Wireshark 1.2.0 available


Everyone’s favorite packet sniffer has a new stable release. Wireshark 1.2.0 has a slew of new features. They’ve included a 64-bit Windows installer and improved their OSX support. A number of new protocols are recognized and filter selection autocompletes. One of the more interesting additions is the combined GeoIP and OpenStreetMap lookups. We’re excited about this new release as Wireshark has proven an indispensable tool in the past for figure out exactly what was going on on our network.

[via Lifehacker]


  1. googfan says:

    now all it needs is a wep cracker.

    totally unrelated, i just built a tater gun that shoots spuds 350 yards!

  2. Harvie says:

    i don’t like whireshark since it eats lot of memory (especialy when capuring lot of packets or for a long time).

    go and try ngrep! for both windows and *nixes.
    very handy:

    ngrep -d eth0
    or eg.:
    ngrep -d wlan0 dst port 21 “USER|PASS” > http://ftp.txt

  3. googfan says:

    but there really needs to be a wep cracker for windows

  4. nanoc says:

    WEP cracker? You can crack WEP in windows with aircrack-ng. I believe if your card is supported you can also capture packets with it too but i believe aircrack-ng discontinued windows support a few years back. Cain n Able also for Windows.

  5. TJHooker says:

    Go do a attack on a WEP point from a NT machine and you’ll see why nobody bothers. It takes forever without injection. I forget why but you can’t put the chip into the mode it needs from NT without heavy reverse engineering.

    I could be wrong.

  6. Jack says:

    The easiest way to do WEP cracking is just to get a hold of a wireless card that supports packet injecting, and to use a BackTrack3/4 live cd or run it off of a USB thumb drive.


    those are some cards, google around and I’m sure you’ll find more.

  7. h_2_o says:

    harvie hit it on the head, wireshark is nice for small grabs, but if you try and do large data grabs with it, forget about it.

  8. babylon_zoo says:

    WS is not for huge packet capturing safari. You certainly would not use notepad to code a project like firefox…

    They worked on this memory usage problem:

    Several memory leaks have been found and fixed.

    But at the time you are trying to display every packet on the screen and wanted to be able to scroll over them, you need to put those on memory… Using the ngrep method you put it on a file (and WS can do that too if you disable the display of packets in the gui)

  9. saimhe says:

    During capture, use tshark -w instead. Afterwards, to speed up handling, turn off any irrelevant protocols (however a more restrictive capture filter might do better).

  10. tjhooker says:

    I use it for reversing sometimes. Like with key gens that return from a server. I can use the data to patch jumps in ollydbg etc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,534 other followers