Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Wireshark 1.4.0, 1.2.11, and 1.0.16 Released

August 30, 2010

Wireshark 1.4.0, 1.2.11, and 1.0.16 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

New in 1.4.0

  • The packet list internals have been rewritten and are now more efficient.
  • Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header.
  • Preliminary Python scripting support has been added.
  • Many memory leaks have been fixed.
  • Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems.
  • Packets can now be ignored (excluded from dissection), similar to the way they can be marked.
  • Manual IP address resolution is now supported.
  • Columns with seconds can now be displayed as hours, minutes and seconds.
  • You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater.
  • TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now.
  • Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater.
  • You can play RTP streams directly from the RTP Analysis window.
  • Capinfos and editcap now respectively support time order checking and forcing.
  • Wireshark now has a "jump to timestamp" command-line option.
  • You can open JPEG files directly in Wireshark.

For a complete list of changes, please refer to the 1.4.0 release notes.

In 1.2.11 and 1.0.16

A DLL hijacking bug described in Microsoft Security Advisory 2269637 has been fixed. See the security advisories and release notes for more details.

Official releases are available right now from the download page.