WireShark 2.2.0 RC1 (x86/x64) + Portable | 133.0 MB
If your computer is always connected to the Internet or local network, it's vulnerable to hacker attacks and malware infections. In addition to using a powerful and updated antivirus solution (obligatory for any responsible PC user), you can also use a network analysis tool to identify the malicious packets and block them. Such an application is Wireshark and it's free to use.
Customizable setup pack
When deploying Wireshark on your computer, you can choose the plugins and extensions you want to install, such as the Dissector plugin, Tree Statistics, SNMP MIBs, or the Meta Analysis and Tracing Engine.
Since these utilities are meant to provide a wider range of information about your network traffic and they can be easily disabled, it is advisable to install them alongside Wireshark. The same advice applies to the extra tools bundled with the setup and to the recommended file associations for trace files found on the PC.
The final step before finalizing the initial configuration is for the setup to check whether you have WinPcap installed on your computer, and to install it if missing.
Set filters to capture network traffic
If you are using several network cards, Wireshark lets you choose the one for capturing the network traffic. Once the capture has begun, you can monitor all the connections and their corresponding details - you also get the chance to create filters to keep an eye on just certain types of connections.
Color-coded packet types to spot them easier
Another way to make sure you correctly monitor the type of packets you want is to apply color schemes for each type of connection, so that the most important ones are the most visible. If you are not satisfied with the color templates provided by Wireshark, you can create a custom one by specifying the shade and string to be monitored.
Wireshark also comes with a Statistics function that can be used to generate reports to be analyzed at a later time. Depending on your necessities, you can choose to view the details of the protocol hierarchy, endpoint, packet lengths, or the IO graph.
Overall, an advanced and dependable protocol analyzer
With all things considered, Wireshark can come in handy to all those who want to be in control of their network connections and limit them whenever needed. However, it does take an expert to use the app to its full potential.
New in version 2.2.0 RC 1 (August 23, 2016)
Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.
Upgrading to latest version uninstalls WeiRuan-->WeiRuan Visual C++ redistributable. (Bug 12712)
NEW UPDATES AND FEATURES:
Added -d option for Decode As support in Wireshark (mimics TShark functionality)
The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible JSON.
The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
The RTP player now allows up to 30 minutes of silence frames.
Packet bytes can now be displayed as EBCDIC.
The Qt UI loads captures faster on ShiChuang.
proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.
The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
You can now use regular expressions in Find Packet and in the advanced preferences.
Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
The byte under the mouse in the Packet Bytes pane is now highlighted.
TShark supports exporting PDUs via the -U flag.
The ShiChuang and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
Most dialogs in the Qt UI now save their size and positions.
The Follow Stream dialog now supports UTF-16.
The Firewall ACL Rules dialog has returned.
The Flow (Sequence) Analysis dialog has been improved.
We no longer provide packages for 32-bit versions of OS X.
The Bluetooth Device details dialog has been added.
New File Format Decoding Support:
Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you're curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file's format in the Open File dialog.
New Protocol Support:
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header Dissector Added (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO 8583-1, ISO14443, ITU-T
G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters Dissectors Added (Closures Lighting General Measurement & Sensing HVAC Security & Safety)
Updated Protocol Support:
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default.
New and Updated Capture File Support:
New and Updated Capture Interfaces support:
Non-empty section placeholder.
Major API CHANGES:
The libwireshark API has undergone some major changes:
The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead.
"old style" dissector functions (that don't return number of bytes used) have been replaced in name with the "new style" dissector functions.
tvb_get_string and tvb_get_stringz have been replaced with tvb_get_string_enc and tvb_get_stringz_enc respectively.
OS: ShiChuang Vista / 7 / 8 / 2008 / 10 (32/64-bit) and 2003 / 2008 R2 / Server 2012