|
|
|
|
|
|
| |
|
|
Video tutorial for Wireshark 1.2
This video tutorial has been acquired from Downloadtube.com
|
Review
This is official description
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.
Here are some examples people use Wireshark for:
- network administrators use it to troubleshoot network problems
- network security engineers use it to examine security problems
- developers use it to debug protocol implementations
- people use it to learn network protocol internals
Main Features :
- Available for UNIX and Windows.
- Capture live packet data from a network interface.
- Display packets with very detailed protocol information.
- Open and Save packet data captured.
- Import and Export packet data from and to a lot of other capture programs.
- Filter packets on many criteria.
- Search for packets on many criteria.
- Colorize packet display based on filters.
- Create various statistics.
The following review written by one of the Software Informer contributors applies to version 1.2
If you want to know what is going on on your network or whether some malicious or suspicious software broke in and just started floating around your network, you may want to give Wireshark a try. Wireshark gives you the real answers based on sensitive data about what is actually happening inside your network.
Wireshark was known for many years as Ethereal, and got renamed due to trademark issues in the summer of 2006. With this tool you can capture your network packets on either wired connections (LAN) or wireless connections (WLAN): PPP/HDLC, WiFi, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform). It supports almost all the leading operating systems in the industry, including 64-bit. The supported protocols list is really way beyond your expectation. The major advantage is that the developers are constantly trying to add all the newest protocols defined. As a bonus, by using GeoIP, with Wireshark you can also include or exclude traffic based on a particular country.
The live capture of your network data can be used for further analysis off-line. You can save the captured data into any of the most popular formats. |
- Supports 64 bit OS.
- Supports hundreds of protocols.
- Supports off-line analysis.
- Saves reports to XML, CSV, PS, TXT formats.
- Can be combined with GeoIP & GeoLite.
- Colored rules.
|
- So far I have not seen one.
|
|
Reviewed by: Sundaram Ramanujam Reviewer rating: Reviewed: Last year
|
What's new in version 1.6
Bug Fixes :
- The Lucent/Ascend file parser was susceptible to an infinite loop.
- The ANSI MAP dissector was susceptible to an infinite loop
- TCP dissector doesn't decode TCP segments of length 1.
- Missing LUA function.
- Lua API description about creating a new Tvb from a bytearray is not correct in wireshark's user guide.
- Character echo pauses in Capture Filter field in Capture Options.
- "File not found" box uses wrong filename encoding.
- Decoding of MQ ASCII and EBCDIC Traffic Flow - ASCII shows fine, EBCDIC does not.
- Tshark custom columns: Why don't I get an error message?
New Features :
- Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets.
- Large file (greater than 2 GB) support has been improved.
- Wireshark and TShark can import text dumps, similar to text2pcap.
- You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
- Wireshark can export SSL session keys via File→Export→SSL Session Keys...
- TShark can show a specific occurrence of a field when using '-T fields'.
- Custom columns can show a specific occurrence of a field.
- You can hide columns in the packet list.
- Wireshark can now export SMB objects.
- dftest and randpkt now have manual pages.
- TShark can now display iSCSI, ICMP and ICMPv6 service response times.
- Dumpcap can now save files with a user-specified group id.
- Syntax checking is done for capture filters.
- You can display the compiled BPF code for capture filters in the Capture Options dialog.
- You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
- Packet length is (finally) a default column. What's new in version 1.2
Bug Fixes
The following bugs have been fixed:
SNMPv3 Engine ID registration. (Bug 2426)
Open file dialog always displayed when clicking anywhere on Wireshark. (Bug 2478)
tshark reports wrong number of bytes on big dumpfiles with -z io,stat. (Bug 3205)
Negative INTEGER number displayed as positive number in SNMP dissector. (Bug 3230)
Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
Wireshark crashes w/ GLib error when trying to play RTP stream. (Bug 4119)
Windows 2000 support has been restored. (Bug 4176)
Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
I/O Graph dropdown boxes not working correctly. (Bug 4487)
Runtime Error when right-clicking field and selecting "Filter Field Reference". (Bug 4522)
In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
Profinet: May be wrong defined byte meaning. (Bug 4525)
GLib-CRITICAL ** Message. (Bug 4547)
Certain EDP display filters trigger Wireshark/tshark runtime error. (Bug 4563)
Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
The encapsulation abbreviation "bluetooth-h4" is ambiguous. (Bug 4613)
Updated Protocol Support
BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP |
|
Report a wrong version
Report a wrong program title
Suggest a correction
|
Screenshots
All 11 screenshots |
|
|
|
really good analyzer 