因专注所以专业
我们一直在努力

WireShark v3.0.0 Stable Win/Mac 多语言中文版- 网络数据包分析软件

Wireshark(前称Ethereal)是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料。WireShark 是一款非常棒的 Unix 和 Windows 上的开源网络协议分析器。它可以实时检测网络通讯数据,也可以检测其抓取的网络通讯数据快照文件。可以通过图形界面浏览这些数据,可以查看网络通讯数据包中每一层的详细内容。

WireShark v3.0.0 Stable Win/Mac 多语言中文版- 网络数据包分析软件

WireShark 拥有许多强大的特性:包含有强显示过滤器语言(Rich Display Filter Language)和查看 TCP 会话重构流的能力;它更支持上百种协议和媒体类型; 拥有一个类似 tcpdump (一个 Linux 下的网络协议分析工具)的名为Tethereal 的的命令行版本。

网络封包分析软件的功能可想像成 “电工技师使用电表来量测电流、电压、电阻” 的工作 – 只是将场景移植到网络上,并将电线替换成网络线。 在过去,网络封包分析软件是非常昂贵,或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下,使用者 可以以免费的代价取得软件与其源代码,并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。

网络管理员使用Wireshark来检测网络问题,网络安全工程师使用Wireshark来检查资讯安全相关问题,开发者使用Wireshark来 为新的通讯协定除错,普通使用者使用Wireshark来学习网络协定的相关知识当然,有的人也会“居心叵测”的用它来寻找一些敏感信息……

Wireshark不是入侵侦测软件(Intrusion DetectionSoftware,IDS)。对于网络上的异常流量行为,Wireshark不会产生警示或是任何提示。然而,仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改,它只会反映出目前流通的封包 资讯。 Wireshark本身也不会送出封包至网络上。

Wireshark 3.0.0 已于2月28日发布正式版,并提供了 Windows 和 macOS 平台的安装程序,源代码也已开源。关于 Wireshark 的介绍这里就不多说了,作为世界上最受欢迎的网络数据包分析软件,主要是用于排查和分析网络问题,或者调试通信协议,再则就是新手用于学习网络协议相关知识。

按照官方的说法,3.0 版本对用户界面进行了许多改进。此前的旧版用户界面(GTK+)已被删除,并不再提供支持。而且从该版本起,Wireshark 要求使用 Qt 5.2 或更高版本,不再支持 Qt 4;要求使用 GLib 2.32, GnuTLS 3.2, Python 3.4 或更高版本,不再支持 Python 2.7。

还有一个重要的变化就是 WinPcap —— 用于捕获和传输网络数据包的工具,目前在 Windows 版本上已被 Npcap 取代。因为 WinPcap 自2013年以来就一直没有更新,已停止维护,而 Npcap 大约在半年前还收到更新,并且仍然由 Nmap 项目组在积极维护。

除了更好的安全性和提供了 WinPcap 中没有的一些高级功能之外(支持回环抓包和 802.11 WiFi monitor 模式的抓包),Npcap 的另一个优点是其驱动程序已经过微软的测试和签名,允许用户在具有更严格签名要求的 Windows 10 上运行它。

此外,最新版本的 Wireshark 还增加了对数十种新协议的支持。

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

What’s New

Many user interface improvements have been made. See the “New and Updated Features” section below for more details.

Support for a number of legacy features and libraries has been removed. See the “Removed Features and Support” section below for more details.

Bug Fixes

The following bugs have been fixed:

  • Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427)
  • Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489).

Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098)

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

New and Updated Features

The following features are new (or have been significantly updated) since version 3.0.0rc2:

  • No significant changes.

The following features are new (or have been significantly updated) since version 3.0.0rc1:

  • The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
  • The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
  • The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.

The following features are new (or have been significantly updated) since version 2.9.0:

  • Wireshark now supports the Swedish and Ukrainian languages.
  • Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
  • The build system now produces reproducible builds (Bug 15163).
  • The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.

The following features are new (or have been significantly updated) since version 2.6.0:

  • The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver).
  • Conversation timestamps are supported for UDP/UDP-Lite protocols
  • TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
  • The “Capture Information” dialog has been added back (Bug 12004).
  • The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
  • The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
  • Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
  • The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
  • The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
  • Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
  • APT-X has been renamed to aptX.
  • When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
  • The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
  • Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
  • Wireshark now includes a “No Reassembly” configuration profile.
  • Wireshark now supports the Russian language.
  • The build system now supports AppImage packages.
  • The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
  • Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
  • The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
  • A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
  • The Bash test suite has been replaced by one based on Python unittest/pytest.
  • The custom window title can now show file path of the capture file and it has a conditional separator.

Removed Features and Support

  • The legacy (GTK+) user interface has been removed and is no longer supported.
  • The portaudio library is no longer needed due to the removal of GTK+.
  • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
  • Wireshark requires GLib 2.32 or later.
  • Wireshark requires GnuTLS 3.2 or later as optional dependency.
  • Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported.
  • Building Wireshark requires CMake. Autotools is no longer supported.
  • TShark’s -z compare option was removed.
  • Building with Cygwin is no longer supported on Windows.

官网: https://www.wireshark.org/

官网更新记录: https://www.wireshark.org/docs/relnotes/wireshark-3.0.0.html

官方x86版下载:https://1.as.dl.wireshark.org/win32/Wireshark-win32-3.0.0.exe

官方x64版下载:https://1.as.dl.wireshark.org/win64/Wireshark-win64-3.0.0.exe

官方便携版下载:https://1.as.dl.wireshark.org/win32/WiresharkPortable_3.0.0.paf.exe

官网MAC版下载: https://1.as.dl.wireshark.org/osx/Wireshark%203.0.0%20Intel%2064.dmg

赞(0) 打赏
转载请注明出处:联合优网 » WireShark v3.0.0 Stable Win/Mac 多语言中文版- 网络数据包分析软件
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

立即登录   我要注册

如果文章对您有帮助,请打赏一下作者吧,感谢您!

支付宝扫一扫打赏

微信扫一扫打赏

请通过支付宝、微信 APP 扫一扫,海外读者可使用 PayPal 打赏
使用 PayPal 打赏