A new version of Wireshark was released yesterday (1.8.0), head on over to http://www.wireshark.org/download.html to download it for your OS.
New and updated features since version 1.6:
- Wireshark supports capturing from multiple interfaces at once.
- You can now add, edit, and save packet and capture file annotations.
- Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.)
- Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier.
- OID resolution is now supported on 64-bit Windows.
- The “Save As” menu item has been split into “Save As”, which lets you save a file using a different filename and “Export Specified Packets”, which lets you have more control over which packets are saved.
- TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are.
- TCP window updates are no longer colorized as “Bad TCP”.
- TShark’s command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets.
- GeoIP IPv6 databases are now supported.