1 Wireshark 2.9.1 Release Notes
3 This is an experimental release intended to test new features for
8 Wireshark is the world’s most popular network protocol analyzer. It is
9 used for troubleshooting, analysis, development and education.
13 Many user interface improvements have been made. See the “New and
14 Updated Features” section below for more details.
18 The following bugs have been fixed:
20 Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
22 New and Updated Features
24 The following features are new (or have been significantly updated)
27 • Wireshark now supports the Swedish and Ukrainian language.
29 The following features are new (or have been significantly updated)
32 • The Windows .exe installers now ship with Npcap instead of
35 • Conversation timestamps are supported for UDP/UDP-Lite protocols
37 • TShark now supports the -G elastic-mapping option which generates
38 an ElasticSearch mapping file.
40 • The “Capture Information” dialog has been added back (Bug
43 • The Ethernet and IEEE 802.11 dissectors no longer validate the
44 frame check sequence (checksum) by default.
46 • The TCP dissector gained a new “Reassemble out-of-order segments”
47 preference to fix dissection and decryption issues in case TCP
48 segments are received out-of-order. See the User’s Guide, chapter
49 TCP Reassembly for details.
51 • Decryption support for the new WireGuard dissector (Bug 15011[3],
52 requires Libgcrypt 1.8).
54 • The BOOTP dissector has been renamed to DHCP. With the exception
55 of “bootp.dhcp”, the old “bootp.*” display filter fields are
56 still supported but may be removed in a future release.
58 • The SSL dissector has been renamed to TLS. As with BOOTP the old
59 “ssl.*” display filter fields are supported but may be removed in
62 • Coloring rules, IO graphs, Filter Buttons and protocol preference
63 tables can now be copied from other profiles using a button in
64 the corresponding configuration dialogs.
66 • APT-X has been renamed to aptX.
68 • When importing from hex dump, it’s now possible to add an
69 ExportPDU header with a payload name. This calls the specific
70 dissector directly without lower protocols.
72 • The sshdump and ciscodump extcap interfaces can now use a proxy
73 for the SSH connection.
75 • Dumpcap now supports the -a packets:NUM and -b packets:NUM
78 • Wireshark now includes a “No Reassembly” configuration profile.
80 • Wireshark now supports the Russian language.
82 • The build system now supports AppImage packages.
84 • The Windows installers now ship with Qt 5.12.0. Previously they
85 shipped with Qt 5.9.7.
87 Removed Features and Support
89 • The legacy (GTK+) user interface has been removed and is no
92 • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
94 • Wireshark requires GLib 2.32 or later.
96 • Building Wireshark requires CMake. Autotools is no longer
99 • TShark’s -z compare option was removed.
101 New File Format Decoding Support
107 Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
108 BLIP Couchbase Mobile (BLIP), CDMA 2000, Cisco Meraki Discovery
109 Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS
110 26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services
111 Notification Application Protocol (GCSNA), GeoNetworking (GeoNw),
112 GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
113 Element usage), HI3CCLinkData, Intelligent Transport Systems (ITS)
114 application level, ISO 13400-2 Diagnostic communication over Internet
115 Protocol (DoIP), ITU-t X.696 Octet Encoding Rules (OER), Local Number
116 Portability Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR
117 (5G) PDCP, Osmocom Generic Subscriber Update Protocol (GSUP), PCOM
118 protocol, PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2),
119 S101 Lawo Emberplus transport frame, Secure Reliable Transport
120 Protocol (SRT), Spirent Test Center Signature decoding for Ethernet
121 and FibreChannel (STCSIG, disabled by default), Sybase-specific
122 portions of TDS, systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0,
123 Ubiquiti Discovery Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50
124 Information Retrieval Protocol
126 Updated Protocol Support
128 Too many protocols have been updated to list here.
130 New and Updated Capture File Support
132 RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
133 and Unigraf DPA-400 DisplayPort AUX channel monitor
135 New and Updated Capture Interfaces support
137 dpauxmon, an external capture interface (extcap) that captures
138 DisplayPort AUX channel data from linux kernel drivers.
140 sdjournal, an extcap that captures systemd journal entries.
144 • Lua: the various logging functions (debug, info, message, warn
145 and critical) have been removed. Use the print function instead
146 for debugging purposes.
150 Wireshark source code and installation packages are available from
151 https://www.wireshark.org/download.html[4].
153 Vendor-supplied Packages
155 Most Linux and Unix vendors supply their own Wireshark packages. You
156 can usually install or upgrade Wireshark using the package management
157 system specific to that platform. A list of third-party packages can
158 be found on the download page[5] on the Wireshark web site.
162 Wireshark and TShark look in several different locations for
163 preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
164 locations vary from platform to platform. You can use About→Folders to
165 find the default locations on your system.
169 The User’s Guide, manual pages and various other documentation can be
170 found at https://www.wireshark.org/docs/[6]
172 Community support is available on Wireshark’s Q&A site[7] and on the
173 wireshark-users mailing list. Subscription information and archives
174 for all of Wireshark’s mailing lists can be found on the web site[8].
176 Bugs and feature requests can be reported on the bug tracker[9].
178 Official Wireshark training and certification are available from
179 Wireshark University[10].
181 Frequently Asked Questions
183 A complete FAQ is available on the Wireshark web site[11].
185 Last updated 2018-12-30 08:15:06 UTC