1 = Wireshark wireshark-version:[] Release Notes
2 // AsciiDoc quick reference: http://powerman.name/doc/asciidoc
4 This is a semi-experimental release intended to test new features for Wireshark 2.2.
8 Wireshark is the world's most popular network protocol analyzer. It is
9 used for troubleshooting, analysis, development and education.
15 //The following bugs have been fixed:
18 //* ws-buglink:6000[Wireshark bug]
19 //* cve-idlink:2014-2486[]
20 //* Wireshark accepted your prom invitation then cancelled at the last minute. (ws-buglink:0000[])
22 _Non-empty section placeholder._
24 === New and Updated Features
26 The following features are new (or have been significantly updated)
28 * You can now switch between between Capture and File Format dissection of
29 the current capture file via the View menu in the Qt GUI.
30 * You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8,
32 * You can now use regular expressions in Find Packet and in the advanced preferences.
33 * Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the
34 "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name
35 resolution some build dependencies must be present (currently c-ares). If that is not the case DNS
36 name resolution will be disabled (but other name resolution mechanisms, such as host files,
38 * The byte under the mouse in the Packet Bytes pane is now highlighted.
39 * TShark supports exporting PDUs via the `-U` flag.
40 * The Windows installer now comes with the "sshdump" and "ciscodump" extcap interfaces.
41 * Most dialogs in the Qt UI now save their size and positions.
43 //=== Removed Dissectors
45 === New File Format Decoding Support
47 Wireshark is able to display the format of some types of files (rather than
48 displaying the contents of those files). This is useful when you're curious
49 about, or debugging, a file and its format. To open a capture file (such as
50 PCAP) in this mode specify "MIME Files Format" as the file's format in the
53 New files that Wireshark can open in this mode include:
55 _Non-empty section placeholder._
59 === New Protocol Support
61 Nokia Intelligent Service Interface (ISI)
63 Extensible Control & Management Protocol (eCMP)
64 RTI TCP Transport Layer (RTITCP)
65 ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP)
66 Zigbee Protocol Clusters Dissectors Added (Closures, Lighting, General, Measurement & Sensing, HVAC, Security & Safety)
68 Ericsson IPOS Kernel Packet Header Dissector Added (IPOS)
71 FLEXRAY Protocol dissector added (automotive bus)
72 USB3 Vision Protocol (USB machine vision cameras)
74 Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV)
77 Bluetooth Pseudoheader for BR/EDR
78 Edge Control Protocol (ECP)
79 Bachmann bluecom Protocol
80 Apache Cassandra - CQL version 3.0
82 // Items in --sort-and-group-- blocks will be sorted and comma-separated.
86 === Updated Protocol Support
88 Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to
89 DecodeAs it over USB, TCP and UDP.
91 A preference was added to TCP dissector for handling IPFIX process
92 information. It has been disabled by default.
94 Too many protocols have been updated to list here.
96 === New and Updated Capture File Support
99 //_Non-empty section placeholder._
103 === New and Updated Capture Interfaces support
105 _Non-empty section placeholder._
109 === Major API Changes
111 The libwireshark API has undergone some major changes:
113 * The address macros (e.g., SET_ADDRESS) have been removed. Use the
114 (lower case) functions of the same names instead.
116 * "old style" dissector functions (that don't return number of bytes
117 used) have been replaced in name with the "new style" dissector
120 * tvb_get_string and tvb_get_stringz have been replaced with
121 tvb_get_string_enc and tvb_get_stringz_enc respectively.
126 Wireshark source code and installation packages are available from
127 https://www.wireshark.org/download.html.
129 === Vendor-supplied Packages
131 Most Linux and Unix vendors supply their own Wireshark packages. You can
132 usually install or upgrade Wireshark using the package management system
133 specific to that platform. A list of third-party packages can be found
134 on the https://www.wireshark.org/download.html#thirdparty[download page]
135 on the Wireshark web site.
139 Wireshark and TShark look in several different locations for preference
140 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
141 from platform to platform. You can use About→Folders to find the default
142 locations on your system.
146 Dumpcap might not quit if Wireshark or TShark crashes.
149 The BER dissector might infinitely loop.
152 Capture filters aren't applied when capturing from named pipes.
155 Filtering tshark captures with read filters (-R) no longer works.
158 Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
159 no longer automatically decodes gzip data when following a TCP stream.
161 Application crash when changing real-time option.
164 Hex pane display issue after startup.
167 Packet list rows are oversized.
170 Wireshark and TShark will display incorrect delta times in some cases.
173 The 64-bit version of Wireshark will leak memory on Windows when the display
174 depth is set to 16 bits (ws-buglink:9914[])
176 Wireshark should let you work with multiple capture files. (ws-buglink:10488[])
178 Dell Backup and Recovery (DBAR) makes many Windows applications crash,
179 including Wireshark. (ws-buglink:12036[])
183 Community support is available on https://ask.wireshark.org/[Wireshark's
184 Q&A site] and on the wireshark-users mailing list. Subscription
185 information and archives for all of Wireshark's mailing lists can be
186 found on https://www.wireshark.org/lists/[the web site].
188 Official Wireshark training and certification are available from
189 http://www.wiresharktraining.com/[Wireshark University].
191 == Frequently Asked Questions
193 A complete FAQ is available on the
194 https://www.wireshark.org/faq.html[Wireshark web site].