The world`s foremost network protocol analyzer for Mac

Wireshark for Mac

Browse by Company

Adobe, Apowersoft, Autodesk, Avast, Corel, Cyberlink, Google, iMyFone, iTop, Movavi, PassFab, Passper, Tenorshare, Wargaming, Wondershare

Wireshark for Mac

  -  66 MB  -  Open Source
Free Download

Security Status

The Ethereal network protocol analyzer has changed its name to Wireshark for Mac. The name might be new, but the software is the same. Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide.

Wireshark for macOS was written by networking experts around the world, and is an example of the power of open source. The app is used by network professionals around the world for analysis, troubleshooting, software and protocol development and education.

The program has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements.

Features and Highlights
  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, macOS, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text
Also Available: Download Wireshark for Windows

Download Wireshark for Mac Latest Version

  • Wireshark 4.4.2 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

    Wireshark 4.4.2 Screenshot 1
  • Wireshark 4.4.2 Screenshot 2
  • Wireshark 4.4.2 Screenshot 3
  • Wireshark 4.4.2 Screenshot 4

What's new in this version:

Fixed:
The following vulnerabilities have been fixed:
- wnpa-sec-2024-14 FiveCo RAP dissector infinite loop
- wnpa-sec-2024-15 ECMP dissector crash

The following bugs have been fixed:
- CIP I/O is not detected by "enip" filter anymore
- Fuzz job issue: fuzz-2024-09-03-7550.pcap
- OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal
- JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000
- Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring
- PTP analysis loses track of message associations in case of sequence number resets
- USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed
- dumpcap crashes when run from TShark with a capture filter
- SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating
- Ghost error message on POP3 packets
- Building against c-ares 1.34 fails
- D-Bus is not optional anymore
- macOS Intel DMGs aren’t fully notarized
- Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture
- CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142.
- Wi-Fi: 256 Block Ack (BA) is not parsed properly
- BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached
- Statistics→I/O Graph crashes when using simple moving average
- HTTP2 body decompression fails on DATA with a single padded frame
- Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.
- SIP dissector bug due to "be-route" param in VIA header
- Coredump after trying to open 'Follow TCP stream' Issue 20174.
- Protobuf JSON mapping error
- Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183.
- Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1
- IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame
- Wireshark 4.4.1 does not decode RTCP packets
- Qt: Display filter sub-menu can only be opened on the triangle, not the full name
- Qt: Changing the display filter does not update the Conversations or Endpoints dialogs
- MODBUS Dissector bug
- Modbus dissector bug - Field Occurence and Layer Operator modbus.bitval field
- Wireshark crashes when a field is dragged from packet details towards the find input
- Lua DissectorTable("") : set ("10,11") unexpected behavior in locales with comma as decimal separator

New and Updated Features:
- The TShark syntax for dumping only fields with a certain prefix has changed from -G fields prefix to -G fields,prefix. This allows tshark -G fields to again support also specifying the configuration profile to use.

Top Downloads

More Popular Software »