14 DAY TRIAL // The Wireshark Foundation released a new major version of their widely-used network protocol analyzer software, Wireshark 3.0, for GNU/Linux, macOS, and Windows platforms.
As its version number suggests, Wireshark 3.0 is a massive update to the world's most popular network protocol analyzer designed for network troubleshooting and analysis, software and communications protocol development, as well as education purposes, which introduces numerous new features and improvements.
Highlights of Wireshark 3.0 include re-enablement and modernization of the IP map feature, support for the long-term supported Qt 5.12 application framework for macOS and Windows systems, initial support for using PKCS #11 tokens for RSA decryption in TLS, support for reproducible builds, and support for Swedish, Ukrainian, and Russian languages.
Since version 2.6, Wireshark 3.0 also adds support for conversation timestamps for the UDP and UDP-Lite protocols, supports for generating ElasticSearch mapping files via new -G elastic-mapping option, support for TLS and DTLS decryption using DSB-embedded pcapng files that contain a TLS Key Log file, and decryption support for the new WireGuard dissector.
Moreover, the "Capture Information" dialog was readded as well, the IEEE 802.11 and Ethernet dissectors will no longer validate the frame check sequence by default, and a new “Reassemble out-of-order segments” preference was added to the TCP dissector to address any decryption and dissection issues that may occur when TCP segments are received out-of-order.
Wireshark is now available as AppImage packages
Among other changes included in the Wireshark 3.0 release, we can mention that the BOOTP and SSL dissectors were renamed to DHCP and TLS respectively, there's a new "No Reassembly" configuration profile, the dumpcap feature now supports the -a packets:NUM and -b packets:NUM options, and the Windows installers now ship with Npcap instead of WinPcap.
The user interface was also improved a bit to allow copying of IO graphs, coloring rules, protocol preference tables, filter buttons from other profiles, add ExportPDU headers containing payload names when importing files from hex dumps, and show the file path of the capture file and a conditional separator in the custom window title.
Wireshark 3.0 also adds proxy support for SSH connections in the ciscodump and sshdump interfaces, replaces the Bash test suite with one based on Python unittest/pytest, adds a new dfilter function string() to enable conversion of non-string fields to string functions, and adds a new --inject-secrets option to the editcap utility to enable injection an existing TLS Key Log files into a pcapng file.
Last but not least, Wireshark 3.0 adds support for the AppImage universal binary file format to make deployment across multiple GNU/Linux distributions a breeze. You can download Wireshark 3.0 for GNU/Linux, macOS, and Windows operating systems right now from our free software portal or directly from the official website. Wireshark 3.0 is now the latest stable version, so upgrading is highly recommended.