Wireshark 2.2.0 发布,网络协议检测程序

leolovenet
 leolovenet
发布于 2016年09月11日
收藏 36

Wireshark 是世界上最流行的开源、免费跨平台网络协议分析软件,它经常被网络专家用户排错、部署、分析和教育活动中。目前Wireshark  2.2.0已经发布,包括一系列bug修复以及其他新特性。

主要更新如下:

Bug Fixes

  • Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)

  • Extcap errors not reported back to UI. (Bug 11892)

New and Updated Features

The following features are new (or have been significantly updated) since version 2.2.0rc2:

  • No major changes since 2.2.0rc2.

The following features are new (or have been significantly updated) since version 2.2.0rc1:

  • "Decode As" supports SSL (TLS) over TCP.

The following features are new (or have been significantly updated) since version 2.1.1:

  • Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.

The following features are new (or have been significantly updated) since version 2.1.0:

  • Added -d option for Decode As support in Wireshark (mimics TShark functionality)

  • The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.

  • The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.

  • The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.

  • The RTP player now allows up to 30 minutes of silence frames.

  • Packet bytes can now be displayed as EBCDIC.

  • The Qt UI loads captures faster on Windows.

  • proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.

详细更新内容:

下载:

本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 OSCHINA 社区 [http://www.oschina.net]
本文标题:Wireshark 2.2.0 发布,网络协议检测程序
加载中

最新评论(14

自主创新
自主创新

引用来自“sinopf”的评论

这个现在已经成了我的debug神器,不过用smsniff也比较多。
sniff不是已经不支持win7了吗
554330833a
554330833a
有人写个教程如何使用吗
eechen
eechen
tcpdump/wireshark分析firefox/nginx/php-fpm完成一次PHP请求
http://www.oschina.net/question/2001233_223064
http://static.oschina.net/uploads/space/2015/0117/050233_cvdK_561214.png

WireShark里用tcp.port==3306过滤分析PHP和MySQL通信
http://static.oschina.net/uploads/space/2015/0508/225047_UF1o_561214.png

Ubuntu 14.04 快速创建无线接入点供移动设备连接上网
用wireshark监控经过wlan0的通信
http://my.oschina.net/eechen/blog/227230
http://static.oschina.net/uploads/space/2014/0427/144553_IMOh_561214.png
programtic
programtic

引用来自“蓝月萧枫”的评论

有什么好的教程学这个东西吗?
有书啊,我最近买了本。
卖萌的程序猿
卖萌的程序猿

引用来自“卖萌的程序猿”的评论

怎么回放报文?

引用来自“Feng_Yu”的评论

我记得有个dump功能,可以把包完整的抓出来,到时候你自己回放
怎么使用?
sinopf
sinopf
这个现在已经成了我的debug神器,不过用smsniff也比较多。
卖萌的程序猿
卖萌的程序猿

引用来自“首席撸破屌”的评论

如果支持修改包,这就是神器了
修改包,你可以直接16进制打开那个报文,然后修改,保存就可以了,使用UE之类的编辑器就可以
金拱门
金拱门

引用来自“首席撸破屌”的评论

如果支持修改包,这就是神器了

引用来自“钛元素”的评论

啊?不支持?
本身就不支持啊。这东西用来分析网络数据用的。
我记得介绍有说这玩意不是用来干坏事了。要干坏事可以用burpsuite
钛元素
钛元素

引用来自“首席撸破屌”的评论

如果支持修改包,这就是神器了
啊?不支持?
袁滚滚
袁滚滚

引用来自“卖萌的程序猿”的评论

怎么回放报文?
tcpreplay
返回顶部
顶部