- Wireshark 1.99.2 Release Notes
+Wireshark 2.9.1 Release Notes
- This is an experimental release intended to test new features for
- Wireshark 2.0.
- __________________________________________________________________
+ This is an experimental release intended to test new features for
+ Wireshark 3.0.
-What is Wireshark?
+ What is Wireshark?
- Wireshark is the world's most popular network protocol analyzer. It is
- used for troubleshooting, analysis, development and education.
- __________________________________________________________________
+ Wireshark is the world’s most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
-What's New
+ What’s New
+
+ Many user interface improvements have been made. See the “New and
+ Updated Features” section below for more details.
+
+ Bug Fixes
+
+ The following bugs have been fixed:
+
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
New and Updated Features
The following features are new (or have been significantly updated)
- since version 1.99.0:
- * Qt port:
- + You can now show and hide toolbars and major widgets using the
- View menu.
- + You can now set the time display format and precision.
- + The byte view widget is much faster, particularly when
- selecting large reassembled packets.
- + The byte view is explorable. Hovering over it highlights the
- corresponding field and shows a description in the status bar.
- + An Italian translation has been added.
- + The Summary dialog has been updated and renamed to Capture
- File Properties.
- + The VoIP Calls and SIP Flows dialogs have been added.
- + Support for HiDPI / Retina displays has been improved in the
- official packages.
+ since version 2.9.0:
+
+ • Wireshark now supports the Swedish and Ukrainian language.
+
+ • Initial support for using PKCS #11 tokens for RSA decryption in
+ TLS. A configuration user interface is still in development.
The following features are new (or have been significantly updated)
- since version 1.12.0:
- * The I/O Graph in the Gtk+ UI now supports an unlimited number of
- data points (up from 100k).
- * TShark now resets its state when changing files in ring-buffer
- mode.
- * Expert Info severities can now be configured.
- * Wireshark now supports external capture interfaces. External
- capture interfaces can be anything from a tcpdump-over-ssh pipe to
- a program that captures from proprietary or non-standard hardware.
- This functionality is not available in the Qt UI yet.
- * Qt port:
- + The Qt UI is now the default (program name is wireshark).
- + A Polish translation has been added.
- + The Interfaces dialog has been added.
- + The interface list is now updated when interfaces appear or
- disappear.
- + The Conversations and Endpoints dialogs have been added.
- + A Japanese translation has been added.
- + It is now possible to manage remote capture interfaces.
- + Windows: taskbar progress support has been added.
- + Most toolbar actions are in place and work.
- + More command line options are now supported
+ since version 2.6.0:
- New Protocol Support
+ • The Windows .exe installers now ship with Npcap instead of
+ WinPcap.
- (LISP) TCP Control Message, AllJoyn Reliable Datagram Protocol, Android
- ADB, Android Logcat text, ceph, corosync/totemnet, corosync/totemsrp,
- Couchbase, CP "Cooper" 2179, Dynamic Source Routing (RFC 4728),
- Elasticsearch, Generic Network Virtualization Encapsulation (Geneve),
- GVSP, HiQnet, IPMI Trace, iSER, KNXnetIP, MCPE (Minecraft Pocket
- Edition), OptoMMP, RakNet games library, Riemann, S7 Communication,
- Shared Memory Communications - RDMA, and Stateless Transport Tunneling
+ • Conversation timestamps are supported for UDP/UDP-Lite protocols
- Updated Protocol Support
+ • TShark now supports the -G elastic-mapping option which generates
+ an ElasticSearch mapping file.
- Too many protocols have been updated to list here.
+ • The “Capture Information” dialog has been added back (Bug
+ 12004[2]).
- New and Updated Capture File Support
+ • The Ethernet and IEEE 802.11 dissectors no longer validate the
+ frame check sequence (checksum) by default.
- Android Logcat text files, Colasoft Capsa files, and Wireshark now
- supports nanosecond timestamp resolution in PCAP-NG files.
+ • The TCP dissector gained a new “Reassemble out-of-order segments”
+ preference to fix dissection and decryption issues in case TCP
+ segments are received out-of-order. See the User’s Guide, chapter
+ TCP Reassembly for details.
- Major API Changes
+ • Decryption support for the new WireGuard dissector (Bug 15011[3],
+ requires Libgcrypt 1.8).
- The libwireshark API has undergone some major changes:
- * Many of the ep_ and se_ memory allocation routines have been
- removed.
- * The (long-since-broken) Python bindings support has been removed.
- If you want to write dissectors in something other than C, use Lua.
- __________________________________________________________________
+ • The BOOTP dissector has been renamed to DHCP. With the exception
+ of “bootp.dhcp”, the old “bootp.*” display filter fields are
+ still supported but may be removed in a future release.
-Getting Wireshark
+ • The SSL dissector has been renamed to TLS. As with BOOTP the old
+ “ssl.*” display filter fields are supported but may be removed in
+ a future release.
- Wireshark source code and installation packages are available from
- [1]https://www.wireshark.org/download.html.
+ • Coloring rules, IO graphs, Filter Buttons and protocol preference
+ tables can now be copied from other profiles using a button in
+ the corresponding configuration dialogs.
- Vendor-supplied Packages
+ • APT-X has been renamed to aptX.
- Most Linux and Unix vendors supply their own Wireshark packages. You
- can usually install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages can be
- found on the [2]download page on the Wireshark web site.
- __________________________________________________________________
+ • When importing from hex dump, it’s now possible to add an
+ ExportPDU header with a payload name. This calls the specific
+ dissector directly without lower protocols.
+
+ • The sshdump and ciscodump extcap interfaces can now use a proxy
+ for the SSH connection.
+
+ • Dumpcap now supports the -a packets:NUM and -b packets:NUM
+ options.
+
+ • Wireshark now includes a “No Reassembly” configuration profile.
+
+ • Wireshark now supports the Russian language.
+
+ • The build system now supports AppImage packages.
+
+ • The Windows installers now ship with Qt 5.12.0. Previously they
+ shipped with Qt 5.9.7.
+
+ • Support for DTLS and TLS decryption using pcapng files that embed
+ a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
+ 15252[4]).
+
+ • The editcap utility gained a new --inject-secrets option to
+ inject an existing TLS Key Log file into a pcapng file.
+
+ • A new dfilter function string() has been added. It allows the
+ conversion of non-string fields to strings so string functions
+ (as contains and matches) can be used on them.
+
+ Removed Features and Support
-File Locations
+ • The legacy (GTK+) user interface has been removed and is no
+ longer supported.
- Wireshark and TShark look in several different locations for preference
- files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
- vary from platform to platform. You can use About->Folders to find the
- default locations on your system.
- __________________________________________________________________
+ • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
-Known Problems
+ • Wireshark requires GLib 2.32 or later.
- Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
+ • Wireshark requires GnuTLS 3.2 or later as optional dependency.
- The BER dissector might infinitely loop. ([4]Bug 1516)
+ • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
+ unsupported.
- Capture filters aren't applied when capturing from named pipes. ([5]Bug
- 1814)
+ • Building Wireshark requires CMake. Autotools is no longer
+ supported.
- Filtering tshark captures with read filters (-R) no longer works.
- ([6]Bug 2234)
+ • TShark’s -z compare option was removed.
- Resolving ([7]Bug 9044) reopens ([8]Bug 3528) so that Wireshark no
- longer automatically decodes gzip data when following a TCP stream.
+ New File Format Decoding Support
- Application crash when changing real-time option. ([9]Bug 4035)
+ Ruby Marshal format
+
+ New Protocol Support
+
+ Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
+ BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
+ over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
+ Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
+ RTP), Exablaze trailers, General Circuit Services Notification
+ Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
+ Emberplus Data format, Great Britain Companion Specification (GBCS)
+ used in the Smart Metering Equipment Technical Specifications
+ (SMETS), GSM-R (User-to-User Information Element usage),
+ HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
+ ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
+ ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
+ Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
+ Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
+ PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
+ Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
+ Spirent Test Center Signature decoding for Ethernet and FibreChannel
+ (STCSIG, disabled by default), Sybase-specific portions of TDS,
+ systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
+ Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
+ Retrieval Protocol
+
+ Updated Protocol Support
+
+ Too many protocols have been updated to list here.
+
+ New and Updated Capture File Support
+
+ RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
+ and Unigraf DPA-400 DisplayPort AUX channel monitor
+
+ New and Updated Capture Interfaces support
+
+ dpauxmon, an external capture interface (extcap) that captures
+ DisplayPort AUX channel data from linux kernel drivers.
+
+ sdjournal, an extcap that captures systemd journal entries.
+
+ Major API Changes
+
+ • Lua: the various logging functions (debug, info, message, warn
+ and critical) have been removed. Use the print function instead
+ for debugging purposes.
+
+ • Lua: on Windows, file-related functions such as dofile now assume
+ UTF-8 paths instead of the local code page. This is consistent
+ with Linux and macOS and improves compatibility on non-English
+ systems. (Bug 15118[5])
+
+ Getting Wireshark
+
+ Wireshark source code and installation packages are available from
+ https://www.wireshark.org/download.html[6].
+
+ Vendor-supplied Packages
+
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can
+ be found on the download page[7] on the Wireshark web site.
- Hex pane display issue after startup. ([10]Bug 4056)
+ File Locations
- Packet list rows are oversized. ([11]Bug 4357)
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
+ locations vary from platform to platform. You can use About→Folders to
+ find the default locations on your system.
- Wireshark and TShark will display incorrect delta times in some cases.
- ([12]Bug 4985)
+ Getting Help
- The 64-bit version of Wireshark will leak memory on Windows when the
- display depth is set to 16 bits ([13]Bug 9914)
- __________________________________________________________________
+ The User’s Guide, manual pages and various other documentation can be
+ found at https://www.wireshark.org/docs/[8]
-Getting Help
+ Community support is available on Wireshark’s Q&A site[9] and on the
+ wireshark-users mailing list. Subscription information and archives
+ for all of Wireshark’s mailing lists can be found on the web site[10].
- Community support is available on [14]Wireshark's Q&A site and on the
- wireshark-users mailing list. Subscription information and archives for
- all of Wireshark's mailing lists can be found on [15]the web site.
+ Bugs and feature requests can be reported on the bug tracker[11].
- Official Wireshark training and certification are available from
- [16]Wireshark University.
- __________________________________________________________________
+ Official Wireshark training and certification are available from
+ Wireshark University[12].
-Frequently Asked Questions
+ Frequently Asked Questions
- A complete FAQ is available on the [17]Wireshark web site.
- __________________________________________________________________
+ A complete FAQ is available on the Wireshark web site[13].
- Last updated 2014-12-10 19:56:16 UTC
+ Last updated 2019-01-20 08:14:50 UTC
-References
+ References
- 1. https://www.wireshark.org/download.html
- 2. https://www.wireshark.org/download.html#thirdparty
- 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
- 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
- 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
- 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
- 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
- 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
- 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
- 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
- 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
- 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9914
- 14. http://ask.wireshark.org/
- 15. https://www.wireshark.org/lists/
- 16. http://www.wiresharktraining.com/
- 17. https://www.wireshark.org/faq.html
+ 1. 1
+ 2. 2
+ 3. 3
+ 4. 4
+ 5. 5
+ 6. 6
+ 7. 7
+ 8. 8
+ 9. 9
+ 10. 10
+ 11. 11
+ 12. 12
+ 13. 13