- Wireshark 1.11.3 Release Notes
+ Wireshark 1.99.9 Release Notes
- This is an experimental release intended to test new features
- for the next stable release.
- __________________________________________________________
+ This is a semi-experimental release intended to test new features for
+ Wireshark 2.0.
+ __________________________________________________________________
What is Wireshark?
- Wireshark is the world's most popular network protocol
- analyzer. It is used for troubleshooting, analysis, development
- and education.
- __________________________________________________________
+ Wireshark is the world's most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
+ __________________________________________________________________
What's New
- Bug Fixes
-
- The following bugs have been fixed:
- * "On-the-wire" packet lengths are limited to 65535 bytes.
- ([1]Bug 8808, ws-buglink:9390)
- * "Follow TCP Stream" shows only the first HTTP req+res.
- ([2]Bug 9044)
- * Files with pcap-ng Simple Packet Blocks can't be read.
- ([3]Bug 9200)
- * MPLS-over-PPP isn't recognized. ([4]Bug 9492)
-
New and Updated Features
- The following features are new (or have been significantly
- updated) since version 1.11.2:
+ The following features are new (or have been significantly updated)
+ since version 1.99.8:
+ * Qt port:
+ + The MTP3 statistics and summary dialogs have been added.
+ + The WAP-WSP statistics dialog has been added.
+ + The UDP multicast statistics dialog has been added.
+ + The WLAN statistics dialog has been added.
+ + The display filter macros dialog has been added.
+ + The capture file properties dialog now includes packet
+ comments.
+ + Many more statistics dialogs can be opened from the command
+ line via -z ....
+ + Most dialogs now have a cancellable progress bar.
+ + Many packet list and packet detail context menus items have
+ been added.
+ + Lua plugins can be reloaded from the Analyze menu.
+ + Many bug fixes and improvements.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.7:
+ * Qt port:
+ + The Enabled Protocols dialog has been added.
+ + Many statistics dialogs have been added, including Service
+ response time, DHCP/BOOTP, and ANSI.
+ + The RTP Analysis dialog has been added.
+ + Lua dialog support has been added.
+ + You can now manually resolve addresses.
+ + The Resolved Addresses dialog has been added.
+ + The packet list scrollbar now has a minimap.
+ + The capture interfaces dialog has been updated.
+ + You can now colorize conversations.
+ + Welcome screen behavior has been improved.
+ + Plugin support has been improved.
+ + Many dialogs should now more correctly minimize and maximize.
+ + The reload button has been added back to the toolbar.
+ + The "Decode As" dialog no longer saves decoding behavior.
+ + You can now stop loading large capture files.
+ + The Bluetooth HCI Summary has been added.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.6:
* Qt port:
- + The About dialog has been added
- + The Capture Interfaces dialog has been added.
- + The Decode As dialog has been added. It managed to
- swallow up the User Specified Decodes dialog as well.
- + The Export PDU dialog has been added.
- + Several SCTP dialogs have been added.
- + The statistics tree (the backend for many Statistics
- and Telephony menu items) dialog has been added.
- + The I/O Graph dialog has been added.
- + French translation has updated.
-
- The following features are new (or have been significantly
- updated) since version 1.11.1:
- * Mac OS X packaging has been improved.
-
- The following features are new (or have been significantly
- updated) since version 1.11.0:
- * Dissector output may be encoded as UTF-8. This includes
- TShark output.
+ + The Bluetooth Devices dialog has been added.
+ + The wireless toolbar has been added.
+ + Opening files via drag and drop is now supported.
+ + The Capture Filter and Display Filter dialogs have been added.
+ + The Display Filter Expression dialog has been added.
+ + Conversation Filter menu items have been added.
+ + You can change protocol preferences by right clicking on the
+ packet list and details.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.4 and 1.99.5:
* Qt port:
- + The Follow Stream dialog now supports packet and TCP
- stream selection.
- + A Flow Graph (sequence diagram) dialog has been added.
- + The main window now respects geometry preferences.
-
- The following features are new (or have been significantly
- updated) since version 1.10:
- * Wireshark now uses the Qt application framework. The new UI
- should provide a significantly better user experience,
- particularly on Mac OS X and Windows.
- * The Windows installer now uninstalls the previous version
- of Wireshark silently. You can still run the uninstaller
- manually beforehand if you wish to run it interactively.
- * Expert information is now filterable when the new API is in
- use.
- * The "Number" column shows related packets and protocol
- conversation spans (Qt only).
- * When manipulating packets with editcap using the -C
- <choplen> and/or -s <snaplen> options, it is now possible
- to also adjust the original frame length using the -L
- option.
- * You can now pass the -C <choplen> option to editcap
- multiple times, which allows you to chop bytes from the
- beginning of a packet as well as at the end of a packet in
- a single step.
- * You can now specify an optional offset to the -C option for
- editcap, which allows you to start chopping from that
- offset instead of from the absolute packet beginning or
- end.
- * "malformed" display filter has been renamed to
- "_ws.malformed". A handful of other filters have been given
- the "_ws." prefix to note they are Wireshark application
- specific filters and not dissector filters.
-
- Removed dissectors
-
- * The ASN1 plugin has been removed as it's deemed obsolete.
- * The GNM dissector has been removed as it was never used.
+ + Capture restarts are now supported.
+ + Menu items for plugins are now supported.
+ + Extcap interfaces are now supported.
+ + The Expert Information dialog has been added.
+ + Display and capture filter completion is now supported.
+ + Many bugs have been fixed.
+ + Translations have been updated.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.3:
+ * Qt port:
+ + Several interface bugs have been fixed.
+ + Translations have been updated.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.2:
+ * Qt port:
+ + Several bugs have been fixed.
+ + You can now open a packet in a new window.
+ + The Bluetooth ATT Server Attributes dialog has been added.
+ + The Coloring Rules dialog has been added.
+ + Many translations have been updated. Chinese, Italian and
+ Polish translations are complete.
+ + General user interface and usability improvements.
+ + Automatic scrolling during capture now works.
+ + The related packet indicator has been updated.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.1:
+ * Qt port:
+ + The welcome screen layout has been updated.
+ + The Preferences dialog no longer crashes on Windows.
+ + The packet list header menu has been added.
+ + Statistics tree plugins are now supported.
+ + The window icon is now displayed properly in the Windows
+ taskbar.
+ + A packet list an byte view selection bug has been fixed
+ ([1]Bug 10896)
+ + The RTP Streams dialog has been added.
+ + The Protocol Hierarchy Statistics dialog has been added.
+
+ The following features are new (or have been significantly updated)
+ since version 1.99.0:
+ * Qt port:
+ + You can now show and hide toolbars and major widgets using the
+ View menu.
+ + You can now set the time display format and precision.
+ + The byte view widget is much faster, particularly when
+ selecting large reassembled packets.
+ + The byte view is explorable. Hovering over it highlights the
+ corresponding field and shows a description in the status bar.
+ + An Italian translation has been added.
+ + The Summary dialog has been updated and renamed to Capture
+ File Properties.
+ + The VoIP Calls and SIP Flows dialogs have been added.
+ + Support for HiDPI / Retina displays has been improved in the
+ official packages.
+ * DNS stats: + A new stats tree has been added to the Statistics
+ menu. Now it is possible to collect stats such as qtype/qclass
+ distribution, number of resource record per response section, and
+ stats data (min, max, avg) for values such as query name length or
+ DNS payload.
+ * HPFEEDS stats: + A new stats tree has been added to the statistics
+ menu. Now it is possible to collect stats per channel (messages
+ count and payload size), and opcode distribution.
+ * HTTP2 stats: + A new stats tree has been added to the statistics
+ menu. Now it is possible to collect stats (type distribution).
+
+ The following features are new (or have been significantly updated)
+ since version 1.12.0:
+ * The I/O Graph in the Gtk+ UI now supports an unlimited number of
+ data points (up from 100k).
+ * TShark now resets its state when changing files in ring-buffer
+ mode.
+ * Expert Info severities can now be configured.
+ * Wireshark now supports external capture interfaces. External
+ capture interfaces can be anything from a tcpdump-over-ssh pipe to
+ a program that captures from proprietary or non-standard hardware.
+ This functionality is not available in the Qt UI yet.
+ * Qt port:
+ + The Qt UI is now the default (program name is wireshark).
+ + A Polish translation has been added.
+ + The Interfaces dialog has been added.
+ + The interface list is now updated when interfaces appear or
+ disappear.
+ + The Conversations and Endpoints dialogs have been added.
+ + A Japanese translation has been added.
+ + It is now possible to manage remote capture interfaces.
+ + Windows: taskbar progress support has been added.
+ + Most toolbar actions are in place and work.
+ + More command line options are now supported
+
+ New File Format Support
+
+ BTSNOOP, PCAP, and PCAPNG
New Protocol Support
- 29West, 802.1AE Secure tag, ACR122, ADB Client-Server, AllJoyn,
- Apple PKTAP, Aruba Instant AP, ASTERIX, ATN, Bencode, Bluetooth
- 3DS, Bluetooth HSP, Bluetooth Linux Monitor Transport,
- Bluetooth Low Energy, Bluetooth Low Energy RF Info, CARP, CFDP,
- Cisco MetaData, DCE/RPC MDSSVC, DeviceNet, ELF file format,
- EXPORTED PDU, FINGER, HDMI, HTTP2, IDRP, IEEE 1722a, ILP, iWARP
- Direct Data Placement and Remote Direct Memory Access Protocol,
- Kafka, Kyoto Tycoon, Landis & Gyr Telegyr 8979, LBM, LBMC,
- LBMPDM, LBMPDM-TCP, LBMR, LBT-RM, LBT-RU, LBT-TCP, Lightweight
- Mesh (v1.1.1), Linux netlink, Linux netlink netfilter, Linux
- netlink sock diag, Linux rtnetlink (route netlink), Logcat,
- MBIM, MiNT, MP4 / ISOBMFF file format, MQ Telemetry Transport
- Protocol, Novell PKIS certificate extensions, NXP PN532 HCI,
- Open Sound Control, OpenFlow, Pathport, PDC, Picture Transfer
- Protocol Over IP, PKTAP, Private Data Channel, QUIC (Quick UDP
- Internet Connections), SAE J1939, SEL RTAC (Real Time
- Automation Controller) EIA-232 Serial-Line Dissection, Sippy
- RTPproxy, SMB-Direct, STANAG 4607, STANAG 5066 DTS, STANAG 5066
- SIS, Tinkerforge, Ubertooth, UDT, URL Encoded Form Data, USB
- Communications and CDC Control, USB Device Firmware Upgrade,
- VP8, WHOIS, Wi-Fi Display, and ZigBee Green Power profile
+ (LISP) TCP Control Message, Aeron, AllJoyn Reliable Datagram Protocol,
+ Android ADB, Android Logcat text, Apache Tribes Heartbeat, BGP
+ Monitoring Prototol (BMP), C15 Call History Protocol dissection
+ (C15ch), ceph, Concise Binary Object Representation (CBOR) (RFC 7049),
+ corosync/totemnet corosync cluster engine ( lowest
+ levelencryption/decryption protocol), corosync/totemsrp corosync
+ cluster engine ( totem single ring protocol), Couchbase, CP "Cooper"
+ 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC
+ 4728), Elasticsearch, ETSI Card Application Toolkit - Transport
+ Protocol, eXpressive Internet Protocol (XIP), Generic Network
+ Virtualization Encapsulation (Geneve), Geospatial and Imagery Access
+ Service (GIAS), GVSP GigE Vision (TM) Streaming Protocol, HCrt, HiQnet,
+ IP Detail Record (IPDR), IPMI Trace, iSER, KNXnetIP, MACsec Key
+ Agreement - EAPoL-MKA, MCPE (Minecraft Pocket Edition), Message Queuing
+ Telemetry Transport For Sensor Networks (MQTT-SN), Network File System
+ over Remote Direct Memory Access (NFSoRDMA), OCFS2, OptoMMP,
+ Performance Co-Pilot Proxy, QNEX6 (QNET), RakNet games library, Remote
+ Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure Socket
+ Tunnel Protocol (SSTP), Shared Memory Communications - RDMA, Stateless
+ Transport Tunneling, Thrift, Time Division Multiplexing over Packet
+ Network (TDMoP), Video Services over IP (VSIP), Windows Search Protocol
+ (MS-WSP), and ZVT Kassenschnittstelle
Updated Protocol Support
New and Updated Capture File Support
- Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer
- Sublayer
+ 3GPP TS 32.423 Trace, Android Logcat text files, Colasoft Capsa files,
+ Netscaler 3.5, and Wireshark now supports nanosecond timestamp
+ resolution in PCAP-NG files.
+
+ New and Updated Capture Interfaces support
+
+ and Androiddump - provide interfaces to capture (Logcat and Bluetooth)
+ from connected Android devices
Major API Changes
The libwireshark API has undergone some major changes:
- * A more flexible, modular memory manager (wmem) has been
- added. It was available experimentally in 1.10 but is now
- mature and has mostly replaced the old emem API (which is
- deprecated).
- * A new API for expert information has been added, replacing
- the old one.
- * The tvbuff API has been cleaned up: tvb_length has been
- renamed to tvb_captured_length for clarity, and
- tvb_get_string and tvb_get_stringz have been deprecated in
- favour of tvb_get_string_enc and tvb_get_stringz_enc.
- __________________________________________________________
+ * The emem framework (including all ep_ and se_ memory allocation
+ routines) has been completely removed in favour of wmem which is
+ now fully mature.
+ * The (long-since-broken) Python bindings support has been removed.
+ If you want to write dissectors in something other than C, use Lua.
+ * Plugins can now create GUI menu items.
+ * Heuristic dissectors can now be globally enabled/disabled so
+ heur_dissector_add() has a few more parameters to make that
+ possible
+ __________________________________________________________________
Getting Wireshark
- Wireshark source code and installation packages are available
- from [5]http://www.wireshark.org/download.html.
+ Wireshark source code and installation packages are available from
+ [2]https://www.wireshark.org/download.html.
Vendor-supplied Packages
- Most Linux and Unix vendors supply their own Wireshark
- packages. You can usually install or upgrade Wireshark using
- the package management system specific to that platform. A list
- of third-party packages can be found on the [6]download page on
- the Wireshark web site.
- __________________________________________________________
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can be
+ found on the [3]download page on the Wireshark web site.
+ __________________________________________________________________
File Locations
- Wireshark and TShark look in several different locations for
- preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
- These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
- __________________________________________________________
+ Wireshark and TShark look in several different locations for preference
+ files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
+ vary from platform to platform. You can use About->Folders to find the
+ default locations on your system.
+ __________________________________________________________________
Known Problems
- Dumpcap might not quit if Wireshark or TShark crashes. ([7]Bug
- 1419)
-
- The BER dissector might infinitely loop. ([8]Bug 1516)
+ Dumpcap might not quit if Wireshark or TShark crashes. ([4]Bug 1419)
- Capture filters aren't applied when capturing from named pipes.
- (ws-buglink:1814)
+ The BER dissector might infinitely loop. ([5]Bug 1516)
- Filtering tshark captures with read filters (-R) no longer
- works. ([9]Bug 2234)
+ Capture filters aren't applied when capturing from named pipes. ([6]Bug
+ 1814)
- The 64-bit Windows installer does not support Kerberos
- decryption. ([10]Win64 development page)
+ Filtering tshark captures with read filters (-R) no longer works.
+ ([7]Bug 2234)
- Resolving ([11]Bug 9044) reopens ([12]Bug 3528) so that
- Wireshark no longer automatically decodes gzip data when
- following a TCP stream.
+ Resolving ([8]Bug 9044) reopens ([9]Bug 3528) so that Wireshark no
+ longer automatically decodes gzip data when following a TCP stream.
- Application crash when changing real-time option. ([13]Bug
- 4035)
+ Application crash when changing real-time option. ([10]Bug 4035)
- Hex pane display issue after startup. ([14]Bug 4056)
+ Hex pane display issue after startup. ([11]Bug 4056)
- Packet list rows are oversized. ([15]Bug 4357)
+ Packet list rows are oversized. ([12]Bug 4357)
- Summary pane selected frame highlighting not maintained.
- ([16]Bug 4445)
+ Wireshark and TShark will display incorrect delta times in some cases.
+ ([13]Bug 4985)
- Wireshark and TShark will display incorrect delta times in some
- cases. ([17]Bug 4985)
+ The 64-bit version of Wireshark will leak memory on Windows when the
+ display depth is set to 16 bits ([14]Bug 9914)
- The 64-bit Mac OS X installer doesn't support Mac OS X 10.9
- ([18]Bug 9242)
- __________________________________________________________
+ Wireshark should let you work with multiple capture files. ([15]Bug
+ 10488)
+ __________________________________________________________________
Getting Help
- Community support is available on [19]Wireshark's Q&A site and
- on the wireshark-users mailing list. Subscription information
- and archives for all of Wireshark's mailing lists can be found
- on [20]the web site.
+ Community support is available on [16]Wireshark's Q&A site and on the
+ wireshark-users mailing list. Subscription information and archives for
+ all of Wireshark's mailing lists can be found on [17]the web site.
- Official Wireshark training and certification are available
- from [21]Wireshark University.
- __________________________________________________________
+ Official Wireshark training and certification are available from
+ [18]Wireshark University.
+ __________________________________________________________________
Frequently Asked Questions
- A complete FAQ is available on the [22]Wireshark web site.
- __________________________________________________________
+ A complete FAQ is available on the [19]Wireshark web site.
+ __________________________________________________________________
- Last updated 2014-04-15 09:19:56 PDT
+ Last updated 2015-09-01 18:01:23 UTC
References
- 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
- 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
- 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9492
- 5. http://www.wireshark.org/download.html
- 6. http://www.wireshark.org/download.html#thirdparty
- 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
- 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
- 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
- 10. https://wiki.wireshark.org/Development/Win64
- 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
- 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
- 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
- 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
- 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
- 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
- 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
- 19. http://ask.wireshark.org/
- 20. http://www.wireshark.org/lists/
- 21. http://www.wiresharktraining.com/
- 22. http://www.wireshark.org/faq.html
+ 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10896
+ 2. https://www.wireshark.org/download.html
+ 3. https://www.wireshark.org/download.html#thirdparty
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
+ 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
+ 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
+ 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9914
+ 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
+ 16. https://ask.wireshark.org/
+ 17. https://www.wireshark.org/lists/
+ 18. http://www.wiresharktraining.com/
+ 19. https://www.wireshark.org/faq.html