WireShark - Network protocol analyzer.
Version: 1.12.8
Updated: 28-Oct-2015
Developer: Gerald Combs
Homepage: https://www.wireshark.org/
Requirements
- Intel
- OS X 10.6 or later
- X11 or XQuartz
Pass: osxvn
Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.
Wireshark has a rich feature set which includes the following:
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
- The most powerful display filters in the industry
- VoIP analysis
- Live capture and offline analysis are supported
- Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
- Capture files compressed with gzip can be decompressed on the fly
- Hundreds of protocols are supported, with more being added all the time
- Coloring rules can be applied to the packet list, which eases analysis
Version 1.12.8:
Bug fixes:
- Pcapng file parser crash. Discovered by Dario Lombardo and Shannon Sabens.
- Last Address field for IPv6 RPL routing header is interpreted incorrectly. (Bug 10560)
- Comparing two capture files crashes Wireshark when navigating the results. (Bug 11098)
- 802.11 frame is not correctly dissected if it contains HT Control. (Bug 11351)
- GVCP bit-fields not updated. (Bug 11442)
- Tshark crash when specifying ssl.keys_list on CLI. (Bug 11443)
- pcapng: SPB capture length is incorrectly truncated if IDB snaplen = 0. (Bug 11483)
- pcapng: NRB IPv4 address is endian swapped but shouldn’t be. (Bug 11484)
- pcapng: NRB with options causes file read failure. (Bug 11485)
- pcapng: ISB without if_drop option is shown as max value. (Bug 11489)
- UNISTIM dissector - Message length not included in offset for "Select Adjustable Rx Volume". (Bug 11497)
- DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM
- New and Updated Capture File Support and pcapng
Screenshots: