1 Wireshark 1.99.6 Release Notes
3 This is an experimental release intended to test new features for
5 __________________________________________________________________
9 Wireshark is the world's most popular network protocol analyzer. It is
10 used for troubleshooting, analysis, development and education.
11 __________________________________________________________________
15 New and Updated Features
17 The following features are new (or have been significantly updated)
18 since version 1.99.4 and 1.99.5:
20 + Capture restarts are now supported.
21 + Menu items for plugins are now supported.
22 + Extcap interfaces are now supported.
23 + The Expert Information dialog has been added.
24 + Display and capture filter completion is now supported.
25 + Many bugs have been fixed.
26 + Translations have been updated.
28 The following features are new (or have been significantly updated)
31 + Several interface bugs have been fixed.
32 + Translations have been updated.
34 The following features are new (or have been significantly updated)
37 + Several bugs have been fixed.
38 + You can now open a packet in a new window.
39 + The Bluetooth ATT Server Attributes dialog has been added.
40 + The Coloring Rules dialog has been added.
41 + Many translations have been updated. Chinese, Italian and
42 Polish translations are complete.
43 + General user interface and usability improvements.
44 + Automatic scrolling during capture now works.
45 + The related packet indicator has been updated.
47 The following features are new (or have been significantly updated)
50 + The welcome screen layout has been updated.
51 + The Preferences dialog no longer crashes on Windows.
52 + The packet list header menu has been added.
53 + Statistics tree plugins are now supported.
54 + The window icon is now displayed properly in the Windows
56 + A packet list an byte view selection bug has been fixed
58 + The RTP Streams dialog has been added.
59 + The Protocol Hierarchy Statistics dialog has been added.
61 The following features are new (or have been significantly updated)
64 + You can now show and hide toolbars and major widgets using the
66 + You can now set the time display format and precision.
67 + The byte view widget is much faster, particularly when
68 selecting large reassembled packets.
69 + The byte view is explorable. Hovering over it highlights the
70 corresponding field and shows a description in the status bar.
71 + An Italian translation has been added.
72 + The Summary dialog has been updated and renamed to Capture
74 + The VoIP Calls and SIP Flows dialogs have been added.
75 + Support for HiDPI / Retina displays has been improved in the
77 * DNS stats: + A new stats tree has been added to the Statistics
78 menu. Now it is possible to collect stats such as qtype/qclass
79 distribution, number of resource record per response section, and
80 stats data (min, max, avg) for values such as query name length or
82 * HPFEEDS stats: + A new stats tree has been added to the statistics
83 menu. Now it is possible to collect stats per channel (messages
84 count and payload size), and opcode distribution.
85 * HTTP2 stats: + A new stats tree has been added to the statistics
86 menu. Now it is possible to collect stats (type distribution).
88 The following features are new (or have been significantly updated)
90 * The I/O Graph in the Gtk+ UI now supports an unlimited number of
91 data points (up from 100k).
92 * TShark now resets its state when changing files in ring-buffer
94 * Expert Info severities can now be configured.
95 * Wireshark now supports external capture interfaces. External
96 capture interfaces can be anything from a tcpdump-over-ssh pipe to
97 a program that captures from proprietary or non-standard hardware.
98 This functionality is not available in the Qt UI yet.
100 + The Qt UI is now the default (program name is wireshark).
101 + A Polish translation has been added.
102 + The Interfaces dialog has been added.
103 + The interface list is now updated when interfaces appear or
105 + The Conversations and Endpoints dialogs have been added.
106 + A Japanese translation has been added.
107 + It is now possible to manage remote capture interfaces.
108 + Windows: taskbar progress support has been added.
109 + Most toolbar actions are in place and work.
110 + More command line options are now supported
114 (LISP) TCP Control Message, AllJoyn Reliable Datagram Protocol, Android
115 ADB, Android Logcat text, Apache Tribes Heartbeat, BGP Monitoring
116 Prototol (BMP), C15 Call History Protocol dissection (C15ch), ceph,
117 corosync/totemnet corosync cluster engine ( lowest
118 levelencryption/decryption protocol), corosync/totemsrp corosync
119 cluster engine ( totem single ring protocol), Couchbase, CP "Cooper"
120 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC
121 4728), Elasticsearch, ETSI Card Application Toolkit - Transport
122 Protocol, Generic Network Virtualization Encapsulation (Geneve),
123 Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM)
124 Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace,
125 iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft
126 Pocket Edition), OCFS2, OptoMMP, QNEX6 (QNET), RakNet games library,
127 Remote Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure
128 Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA,
129 Stateless Transport Tunneling, Thrift, Video Services over IP (VSIP),
130 and ZVT Kassenschnittstelle
132 Updated Protocol Support
134 Too many protocols have been updated to list here.
136 New and Updated Capture File Support
138 3GPP Nettrace TS 34 423, Android Logcat text files, Colasoft Capsa
139 files, Netscaler 3.5, and Wireshark now supports nanosecond timestamp
140 resolution in PCAP-NG files.
142 New and Updated Capture Interfaces support
144 and Androiddump - provide interfaces to capture (Logcat and Bluetooth)
145 from connected Android devices
149 The libwireshark API has undergone some major changes:
150 * The emem framework (including all ep_ and se_ memory allocation
151 routines) has been completely removed in favour of wmem which is
153 * The (long-since-broken) Python bindings support has been removed.
154 If you want to write dissectors in something other than C, use Lua.
155 * Plugins can now create GUI menu items.
156 __________________________________________________________________
160 Wireshark source code and installation packages are available from
161 [2]https://www.wireshark.org/download.html.
163 Vendor-supplied Packages
165 Most Linux and Unix vendors supply their own Wireshark packages. You
166 can usually install or upgrade Wireshark using the package management
167 system specific to that platform. A list of third-party packages can be
168 found on the [3]download page on the Wireshark web site.
169 __________________________________________________________________
173 Wireshark and TShark look in several different locations for preference
174 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
175 vary from platform to platform. You can use About->Folders to find the
176 default locations on your system.
177 __________________________________________________________________
181 Dumpcap might not quit if Wireshark or TShark crashes. ([4]Bug 1419)
183 The BER dissector might infinitely loop. ([5]Bug 1516)
185 Capture filters aren't applied when capturing from named pipes. ([6]Bug
188 Filtering tshark captures with read filters (-R) no longer works.
191 Resolving ([8]Bug 9044) reopens ([9]Bug 3528) so that Wireshark no
192 longer automatically decodes gzip data when following a TCP stream.
194 Application crash when changing real-time option. ([10]Bug 4035)
196 Hex pane display issue after startup. ([11]Bug 4056)
198 Packet list rows are oversized. ([12]Bug 4357)
200 Wireshark and TShark will display incorrect delta times in some cases.
203 The 64-bit version of Wireshark will leak memory on Windows when the
204 display depth is set to 16 bits ([14]Bug 9914)
206 Wireshark should let you work with multiple capture files. ([15]Bug
208 __________________________________________________________________
212 Community support is available on [16]Wireshark's Q&A site and on the
213 wireshark-users mailing list. Subscription information and archives for
214 all of Wireshark's mailing lists can be found on [17]the web site.
216 Official Wireshark training and certification are available from
217 [18]Wireshark University.
218 __________________________________________________________________
220 Frequently Asked Questions
222 A complete FAQ is available on the [19]Wireshark web site.
223 __________________________________________________________________
225 Last updated 2015-05-28 18:47:50 UTC
229 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10896
230 2. https://www.wireshark.org/download.html
231 3. https://www.wireshark.org/download.html#thirdparty
232 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
233 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
234 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
235 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
236 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
237 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
238 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
239 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
240 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
241 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
242 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9914
243 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
244 16. https://ask.wireshark.org/
245 17. https://www.wireshark.org/lists/
246 18. http://www.wiresharktraining.com/
247 19. https://www.wireshark.org/faq.html