-$Id$
+Wireshark 2.9.1 Release Notes
-== August 23, 2006
+ This is an experimental release intended to test new features for
+ Wireshark 3.0.
-Wireshark 0.99.3 has been released.
+ What is Wireshark?
- ------------------------------------------------------------------
+ Wireshark is the world’s most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
-What is Wireshark?
+ What’s New
- Wireshark is the world's most popular network protocol analyzer.
- It is used for troubleshooting, analysis, development, and
- education.
-
-What's New
+ Many user interface improvements have been made. See the “New and
+ Updated Features” section below for more details.
Bug Fixes
- The following vulnerabilities have been fixed:
+ The following bugs have been fixed:
- o The SCSI dissector could crash. Versions affected: 0.99.2.
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
- o If Wireshark was compiled with ESP decryption support, the
- IPsec ESP preference parser was susceptible to off-by-one
- errors. Versions affected: 0.99.2.
+ New and Updated Features
- o The DHCP dissector (and possibly others) in the Windows
- version of Wireshark could trigger a bug in Glib and crash.
- Versions affected: 0.10.13 - 0.99.2.
+ The following features are new (or have been significantly updated)
+ since version 2.9.0:
- o If the SSCOP dissector has a port range configured and the
- SSCOP payload protocol is Q.2931, a malformed packet could
- make the Q.2931 dissector use up available memory. No port
- range is configured by default. Versions affected: 0.7.9 -
- 0.99.2.
+ • Wireshark now supports the Swedish and Ukrainian language.
- The following bugs have been fixed:
+ • Initial support for using PKCS #11 tokens for RSA decryption in
+ TLS. A configuration user interface is still in development.
- o The VOIP call analysis feature could cause an assertion.
+ The following features are new (or have been significantly updated)
+ since version 2.6.0:
- o The RTP analysis feature could freeze for an extended period.
+ • The Windows .exe installers now ship with Npcap instead of
+ WinPcap.
- o Selecting "Apply as Filter" wouldn't work for some tree items.
+ • Conversation timestamps are supported for UDP/UDP-Lite protocols
- New and Updated Features
+ • TShark now supports the -G elastic-mapping option which generates
+ an ElasticSearch mapping file.
+
+ • The “Capture Information” dialog has been added back (Bug
+ 12004[2]).
+
+ • The Ethernet and IEEE 802.11 dissectors no longer validate the
+ frame check sequence (checksum) by default.
+
+ • The TCP dissector gained a new “Reassemble out-of-order segments”
+ preference to fix dissection and decryption issues in case TCP
+ segments are received out-of-order. See the User’s Guide, chapter
+ TCP Reassembly for details.
+
+ • Decryption support for the new WireGuard dissector (Bug 15011[3],
+ requires Libgcrypt 1.8).
+
+ • The BOOTP dissector has been renamed to DHCP. With the exception
+ of “bootp.dhcp”, the old “bootp.*” display filter fields are
+ still supported but may be removed in a future release.
+
+ • The SSL dissector has been renamed to TLS. As with BOOTP the old
+ “ssl.*” display filter fields are supported but may be removed in
+ a future release.
+
+ • Coloring rules, IO graphs, Filter Buttons and protocol preference
+ tables can now be copied from other profiles using a button in
+ the corresponding configuration dialogs.
+
+ • APT-X has been renamed to aptX.
+
+ • When importing from hex dump, it’s now possible to add an
+ ExportPDU header with a payload name. This calls the specific
+ dissector directly without lower protocols.
+
+ • The sshdump and ciscodump extcap interfaces can now use a proxy
+ for the SSH connection.
+
+ • Dumpcap now supports the -a packets:NUM and -b packets:NUM
+ options.
- The following features are new (or have been significantly
- updated) since the last release:
+ • Wireshark now includes a “No Reassembly” configuration profile.
- o ESP, Kerberos, and SSL decryption are now supported in the
- Windows installer. (As as result, Wireshark is now subject to
- United States export controls.)
+ • Wireshark now supports the Russian language.
- o The packet list context menu now includes a conversation
- filter.
+ • The build system now supports AppImage packages.
- o Wireshark can now generate ACL rules for several popular
- firewall products.
+ • The Windows installers now ship with Qt 5.12.0. Previously they
+ shipped with Qt 5.9.7.
- o Wireshark now supports AirPcap, including raw 802.11 captures
- under Windows.
+ • Support for DTLS and TLS decryption using pcapng files that embed
+ a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
+ 15252[4]).
+
+ • The editcap utility gained a new --inject-secrets option to
+ inject an existing TLS Key Log file into a pcapng file.
+
+ • A new dfilter function string() has been added. It allows the
+ conversion of non-string fields to strings so string functions
+ (as contains and matches) can be used on them.
+
+ Removed Features and Support
+
+ • The legacy (GTK+) user interface has been removed and is no
+ longer supported.
+
+ • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
+
+ • Wireshark requires GLib 2.32 or later.
+
+ • Wireshark requires GnuTLS 3.2 or later as optional dependency.
+
+ • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
+ unsupported.
+
+ • Building Wireshark requires CMake. Autotools is no longer
+ supported.
+
+ • TShark’s -z compare option was removed.
+
+ New File Format Decoding Support
+
+ Ruby Marshal format
New Protocol Support
- Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control,
- Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
+ Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
+ BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
+ over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
+ Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
+ RTP), Exablaze trailers, General Circuit Services Notification
+ Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
+ Emberplus Data format, Great Britain Companion Specification (GBCS)
+ used in the Smart Metering Equipment Technical Specifications
+ (SMETS), GSM-R (User-to-User Information Element usage),
+ HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
+ ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
+ ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
+ Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
+ Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
+ PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
+ Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
+ Spirent Test Center Signature decoding for Ethernet and FibreChannel
+ (STCSIG, disabled by default), Sybase-specific portions of TDS,
+ systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
+ Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
+ Retrieval Protocol
Updated Protocol Support
- All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637,
- AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS,
- EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER,
- DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP,
- Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT,
- Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny,
- SMB, SSL, TCP, text/media, Time, XML
+ Too many protocols have been updated to list here.
New and Updated Capture File Support
- Catapult DCT2000, nettl
+ RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
+ and Unigraf DPA-400 DisplayPort AUX channel monitor
-Getting Wireshark
+ New and Updated Capture Interfaces support
- Wireshark source code and installation packages are available from
- the [1]download page on the main web site.
+ dpauxmon, an external capture interface (extcap) that captures
+ DisplayPort AUX channel data from linux kernel drivers.
- Vendor-supplied Packages
+ sdjournal, an extcap that captures systemd journal entries.
+
+ Major API Changes
- Most Linux and Unix vendors supply their own Wireshark packages.
- You can install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages
- can be found on the [2]download page on the Wireshark web site.
+ • Lua: the various logging functions (debug, info, message, warn
+ and critical) have been removed. Use the print function instead
+ for debugging purposes.
-File Locations
+ • Lua: on Windows, file-related functions such as dofile now assume
+ UTF-8 paths instead of the local code page. This is consistent
+ with Linux and macOS and improves compatibility on non-English
+ systems. (Bug 15118[5])
- Wireshark and TShark look in several different locations for
- preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
- These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
+ Getting Wireshark
-Known Problems
+ Wireshark source code and installation packages are available from
+ https://www.wireshark.org/download.html[6].
+
+ Vendor-supplied Packages
- On Windows systems the packet list scroll bar can sometimes
- disappear or become unusable. Until the problem is fixed you can
- work around it by resizing the packet list or the main window.
- ([3]Bug #220)
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can
+ be found on the download page[7] on the Wireshark web site.
- The Filter button is nonfunctional in the file dialogs under
- Windows.
+ File Locations
- Trying to save flow data may crash Wireshark. ([4]Bug #396)
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
+ locations vary from platform to platform. You can use About→Folders to
+ find the default locations on your system.
- It may not be possible to re-order coloring rules under Windows.
- ([5]Bug #699)
+ Getting Help
- Multiple tap interfaces may cause a crash under FreeBSD. ([6]Bug
- #757)
+ The User’s Guide, manual pages and various other documentation can be
+ found at https://www.wireshark.org/docs/[8]
- Wireshark may crash while viewing TCP streams. ([7]Bug #852)
+ Community support is available on Wireshark’s Q&A site[9] and on the
+ wireshark-users mailing list. Subscription information and archives
+ for all of Wireshark’s mailing lists can be found on the web site[10].
-Getting Help
+ Bugs and feature requests can be reported on the bug tracker[11].
- Community support is available on the wireshark-users mailing
- list. Subscription information and archives for all of Wireshark's
- mailing lists can be found on [8]the web site.
+ Official Wireshark training and certification are available from
+ Wireshark University[12].
- Commercial support, training, and development services are
- available from [9]CACE Technologies.
+ Frequently Asked Questions
-Frequently Asked Questions
+ A complete FAQ is available on the Wireshark web site[13].
- A complete FAQ is available on the [10]Wireshark web site.
+ Last updated 2019-01-20 08:14:50 UTC
-References
+ References
- Visible links
- 1. http://www.wireshark.org/download.html
- 2. http://www.wireshark.org/download.html#otherplat
- 3. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
- 4. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=396
- 5. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=699
- 6. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=757
- 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=852
- 8. http://www.wireshark.org/lists/
- 9. http://www.cacetech.com/
- 10. http://www.wireshark.org/faq.html
+ 1. 1
+ 2. 2
+ 3. 3
+ 4. 4
+ 5. 5
+ 6. 6
+ 7. 7
+ 8. 8
+ 9. 9
+ 10. 10
+ 11. 11
+ 12. 12
+ 13. 13