1 Wireshark 2.1.1 Release Notes
3 This is a semi-experimental release intended to test new features for
5 __________________________________________________________________
9 Wireshark is the world's most popular network protocol analyzer. It is
10 used for troubleshooting, analysis, development and education.
11 __________________________________________________________________
15 New and Updated Features
17 The following features are new (or have been significantly updated)
19 * Added -d option for Decode As support in Wireshark (mimics TShark
21 * The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
22 TShark can additionally export packets as Elasticsearch-compatible
24 * The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
26 * The Conversations and Endpoints dialogs are more responsive when
27 viewing large numbers of items.
28 * The RTP player now allows up to 30 minutes of silence frames.
29 * Packet bytes can now be displayed as EBCDIC.
30 * The Qt UI loads captures faster on Windows.
32 The following features are new (or have been significantly updated)
34 * The intelligent scroll bar now sits to the left of a normal scroll
35 bar and provides a clickable map of nearby packets.
36 * You can now switch between between Capture and File Format
37 dissection of the current capture file via the View menu in the Qt
39 * You can now show selected packet bytes as ASCII, HTML, Image, ISO
40 8859-1, Raw, UTF-8, a C array, or YAML.
41 * You can now use regular expressions in Find Packet and in the
43 * Name resolution for packet capture now supports asynchronous DNS
44 lookups only. Therefore the "concurrent DNS resolution" preference
45 has been deprecated and is a no-op. To enable DNS name resolution
46 some build dependencies must be present (currently c-ares). If that
47 is not the case DNS name resolution will be disabled (but other
48 name resolution mechanisms, such as host files, are still
50 * The byte under the mouse in the Packet Bytes pane is now
52 * TShark supports exporting PDUs via the -U flag.
53 * The Windows and OS X installers now come with the "sshdump" and
54 "ciscodump" extcap interfaces.
55 * Most dialogs in the Qt UI now save their size and positions.
56 * The Follow Stream dialog now supports UTF-16.
57 * The Firewall ACL Rules dialog has returned.
58 * The Flow (Sequence) Analysis dialog has been improved.
59 * We no longer provide packages for 32-bit versions of OS X.
60 * The Bluetooth Device details dialog has been added.
62 New File Format Decoding Support
64 Wireshark is able to display the format of some types of files (rather
65 than displaying the contents of those files). This is useful when
66 you're curious about, or debugging, a file and its format. To open a
67 capture file (such as PCAP) in this mode specify "MIME Files Format" as
68 the file's format in the Open File dialog.
70 New files that Wireshark can open in this mode include:
74 Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
75 Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control
76 Protocol (ECP), Ericsson IPOS Kernel Packet Header Dissector Added
77 (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY
78 Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO
79 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
80 LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow
81 Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open
82 Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M
83 TLV), Real Time Location System (RTLS), RTI TCP Transport Layer
84 (RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision
85 cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol
86 Clusters Dissectors Added (Closures Lighting General Measurement &
87 Sensing HVAC Security & Safety)
89 Updated Protocol Support
91 Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
92 allow to DecodeAs it over USB, TCP and UDP.
94 A preference was added to TCP dissector for handling IPFIX process
95 information. It has been disabled by default.
97 New and Updated Capture File Support
101 New and Updated Capture Interfaces support
103 Non-empty section placeholder.
107 The libwireshark API has undergone some major changes:
108 * The address macros (e.g., SET_ADDRESS) have been removed. Use the
109 (lower case) functions of the same names instead.
110 * "old style" dissector functions (that don't return number of bytes
111 used) have been replaced in name with the "new style" dissector
113 * tvb_get_string and tvb_get_stringz have been replaced with
114 tvb_get_string_enc and tvb_get_stringz_enc respectively.
115 __________________________________________________________________
119 Wireshark source code and installation packages are available from
120 [1]https://www.wireshark.org/download.html.
122 Vendor-supplied Packages
124 Most Linux and Unix vendors supply their own Wireshark packages. You
125 can usually install or upgrade Wireshark using the package management
126 system specific to that platform. A list of third-party packages can be
127 found on the [2]download page on the Wireshark web site.
128 __________________________________________________________________
132 Wireshark and TShark look in several different locations for preference
133 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
134 vary from platform to platform. You can use About->Folders to find the
135 default locations on your system.
136 __________________________________________________________________
140 Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
142 The BER dissector might infinitely loop. ([4]Bug 1516)
144 Capture filters aren't applied when capturing from named pipes. ([5]Bug
147 Filtering tshark captures with read filters (-R) no longer works.
150 Application crash when changing real-time option. ([7]Bug 4035)
152 Packet list rows are oversized. ([8]Bug 4357)
154 Wireshark and TShark will display incorrect delta times in some cases.
157 Wireshark should let you work with multiple capture files. ([10]Bug
160 Dell Backup and Recovery (DBAR) makes many Windows applications crash,
161 including Wireshark. ([11]Bug 12036)
162 __________________________________________________________________
166 Community support is available on [12]Wireshark's Q&A site and on the
167 wireshark-users mailing list. Subscription information and archives for
168 all of Wireshark's mailing lists can be found on [13]the web site.
170 Official Wireshark training and certification are available from
171 [14]Wireshark University.
172 __________________________________________________________________
174 Frequently Asked Questions
176 A complete FAQ is available on the [15]Wireshark web site.
177 __________________________________________________________________
179 Last updated 2016-07-14 18:05:31 UTC
183 1. https://www.wireshark.org/download.html
184 2. https://www.wireshark.org/download.html#thirdparty
185 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
186 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
187 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
188 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
189 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
190 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
191 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
192 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
193 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
194 12. https://ask.wireshark.org/
195 13. https://www.wireshark.org/lists/
196 14. http://www.wiresharktraining.com/
197 15. https://www.wireshark.org/faq.html