Download Wireshark 3.6.0

Wireshark is a network packet analyzer. The network packet sniffer will try to capture the network packets and try to display that packet data in as much detail as possible. A network packet analyzer can be thought of as a measuring device used to study what is going on inside a network cable, just like a voltmeter is used by an electrician to check what is going on inside an electrical cable (but at a higher level, of course.) In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark, everything has changed. Wireshark is arguably one of the best open source packet analyzers available today.

  • Deep validation of hundreds of protocols that are constantly being added
  • Real-time recording and offline analysis
  • Standard three-pane package browser
  • Multiplatform: Works on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD and many more.
  • The captured network data can be viewed through a graphical interface or with the TShark utility in TTY mode.
  • The most powerful display filters in the industry
  • Rich VoIP Analysis
  • Read / write many different capture file formats
  • Capture files compressed with gzip can be unzipped on the fly
  • Real-time data can be read from Ethernet, IEEE 802.11, PPP / HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI and others (depending on your platform)
  • Decryption support for many protocols including IPsec, ISAKMP, Kerberos, SNMPv3, SSL / TLS, WEP, and WPA / WPA2.
  • Coloring rules can be applied to the package list for quick and intuitive analysis.
  • The output can be exported to XML, PostScript®, CSV, or plain text.

New and updated features

The following features are new (or have been significantly updated) since 3.6.0rc3:

  • Intel packages for macOS now ship with Qt 5.15.3 and require macOS 10.13 or later.
  • The following features are new (or have been significantly updated) since 3.6.0rc2:
  • Display filter set items should now be separated by commas. See below for details.
  • The following features are new (or have been significantly updated) since 3.6.0rc1:
  • The display filter expression “a! = B “now has the same meaning as”! (A == b) “.

The following features are new (or have been significantly updated) since version 3.4.0:

Several changes have been made to the display filter syntax:

  • The expression “a! = B “now always has the same meaning as”! (A == b) “. In particular, this means that filter expressions with multivalued fields such as “ip.addr! = 1.1.1.1 “will work as expected (the result is the same as typing” ip.src! = 1.1.1.1 and ip.dst! = 1.1 “. 1.1”). This avoids a true contradiction (a == b and a! = B).
  • You can use the syntax “a ~ = b” or “a any_ne b” to restore the previous (incompatible with “==”) logic for inequality.
  • Literal strings can now be specified using raw string syntax, identical to the raw strings in the Python programming language. This can be used to avoid the complexity of using two levels of character escaping in regular expressions.
  • The elements of the set should now be separated by a comma. A filter such as http.request.method in {“GET” “HEAD”} should be written as. .. to {“GET”, “HEAD”}. Spaces don’t matter. The previous use of spaces as a separator is deprecated and will be removed in a future release.
  • Added support for “a not in b” syntax with the same meaning as “not a in b”.

Packaging Updates:

  • MacOS Arm 64 (Apple Silicon) is now available.
  • Intel packages for macOS now ship with Qt 5.15.3 and require macOS 10.13 or later.
  • Windows installers now ship with Npcap 1.55.
  • A 64-bit Windows PortableApps package is now available. [full release notes]

Download: Wireshark 3.6.0 | 32-bit Wireshark | ~ 50.0 MB (open source)
Download: Portable Wireshark 3.6.0 | Portable 32-bit Wireshark | Wireshark for macOS
View: Wireshark Website | Wireshark 3.6.0 changelog