (rdpear), RF4CE Network Layer (RF4CE), RF4CE Profile (RF4CE Profile), RK512, SAP Remote Function Call (SAPRFC), SBAS L1 Navigation Message, Scanner Access Now Easy (SANE), TREL, WMIO, and ZeroMQ Message Transport Protocol (ZMTP)
Updated Protocol Support
IPv6: The "show address detail" preference is now enabled by default. The address details provided have been extended to include more special purpose address block properties (forwardable, globally-routable, etc).
Too many other protocol updates have been made to list them all here.
New and Updated Capture File Support
EGNOS Messager Server (EMS) files
New and Updated Capture Interfaces support
u-blox GNSS receivers
Major API Changes
-
The entire code base has been updated to use C99 types instead of GLib types. This includes changing occurrences
gboolean, which is an integer, to C99’s nativebooltype in many places. See issue 19116 for more details. -
The
tvb_get_guintXandtvb_get_gintXfunctions in the tvbuff API have been renamed totvb_get_uintXandtvb_get_intX(the GLib-style "g" has been removed). You can still use the old-style names, but they have been deprecated. -
Plugins should provide a
plugin_describe()function that returns an ORed list of flags consisting of the plugin types used. See wsutil/plugins.h for details.
What's Not As New
Wireshark 4.2.7 and 4.0.17 Released · August 28, 2024
Wireshark 4.4.0rc1 Development Release · August 14, 2024
Wireshark 4.3.1 Development Release · July 31, 2024
Wireshark 4.3.0 Development Release · July 17, 2024
Wireshark 4.2.6 and 4.0.16 Released · July 10, 2024
Wireshark 3.6.24 Released · May 20, 2024
Wireshark 4.2.5, 4.0.15 and 3.6.23 Released · May 15, 2024
Wireshark 4.2.4, 4.0.14 and 3.6.22 Released · March 27, 2024
Wireshark 4.2.3, 4.0.13 and 3.6.21 Released · February 14, 2024
Wireshark 4.2.2 Released · January 4, 2024
Wireshark 4.2.1, 4.0.12 and 3.6.20 Released · January 3, 2024
Wireshark 4.2.0 Released · November 15, 2023
Wireshark 4.0.11 and 3.6.19 Released · November 15, 2023
Wireshark 4.2.0rc3 Release Candidate · October 25, 2023
Wireshark 4.2.0rc2 Release Candidate · October 18, 2023
Wireshark 4.2.0rc1 Release Candidate · October 5, 2023
Wireshark 4.0.10 and 3.6.18 Released · October 4, 2023
Wireshark 4.0.9 and 3.6.17 Released · October 4, 2023
Wireshark 4.0.8 and 3.6.16 Released · August 23, 2023
Wireshark 4.0.7 and 3.6.15 Released · July 12, 2023
Wireshark 4.0.6 and 3.6.14 Released · May 24, 2023
Wireshark 4.0.5 and 3.6.13 Released · April 12, 2023
Wireshark 4.0.4 and 3.6.12 Released · March 2, 2023
Announcing the Wireshark Foundation · March 1, 2023
Wireshark 4.0.3 and 3.6.11 Released · January 18, 2023
Wireshark 4.0.2 and 3.6.10 Released · December 7, 2022
Wireshark 4.0.1 and 3.6.9 Released · October 26, 2022
Wireshark 4.0.0 Released · October 4, 2022
Wireshark 4.0.0rc2 Release Candidate · September 14, 2022
Wireshark 3.6.8 and 3.4.16 Released · September 7, 2022
Wireshark 3.7.0 Development Release · August 25, 2022
Wireshark 4.0.0rc1 Release Candidate · August 16, 2022
Wireshark 3.7.2 Development Release · July 28, 2022
Wireshark 3.6.7 and 3.4.15 Released · July 27, 2022
Wireshark 3.7.1 Development Release · June 27, 2022
Wireshark 3.6.6 Released · June 15, 2022
Wireshark 3.7.0 Development Release · May 11, 2022
Wireshark 3.6.5 Released · May 5, 2022
Wireshark 3.6.4 and 3.4.14 Released · May 4, 2022
Wireshark 3.6.3 and 3.4.13 Released · March 23, 2022
Wireshark 3.6.2 and 3.4.12 Released · February 10, 2022
Sysdig Sponsorship Video · January 20, 2022
We Have a New Sponsor! · January 13, 2022
Wireshark 3.6.1 and 3.4.11 Released · December 29, 2021
Statement on Log4j · December 15, 2021
Wireshark 3.6.0 Released · November 22, 2021
Wireshark 3.4.10 and 3.2.18 Released · November 17, 2021
Wireshark 3.6.0rc3 Release Candidate · November 11, 2021
Wireshark 3.6.0rc2 Release Candidate · October 27, 2021
Wireshark 3.6.0rc1 Release Candidate · October 13, 2021
Wireshark 3.4.9 and 3.2.17 Released · October 6, 2021
Wireshark 3.5.0 Development Release · August 27, 2021
Wireshark 3.4.8 and 3.2.16 Released · August 25, 2021
Wireshark 3.4.7 and 3.2.15 Released · July 14, 2021
Wireshark 3.4.6 and 3.2.14 Released · June 2, 2021
Wireshark 3.4.5 and 3.2.13 Released · April 21, 2021
Wireshark 3.4.4 and 3.2.12 Released · March 10, 2021
Wireshark 3.4.3 and 3.2.11 Released · January 29, 2021
Wireshark 3.4.2 and 3.2.10 Released · December 18, 2020
Wireshark 3.4.1 and 3.2.9 Released · December 9, 2020
Wireshark 3.4.0 and 3.2.8 Released · October 29, 2020
Wireshark 3.4.0rc1 Release Candidate · October 22, 2020
Wireshark 3.3.1 Development Release · October 1, 2020
Wireshark 3.2.7, 3.0.14, and 2.6.20 Released · September 23, 2020
Wireshark 3.3.0 Development Release · September 15, 2020
Wireshark 3.2.6, 3.0.13, and 2.6.19 Released · August 12, 2020
Wireshark 3.2.5, 3.0.12, and 2.6.18 Released · July 1, 2020
Wireshark 3.2.4, 3.0.11, and 2.6.17 Released · May 19, 2020
Wireshark 3.2.3, 3.0.10, and 2.6.16 Released · April 8, 2020
Wireshark 3.2.2, 3.0.9, and 2.6.15 Released · February 26, 2020
Wireshark 3.2.1, 3.0.8, and 2.6.14 Released · January 15, 2020
Wireshark 3.2.0 Released · December 18, 2019
Wireshark 3.2.0rc2 Release Candidate · December 11, 2019
Wireshark 3.2.0rc1 Release Candidate · December 5, 2019
Wireshark 3.0.7 and 2.6.13 Released · December 4, 2019
Wireshark 3.1.1 Development Release · November 18, 2019
Wireshark 3.0.6 and 2.6.12 Released · October 23, 2019
Wireshark 3.0.5 Released · September 20, 2019
Wireshark 3.0.4 and 2.6.11 Released · September 11, 2019
Wireshark 3.1.0 Development Release · July 25, 2019
Wireshark 3.0.3, 2.6.10 and 2.4.16 Released · July 17, 2019
Wireshark 3.0.2, 2.6.9 and 2.4.15 Released · May 21, 2019
Wireshark 3.0.1, 2.6.8 and 2.4.14 Released · April 8, 2019
Wireshark 3.0.0 Released · February 28, 2019
Wireshark 2.6.7 and 2.4.13 Released · February 27, 2019
Wireshark 3.0.0rc2 Released · February 21, 2019
Wireshark 3.0.0rc1 Released · February 15, 2019
Wireshark 2.6.6 and 2.4.12 Released · January 8, 2019
Wireshark 2.9.0 Development Release · December 12, 2018
Wireshark 2.6.5 and 2.4.11 Released · November 28, 2018
Wireshark 2.6.4 and 2.4.10 Released · October 11, 2018
Wireshark 2.6.3, 2.4.9 and 2.2.17 Released · August 29, 2018
Wireshark 2.6.2, 2.4.8 and 2.2.16 Released · July 18, 2018
Wireshark 2.6.1, 2.4.7 and 2.2.15 Released · May 22, 2018
Wireshark 2.6.0 Released · April 24, 2018
Wireshark 2.4.6 and 2.2.14 Released · April 3, 2018
Wireshark 2.5.1 Development Release · March 15, 2018
Wireshark 2.4.5 and 2.2.13 Released · February 23, 2018
Wireshark 2.5.0 Development Release · February 6, 2018
Wireshark 2.4.4 and 2.2.12 Released · January 11, 2018
Wireshark 2.4.3 and 2.2.11 Released · November 30, 2017
Wireshark 2.4.2, 2.2.10, and 2.0.16 Released · October 10, 2017
Wireshark 2.4.1, 2.2.9, and 2.0.15 Released · August 29, 2017
Wireshark 2.4.0 Released · July 19, 2017
Wireshark 2.2.8 and 2.0.14 Released · July 18, 2017
Wireshark 2.4.0rc2 Released · June 28, 2017
Wireshark 2.4.0rc1 Released · June 7, 2017
Wireshark 2.2.7 and 2.0.13 Released · June 1, 2017
Wireshark 2.2.6 and 2.0.12 Released · April 12, 2017
Wireshark 2.2.5 and 2.0.11 Released · March 3, 2017
Wireshark 2.2.4 and 2.0.10 Released · January 23, 2017
Wireshark 2.2.3 and 2.0.9 Released · December 14, 2016
Wireshark 2.2.2 and 2.0.8 Released · November 16, 2016
Wireshark 2.2.1 and 2.0.7 Released · October 4, 2016
Wireshark 2.0.6 Released · September 8, 2016
Wireshark 2.2.0 Released · September 7, 2016
Wireshark 2.2.0rc2 · August 31, 2016
Wireshark 2.2.0rc1 · August 22, 2016
Wireshark 2.0.5 and 1.12.13 Released · July 27, 2016
Wireshark 2.1.1 Development Release · July 14, 2016
Wireshark 2.1.0 Development Release · June 8, 2016
Wireshark 2.0.4 and 1.12.12 Released · June 7, 2016
Wireshark 2.0.3 and 1.12.11 Released · April 22, 2016
Wireshark 2.0.2 and 1.12.10 Released · February 26, 2016
Wireshark 2.0.1 and 1.12.9 Released · December 29, 2015
Wireshark 2.0.0 Released · November 18, 2015
Wireshark 2.0.0rc3 Released · November 11, 2015
Wireshark 2.0.0rc2 Released · October 30, 2015
Wireshark 2.0.0rc1 Released · October 14, 2015
Wireshark 1.12.8 Released · October 14, 2015
Wireshark 1.99.9 Development Release · September 2, 2015
Wireshark 1.12.7 Released · August 12, 2015
Wireshark 1.99.8 Development Release · July 24, 2015
Wireshark 1.99.7 Development Release · June 18, 2015
Wireshark 1.12.6 Released · June 17, 2015
Wireshark 1.99.6 Development Release · May 28, 2015
Wireshark 1.12.5 and 1.10.14 Released · May 12, 2015
Wireshark 1.99.5 Development Release · March 20, 2015
Wireshark 1.99.4 Development Release · March 19, 2015
Wireshark 1.99.3 Development Release · March 5, 2015
Wireshark 1.12.4 and 1.10.13 Released · March 4, 2015
Wireshark 1.99.2 Development Release · February 4, 2015
Wireshark 1.12.3 and 1.10.12 Released · January 7, 2015
Wireshark 1.99.1 Development Release · December 10, 2014
Wireshark 1.12.2 and 1.10.11 Released · November 12, 2014
Wireshark 1.99.0 Development Release · October 7, 2014
Wireshark 1.12.1 and 1.10.10 Released · September 16, 2014
Wireshark 1.12.0 and 1.10.9 Released · July 31, 2014
Wireshark 1.12.0rc3 Released · July 22, 2014
Wireshark 1.12.0rc2 Released · June 13, 2014
Wireshark 1.10.8 and 1.8.15 Released · June 12, 2014
Wireshark 1.10.7 and 1.8.14 Released · April 22, 2014
Wireshark 1.11.3 Development Release · April 15, 2014
Wireshark 1.10.6 and 1.8.13 Released · March 7, 2014
Wireshark 1.10.5 Released · December 19, 2013
Wireshark 1.10.4 and 1.8.12 Released · December 17, 2013
Wireshark 1.11.2 Development Release · November 18, 2013
Wireshark 1.11.0 Development Release · November 15, 2013
Wireshark 1.10.3 and 1.8.11 Released · November 1, 2013
Wireshark 1.11.0 Development Release · October 15, 2013
Wireshark 1.10.2 and 1.8.10 Released · September 10, 2013
Wireshark 1.10.1 and 1.8.9 Released · July 26, 2013
Wireshark 1.8.8 and 1.6.16 Released and 1.6 End of Life · June 7, 2013
Wireshark 1.10.0 Released · June 5, 2013
Wireshark 1.10.0rc2 Released · May 22, 2013
Wireshark 1.8.7 and 1.6.15 Released · May 17, 2013
Wireshark 1.10.0rc1 Released · April 26, 2013
Wireshark 1.9.1 Development Release · March 28, 2013
Wireshark 1.9.1 Development Release · March 12, 2013
Wireshark 1.8.6 and 1.6.14 Released · March 6, 2013
Wireshark 1.9.0 Development Release · February 20, 2013
Wireshark 1.8.5 and 1.6.13 Released · January 29, 2013
Wireshark Wiki Security Incident · January 9, 2013
Wireshark 1.8.4 and 1.6.12 Released · November 28, 2012
Wireshark 1.8.3 and 1.6.11 Released · October 2, 2012
Wireshark 1.8.2 and 1.6.10 Released · August 15, 2012
Wireshark 1.4.14 Released · July 24, 2012
Wireshark 1.8.1 and 1.6.9 Released · July 23, 2012
Wireshark 1.8.0 Released · June 21, 2012
Wireshark 1.8.0rc2 Released · June 18, 2012
Wireshark 1.8.0rc1 Released · June 6, 2012
Wireshark 1.6.8 and 1.4.13 Released · May 22, 2012
Wireshark 1.7.1 Development Release · April 6, 2012
Wireshark 1.6.7 Released · April 6, 2012
Wireshark 1.6.6 and 1.4.12 Released · March 27, 2012
Wireshark 1.6.5 and 1.4.11 Released · January 10, 2012
Wireshark 1.6.4 Released · November 18, 2011
Wireshark 1.7.0 Development Release · November 8, 2011
#1 on SecTools.Org · November 7, 2011
Wireshark 1.6.3 and 1.4.10 Released · November 1, 2011
We're Essential · September 19, 2011
Wireshark 1.6.2 and 1.4.9 Released · September 8, 2011
Wireshark 1.6.1 and 1.4.8 Released · July 18, 2011
Wireshark 1.6.0 Released · June 7, 2011
Wireshark 1.6.0rc2 Released · June 2, 2011
Wireshark 1.4.7 and 1.2.17 Released · May 31, 2011
Wireshark 1.6.0rc1 Released · May 16, 2011
Wireshark 1.4.6 Released · April 18, 2011
Wireshark 1.4.5 and 1.2.16 Released · April 15, 2011
Wireshark 1.5.1 Development Release · April 11, 2011
Wireshark 1.4.4 and 1.2.15 Released · March 1, 2011
Wireshark 1.5.0 Development Release · January 24, 2011
Wireshark 1.4.3 and 1.2.14 Released · January 11, 2011
Wireshark 1.4.2 and 1.2.13 Released · November 19, 2010
Riverbed Acquires CACE Technologies · October 21, 2010
CACE Pilot, WiFi Pilot, and Shark Appliance 2.4 Released · October 20, 2010
Wireshark 1.4.1 and 1.2.12 Released, 1.0.<i>x</i> EOL · October 11, 2010
Wireshark 1.4.0, 1.2.11, and 1.0.16 Released · August 30, 2010
"Wireshark Antivirus" Malware · August 4, 2010
We're SourceForge.net's Project of the Month! · August 1, 2010
End of Life Announcement for Wireshark 1.0 · July 31, 2010
Wireshark 1.2.10, 1.0.15, and 1.4.0rc2 Released · July 29, 2010
Wireshark 1.2.9, 1.0.14, and 1.4.0rc1 Released · June 9, 2010
Wireshark 1.2.8, 1.0.13, and 1.3.5 Released · May 5, 2010
Wireshark 1.2.7, 1.0.12, and 1.3.4 Released · March 31, 2010
Wireshark Wins PC Magazine Editor's Choice Award · February 22, 2010
Wireshark 1.3.3 Development Release · February 11, 2010
Wireshark 1.2.6 and 1.0.11 Released · January 27, 2010
CACE Pilot and WiFi Pilot 2.2 Released · January 18, 2010
Wireshark 1.2.5 Released · December 17, 2009
Wireshark 1.3.2 Development Release · November 24, 2009
Wireshark 1.2.4 Released · November 16, 2009
Wireshark 1.2.3, 1.0.10, and 1.3.1 Released · October 27, 2009
Wireshark 1.2.2, 1.0.9, and 1.3.0 Released · September 15, 2009
CACE Pilot and WiFi Pilot 2.1 Released · September 1, 2009
CACE Pilot 2.0 Released · July 28, 2009
Wireshark 1.2.1 Released · July 20, 2009
Nmap 5 Released · July 16, 2009
Wireshark 1.2 Released · June 15, 2009
Wireshark 1.2.0pre2 Released · June 9, 2009
Wireshark 1.2.0pre1 Released · May 27, 2009
Free Wireshark Jumpstart Seminars From Laura Chappell · May 22, 2009
Wireshark 1.0.8 Released · May 21, 2009
Another Day, Another New York Times Article · May 14, 2009
Wireshark Helps Expose Spy Ring · May 12, 2009
Announcing WiFi Pilot · May 7, 2009
Wireshark 1.0.7 Released · April 8, 2009
A Pile Of Great Keynotes At Sharkfest '09 · March 24, 2009
Wireshark 1.1.3 Development Release · March 23, 2009
Conficker Loves Us! · March 12, 2009
Wireshark 1.0.6 Released · February 6, 2009
CACE Pilot 1.2 released · January 23, 2009
Wireshark 1.1.2 Development Release · January 15, 2009
Wireshark 1.0.5 Released · December 10, 2008
New Video: Custom Columns (Plus Bonus Wireshark University Updates) · December 9, 2008
New Book: Nmap Network Scanning · December 3, 2008
Wireshark classes from Mike Pennacchi and Chris Sanders · November 7, 2008
tcpdump 4.0.0 / libpcap 1.0.0 released · October 28, 2008
New Article: Using Wireshark and TShark display filters for troubleshooting · October 22, 2008
Wireshark 1.0.4 Released · October 20, 2008
Meet Gerald At Laura Chappell's Troubleshooting and Security Summit · October 10, 2008
Wireshark 1.1.1 Development Release · October 9, 2008
Wireshark 1.1.0 Development Release · September 14, 2008
Sign Up Now for Laura Chappell's Troubleshooting and Security Summit · September 3, 2008
Wireshark 1.0.3 Released · September 3, 2008
Wireshark Wins 2008 InfoWorld BOSSIE Award · August 4, 2008
Wireshark is 10! (Plus two bonus announcements) · July 14, 2008
Wireshark 1.0.2 Released · July 10, 2008
Wireshark 1.0.1 Released · June 30, 2008
Announcing TurboCap · June 26, 2008
New Article: Open Source Founders Reflect On Project Milestones · April 22, 2008
Announcing Pilot · April 16, 2008
New Video: TCP Connection Loss · April 7, 2008
Sharkfest Was Great! · April 3, 2008
Wireshark 1.0 Released · March 31, 2008
Server Outage · March 20, 2008
Wireshark 0.99.8 Released · February 27, 2008
Vint Cerf at Sharkfest! · February 19, 2008
New Video: Analyzing DNS Queries · February 4, 2008
New Video: ICMP Redirection (plus a Tech Talk) · January 7, 2008
Wireshark 0.99.7 Released · December 18, 2007
New Mirror in Indonesia · December 16, 2007
Nmap is 10 · December 14, 2007
New Video: Advanced IO Graphing · November 5, 2007
German Tutorial from Mirko Kulpa · November 1, 2007
In Memoriam: Jun-ichiro Hagino · October 30, 2007
New Article: Time to Roll Your Own 802.11n Standard · October 5, 2007
New Video: Faulty Padding · September 24, 2007
First Annual SHARKFEST Announced · September 12, 2007
Wireshark Wins 2007 InfoWorld BOSSIE Award · September 10, 2007
New Article: SPAN Port or TAP? CSO Beware · September 9, 2007
New Article: Analyzing TCP Performance with Wireshark · August 17, 2007
Wireshark 0.99.6a Windows Installer Released · July 9, 2007
Wireshark 0.99.6 Released · July 5, 2007
New Article: Creating Your Own Custom Wireshark Dissector · July 2, 2007
New Video: Building ACL Rules · July 2, 2007
Wireshark at LinuxWorld 2007 · June 27, 2007
New tool: WPA PSK Generator · June 22, 2007
New Book: Practical Packet Analysis · May 23, 2007
eWEEK Says We're Important · May 2, 2007
Wireshark! Live! Helpdesk · April 1, 2007
Wireshark University Announced · March 19, 2007
New Mirror in Hungary · March 2, 2007
New Mirror in Germany · February 21, 2007
McAfee VirusScan False Positive · February 13, 2007
Wireshark 0.99.5 Released · February 1, 2007
WinPcap 4.0 Released · January 29, 2007
3Com Says We're "Best-Of-Breed" · January 29, 2007
New Mirror in the U.S. · January 22, 2007
New Mirror in the Netherlands · January 5, 2007
MacOS X Package Available · January 4, 2007
Article in COMPUTERWOCHE.de · November 14, 2006
Wireshark 0.99.4 Released · October 31, 2006
Wireshark Training Available for Q1 2007 · October 23, 2006
Site Outage · September 18, 2006
Wireshark 0.99.3 Released · August 23, 2006
Wireshark 0.99.2 Released · July 17, 2006
Tutorial and Podcast from Chris Sanders · July 14, 2006
Symantec Antivirus False Positive · July 4, 2006
We're (still) #2! · June 21, 2006
Ethereal® is now Wireshark™ · June 7, 2006