Wireshark（前稱Ethereal）是一個網絡封包分析軟件。網絡封包分析軟件的功能是擷取網絡封包，並儘可能顯示出最為詳細的網絡封包資料.WireShark是一款非常棒的Unix和Windows上的開源網絡協議分析器。它可以實時檢測網絡通訊數據，也可以檢測其抓取的網絡通訊數據快照文件。可以通過圖形界面瀏覽這些數據，可以查看網絡通訊數據包中每一層的詳細內容。

WireShark擁有許多強大的特性：包含有強顯示過濾器語言（Rich Display Filter Language）和查看TCP會話重構流的能力;它更支持上百種協議和媒體類型;擁有一個類似tcpdump（一個Linux下的網絡協議分析工具）的名為Tethereal的命令行版本。

網絡封包分析軟件的功能可想像成“電工技師使用電錶來量測電流，電壓，電阻”的工作 – 只是將場景移植到網絡上，並將電線替換成網絡線。在過去，網絡封包分析軟件是非常昂貴，或是專門屬於營利用的軟件.Ethereal的出現改變了這一切。在GNUGPL通用許可證的保障範圍底下，使用者可以以免費的代價取得軟件與其源代碼，並擁有針對其他代碼修改及客制化的權利.Ethereal是目前全世界最廣泛的網絡封包分析軟件之一。

網絡管理員使用Wireshark來檢測網絡問題，網絡安全工程師使用Wireshark來檢查資訊安全相關問題，開發者使用Wireshark來為新的通訊協定除錯，普通使用者使用Wireshark來學習網絡協定的相關知識當然，有的人也會“居心叵測”的用它來尋找一些敏感信息……

Wireshark不是入侵偵測軟件（Intrusion DetectionSoftware，IDS）。對於網絡上的異常流量行為，Wireshark不會產生警示或是任何提示。然而，仔細分析Wireshark擷取的封包能夠幫助使用者對於網絡行為有更清楚的了解.Wireshark不會對網絡封包產生內容的修改，它只會反映出目前流通的封包資訊.Wireshark本身也不會送出封包至網絡上。

Wireshark 2.6.5 Release Notes

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

What’s New

• The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.

Bug Fixes

The following vulnerabilities have been fixed:

• wnpa-sec-2018-51 The Wireshark dissection engine could crash. Bug 14466. CVE-2018-19625.
• wnpa-sec-2018-52 The DCOM dissector could crash. Bug 15130. CVE-2018-19626.
• wnpa-sec-2018-53 The LBMPDM dissector could crash. Bug 15132. CVE-2018-19623.
• wnpa-sec-2018-54 The MMSE dissector could go into an infinite loop. Bug 15250. CVE-2018-19622.
• wnpa-sec-2018-55 The IxVeriWave file parser could crash. Bug 15279. CVE-2018-19627.
• wnpa-sec-2018-56 The PVFS dissector could crash. Bug 15280. CVE-2018-19624.
• wnpa-sec-2018-57 The ZigBee ZCL dissector could crash. Bug 15281. CVE-2018-19628.

The following bugs have been fixed:

• VoIP Calls dialog doesn’t include RTP stream when preparing a filter. Bug 13440.
• Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive. Bug 14335.
• Closing Enabled Protocols dialog crashes wireshark. Bug 14349.
• Unable to Export Objects → HTTP after sorting columns. Bug 14545.
• DNS Response to NS query shows as malformed packet. Bug 14574.
• Encrypted Alerts corresponds to a wrong selection in the packet bytes pane. Bug 14712.
• Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled. Bug 15014.
• ESP will not decode since 2.6.2 – works fine in 2.4.6 or 2.4.8. Bug 15056.
• text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header. Bug 15194.
• Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug 15196.
• Infinite read loop when extcap exits with error and error message. Bug 15205.
• MATE unable to extract fields for PDU. Bug 15208.
• Malformed Packet: SV. Bug 15224.
• OPC UA Max nesting depth exceeded for valid packet. Bug 15226.
• TShark 2.6 does not print GeoIP information. Bug 15230.
• ISUP (ANSI) packets malformed in WS versions later than 2.4.8. Bug 15236.
• Handover candidate enquire message not decoded. Bug 15237.
• TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled. Bug 15248.
• ICMPv6 with routing header incorrectly placed. Bug 15270.
• IEEE 802.11 Vendor Specific fixed fields display as malformed packets. Bug 15273.
• text2pcap -4 and -6 option should require -i as well. Bug 15275.
• text2pcap direction sensitivity does not affect dummy ethernet addresses. Bug 15287.
• MLE security suite display incorrect. Bug 15288.
• Message for incorrect IPv4 option lengths is incorrect. Bug 15290.
• TACACS+ dissector does not properly reassemble large accounting messages. Bug 15293.
• NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE 802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa, PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL

New and Updated Capture File Support

3GPP TS 32.423 Trace and IxVeriWave

New and Updated Capture Interfaces support

sshdump

Getting Wireshark

Wireshark source code and installation packages are available

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

Known Problems

The BER dissector might infinitely loop. Bug 1516.

Capture filters aren’t applied when capturing from named pipes. Bug 1814.

Filtering tshark captures with read filters (-R) no longer works. Bug 2234.

Application crash when changing real-time option. Bug 4035.

Wireshark and TShark will display incorrect delta times in some cases. Bug 4985.

Wireshark should let you work with multiple capture files. Bug 10488.

官网： https://www.wireshark.org/

官网更新记录： https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html

官方x86版下载：https://1.eu.dl.wireshark.org/win32/Wireshark-win32-2.6.5.exe

官方x64版下载：https://1.eu.dl.wireshark.org/win64/Wireshark-win64-2.6.5.exe

官方便携版下载：https://1.eu.dl.wireshark.org/win32/WiresharkPortable_2.6.5.paf.exe

官网MAC版下载： https://1.as.dl.wireshark.org/osx/Wireshark%202.6.5%20Intel%2064.dmg