A free network protocol analyzer for Windows and Unix, Wireshark 1.6.5
A new release for Wireshark is out, fixing vulnerabilities and squashing various bugs. The new version number for the stable build is 1.6.5.
All of the vulnerabilities eliminated span across multiple builds of the program: 1.4.0 through 1.4.10 and 1.6.0 through 1.6.4.
These included failure to properly check record sizes for many packet capture file format, crashing after dereferencing NULL pointer and buffer overflow caused by the RLC dissector.
There are no new protocols included, but there is updated support for the existing protocols. Also, there is new and updated capture file support: Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network, Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer, Tektronix K12, WildPackets (Airo and EtherPeek).
A set of bugs have also been taken care of, such as rebooting for SSL/TLS decryption. You can see the complete list of changes on this page.
Here are some key features of "Wireshark":
· Data can be captured "off the wire" from a live network connection, or read from a capture file.
· Wireshark can read capture files from tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
· Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
· Captured network data can be browsed via a GUI, or via the TTY-mode "tethereal" program.
· Capture files can be programmatically edited or converted via command-line switches to the "editcap" program.
· 602 protocols can currently be dissected
· Output can be saved or printed as plain text or PostScript.
· Data display can be refined using a display filter.
· Display filters can also be used to selectively highlight and color packet summary information.
· All or part of each captured network trace can be saved to disk.
Download Wireshark 1.6.5