Announcing Wireshark 3.0.0

2 min read

Yesterday, Wireshark released its version 3.0.0 with new user interface improvements, bug fixes, new Npcap Windows Packet capturing driver and more.

Wireshark, the open source and cross-platform network protocol analysis software is used by security analysts, experts and developers for analysis, troubleshooting, development, and other security-related tasks to capture and browse the packets traffic on computer networks.

Features of Wireshark 3.0.0

The Windows .exe installers replaces WinPcap with Npcap. Npcap supports loopback capture and 802.11 WiFi monitor mode capture – only if supported by the NIC driver.
The “Map-Button” of the Endpoint dialog that was erased since Wireshark Version 2.6.0 has been added in a modernized form.
The macOS package ships with Qt 5.12.1 and the OS requires version 10.12 or later.
Initial support has been provided for using PKCS #11 tokens for RSA decryption in TLS. Configure this at Preferences, RSA Keys.
The new WireGuard dissector has decryption support and requires Libgcrypt 1.8 for the same.
You can now copy coloring rules, IO graphs, filter Buttons and protocol preference tables from other profiles using a button in the corresponding configuration dialogs.
Wireshark now supports Swedish, Ukrainian and Russian language.
A new dfilter function string() has been added which allows the conversion of non-string fields to strings. This enables string functions to be used on them.
The legacy (GTK+) user interface, the portaudio library are removed and no longer supported.
Wireshark requires Qt 5.2 or later, GLib 2.32 or later, GnuTLS 3.2 or later as optional dependency.
Building Wireshark requires Python 3.4 or a newer version.
Data following a TCP ZeroWindowProbe is not passed to subdissectors and is marked as retransmission.