Wireshark 3.0.0 网络协议分析工具正式版

软件介绍

Wireshark是一款世界上最广泛最总要的网络协议分析工具，它可以让你在微观的层面上看到网络上所发生的任何事情，并且是许多商业和非商业企业、政府机构和教育机构的事实上标准（通常是法律上的）。是由全球网络专家的志愿者所贡献的！

Wireshark的蓬勃发展是离不开志愿者的贡献，是Gerald Combs在1998年启动的项目延续。Wireshark可以实时监测网络通讯的数据，也可以监测其抓取的网络通讯数据快照文件。并且通过图形界面浏览这些数据，查看网络通讯数据包中的每一层的详细内容！

软件截图

官方网站

功能特性

• 深入检查数百种协议，并且一直在增加更多协议
• 实时捕获和离线分析
• 标准三窗格数据包浏览器
• 多平台：在Windows，Linux，macOS，Solaris，FreeBSD，NetBSD和其他许多平台上运行
• 捕获的网络数据可以通过GUI或TTY模式tshark实用程序进行浏览。
• 业界最强大的显示器过滤器
• 丰富的VoIP分析
• 使用gzip压缩的捕获文件可以动态解压缩
• 实时数据可以从以太网，IEEE 802.11，PPP / HDLC，ATM，蓝牙，USB，Token Ring， Frame Relay，FDDI等中读取（取决于您的平台）
• 对许多协议的解密支持，包括IPsec，ISAKMP，Kerberos，SNMPv3，SSL / TLS，WEP和WPA / WPA2
• 可以将着色规则应用于数据包列表，以便进行快速，直观的分析
• 输出可以导出为XML，PostScript®，CSV或纯文本
• 读/写许多不同的捕获文件格式：tcpdump（libpcap），Pcap NG，Catapult DCT2000，Cisco Secure IDS iplog，Microsoft网络监视器，NetworkGeneralSniffer®（压缩和未压缩），Sniffer®Pro和NetXray®，Network Instruments Observer ，NetScreen snoop，Novell LANalyzer，RADCOM WAN / LAN分析仪，Shomiti / Finisar Surveyor，Tektronix K12xx，Visual Networks Visual UpTime，WildPackets EtherPeek / TokenPeek / AiroPeek等等

更新日志

Wireshark 3.0.0 Released February 28, 2019

• The following features are new (or have been significantly updated) since version 3.0.0rc2:
• No significant changes.
• The following features are new (or have been significantly updated) since version 3.0.0rc1:
• The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
• The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
• The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.
• The following features are new (or have been significantly updated) since version 2.9.0:
• Wireshark now supports the Swedish and Ukrainian languages.
• Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
• The build system now produces reproducible builds (Bug 15163).
• The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.
• The following features are new (or have been significantly updated) since version 2.6.0:
• The Windows .exe installers now ship with Npcap instead of WinPcap.
• Conversation timestamps are supported for UDP/UDP-Lite protocols
• TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
• The “Capture Information” dialog has been added back (Bug 12004).
• The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
• The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
• Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
• The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
• The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
• Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
• APT-X has been renamed to aptX.
• When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
• The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
• Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
• Wireshark now includes a “No Reassembly” configuration profile.
• Wireshark now supports the Russian language.
• The build system now supports AppImage packages.
• The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
• Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
• The editcap utility gained a new –inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
• A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
• The Bash test suite has been replaced by one based on Python unittest/pytest.
• The custom window title can now show file path of the capture file and it has a conditional separator.

关于Win10下Wireshark找不到接口的解决办法：

http://www.win10pcap.org/download/

下载地址

Wireshark 3.0.0 网络协议分析工具正式版下载