August 30, 2010
Wireshark 1.4.0, 1.2.11, and 1.0.16 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.
New in 1.4.0
- The packet list internals have been rewritten and are now more efficient.
- Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header.
- Preliminary Python scripting support has been added.
- Many memory leaks have been fixed.
- Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems.
- Packets can now be ignored (excluded from dissection), similar to the way they can be marked.
- Manual IP address resolution is now supported.
- Columns with seconds can now be displayed as hours, minutes and seconds.
- You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater.
- TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now.
- Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater.
- You can play RTP streams directly from the RTP Analysis window.
- Capinfos and editcap now respectively support time order checking and forcing.
- Wireshark now has a "jump to timestamp" command-line option.
- You can open JPEG files directly in Wireshark.
For a complete list of changes, please refer to the 1.4.0 release notes.
In 1.2.11 and 1.0.16A DLL hijacking bug described in
Official releases are available right now from the download page.
- WLAN packet capture and transmission
- Full 802.11 a/b/g/n support
- View management, control and data frames
- Multi-channel aggregation (with multiple adapters)