纯净系统
软件下载

网络抓包工具 Wireshark v3.6.1 中文便携版

介绍

Wireshark(前称Ethereal)是一款免费开源的网络嗅探抓包工具,世界上最流行的网络协议分析器!网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料。Wireshark网络抓包工具使用WinPCAP作为接口,直接与网卡进行数据报文交换,可以实时检测网络通讯数据,检测其抓取的网络通讯数据快照文件,通过图形界面浏览这些数据,可以查看网络通讯数据包中每一层的详细内容。它的强大特性:例如包含有强显示过滤器语言和查看TCP会话重构流的能力,支持上百种协议和媒体类型。

软件截图

更新日志

New and Updated Features

The following features are new (or have been significantly updated) since version 3.6.0rc3:

  • The macOS Intel packages now ship with Qt 5.15.3 and require macOS 10.13 or later.

The following features are new (or have been significantly updated) since version 3.6.0rc2:

  • Display filter set elements must now be comma-separated. See below for more details.

The following features are new (or have been significantly updated) since version 3.6.0rc1:

  • The display filter expression “a != b” now has the same meaning as “!(a == b)”.

The following features are new (or have been significantly updated) since version 3.5.0:

  • Nothing of note.

The following features are new (or have been significantly updated) since version 3.4.0:

  • Several changes have been made to the display filter syntax:
    • The expression “a != b” now always has the same meaning as “!(a == b)”. In particular this means filter expressions with multi-value fields like “ip.addr != 1.1.1.1” will work as expected (the result is the same as typing “ip.src != 1.1.1.1 and ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a != b) being true.
    • It is possible to use the syntax “a ~= b” or “a any_ne b” to recover the previous (inconsistent with "==") logic for not equal.
    • Literal strings can now be specified using raw string syntax, identical to raw strings in the Python programming language. This can be used to avoid the complexity of using two levels of character escapes with regular expressions.
    • Set elements must now be separated using a comma. A filter such as http.request.method in {"GET" "HEAD"} must be written as …​ in {"GET", "HEAD"}. Whitespace is not significant. The previous use of whitespace as separator is deprecated and will be removed in a future version.
    • Support for the syntax "a not in b" with the same meaning as "not a in b" has been added.
  • Packaging updates:
    • A macOS Arm 64 (Apple Silicon) package is now available.
    • The macOS Intel packages now ship with Qt 5.15.3 and require macOS 10.13 or later.
    • The Windows installers now ship with Npcap 1.55.
    • A 64-bit Windows PortableApps package is now available.
  • TCP conversations now support a completeness criteria, which facilitates the identification of TCP streams having any of opening or closing handshakes, a payload, in any combination. It can be accessed with the new tcp.completeness filter.
  • Protobuf fields that are not serialized on the wire or otherwise missing in capture files can now be displayed with default values by setting the new “add_default_value” preference. The default values might be explicitly declared in “proto2” files, or false for bools, first value for enums, zero for numeric types.
  • Wireshark now supports reading Event Tracing for Windows (ETW). A new extcap named ETW reader is created that now can open an etl file, convert all events in the file to DLT_ETW packets and write to a specified FIFO destination. Also, a new packet_etw dissector is created to dissect DLT_ETW packets so Wireshark can display the DLT_ETW packet header, its message and packet_etw dissector calls packet_mbim sub_dissector if its provider matches the MBIM provider GUID.
  • “Follow DCCP stream” feature to filter for and extract the contents of DCCP streams.
  • Wireshark now supports dissecting RTP packets with OPUS payloads.
  • Importing captures from text files based on regular expressions is now possible. By specifying a regex capturing a single packet including capturing groups for relevant fields a textfile can be converted to a libpcap capture file. Supported data encodings are plain-hexadecimal, -octal, -binary and base64. Also the timestamp format now allows the second-fractions to be placed anywhere in the timestamp and it will be stored with nanosecond instead of microsecond precision.
  • The RTP Player has been significantly redesigned and improved. See Playing VoIP Calls and RTP Player Window in the User’s Guide for more details.
    • The RTP Player can play many streams in row.
    • The UI is more responsive.
    • The RTP Player maintains playlist and other tools can add and remove streams to and from it.
    • Every stream can be muted or routed to the left or right channel for replay.
    • The option to save audio has been moved from the RTP Analysis dialog to the RTP Player. The RTP Player also saves what was played, and it can save in multichannel .au or .wav.
    • The RTP Player is now accessible from the Telephony  RTP  RTP Player menu.
  • The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP Flows) are non-modal and can stay opened on background.
    • The same tools are provided across all dialogs (Prepare Filter, Analyse, RTP Player …​)
  • The “Follow Stream” dialog is now able to follow SIP calls based on their Call-ID value.
  • The “Follow Stream” dialog’s YAML output format has been updated to add timestamps and peers information For more details see Following Protocol Streams in the User’s Guide.
  • IP fragments between public IPv4 addresses are now reassembled even if they have different VLAN IDs. Reassembly of IP fragments where one endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927) IPv4 address continues to take the VLAN ID into account, as those addresses can be reused. To revert to the previous behavior and not reassemble fragments with different VLAN IDs, turn on the “Enable stricter conversation tracking heuristics” top level protocol preference.
  • USB Link Layer reassembly has been added, which allows hardware captures to be analyzed at the same level as software captures.
  • TShark can now export TLS session keys with the --export-tls-session-keys option.
  • Wireshark participated in the Google Season of Docs 2020 and the User’s Guide has been extensively updated.
  • The “RTP Stream Analysis” dialog CSV export format was slightly changed. The first line of the export contains column titles as in other CSV exports.
  • Wireshark now supports the Turkish language.
  • The settings in the “Import from Hex Dump” dialog is now stored in a profile import_hexdump.json file.
  • Analyze  Reload Lua Plugins has been improved to properly support FileHandler.
  • The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now show correct calculation mean jitter calculations.
  • RTP streams are now created based on Skinny protocol messages in addition to other types of messages.
  • The “VoIP Calls Flow Sequence” window shows more information about various Skinny messages.
  • Initial support for building Wireshark on Windows using GCC and MinGW-w64 has been added. See README.msys2 in the sources for more information.

New File Format Decoding Support

Vector Informatik Binary Log File (BLF)

下载地址

腾讯云        蓝奏云        闪电盘

未经允许不得转载:Puresys纯净系统-软件下载 » 网络抓包工具 Wireshark v3.6.1 中文便携版

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

支付宝扫一扫打赏