1 Wireshark 2.9.1 Release Notes
3 This is an experimental release intended to test new features for
8 Wireshark is the world’s most popular network protocol analyzer. It is
9 used for troubleshooting, analysis, development and education.
13 Many user interface improvements have been made. See the “New and
14 Updated Features” section below for more details.
18 The following bugs have been fixed:
20 Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
22 New and Updated Features
24 The following features are new (or have been significantly updated)
27 • Wireshark now supports the Swedish and Ukrainian language.
29 • Initial support for using PKCS #11 tokens for RSA decryption in
30 TLS. A configuration user interface is still in development.
32 The following features are new (or have been significantly updated)
35 • The Windows .exe installers now ship with Npcap instead of
38 • Conversation timestamps are supported for UDP/UDP-Lite protocols
40 • TShark now supports the -G elastic-mapping option which generates
41 an ElasticSearch mapping file.
43 • The “Capture Information” dialog has been added back (Bug
46 • The Ethernet and IEEE 802.11 dissectors no longer validate the
47 frame check sequence (checksum) by default.
49 • The TCP dissector gained a new “Reassemble out-of-order segments”
50 preference to fix dissection and decryption issues in case TCP
51 segments are received out-of-order. See the User’s Guide, chapter
52 TCP Reassembly for details.
54 • Decryption support for the new WireGuard dissector (Bug 15011[3],
55 requires Libgcrypt 1.8).
57 • The BOOTP dissector has been renamed to DHCP. With the exception
58 of “bootp.dhcp”, the old “bootp.*” display filter fields are
59 still supported but may be removed in a future release.
61 • The SSL dissector has been renamed to TLS. As with BOOTP the old
62 “ssl.*” display filter fields are supported but may be removed in
65 • Coloring rules, IO graphs, Filter Buttons and protocol preference
66 tables can now be copied from other profiles using a button in
67 the corresponding configuration dialogs.
69 • APT-X has been renamed to aptX.
71 • When importing from hex dump, it’s now possible to add an
72 ExportPDU header with a payload name. This calls the specific
73 dissector directly without lower protocols.
75 • The sshdump and ciscodump extcap interfaces can now use a proxy
76 for the SSH connection.
78 • Dumpcap now supports the -a packets:NUM and -b packets:NUM
81 • Wireshark now includes a “No Reassembly” configuration profile.
83 • Wireshark now supports the Russian language.
85 • The build system now supports AppImage packages.
87 • The Windows installers now ship with Qt 5.12.0. Previously they
88 shipped with Qt 5.9.7.
90 • Support for DTLS and TLS decryption using pcapng files that embed
91 a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
94 • The editcap utility gained a new --inject-secrets option to
95 inject an existing TLS Key Log file into a pcapng file.
97 • A new dfilter function string() has been added. It allows the
98 conversion of non-string fields to strings so string functions
99 (as contains and matches) can be used on them.
101 Removed Features and Support
103 • The legacy (GTK+) user interface has been removed and is no
106 • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
108 • Wireshark requires GLib 2.32 or later.
110 • Wireshark requires GnuTLS 3.2 or later as optional dependency.
112 • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
115 • Building Wireshark requires CMake. Autotools is no longer
118 • TShark’s -z compare option was removed.
120 New File Format Decoding Support
126 Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
127 BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
128 over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
129 Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
130 RTP), Exablaze trailers, General Circuit Services Notification
131 Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
132 Emberplus Data format, Great Britain Companion Specification (GBCS)
133 used in the Smart Metering Equipment Technical Specifications
134 (SMETS), GSM-R (User-to-User Information Element usage),
135 HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
136 ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
137 ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
138 Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
139 Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
140 PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
141 Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
142 Spirent Test Center Signature decoding for Ethernet and FibreChannel
143 (STCSIG, disabled by default), Sybase-specific portions of TDS,
144 systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
145 Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
148 Updated Protocol Support
150 Too many protocols have been updated to list here.
152 New and Updated Capture File Support
154 RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
155 and Unigraf DPA-400 DisplayPort AUX channel monitor
157 New and Updated Capture Interfaces support
159 dpauxmon, an external capture interface (extcap) that captures
160 DisplayPort AUX channel data from linux kernel drivers.
162 sdjournal, an extcap that captures systemd journal entries.
166 • Lua: the various logging functions (debug, info, message, warn
167 and critical) have been removed. Use the print function instead
168 for debugging purposes.
170 • Lua: on Windows, file-related functions such as dofile now assume
171 UTF-8 paths instead of the local code page. This is consistent
172 with Linux and macOS and improves compatibility on non-English
173 systems. (Bug 15118[5])
177 Wireshark source code and installation packages are available from
178 https://www.wireshark.org/download.html[6].
180 Vendor-supplied Packages
182 Most Linux and Unix vendors supply their own Wireshark packages. You
183 can usually install or upgrade Wireshark using the package management
184 system specific to that platform. A list of third-party packages can
185 be found on the download page[7] on the Wireshark web site.
189 Wireshark and TShark look in several different locations for
190 preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
191 locations vary from platform to platform. You can use About→Folders to
192 find the default locations on your system.
196 The User’s Guide, manual pages and various other documentation can be
197 found at https://www.wireshark.org/docs/[8]
199 Community support is available on Wireshark’s Q&A site[9] and on the
200 wireshark-users mailing list. Subscription information and archives
201 for all of Wireshark’s mailing lists can be found on the web site[10].
203 Bugs and feature requests can be reported on the bug tracker[11].
205 Official Wireshark training and certification are available from
206 Wireshark University[12].
208 Frequently Asked Questions
210 A complete FAQ is available on the Wireshark web site[13].
212 Last updated 2019-01-20 08:14:50 UTC