Build 1.99.7.

[metze/wireshark/wip.git] / NEWS

                         Wireshark 1.99.7 Release Notes

   This is an experimental release intended to test new features for
   Wireshark 2.0.
     __________________________________________________________________

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
     __________________________________________________________________

What's New

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 1.99.6:
     * Qt port:
          + The Bluetooth Devices dialog has been added.
          + The wireless toolbar has been added.
          + Opening files via drag and drop is now supported.
          + The Capture Filter and Display Filter dialogs have been added.
          + The Display Filter Expression dialog has been added.
          + Conversation Filter menu items have been added.
          + You can change protocol preferences by right clicking on the
            packet list and details.

   The following features are new (or have been significantly updated)
   since version 1.99.4 and 1.99.5:
     * Qt port:
          + Capture restarts are now supported.
          + Menu items for plugins are now supported.
          + Extcap interfaces are now supported.
          + The Expert Information dialog has been added.
          + Display and capture filter completion is now supported.
          + Many bugs have been fixed.
          + Translations have been updated.

   The following features are new (or have been significantly updated)
   since version 1.99.3:
     * Qt port:
          + Several interface bugs have been fixed.
          + Translations have been updated.

   The following features are new (or have been significantly updated)
   since version 1.99.2:
     * Qt port:
          + Several bugs have been fixed.
          + You can now open a packet in a new window.
          + The Bluetooth ATT Server Attributes dialog has been added.
          + The Coloring Rules dialog has been added.
          + Many translations have been updated. Chinese, Italian and
            Polish translations are complete.
          + General user interface and usability improvements.
          + Automatic scrolling during capture now works.
          + The related packet indicator has been updated.

   The following features are new (or have been significantly updated)
   since version 1.99.1:
     * Qt port:
          + The welcome screen layout has been updated.
          + The Preferences dialog no longer crashes on Windows.
          + The packet list header menu has been added.
          + Statistics tree plugins are now supported.
          + The window icon is now displayed properly in the Windows
            taskbar.
          + A packet list an byte view selection bug has been fixed
            ([1]Bug 10896)
          + The RTP Streams dialog has been added.
          + The Protocol Hierarchy Statistics dialog has been added.

   The following features are new (or have been significantly updated)
   since version 1.99.0:
     * Qt port:
          + You can now show and hide toolbars and major widgets using the
            View menu.
          + You can now set the time display format and precision.
          + The byte view widget is much faster, particularly when
            selecting large reassembled packets.
          + The byte view is explorable. Hovering over it highlights the
            corresponding field and shows a description in the status bar.
          + An Italian translation has been added.
          + The Summary dialog has been updated and renamed to Capture
            File Properties.
          + The VoIP Calls and SIP Flows dialogs have been added.
          + Support for HiDPI / Retina displays has been improved in the
            official packages.
     * DNS stats: + A new stats tree has been added to the Statistics
       menu. Now it is possible to collect stats such as qtype/qclass
       distribution, number of resource record per response section, and
       stats data (min, max, avg) for values such as query name length or
       DNS payload.
     * HPFEEDS stats: + A new stats tree has been added to the statistics
       menu. Now it is possible to collect stats per channel (messages
       count and payload size), and opcode distribution.
     * HTTP2 stats: + A new stats tree has been added to the statistics
       menu. Now it is possible to collect stats (type distribution).

   The following features are new (or have been significantly updated)
   since version 1.12.0:
     * The I/O Graph in the Gtk+ UI now supports an unlimited number of
       data points (up from 100k).
     * TShark now resets its state when changing files in ring-buffer
       mode.
     * Expert Info severities can now be configured.
     * Wireshark now supports external capture interfaces. External
       capture interfaces can be anything from a tcpdump-over-ssh pipe to
       a program that captures from proprietary or non-standard hardware.
       This functionality is not available in the Qt UI yet.
     * Qt port:
          + The Qt UI is now the default (program name is wireshark).
          + A Polish translation has been added.
          + The Interfaces dialog has been added.
          + The interface list is now updated when interfaces appear or
            disappear.
          + The Conversations and Endpoints dialogs have been added.
          + A Japanese translation has been added.
          + It is now possible to manage remote capture interfaces.
          + Windows: taskbar progress support has been added.
          + Most toolbar actions are in place and work.
          + More command line options are now supported

  New Protocol Support

   (LISP) TCP Control Message, Aeron, AllJoyn Reliable Datagram Protocol,
   Android ADB, Android Logcat text, Apache Tribes Heartbeat, BGP
   Monitoring Prototol (BMP), C15 Call History Protocol dissection
   (C15ch), ceph, corosync/totemnet corosync cluster engine ( lowest
   levelencryption/decryption protocol), corosync/totemsrp corosync
   cluster engine ( totem single ring protocol), Couchbase, CP "Cooper"
   2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC
   4728), Elasticsearch, ETSI Card Application Toolkit - Transport
   Protocol, Generic Network Virtualization Encapsulation (Geneve),
   Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM)
   Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace,
   iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft
   Pocket Edition), Network File System over Remote Direct Memory Access
   (NFSoRDMA), OCFS2, OptoMMP, Performance Co-Pilot Proxy, QNEX6 (QNET),
   RakNet games library, Remote Shared Virtual Disk - RSVD, Riemann, S7
   Communication, Secure Socket Tunnel Protocol (SSTP), Shared Memory
   Communications - RDMA, Stateless Transport Tunneling, Thrift, Video
   Services over IP (VSIP), and ZVT Kassenschnittstelle

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   3GPP Nettrace TS 34 423, Android Logcat text files, Colasoft Capsa
   files, Netscaler 3.5, and Wireshark now supports nanosecond timestamp
   resolution in PCAP-NG files.

  New and Updated Capture Interfaces support

   and Androiddump - provide interfaces to capture (Logcat and Bluetooth)
   from connected Android devices

  Major API Changes

   The libwireshark API has undergone some major changes:
     * The emem framework (including all ep_ and se_ memory allocation
       routines) has been completely removed in favour of wmem which is
       now fully mature.
     * The (long-since-broken) Python bindings support has been removed.
       If you want to write dissectors in something other than C, use Lua.
     * Plugins can now create GUI menu items.
     __________________________________________________________________

Getting Wireshark

   Wireshark source code and installation packages are available from
   [2]https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [3]download page on the Wireshark web site.
     __________________________________________________________________

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.
     __________________________________________________________________

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([4]Bug 1419)

   The BER dissector might infinitely loop. ([5]Bug 1516)

   Capture filters aren't applied when capturing from named pipes. ([6]Bug
   1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([7]Bug 2234)

   Resolving ([8]Bug 9044) reopens ([9]Bug 3528) so that Wireshark no
   longer automatically decodes gzip data when following a TCP stream.

   Application crash when changing real-time option. ([10]Bug 4035)

   Hex pane display issue after startup. ([11]Bug 4056)

   Packet list rows are oversized. ([12]Bug 4357)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([13]Bug 4985)

   The 64-bit version of Wireshark will leak memory on Windows when the
   display depth is set to 16 bits ([14]Bug 9914)

   Wireshark should let you work with multiple capture files. ([15]Bug
   10488)
     __________________________________________________________________

Getting Help

   Community support is available on [16]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [17]the web site.

   Official Wireshark training and certification are available from
   [18]Wireshark University.
     __________________________________________________________________

Frequently Asked Questions

   A complete FAQ is available on the [19]Wireshark web site.
     __________________________________________________________________

   Last updated 2015-06-18 15:33:59 UTC

References

   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10896
   2. https://www.wireshark.org/download.html
   3. https://www.wireshark.org/download.html#thirdparty
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
  12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
  13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9914
  15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  16. https://ask.wireshark.org/
  17. https://www.wireshark.org/lists/
  18. http://www.wiresharktraining.com/
  19. https://www.wireshark.org/faq.html