WireShark v4.2.0 Stable Win/Mac 多语言中文版- 网络数据包分析软件下载

软件下载 12月 08, 2023 0 king

Wireshark（前称Ethereal）是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。WireShark 是一款非常棒的 Unix 和 Windows 上的开源网络协议分析器。它可以实时检测网络通讯数据，知识兔也可以检测其抓取的网络通讯数据快照文件。知识兔可以通过图形界面浏览这些数据，知识兔可以查看网络通讯数据包中每一层的详细内容。

WireShark v4.2.0 Stable Win/Mac 多语言中文版- 网络数据包分析软件

WireShark 拥有许多强大的特性：包含有强显示过滤器语言（Rich Display Filter Language）和查看 TCP 会话重构流的能力；它更支持上百种协议和媒体类型；拥有一个类似 tcpdump (一个 Linux 下的网络协议分析工具)的名为Tethereal 的的命令行版本。

网络封包分析软件的功能可想像成 “电工技师使用电表来量测电流、电压、电阻” 的工作 – 只是将场景移植到网络上，并将电线替换成网络线。在过去，网络封包分析软件是非常昂贵，或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下，使用者可以以免费的代价取得软件与其源代码，并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。

网络管理员使用Wireshark来检测网络问题，网络安全工程师使用Wireshark来检查资讯安全相关问题，开发者使用Wireshark来为新的通讯协定除错，普通使用者使用Wireshark来学习网络协定的相关知识当然，有的人也会“居心叵测”的用它来寻找一些敏感信息……

Wireshark不是入侵侦测软件（Intrusion DetectionSoftware,IDS）。对于网络上的异常流量行为，Wireshark不会产生警示或是任何提示。然而，仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改，它只会反映出目前流通的封包资讯。 Wireshark本身也不会送出封包至网络上。

Wireshark 4.2.0 已于11月15日发布正式版，并分享了 Windows 和 macOS 平台的安装程序，源代码也已开源。关于 Wireshark 的介绍这里就不多说了，作为世界上最受欢迎的网络数据包分析软件，主要是用于排查和分析网络问题，或者调试通信协议，再则就是新手用于学习网络协议相关知识。

按照官方的说法，4.2.0 版本对用户界面进行了许多改进。此前的旧版用户界面(GTK+)已被删除，并不再分享支持。而且知识兔从该版本起，Wireshark 要求使用 Qt 5.2 或更高版本，不再支持 Qt 4；要求使用 GLib 2.32, GnuTLS 3.2, Python 3.4 或更高版本，不再支持 Python 2.7。

还有一个重要的变化就是 WinPcap —— 用于捕获和传输网络数据包的工具，目前在 Windows 版本上已被 Npcap 取代。因为 WinPcap 自2013年以来就一直没有更新，已停止维护，而 Npcap 大约在半年前还收到更新，并且知识兔仍然由 Nmap 项目组在积极维护。

除了更好的安全性和分享了 WinPcap 中没有的一些高级功能之外（支持回环抓包和 802.11 WiFi monitor 模式的抓包），Npcap 的另一个优点是其驱动程序已经过微软的测试和签名，允许用户在具有更严格签名要求的 Windows 10 / Windows 11 上运行它。

此外，最新版本的 Wireshark 还增加了对数十种新协议的支持。

Wireshark 4.2.0 Release Notes

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

What’s New

This is the first major Wireshark release under the Wireshark Foundation, a nonprofit which hosts Wireshark and promotes protocol analysis education. The foundation depends on your contributions in order to do its work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org.
Wireshark supports dark mode on Windows.
A Windows installer for Arm64 has been added.
Packet list sorting has been improved.
Wireshark and TShark are now better about generating valid UTF-8 output.
A new display filter feature for filtering raw bytes has been added.
Display filter autocomplete is smarter about not suggesting invalid syntax.
Tools › MAC Address Blocks can lookup a MAC address in the IEEE OUI registry.
The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.
The installation target no longer installs development headers by default.
The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
Wireshark can be compiled on Windows using MSYS2. Check the Developer’s guide for instructions.
Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions.
Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
Windows installer file names now have the format Wireshark-–.exe.
Wireshark now supports the Korean language.
Many other improvements have been made. See the “New and Updated Features” section below for more details.

Bug Fixes

The following bugs have been fixed:

Issue 18413 – RTP player do not play audio frequently on Windows builds with Qt6.
Issue 18510 – Playback marker does not move after resume with Qt6.

New and Updated Features

The following features are new (or have been significantly updated) since version 4.2.0rc3:

Nothing of note.

The following features are new (or have been significantly updated) since version 4.2.0rc2:

The Windows installers now ship with Npcap 1.78. They previously shipped with Npcap 1.77.

The following features are new (or have been significantly updated) since version 4.2.0rc1:

The Windows installers now ship with Npcap 1.77. They previously shipped with Npcap 1.71.

The following features are new (or have been significantly updated) since version 4.1.0:

Improved dark mode support.
The Windows installers now ship with Qt 6.5.3. They previously shipped with Qt 6.2.3.

The following features are new (or have been significantly updated) since version 4.0.0:

- The API has been updated to ensure that the dissection engine produces valid UTF-8 strings.
- Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake.
- The “ciscodump” extcap supports Cisco IOS XE 17.x.
- The default interval between GUI updates when capturing has been decreased from 500ms to 100ms, and is now configurable.
- The -n option also now disables IP address geolocation information lookup in configured MaxMind databases (and geolocation lookup can be enabled with -Ng.) This is most relevant for TShark, where geolocation lookups are synchronous.
- The display filter drop-down list is now sorted by “most recently used” instead of “most recently created”.
- Display filter syntax-related changes:
  - It is now possible to filter on raw packet data for any field by using the syntax @some.field == . This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to look at the field’s raw data.
  - Negation (unary minus) now works with any display filter arithmetic expression.
  - Using the slice operator with strings produces a string. Previously it would produce a byte array. This is useful to index/slice UTF-8 multibyte strings. String byte slices can still be obtained using the “@” (raw operator) prefix.
  - Arithmetic expressions are allowed as set elements.
  - Absolute date and time values can be written as Unix time.
  - The limitation where a minus sign needed to be preceded by a space character has been removed.
  - Added XOR logical operator.
  - Fixed the implementation of all … in membership operator (#19188).
  - When parsing absolute time values the display filter engine has learned to understand timezones as specified in strptime(3), including some common North American designations. Arbitrary timezone names are not supported however. Previously only ISO8601 offsets and the “UTC” designation was understood.
  - Writing value strings without double quotes is deprecated and will generate a warning. Value strings are integer or boolean values that can be represented using a user-friendly textual format, such as “Set”/”Unset” instead of numerical values like 1 and 0. It is now a requirement that value strings need to be written enclosed in double-quotes.
  - The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0.