-
Latest Version
Wireshark 4.4.2 (64-bit) LATEST
-
Review by
-
Operating System
Windows 8 (64-bit) / Windows 10 (64-bit) / Windows 11
-
User Rating
Click to vote -
Author / Product
-
Filename
Wireshark-4.4.2-x64.exe
An open-source network protocol analyzer that lets you capture and interactively browse the traffic running on a computer network.
Originally named Ethereal, it was rebranded as Wireshark in 2006 and has since become a go-to tool for network troubleshooting, analysis, software and communication protocol development, and education. It's available for Windows, macOS, Linux, and other Unix-like operating systems.
The app was written by networking experts around the world and is an example of the power of open-source. Wireshark 64-bit is used by network professionals around the world for analysis, troubleshooting, software and protocol development, and education.
The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.
Highlights
- Deep inspection of hundreds of protocols, with more being added all the time
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
- Packet Analysis: It captures data packets from a network in real-time or from saved capture files for in-depth analysis.
- Deep Inspection: Users can inspect hundreds of protocols, including Ethernet, IP, TCP, HTTP, DNS, and more, to diagnose network issues or investigate security incidents.
- Filtering: Advanced filtering capabilities allow users to sift through large volumes of data to focus on specific packets or protocols.
- Protocol Decoding: The app decodes packet contents into human-readable formats, aiding in understanding network communication.
- VoIP Analysis: Support for VoIP protocols enables analysis of voice and video communications.
- Exporting: Captured data can be exported to various file formats for further analysis or sharing.
- Extensibility: It offers a rich ecosystem of plugins and scripts for extending functionality.
It features a comprehensive graphical user interface (GUI) with multiple panes for packet display, packet details, packet list, and more. It provides color-coded packet highlighting for easy identification of various protocols and types of traffic.
Installation and Setup
Installing this program is straightforward on most platforms. Users can download the installer from the official website or FileHorse and follow the on-screen instructions. On Windows, it also offers an option to install WinPcap or Npcap for packet capture.
How to Use
- Launch the tool and select the network interface for capturing packets.
- Start capturing packets by clicking the "Start" button.
- Analyze captured packets in real-time or from saved capture files.
- Apply filters to focus on specific packets or protocols.
- Use built-in tools for deep packet inspection, protocol decoding, and analysis.
- Export relevant data for further investigation or reporting.
Can Wireshark 64bit capture encrypted traffic?
It can capture encrypted traffic, but it cannot decrypt it unless the user has access to the encryption keys.
Does Wireshark support wireless network capture?
Yes, it supports capturing packets from wireless networks, but it requires compatible hardware and drivers.
Is Wireshark legal to use?
Yes, the software is legal to use for network analysis and troubleshooting. However, using it for unauthorized interception of network traffic may be illegal in some jurisdictions.
Can Wireshark be used for cybersecurity purposes?
Yes, the program is commonly used by cybersecurity professionals for analyzing network traffic, detecting anomalies, and investigating security incidents.
What are some common troubleshooting scenarios where Wireshark is useful?
It can help troubleshoot network connectivity issues, performance problems, security breaches, and application communication errors, among others.
Pricing
Thge tool is open-source and available for FREE under the GNU General Public License.
System Requirements
The program is available for Windows, macOS, Linux, and other Unix-like operating systems. System requirements vary depending on the platform and usage scenario but generally include a reasonable amount of RAM and disk space for packet capture and analysis.
PROS
- Comprehensive protocol support
- Extensive filtering and analysis capabilities
- Open-source and free
- Active community and ongoing development
- Cross-platform compatibility
- Steep learning curve for beginners
- Requires understanding of networking concepts
- Limited support for decrypting encrypted traffic
- Resource-intensive for capturing and analyzing large data volumes
What's new in this version:
Fixed:
The following vulnerabilities have been fixed:
- wnpa-sec-2024-14 FiveCo RAP dissector infinite loop
- wnpa-sec-2024-15 ECMP dissector crash
The following bugs have been fixed:
- CIP I/O is not detected by "enip" filter anymore
- Fuzz job issue: fuzz-2024-09-03-7550.pcap
- OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal
- JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000
- Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring
- PTP analysis loses track of message associations in case of sequence number resets
- USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed
- dumpcap crashes when run from TShark with a capture filter
- SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating
- Ghost error message on POP3 packets
- Building against c-ares 1.34 fails
- D-Bus is not optional anymore
- macOS Intel DMGs aren’t fully notarized
- Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture
- CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142.
- Wi-Fi: 256 Block Ack (BA) is not parsed properly
- BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached
- Statistics→I/O Graph crashes when using simple moving average
- HTTP2 body decompression fails on DATA with a single padded frame
- Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.
- SIP dissector bug due to "be-route" param in VIA header
- Coredump after trying to open 'Follow TCP stream' Issue 20174.
- Protobuf JSON mapping error
- Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183.
- Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1
- IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame
- Wireshark 4.4.1 does not decode RTCP packets
- Qt: Display filter sub-menu can only be opened on the triangle, not the full name
- Qt: Changing the display filter does not update the Conversations or Endpoints dialogs
- MODBUS Dissector bug
- Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval field
- Wireshark crashes when a field is dragged from packet details towards the find input
- Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with comma as decimal separator
New and Updated Features:
- The TShark syntax for dumping only fields with a certain prefix has changed from -G fields prefix to -G fields,prefix. This allows tshark -G fields to again support also specifying the configuration profile to use.
- OperaOpera 115.0 Build 5322.109 (64-bit)
- 4K Download4K Video Downloader+ 1.10.3 (64-bit)
- PhotoshopAdobe Photoshop CC 2025 26.2 (64-bit)
- OKXOKX - Buy Bitcoin or Ethereum
- iTop VPNiTop VPN 6.2.0 - Fast, Safe & Secure
- Premiere ProAdobe Premiere Pro CC 2025 25.1
- BlueStacksBlueStacks 10.41.642.1001
- Hero WarsHero Wars - Online Action Game
- TradingViewTradingView - Trusted by 60 Million Traders
- LockWiperiMyFone LockWiper (Android) 5.7.2
Comments and User Reviews