asn2wrs: add VALS_ATTR section

[metze/wireshark/wip.git] / NEWS

Wireshark 2.9.1 Release Notes

 This is an experimental release intended to test new features for
 Wireshark 3.0.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many user interface improvements have been made. See the “New and
  Updated Features” section below for more details.

  Bug Fixes

   The following bugs have been fixed:

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.9.0:

     • Wireshark now supports the Swedish and Ukrainian language.

     • Initial support for using PKCS #11 tokens for RSA decryption in
       TLS. A configuration user interface is still in development.

   The following features are new (or have been significantly updated)
   since version 2.6.0:

     • The Windows .exe installers now ship with Npcap instead of
       WinPcap.

     • Conversation timestamps are supported for UDP/UDP-Lite protocols

     • TShark now supports the -G elastic-mapping option which generates
       an ElasticSearch mapping file.

     • The “Capture Information” dialog has been added back (Bug
       12004[2]).

     • The Ethernet and IEEE 802.11 dissectors no longer validate the
       frame check sequence (checksum) by default.

     • The TCP dissector gained a new “Reassemble out-of-order segments”
       preference to fix dissection and decryption issues in case TCP
       segments are received out-of-order. See the User’s Guide, chapter
       TCP Reassembly for details.

     • Decryption support for the new WireGuard dissector (Bug 15011[3],
       requires Libgcrypt 1.8).

     • The BOOTP dissector has been renamed to DHCP. With the exception
       of “bootp.dhcp”, the old “bootp.*” display filter fields are
       still supported but may be removed in a future release.

     • The SSL dissector has been renamed to TLS. As with BOOTP the old
       “ssl.*” display filter fields are supported but may be removed in
       a future release.

     • Coloring rules, IO graphs, Filter Buttons and protocol preference
       tables can now be copied from other profiles using a button in
       the corresponding configuration dialogs.

     • APT-X has been renamed to aptX.

     • When importing from hex dump, it’s now possible to add an
       ExportPDU header with a payload name. This calls the specific
       dissector directly without lower protocols.

     • The sshdump and ciscodump extcap interfaces can now use a proxy
       for the SSH connection.

     • Dumpcap now supports the -a packets:NUM and -b packets:NUM
       options.

     • Wireshark now includes a “No Reassembly” configuration profile.

     • Wireshark now supports the Russian language.

     • The build system now supports AppImage packages.

     • The Windows installers now ship with Qt 5.12.0. Previously they
       shipped with Qt 5.9.7.

     • Support for DTLS and TLS decryption using pcapng files that embed
       a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
       15252[4]).

     • The editcap utility gained a new --inject-secrets option to
       inject an existing TLS Key Log file into a pcapng file.

     • A new dfilter function string() has been added. It allows the
       conversion of non-string fields to strings so string functions
       (as contains and matches) can be used on them.

  Removed Features and Support

     • The legacy (GTK+) user interface has been removed and is no
       longer supported.

     • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.

     • Wireshark requires GLib 2.32 or later.

     • Wireshark requires GnuTLS 3.2 or later as optional dependency.

     • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
       unsupported.

     • Building Wireshark requires CMake. Autotools is no longer
       supported.

     • TShark’s -z compare option was removed.

  New File Format Decoding Support

   Ruby Marshal format

  New Protocol Support

   Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
   BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
   over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
   Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
   RTP), Exablaze trailers, General Circuit Services Notification
   Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
   Emberplus Data format, Great Britain Companion Specification (GBCS)
   used in the Smart Metering Equipment Technical Specifications
   (SMETS), GSM-R (User-to-User Information Element usage),
   HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
   ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
   ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
   Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
   Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
   PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
   Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
   Spirent Test Center Signature decoding for Ethernet and FibreChannel
   (STCSIG, disabled by default), Sybase-specific portions of TDS,
   systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
   Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
   Retrieval Protocol

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
   and Unigraf DPA-400 DisplayPort AUX channel monitor

  New and Updated Capture Interfaces support

   dpauxmon, an external capture interface (extcap) that captures
   DisplayPort AUX channel data from linux kernel drivers.

   sdjournal, an extcap that captures systemd journal entries.

  Major API Changes

     • Lua: the various logging functions (debug, info, message, warn
       and critical) have been removed. Use the print function instead
       for debugging purposes.

     • Lua: on Windows, file-related functions such as dofile now assume
       UTF-8 paths instead of the local code page. This is consistent
       with Linux and macOS and improves compatibility on non-English
       systems. (Bug 15118[5])

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html[6].

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[7] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About→Folders to
  find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/[8]

  Community support is available on Wireshark’s Q&A site[9] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[10].

  Bugs and feature requests can be reported on the bug tracker[11].

  Official Wireshark training and certification are available from
  Wireshark University[12].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[13].

  Last updated 2019-01-20 08:14:50 UTC

 References

   1. 1
   2. 2
   3. 3
   4. 4
   5. 5
   6. 6
   7. 7
   8. 8
   9. 9
  10. 10
  11. 11
  12. 12
  13. 13