The latest version of Wireshark brings numerous new features

Aug 6, 2014 12:55 GMT  ·  By

Wireshark, the best network protocol analyzer that offers users the means to capture and interactively browse the traffic running on a computer network, has advanced to version 1.12.0 and is now available for download.

“Wireshark is the world's foremost network protocol analyzer. It lets you see what's happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998,” reads the official website.

The application allows for deep inspection of hundreds of protocols, live capture and offline analysis, multi-platform support, powerful display filters, decompression on the fly for gzip packages, and decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2.

Wireshark receives numerous updates and improvements, but most of the changes are usually made for maintenance. The 1.12.0 version is a lot different and it's actually packed with new features. The current build of Wireshark supersedes all previous releases, including all builds of Ethereal, and is now the latest stable build.

According to the changelog, the “On-the-wire” packet lengths are no longer limited to 65,535 bytes, the “Follow TCP Stream” no longer shows only the first HTTP request and response, files with the pcap-ng Simple Packet Blocks can now be read, MPLS-over-PPP is now recognized, expert information is now filterable when the new API is in use, the “Number” column now shows related packets and protocol conversation spans (Qt only), and it's now possible to also adjust the original frame length using the -L option.

Also, users can now pass the -C <choplen> option to editcap multiple times, it's possible to specify an optional offset to the -C option for editcap, the “malformed” display filter has been renamed to “_ws.malformed,” the Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, the transport name resolution is now disabled by default, and support has been added for all versions of the DCBx protocol.

As usual, Linux users will only get the source code for the latest version, which means that you will need to compile it yourself if you don't want to wait until it arrives in the repositories.

A complete list of changes, fixes, and new features can be found in the official announcement. You can download Wireshark 1.12.0 right now from Softpedia.