Network-Based IP Flow Mobility (NBIFOM) dissector

[metze/wireshark/wip.git] / docbook / release-notes.asciidoc

= Wireshark {wireshark-version} Release Notes
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc

This is a semi-experimental release intended to test new features for Wireshark 2.2.

== What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

== What's New

//=== Bug Fixes

//The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2014-2486[]
//* Wireshark accepted your prom invitation then cancelled at the last minute. (ws-buglink:0000[])

//_Non-empty section placeholder._

=== New and Updated Features

The following features are new (or have been significantly updated)
since version 2.1.0:

* Added -d option for Decode As support in Wireshark (mimics TShark
  functionality)
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
  TShark can additionally export packets as Elasticsearch-compatible
  JSON.
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
  deprecated.
* The Conversations and Endpoints dialogs are more responsive when
  viewing large numbers of items.
* The RTP player now allows up to 30 minutes of silence frames.
* Packet bytes can now be displayed as EBCDIC.

The following features are new (or have been significantly updated)
since version 2.0.0:

* The intelligent scroll bar now sits to the left of a normal scroll bar and
  provides a clickable map of nearby packets.
* You can now switch between between Capture and File Format dissection of
the current capture file via the View menu in the Qt GUI.
* You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8,
a C array, or YAML.
* You can now use regular expressions in Find Packet and in the advanced preferences.
* Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the
"concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name
resolution some build dependencies must be present (currently c-ares). If that is not the case DNS
name resolution will be disabled (but other name resolution mechanisms, such as host files,
are still available).
* The byte under the mouse in the Packet Bytes pane is now highlighted.
* TShark supports exporting PDUs via the `-U` flag.
* The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
* Most dialogs in the Qt UI now save their size and positions.
* The Follow Stream dialog now supports UTF-16.
* The Firewall ACL Rules dialog has returned.
* The Flow (Sequence) Analysis dialog has been improved.
* We no longer provide packages for 32-bit versions of OS X.
* The Bluetooth Device details dialog has been added.

//=== Removed Dissectors

=== New File Format Decoding Support

Wireshark is able to display the format of some types of files (rather than
displaying the contents of those files). This is useful when you're curious
about, or debugging, a file and its format.  To open a capture file (such as
PCAP) in this mode specify "MIME Files Format" as the file's format in the
Open File dialog.

New files that Wireshark can open in this mode include:

//_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--

=== New Protocol Support

// Add one protocol per line between the --sort-and-group-- delimiters.
--sort-and-group--
CISCO ERSPAN3 Marker
Nokia Intelligent Service Interface (ISI)
ISO14443
Extensible Control & Management Protocol (eCMP)
RTI TCP Transport Layer (RTITCP)
ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP)
Zigbee Protocol Clusters Dissectors Added (Closures, Lighting, General, Measurement & Sensing, HVAC, Security & Safety)
LAT protocol (DECNET)
Ericsson IPOS Kernel Packet Header Dissector Added (IPOS)
STANAG 5602 SIMPLE
UserLog Protocol
FLEXRAY Protocol dissector added (automotive bus)
USB3 Vision Protocol (USB machine vision cameras)
USBIP Protocol
Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV)
Metamako trailers
ISO 8583-1
Bluetooth Pseudoheader for BR/EDR
Edge Control Protocol (ECP)
Bachmann bluecom Protocol
Apache Cassandra - CQL version 3.0
Real Time Location System (RTLS)
Network-Based IP Flow Mobility (NBIFOM)

--sort-and-group--

=== Updated Protocol Support

Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to
DecodeAs it over USB, TCP and UDP.

A preference was added to TCP dissector for handling IPFIX process
information.  It has been disabled by default.

//Too many protocols have been updated to list here.

=== New and Updated Capture File Support

//_Non-empty section placeholder._
// Add one file type per line between the --sort-and-group-- delimiters.
--sort-and-group--
Micropross mplog
--sort-and-group--

=== New and Updated Capture Interfaces support

_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--

=== Major API Changes

The libwireshark API has undergone some major changes:

* The address macros (e.g., SET_ADDRESS) have been removed.  Use the
(lower case) functions of the same names instead.

* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.

* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.


== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

Application crash when changing real-time option.
(ws-buglink:4035[])

Packet list rows are oversized.
(ws-buglink:4357[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

Wireshark should let you work with multiple capture files. (ws-buglink:10488[])

Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. (ws-buglink:12036[])

== Getting Help

Community support is available on https://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on https://www.wireshark.org/lists/[the web site].

Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].