Wireshark is a popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
The following features are new (or have been significantly updated) since version 1.2:
- The packet list internals have been rewritten and are now more efficient.
- Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header.
- Preliminary Python scripting support has been added.
- Many memory leaks have been fixed.
- Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems.
- Packets can now be ignored (excluded from dissection), similar to the way they can be marked.
- Manual IP address resolution is now supported.
- Columns with seconds can now be displayed as hours, minutes and seconds.
- You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater.
- TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now.
- Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater.
- You can play RTP streams directly from the RTP Analysis window.
- Capinfos and editcap now respectively support time order checking and forcing.
- Wireshark now has a “jump to timestamp” command-line option.
- You can open JPEG files directly in Wireshark.