If you've ever wondered just how your network is being used, Wireshark may be the tool you have been looking for. Network analysers are nothing new, but they have a tendency to be impenetrable programs reliant on command line operations and provide information in a text-based form which can be difficult to interpret. Wireshark boasts a graphical front end which makes it easy to analyse all traffic which travels over a network using a variety of protocols.
Data packets can be captured from both wired and wireless network and this information can be viewed live as it is captured or analysed at a later date. The wealth of information that the program can reveal about network usage is staggering, and support for plugins means that the tool can be extended to add new protocols and features further down the line. Wireshark is available for Windows, Linux and Mac, making it ideal for mixed platform networks.
As well as working with data that has been captured directly through Wireshark itself, it is also possible to analyse data that has been captured with the likes of Aircrack, tcpdump and CA NetMaster. Easy to configure colouring and filtering makes it simple to make sense of complex data, and while this is not a tool for the average home user, it remains powerful yet approachable.
Note the Windows download here is for the 32-bit version.
Version 2.6.6 changes (Release Notes):
The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.
The following vulnerabilities have been fixed:
wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716.
wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717.
wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718.
wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719.
The following bugs have been fixed:
console.lua not found in a folder with non-ASCII characters in its name. Bug 15118.
Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. Bug 15263.
UDP Multicast Stream double counts. Bug 15271.
text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. Bug 15292.
Builds without libpcap fail if the libpcap headers aren’t installed. Bug 15317.
TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. Bug 15350.
macOS DMG appears to have duplicate files. Bug 15361.
Wireshark jumps behind other windows when opening UAT dialogs. Bug 15366.
Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. Bug 15367.
Executing -z http,stat -r file.pcapng throws a segmentation fault. Bug 15369.
IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. Bug 15372.
In DNS statistics, response times > 1 sec not included. Bug 15382.
GTPv2 APN dissect problem. Bug 15383.