-$Id$
+ Wireshark 1.99.0 Release Notes
-== January 29, 2007
-
-Wireshark 0.99.5 has been released.
-
- ------------------------------------------------------------------
+ This is an experimental release intended to test new features for the
+ next stable release.
+ __________________________________________________________________
What is Wireshark?
- Wireshark is the world's most popular network protocol analyzer.
- It is used for troubleshooting, analysis, development, and
- education.
+ Wireshark is the world's most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
+ __________________________________________________________________
What's New
Bug Fixes
- The following vulnerabilities have been fixed. See the [1]security
- advisory for details and a workaround.
-
- o The TCP dissector could hang or crash while reassembling HTTP
- packets. Versions affected: 0.99.2 to 0.99.4
-
- o The HTTP dissector could crash. Versions affected: 0.99.3 to
- 0.99.4
-
- o On some systems, the IEEE 802.11 dissector could crash.
- Versions affected: 0.10.14 to 0.99.4
-
- o On some systems, the LLT dissector could crash. Versions
- affected: 0.99.3 to 0.99.4
-
The following bugs have been fixed:
+ * "On-the-wire" packet lengths are limited to 65535 bytes. ([1]Bug
+ 8808, ws-buglink:9390)
+ * "Follow TCP Stream" shows only the first HTTP req+res. ([2]Bug
+ 9044)
+ * Files with pcap-ng Simple Packet Blocks can't be read. ([3]Bug
+ 9200)
+ * MPLS-over-PPP isn't recognized. ([4]Bug 9492)
- o On Windows systems the packet list scroll bar could sometimes
- disappear or become unusable. ([2]Bug 220)
-
- o The end of HTTP chunked encoding wasn't being displayed.
- ([3]Bug 646)
-
- o The Follow TCP Stream window could omit characters. ([4]Bug
- 1043)
-
- o Opening a flow graph could crash Wireshark. ([5]Bug 1117)
-
- o Follow TCP Stream would sometimes get the direction wrong.
- ([6]Bug 1138)
-
- o The foreground text in the coloring rules editor was always
- black.. ([7]Bug 1164)
+ New and Updated Features
- o The CSV export format was incorrect. ([8]Bug 1173)
+ The following features are new (or have been significantly updated)
+ since version 1.12.0:
+ * The I/O Graph in the Gtk+ UI now supports an unlimited number of
+ data points (up from 100k).
+ * tshark now resets its state when changing files in ring-buffer
+ mode.
+ * Expert Info severities can now be configured.
+ * Wireshark now supports external capture interfaces. External
+ capture interfaces can be anything from a tcpdump-over-ssh pipe to
+ a program that captures from proprietary or non-standard hardware.
+ This functionality is not available in the Qt UI yet.
+ * Qt port:
+ + The Qt UI is now the default (program name is wireshark).
+ + A Polish translation has been added.
+ + The Interfaces dialog has been added.
+ + The interface list is now updated when interfaces appear or
+ disappear.
+ + The Conversations dialog has been added.
+ + A Japanese translation has been added.
+ + It is now possible to manage remote capture interfaces.
+ + Windows: taskbar progress support has been added.
+
+ The following features are new (or have been significantly updated)
+ since version 1.11.3:
+ * Transport name resolution is now disabled by default.
+ * Support has been added for all versions of the DCBx protocol.
+ * Cleanup of LLDP code, all dissected fields are now navigable.
+
+ The following features are new (or have been significantly updated)
+ since version 1.11.2:
+ * Qt port:
+ + The About dialog has been added
+ + The Capture Interfaces dialog has been added.
+ + The Decode As dialog has been added. It managed to swallow up
+ the User Specified Decodes dialog as well.
+ + The Export PDU dialog has been added.
+ + Several SCTP dialogs have been added.
+ + The statistics tree (the backend for many Statistics and
+ Telephony menu items) dialog has been added.
+ + The I/O Graph dialog has been added.
+ + French translation has updated.
+
+ The following features are new (or have been significantly updated)
+ since version 1.11.1:
+ * Mac OS X packaging has been improved.
+
+ The following features are new (or have been significantly updated)
+ since version 1.11.0:
+ * Dissector output may be encoded as UTF-8. This includes TShark
+ output.
+ * Qt port:
+ + The Follow Stream dialog now supports packet and TCP stream
+ selection.
+ + A Flow Graph (sequence diagram) dialog has been added.
+ + The main window now respects geometry preferences.
+
+ The following features are new (or have been significantly updated)
+ since version 1.10:
+ * Wireshark now uses the Qt application framework. The new UI should
+ provide a significantly better user experience, particularly on Mac
+ OS X and Windows.
+ * The Windows installer now uninstalls the previous version of
+ Wireshark silently. You can still run the uninstaller manually
+ beforehand if you wish to run it interactively.
+ * Expert information is now filterable when the new API is in use.
+ * The "Number" column shows related packets and protocol conversation
+ spans (Qt only).
+ * When manipulating packets with editcap using the -C <choplen>
+ and/or -s <snaplen> options, it is now possible to also adjust the
+ original frame length using the -L option.
+ * You can now pass the -C <choplen> option to editcap multiple times,
+ which allows you to chop bytes from the beginning of a packet as
+ well as at the end of a packet in a single step.
+ * You can now specify an optional offset to the -C option for
+ editcap, which allows you to start chopping from that offset
+ instead of from the absolute packet beginning or end.
+ * "malformed" display filter has been renamed to "_ws.malformed". A
+ handful of other filters have been given the "_ws." prefix to note
+ they are Wireshark application specific filters and not dissector
+ filters.
+ * The Kerberos dissector has been replaced with an auto generated one
+ from ASN1 protocol description, changing a lot of filter names.
- o On some Windows systems Wireshark could take a long time to
- start up.
+ New Protocol Support
- o Malformed UDLD packets could cause an exception.
+ ceph, corosync/totemnet, corosync/totemsrp, CP Cooper 2179, Generic
+ Network Virtualization Encapsulation (Geneve), IPMI Trace, iSER,
+ OptoMMP, S7 Communication, and Stateless Transport Tunneling
- New and Updated Features
+ Updated Protocol Support
- The following features are new (or have been significantly
- updated) since the last release:
+ Too many protocols have been updated to list here.
- o We are now offering Wireshark as a U3 package for Windows. U3
- packages are suitable for using on USB drives and CD-ROMs.
- It's still experimental, but you're welcome to try it out and
- report any problems or successes.
+ New and Updated Capture File Support
- o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
- TDS / MS SQL dissector now de-obfuscates passwords.
+ Android logcat text files
- o 64-bit file handling has been improved.
+ Major API Changes
- o The Find function now selects the corresponding packet detail
- item. Find functionality has been added to the TCP and SSL
- stream dialogs.
+ The libwireshark API has undergone some major changes:
+ * Many of the ep_ and se_ memory allocation routines have been
+ removed.
+ * The (long-since-broken) Python bindings support has been removed
+ from Wireshark. If you want to write dissectors in something other
+ than C, use Lua.
+ __________________________________________________________________
- o Main window keyboard navigation has been improved.
+Getting Wireshark
- o Windows file dialogs now show the navigation bar. File dialogs
- now default to "My Documents" in accordance with Microsoft's
- HIG.
+ Wireshark source code and installation packages are available from
+ [5]http://www.wireshark.org/download.html.
- o [9]AirPcap support (which provides raw mode capture under
- Windows) has been enhanced to allow capturing on multiple
- AirPcap adapters simultaneously.
+ Vendor-supplied Packages
- o You can no longer install Wireshark on Windows 95, 98, or ME.
- (OK, so it's not a feature per se, but it's an important
- change)
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can be
+ found on the [6]download page on the Wireshark web site.
+ __________________________________________________________________
- o ASN.1 BER-encoded files can now be dissected according to a
- user-specified syntax.
+File Locations
- New Protocol Support
+ Wireshark and TShark look in several different locations for preference
+ files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
+ vary from platform to platform. You can use About->Folders to find the
+ default locations on your system.
+ __________________________________________________________________
- DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
- v2
+Known Problems
- Updated Protocol Support
+ Dumpcap might not quit if Wireshark or TShark crashes. ([7]Bug 1419)
- 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
- BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
- EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
- DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
- HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
- IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
- MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
- NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
- RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
- SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
- TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
- USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
+ The BER dissector might infinitely loop. ([8]Bug 1516)
- New and Updated Capture File Support
+ Capture filters aren't applied when capturing from named pipes.
+ (ws-buglink:1814)
- Catapult DCT2000, Netttl, Windows Sniffer / NetXray
+ Filtering tshark captures with read filters (-R) no longer works.
+ ([9]Bug 2234)
-Getting Wireshark
+ The 64-bit Windows installer does not support Kerberos decryption.
+ ([10]Win64 development page)
- Wireshark source code and installation packages are available from
- the [10]download page on the main web site.
+ Resolving ([11]Bug 9044) reopens ([12]Bug 3528) so that Wireshark no
+ longer automatically decodes gzip data when following a TCP stream.
- Vendor-supplied Packages
+ Application crash when changing real-time option. ([13]Bug 4035)
- Most Linux and Unix vendors supply their own Wireshark packages.
- You can usually install or upgrade Wireshark using the package
- management system specific to that platform. A list of third-party
- packages can be found on the [11]download page on the Wireshark
- web site.
+ Hex pane display issue after startup. ([14]Bug 4056)
-File Locations
+ Packet list rows are oversized. ([15]Bug 4357)
- Wireshark and TShark look in several different locations for
- preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
- These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
+ Summary pane selected frame highlighting not maintained. ([16]Bug 4445)
-Known Problems
+ Wireshark and TShark will display incorrect delta times in some cases.
+ ([17]Bug 4985)
- The Filter button is nonfunctional in the file dialogs under
- Windows. ([12]Bug 942)
+ The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 ([18]Bug
+ 9242)
+ __________________________________________________________________
Getting Help
- Community support is available on the wireshark-users mailing
- list. Subscription information and archives for all of Wireshark's
- mailing lists can be found on [13]the web site.
+ Community support is available on [19]Wireshark's Q&A site and on the
+ wireshark-users mailing list. Subscription information and archives for
+ all of Wireshark's mailing lists can be found on [20]the web site.
- Commercial support, training, and development services are
- available from [14]CACE Technologies.
+ Official Wireshark training and certification are available from
+ [21]Wireshark University.
+ __________________________________________________________________
Frequently Asked Questions
- A complete FAQ is available on the [15]Wireshark web site.
+ A complete FAQ is available on the [22]Wireshark web site.
+ __________________________________________________________________
+
+ Last updated 2014-09-04 15:30:56 UTC
References
- Visible links
- 1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
- 2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
- 3. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
- 4. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
- 5. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
- 6. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
- 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
- 8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
- 9. http://www.cacetech.com/products/airpcap.htm
- 10. http://www.wireshark.org/download.html
- 11. http://www.wireshark.org/download.html#otherplat
- 12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
- 13. http://www.wireshark.org/lists/
- 14. http://www.cacetech.com/
- 15. http://www.wireshark.org/faq.html
+ 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
+ 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
+ 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9492
+ 5. http://www.wireshark.org/download.html
+ 6. http://www.wireshark.org/download.html#thirdparty
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 10. https://wiki.wireshark.org/Development/Win64
+ 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
+ 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
+ 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
+ 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
+ 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
+ 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
+ 19. http://ask.wireshark.org/
+ 20. http://www.wireshark.org/lists/
+ 21. http://www.wiresharktraining.com/
+ 22. http://www.wireshark.org/faq.html