Wireshark 1.7.0 Development Release

November 8, 2011

Wireshark 1.7.0 has been released. Installers for Windows, OS X, and source code are now available.

New and Updated Features

The following features are new (or have been significantly updated) since version 1.6:

  • Wireshark supports capturing from multiple interfaces at once.

  • Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.)

  • Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier.

  • OID resolution is now supported on 64-bit Windows.

  • TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are.

  • TCP window updates are no longer colorized as "Bad TCP".

  • TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets.

  • GeoIP IPv6 databases are now supported.

Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More