include::attributes.asciidoc[] :stylesheet: ws.css :linkcss: = Wireshark {wireshark-version} Release Notes // AsciiDoc quick reference: http://powerman.name/doc/asciidoc // Asciidoctor Syntax Quick Reference: // http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/ This is an experimental release intended to test new features for Wireshark 3.0. == What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. == What’s New Many user interface improvements have been made. See the “New and Updated Features” section below for more details. === Bug Fixes The following bugs have been fixed: //* wsbuglink:5000[] //* wsbuglink:6000[Wireshark bug] //* cveidlink:2014-2486[] //* Wireshark slowly leaked water under the kitchen sink over the course of several months, causing a big mess. //_Non-empty section placeholder._ Dumpcap might not quit if Wireshark or TShark crashes. (wsbuglink:1419[]) === New and Updated Features The following features are new (or have been significantly updated) since version 2.6.0: * The membership operator now supports ranges, allowing display filters such as `tcp.port in {4430..4434}` to be expressed. See the User's Guide, chapter _Building display filter expressions_ for details. * The autotools build system has been removed. CMake is the one build system now. * tshark has now "-G elastic-mapping" option to generate an ElasticSearch mapping file. * The “Capture Information” dialog has been added back (wsbuglink:12004[]). === Removed Features and Support * The legacy (GTK+) user interface has been removed and is no longer supported. * Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported. * Wireshark requires GLib 2.32 or later. * Building Wireshark using Autotools is no longer supported. //=== Removed Dissectors //=== New File Format Decoding Support === New Protocol Support // Add one protocol per line between the -- delimiters. [commaize] -- DoIP (ISO 13400-2 Diagnostic communication over Internet Protocol) GSUP (Osmocom Generic Subscriber Update Protocol) NR (5G) PDCP protocol TPM 2.0 protocol PROXY (v2) protocol -- GSM-R protocol (User-to-User Information Element usage) -- === Updated Protocol Support Too many protocols have been updated to list here. === New and Updated Capture File Support //_Non-empty section placeholder._ // Add one file type per line between the --sort-and-group-- delimiters. [commaize] === New and Updated Capture Interfaces support //_Non-empty section placeholder._ [commaize] -- A new extcap has been added: dpauxmon. It allows capturing DisplayPort AUX channel data from linux kernel drivers. -- //=== Major API Changes == Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. === Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the https://www.wireshark.org/download.html#thirdparty[download page] on the Wireshark web site. == File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system. == Known Problems The BER dissector might infinitely loop. (wsbuglink:1516[]) Capture filters aren't applied when capturing from named pipes. (wsbuglink:1814[]) Filtering tshark captures with read filters (-R) no longer works. (wsbuglink:2234[]) Application crash when changing real-time option. (wsbuglink:4035[]) Wireshark and TShark will display incorrect delta times in some cases. (wsbuglink:4985[]) Wireshark should let you work with multiple capture files. (wsbuglink:10488[]) == Getting Help Community support is available on https://ask.wireshark.org/[Wireshark’s Q&A site] and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on https://www.wireshark.org/lists/[the web site]. Official Wireshark training and certification are available from http://www.wiresharktraining.com/[Wireshark University]. == Frequently Asked Questions A complete FAQ is available on the https://www.wireshark.org/faq.html[Wireshark web site].