Download Wireshark 1.6.3

Wireshark 1.6.3 has been released. This version is a maintenance release which contains bug fixes and stability improvements over the previous release. The Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available.

Overview
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and industries and educational institutions.

Features includes deep inspection of hundreds of protocols, with more being added all the time, Live capture and offline analysis, Standard three-pane packet browser, Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility, and Rich VoIP analysis.

Key Features
Here are key features of Wireshark:

• Deep inspection of hundreds of protocols, with more being added all the time
• Live capture and offline analysis
• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• The most powerful display filters in the industry
• Rich VoIP analysis
• Read/write many different capture file formats
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
• Coloring rules can be applied to the packet list for quick, intuitive analysis
• Output can be exported to XML, PostScript, CSV, or plain text

Download Wireshark 1.6.3 (November 1, 2011)
The links in this section correspond to files available for Wireshark 1.6.3. Select the files most appropriate for you.

• Download Wireshark 1.6.3 for Windows (32-bit)
• Download Wireshark 1.6.3 for Windows (64-bit)
• Download Wireshark 1.6.3 Portable Apps

To download Wireshark for MAC OS X and ource code please visit Download Wireshark website.

What's New in Wireshark 1.6.3
Vulnerabilities fixed
The following vulnerabilities have been fixed.

• wnpa-sec-2011-17: The CSN.1 dissector could crash. (Bug 6351) - Versions affected: 1.6.0 to 1.6.2.
• wnpa-sec-2011-18: Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. (Bug 6476) - Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.
• wnpa-sec-2011-19: Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. (Bug 6479) - Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.

Bug Fixes
The following bugs have been fixed.

• Assertion failed when doing File->Quit->Save during live capture. (Bug 1710)
• Wrong PCEP XRO sub-object decoding. (Bug 3778)
• Wireshark window takes very long time to show up if invalid network file path is at recent file list (Bug 3810)
• Decoding [Status Records] Timestamp Sequence Field in Bundle Protocol fails if over 32 bits. (Bug 4109)
• ISUP party number dissection. (Bug 5221)
• wireshark-1.4.2 crashes when testing the example python dissector because of a dissector count assertion. (Bug 5431)
• Ethernet packets with both VLAN tag and LLC header no longer displayed correctly. (Bug 5645)
• SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)
• Wireshark crashes when attempting to open a file via drag & drop when there's already a file open. (Bug 5987)
• Adding and removing custom HTTP headers requires a restart. (Bug 6241)
• Can't read full 64-bit SNMP values. (Bug 6295)
• Dissection fails for frames with Gigamon Header and VLAN. (Bug 6305)
• RTP Stream Analysis does not work for TURN-encapsulated RTP. (Bug 6322)
• packet-csn1.c doesn't process CSN_CHOICE entries properly. (Bug 6328)
• BACnet property time-synchronization-interval (204) name shown incorrectly as time-synchronization-recipients. (Bug 6336)
• GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)
• [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)
• ICMPv6 router advertisement Prefix Information Flag R "Router Address" missing. (Bug 6350)
• Export -> Object -> HTTP -> save all: Error on saving files. (Bug 6362)
• Inner tag of 802.1ad frames not parsed properly. (Bug 6366)
• Added cursor type decoding to MySQL dissector. (Bug 6396)
• Incorrect identification of UDP-encapsulated NAT-keepalive packets. (Bug 6414)
• WPA IE pairwise cipher suite dissector uses incorrect value_string list. (Bug 6420)
• S1AP protocol can't decode IPv6 transportLayerAddress. (Bug 6435)
• RTPS2 dissector doesn't handle 0 in the octestToNextHeader field. (Bug 6449)
• packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)
• Network Instruments Observer file format bugs. (Bug 6453)
• Wireshark crashes when using "Open Recent" 2 times in a row. (Bug 6457)
• Wireshark packet_gsm-sms, display bug: Filler bits in TP-User Data Header. (Bug 6469)
• wireshark unable to decode NetFlow options which have system scope size != 4 bytes. (Bug 6471)
• Display filter Expression Dialog Box Error. (Bug 6472)
• text_import_scanner.l missing. (Bug 6531)

Updated Protocol Support

• AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE 802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP, S1AP, SSL

New and Updated Capture File Support

• Endace ERF.

Source:
Wireshark 1.6.3 Release Notes