Wireshark 3 released with new Npcap Windows packet capturing driver
Version 3.0.0 offers user interface improvements, bug fixes, new Npcap Windows packet capturing driver and more.
Wireshark is a network protocol analyzer. It is the standard in many industries and the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it is still under active development. It is cross-platform, features both GUI and CLI interfaces, and supports deep analysis of hundreds of protocols.
Wireshark is used by security analysts, experts and developers for analysis, troubleshooting, and other security-related tasks to capture and browse the packets traffic on computer networks.
With the new version many user interface improvements have been made. The support for a number of legacy features and libraries has been removed.
The following bugs have been fixed:
- Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors
- Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser
- Text and Image columns were handled incorrectly for TDS 7.0 and 7.1
- Dumpcap might not quit if Wireshark or TShark crashes
- The following features are new (or have been significantly updated) since version 3.0.0rc1
- The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form
- The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7
- The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6
The following features are new (or have been significantly updated) since version 2.9.0:
- Wireshark now supports the Swedish and Ukrainian languages.
- Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys
- The build system now produces reproducible builds
- The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0