Wireshark 1.6.0 Released

June 7, 2011

Wireshark 1.6.0 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

New in 1.6.0

  • Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets.

  • Large file (greater than 2 GB) support has been improved.

  • Wireshark and TShark can import text dumps, similar to text2pcap.

  • You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.

  • Wireshark can export SSL session keys via FileExportSSL Session Keys...

  • TShark can show a specific occurrence of a field when using '-T fields'.

  • Custom columns can show a specific occurrence of a field.

  • You can hide columns in the packet list.

  • Wireshark can now export SMB objects.

  • dftest and randpkt now have manual pages.

  • TShark can now display iSCSI, ICMP and ICMPv6 service response times.

  • Dumpcap can now save files with a user-specified group id.

  • Syntax checking is done for capture filters.

  • You can display the compiled BPF code for capture filters in the Capture Options dialog.

  • You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .

  • Packet length is (finally) a default column.

  • TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.

  • 802.1q VLAN tags are now shown in the Ethernet II protocol tree instead of a separate tree.

  • Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.

  • The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.

  • The RTP player now shows why media interruptions occur.

  • Graphs now save as PNG images by default.

  • TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via

    [-z hosts]

    .

  • TShark's -z option now uses the

    [-z <proto>,srt]

    syntax instead of

    [-z <proto>,rtt]

    for all protocols that support service response time statistics. This matches Wireshark's syntax for this option.

  • Wireshark and TShark can now read compressed Windows Sniffer files.

For a complete list of changes, please refer to the 1.6.0 release notes.

Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More