-$Id$
+ Wireshark 2.1.1 Release Notes
-== January 29, 2007
-
-Wireshark 0.99.5 has been released.
-
- ------------------------------------------------------------------
+ This is a semi-experimental release intended to test new features for
+ Wireshark 2.2.
+ __________________________________________________________________
What is Wireshark?
- Wireshark is the world's most popular network protocol analyzer.
- It is used for troubleshooting, analysis, development, and
- education.
+ Wireshark is the world's most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
+ __________________________________________________________________
What's New
- Bug Fixes
-
- The following vulnerabilities have been fixed. See the [1]security
- advisory for details and a workaround.
-
- o The TCP dissector could hang or crash while reassembling HTTP
- packets. Versions affected: 0.99.2 to 0.99.4
-
- o The HTTP dissector could crash. Versions affected: 0.99.3 to
- 0.99.4
-
- o On some systems, the IEEE 802.11 dissector could crash.
- Versions affected: 0.10.14 to 0.99.4
-
- o On some systems, the LLT dissector could crash. Versions
- affected: 0.99.3 to 0.99.4
-
- The following bugs have been fixed:
-
- o On Windows systems the packet list scroll bar could sometimes
- disappear or become unusable. ([2]Bug 220)
-
- o The end of HTTP chunked encoding wasn't being displayed.
- ([3]Bug 646)
-
- o The Follow TCP Stream window could omit characters. ([4]Bug
- 1043)
-
- o Opening a flow graph could crash Wireshark. ([5]Bug 1117)
-
- o Follow TCP Stream would sometimes get the direction wrong.
- ([6]Bug 1138)
-
- o The foreground text in the coloring rules editor was always
- black.. ([7]Bug 1164)
+ New and Updated Features
- o The CSV export format was incorrect. ([8]Bug 1173)
+ The following features are new (or have been significantly updated)
+ since version 2.1.0:
+ * Added -d option for Decode As support in Wireshark (mimics TShark
+ functionality)
+ * The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
+ TShark can additionally export packets as Elasticsearch-compatible
+ JSON.
+ * The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
+ deprecated.
+ * The Conversations and Endpoints dialogs are more responsive when
+ viewing large numbers of items.
+ * The RTP player now allows up to 30 minutes of silence frames.
+ * Packet bytes can now be displayed as EBCDIC.
+ * The Qt UI loads captures faster on Windows.
+
+ The following features are new (or have been significantly updated)
+ since version 2.0.0:
+ * The intelligent scroll bar now sits to the left of a normal scroll
+ bar and provides a clickable map of nearby packets.
+ * You can now switch between between Capture and File Format
+ dissection of the current capture file via the View menu in the Qt
+ GUI.
+ * You can now show selected packet bytes as ASCII, HTML, Image, ISO
+ 8859-1, Raw, UTF-8, a C array, or YAML.
+ * You can now use regular expressions in Find Packet and in the
+ advanced preferences.
+ * Name resolution for packet capture now supports asynchronous DNS
+ lookups only. Therefore the "concurrent DNS resolution" preference
+ has been deprecated and is a no-op. To enable DNS name resolution
+ some build dependencies must be present (currently c-ares). If that
+ is not the case DNS name resolution will be disabled (but other
+ name resolution mechanisms, such as host files, are still
+ available).
+ * The byte under the mouse in the Packet Bytes pane is now
+ highlighted.
+ * TShark supports exporting PDUs via the -U flag.
+ * The Windows and OS X installers now come with the "sshdump" and
+ "ciscodump" extcap interfaces.
+ * Most dialogs in the Qt UI now save their size and positions.
+ * The Follow Stream dialog now supports UTF-16.
+ * The Firewall ACL Rules dialog has returned.
+ * The Flow (Sequence) Analysis dialog has been improved.
+ * We no longer provide packages for 32-bit versions of OS X.
+ * The Bluetooth Device details dialog has been added.
+
+ New File Format Decoding Support
+
+ Wireshark is able to display the format of some types of files (rather
+ than displaying the contents of those files). This is useful when
+ you're curious about, or debugging, a file and its format. To open a
+ capture file (such as PCAP) in this mode specify "MIME Files Format" as
+ the file's format in the Open File dialog.
+
+ New files that Wireshark can open in this mode include:
- o On some Windows systems Wireshark could take a long time to
- start up.
+ New Protocol Support
- o Malformed UDLD packets could cause an exception.
+ Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
+ Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control
+ Protocol (ECP), Ericsson IPOS Kernel Packet Header Dissector Added
+ (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY
+ Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO
+ 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
+ LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow
+ Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open
+ Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M
+ TLV), Real Time Location System (RTLS), RTI TCP Transport Layer
+ (RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision
+ cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol
+ Clusters Dissectors Added (Closures Lighting General Measurement &
+ Sensing HVAC Security & Safety)
- New and Updated Features
+ Updated Protocol Support
- The following features are new (or have been significantly
- updated) since the last release:
+ Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
+ allow to DecodeAs it over USB, TCP and UDP.
- o We are now offering Wireshark as a [16]U3 package for Windows.
- U3 packages are suitable for using on special "U3" USB drives.
- It's still experimental, but you're welcome to try it out and
- report any problems or successes.
+ A preference was added to TCP dissector for handling IPFIX process
+ information. It has been disabled by default.
- o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
- TDS / MS SQL dissector now de-obfuscates passwords.
+ New and Updated Capture File Support
- o 64-bit file handling has been improved.
+ and Micropross mplog
- o The Find function now selects the corresponding packet detail
- item. Find functionality has been added to the TCP and SSL
- stream dialogs.
+ New and Updated Capture Interfaces support
- o Main window keyboard navigation has been improved.
+ Non-empty section placeholder.
- o Windows file dialogs now show the "places bar" (Desktop, ...).
- File dialogs now default to "My Documents" in accordance with
- Microsoft's HIG.
+ Major API Changes
- o [9]AirPcap support (which provides raw mode capture under
- Windows) has been enhanced to allow capturing on multiple
- AirPcap adapters simultaneously.
+ The libwireshark API has undergone some major changes:
+ * The address macros (e.g., SET_ADDRESS) have been removed. Use the
+ (lower case) functions of the same names instead.
+ * "old style" dissector functions (that don't return number of bytes
+ used) have been replaced in name with the "new style" dissector
+ functions.
+ * tvb_get_string and tvb_get_stringz have been replaced with
+ tvb_get_string_enc and tvb_get_stringz_enc respectively.
+ __________________________________________________________________
- o You can no longer install Wireshark on Windows 95, 98, or ME.
- (OK, so it's not a feature per se, but it's an important
- change). The last Version known to work on these systems is
- [17]Ethereal 0.99.0!
+Getting Wireshark
- o ASN.1 BER-encoded files can now be dissected according to a
- user-specified syntax.
+ Wireshark source code and installation packages are available from
+ [1]https://www.wireshark.org/download.html.
- New Protocol Support
+ Vendor-supplied Packages
- DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
- v2
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can be
+ found on the [2]download page on the Wireshark web site.
+ __________________________________________________________________
- Updated Protocol Support
+File Locations
- 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
- BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
- EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
- DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
- HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
- IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
- MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
- NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
- RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
- SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
- TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
- USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
+ Wireshark and TShark look in several different locations for preference
+ files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
+ vary from platform to platform. You can use About->Folders to find the
+ default locations on your system.
+ __________________________________________________________________
- New and Updated Capture File Support
+Known Problems
- Catapult DCT2000, Netttl, Windows Sniffer / NetXray
+ Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
-Getting Wireshark
+ The BER dissector might infinitely loop. ([4]Bug 1516)
- Wireshark source code and installation packages are available from
- the [10]download page on the main web site.
+ Capture filters aren't applied when capturing from named pipes. ([5]Bug
+ 1814)
- Vendor-supplied Packages
+ Filtering tshark captures with read filters (-R) no longer works.
+ ([6]Bug 2234)
- Most Linux and Unix vendors supply their own Wireshark packages.
- You can usually install or upgrade Wireshark using the package
- management system specific to that platform. A list of third-party
- packages can be found on the [11]download page on the Wireshark
- web site.
+ Application crash when changing real-time option. ([7]Bug 4035)
-File Locations
+ Packet list rows are oversized. ([8]Bug 4357)
- Wireshark and TShark look in several different locations for
- preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
- These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
+ Wireshark and TShark will display incorrect delta times in some cases.
+ ([9]Bug 4985)
-Known Problems
+ Wireshark should let you work with multiple capture files. ([10]Bug
+ 10488)
- The Filter button is nonfunctional in the file dialogs under
- Windows. ([12]Bug 942)
+ Dell Backup and Recovery (DBAR) makes many Windows applications crash,
+ including Wireshark. ([11]Bug 12036)
+ __________________________________________________________________
Getting Help
- Community support is available on the wireshark-users mailing
- list. Subscription information and archives for all of Wireshark's
- mailing lists can be found on [13]the web site.
+ Community support is available on [12]Wireshark's Q&A site and on the
+ wireshark-users mailing list. Subscription information and archives for
+ all of Wireshark's mailing lists can be found on [13]the web site.
- Commercial support, training, and development services are
- available from [14]CACE Technologies.
+ Official Wireshark training and certification are available from
+ [14]Wireshark University.
+ __________________________________________________________________
Frequently Asked Questions
A complete FAQ is available on the [15]Wireshark web site.
+ __________________________________________________________________
+
+ Last updated 2016-07-14 18:05:31 UTC
References
- Visible links
- 1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
- 2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
- 3. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
- 4. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
- 5. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
- 6. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
- 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
- 8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
- 9. http://www.cacetech.com/products/airpcap.htm
- 10. http://www.wireshark.org/download.html
- 11. http://www.wireshark.org/download.html#otherplat
- 12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
- 13. http://www.wireshark.org/lists/
- 14. http://www.cacetech.com/
- 15. http://www.wireshark.org/faq.html
- 16. http://www.u3.com
- 17. http://www.ethereal.com
+ 1. https://www.wireshark.org/download.html
+ 2. https://www.wireshark.org/download.html#thirdparty
+ 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
+ 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
+ 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
+ 12. https://ask.wireshark.org/
+ 13. https://www.wireshark.org/lists/
+ 14. http://www.wiresharktraining.com/
+ 15. https://www.wireshark.org/faq.html