Wireshark 3.0.0 网络协议分析工具正式版

软件介绍

Wireshark是一款世界上最广泛最总要的网络协议分析工具,它可以让你在微观的层面上看到网络上所发生的任何事情,并且是许多商业和非商业企业、政府机构和教育机构的事实上标准(通常是法律上的)。是由全球网络专家的志愿者所贡献的!

Wireshark的蓬勃发展是离不开志愿者的贡献,是Gerald Combs在1998年启动的项目延续。Wireshark可以实时监测网络通讯的数据,也可以监测其抓取的网络通讯数据快照文件。并且通过图形界面浏览这些数据,查看网络通讯数据包中的每一层的详细内容!

软件截图

官方网站

https://www.wireshark.org/

功能特性

  • 深入检查数百种协议,并且一直在增加更多协议
  • 实时捕获和离线分析
  • 标准三窗格数据包浏览器
  • 多平台:在Windows,Linux,macOS,Solaris,FreeBSD,NetBSD和其他许多平台上运行
  • 捕获的网络数据可以通过GUI或TTY模式tshark实用程序进行浏览。
  • 业界最强大的显示器过滤器
  • 丰富的VoIP分析
  • 使用gzip压缩的捕获文件可以动态解压缩
  • 实时数据可以从以太网,IEEE 802.11,PPP / HDLC,ATM,蓝牙,USB,Token Ring, Frame Relay,FDDI等中读取(取决于您的平台)
  • 对许多协议的解密支持,包括IPsec,ISAKMP,Kerberos,SNMPv3,SSL / TLS,WEP和WPA / WPA2
  • 可以将着色规则应用于数据包列表,以便进行快速,直观的分析
  • 输出可以导出为XML,PostScript®,CSV或纯文本
  • 读/写许多不同的捕获文件格式:tcpdump(libpcap),Pcap NG,Catapult DCT2000,Cisco Secure IDS iplog,Microsoft网络监视器,NetworkGeneralSniffer®(压缩和未压缩),Sniffer®Pro和NetXray®,Network Instruments Observer ,NetScreen snoop,Novell LANalyzer,RADCOM WAN / LAN分析仪,Shomiti / Finisar Surveyor,Tektronix K12xx,Visual Networks Visual UpTime,WildPackets EtherPeek / TokenPeek / AiroPeek等等

更新日志

Wireshark 3.0.0 Released February 28, 2019

  • The following features are new (or have been significantly updated) since version 3.0.0rc2:
  • No significant changes.
  • The following features are new (or have been significantly updated) since version 3.0.0rc1:
  • The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
  • The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
  • The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.
  • The following features are new (or have been significantly updated) since version 2.9.0:
  • Wireshark now supports the Swedish and Ukrainian languages.
  • Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
  • The build system now produces reproducible builds (Bug 15163).
  • The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.
  • The following features are new (or have been significantly updated) since version 2.6.0:
  • The Windows .exe installers now ship with Npcap instead of WinPcap.
  • Conversation timestamps are supported for UDP/UDP-Lite protocols
  • TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
  • The “Capture Information” dialog has been added back (Bug 12004).
  • The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
  • The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
  • Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
  • The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
  • The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
  • Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
  • APT-X has been renamed to aptX.
  • When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
  • The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
  • Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
  • Wireshark now includes a “No Reassembly” configuration profile.
  • Wireshark now supports the Russian language.
  • The build system now supports AppImage packages.
  • The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
  • Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
  • The editcap utility gained a new –inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
  • A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
  • The Bash test suite has been replaced by one based on Python unittest/pytest.
  • The custom window title can now show file path of the capture file and it has a conditional separator.

关于Win10下Wireshark找不到接口的解决办法:

Win10下安装好Wireshark,打开后可能出现“没有找到接口”提示,是由于其自带的Winpcap不支持Win10.

我们只需要到

下载安装Win10Pcap即可解决。

下载地址

Wireshark 3.0.0 网络协议分析工具正式版下载

「点点赞赏,手留余香」

    还没有人赞赏,快来当第一个赞赏的人吧!
AD:我也想加广告,可惜没有~
0 条回复 A 作者 M 管理员
    所有的伟大,都源于一个勇敢的开始!
欢迎您,新朋友,感谢参与互动!欢迎您 {{author}},您在本站有{{commentsCount}}条评论