1 Wireshark 2.9.1 Release Notes
3 This is an experimental release intended to test new features for
8 Wireshark is the world’s most popular network protocol analyzer. It is
9 used for troubleshooting, analysis, development and education.
13 Many user interface improvements have been made. See the “New and
14 Updated Features” section below for more details.
18 The following bugs have been fixed:
20 Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
22 New and Updated Features
24 The following features are new (or have been significantly updated)
29 The following features are new (or have been significantly updated)
32 • The Windows .exe installers now ship with Npcap instead of
35 • Conversation timestamps are supported for UDP/UDP-Lite protocols
37 • TShark now supports the -G elastic-mapping option which generates
38 an ElasticSearch mapping file.
40 • The “Capture Information” dialog has been added back (Bug
43 • The Ethernet and IEEE 802.11 dissectors no longer validate the
44 frame check sequence (checksum) by default.
46 • The TCP dissector gained a new “Reassemble out-of-order segments”
47 preference to fix dissection and decryption issues in case TCP
48 segments are received out-of-order. See the User’s Guide, chapter
49 TCP Reassembly for details.
51 • Decryption support for the new WireGuard dissector (Bug 15011[3],
52 requires Libgcrypt 1.8).
54 • The BOOTP dissector has been renamed to DHCP. With the exception
55 of “bootp.dhcp”, the old “bootp.*” display filter fields are
56 still supported but may be removed in a future release.
58 • The SSL dissector has been renamed to TLS. As with BOOTP the old
59 “ssl.*” display filter fields are supported but may be removed in
62 • Coloring rules, IO graphs, Filter Buttons and protocol preference
63 tables can now be copied from other profiles using a button in
64 the corresponding configuration dialogs.
66 • APT-X has been renamed to aptX.
68 • When importing from hex dump, it’s now possible to add an
69 ExportPDU header with a payload name. This calls the specific
70 dissector directly without lower protocols.
72 • The sshdump and ciscodump extcap interfaces can now use a proxy
73 for the SSH connection.
75 • Dumpcap now supports the -a packets:NUM and -b packets:NUM
78 • Wireshark now includes a “No Reassembly” configuration profile.
80 • Wireshark now supports the Russian language.
82 • The build system now supports AppImage packages.
84 • The Windows installers now ship with Qt 5.12.0. Previously they
85 shipped with Qt 5.9.7.
87 Removed Features and Support
89 • The legacy (GTK+) user interface has been removed and is no
92 • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
94 • Wireshark requires GLib 2.32 or later.
96 • Building Wireshark requires CMake. Autotools is no longer
99 • TShark’s -z compare option was removed.
101 New File Format Decoding Support
107 Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
108 BLIP Couchbase Mobile (BLIP), CDMA 2000, Cisco Meraki Discovery
109 Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS
110 26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services
111 Notification Application Protocol (GCSNA), GeoNetworking (GeoNw),
112 GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
113 Element usage), HI3CCLinkData, ISO 13400-2 Diagnostic communication
114 over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules
115 (OER), Local Number Portability Database Query Protocol (ANSI),
116 MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update
117 Protocol (GSUP), PCOM protocol, PKCS#10 (RFC2986 Certification
118 Request Syntax), PROXY (v2), S101 Lawo Emberplus transport frame,
119 Secure Reliable Transport Protocol (SRT), Spirent Test Center
120 Signature decoding for Ethernet and FibreChannel (STCSIG, disabled by
121 default), Sybase-specific portions of TDS, systemd Journal Export,
122 TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP),
123 WireGuard, and XnAP (5G)
125 Updated Protocol Support
127 Too many protocols have been updated to list here.
129 New and Updated Capture File Support
131 RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
132 and Unigraf DPA-400 DisplayPort AUX channel monitor
134 New and Updated Capture Interfaces support
136 dpauxmon, an external capture interface (extcap) that captures
137 DisplayPort AUX channel data from linux kernel drivers.
139 sdjournal, an extcap that captures systemd journal entries.
143 • Lua: the various logging functions (debug, info, message, warn
144 and critical) have been removed. Use the print function instead
145 for debugging purposes.
149 Wireshark source code and installation packages are available from
150 https://www.wireshark.org/download.html[4].
152 Vendor-supplied Packages
154 Most Linux and Unix vendors supply their own Wireshark packages. You
155 can usually install or upgrade Wireshark using the package management
156 system specific to that platform. A list of third-party packages can
157 be found on the download page[5] on the Wireshark web site.
161 Wireshark and TShark look in several different locations for
162 preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
163 locations vary from platform to platform. You can use About→Folders to
164 find the default locations on your system.
168 The User’s Guide, manual pages and various other documentation can be
169 found at https://www.wireshark.org/docs/[6]
171 Community support is available on Wireshark’s Q&A site[7] and on the
172 wireshark-users mailing list. Subscription information and archives
173 for all of Wireshark’s mailing lists can be found on the web site[8].
175 Bugs and feature requests can be reported on the bug tracker[9].
177 Official Wireshark training and certification are available from
178 Wireshark University[10].
180 Frequently Asked Questions
182 A complete FAQ is available on the Wireshark web site[11].
184 Last updated 2018-12-16 08:12:36 UTC