-== December 7, 2002
-Ethereal 0.9.8 has been released.
+ Wireshark 1.11.1 Release Notes
+ __________________________________________________________________
+
+What is Wireshark?
+
+ Wireshark is the world's most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
+ __________________________________________________________________
+
+What's New
+
+ Bug Fixes
+
+ The following bugs have been fixed:
+ * "On-the-wire" packet lengths are limited to 65535 bytes. ([1]Bug
+ 8808, ws-buglink:9390)
+ * "Follow TCP Stream" shows only the first HTTP req+res. ([2]Bug
+ 9044)
+ * Files with pcap-ng Simple Packet Blocks can't be read. ([3]Bug
+ 9200)
+ New and Updated Features
-New and Updated Features
+ The following features are new (or have been significantly updated)
+ since version 1.11.0:
+ * Qt port:
+ + The Follow Stream dialog now supports packet and TCP stream
+ selection.
+ + A Flow Graph (sequence diagram) dialog has been added.
+ + The main window now respects geometry preferences.
- The TAP subsystem received major updates. Tethereal can display
- more statistics, and several graphs have been added to Ethereal.
+ The following features are new (or have been significantly updated)
+ since version 1.10:
+ * Wireshark now uses the Qt application framework. The new UI should
+ provide a significantly better user experience, particularly on Mac
+ OS X and Windows.
+ * A more flexible, modular memory manger (wmem) has been added. It
+ was available experimentally in 1.10 but is now mature and has
+ mostly replaced the old API.
+ * Expert info is now filterable and now requires a new API.
+ * The Windows installer now uninstalls the previous version of
+ Wireshark silently. You can still run the uninstaller manually
+ beforehand if you wish to run it interactively.
+ * The "Number" column shows related packets and protocol conversation
+ spans (Qt only).
+ * When manipulating packets with editcap using the -C <choplen>
+ and/or -s <snaplen> options, it is now possible to also adjust the
+ original frame length using the -L option.
+ * You can now pass the -C <choplen> option to editcap multiple times,
+ which allows you to chop bytes from the beginning of a packet as
+ well as at the end of a packet in a single step.
+ * You can now specify an optional offset to the -C option for
+ editcap, which allows you to start chopping from that offset
+ instead of from the absolute packet beginning or end.
+ * "malformed" display filter has been renamed to "_ws.malformed". A
+ handful of other filters have been given the "_ws." prefix to note
+ they are Wireshark application specific filters and not dissector
+ filters.
- A protocol hierarchy statistics tap was added to tethereal. This code
- may be used to replace the hierarchy statistics code in Ethereal.
-
- More updates have been added to TCP analysis.
+ New Protocol Support
- After a long hiatus, the Windows installer once again includes SNMP
- support.
+ 802.1AE Secure tag, ASTERIX, ATN, BT 3DS, CARP, Cisco MetaData, ELF
+ file format, EXPORTED PDU, FINGER, HTTP2, IDRP, ILP, Kafka, MBIM, MiNT,
+ MP4/ISOBMFF file format, NXP PN532 HCI, OpenFlow, Picture Transfer Protocol
+ Over IP, QUIC (Quick UDP Internet Connections), SEL RTAC (Real Time
+ Automation Controller) EIA-232 Serial-Line Dissection, Sippy RTPproxy,
+ STANAG 4607, STANAG 5066 SIS, Tinkerforge, UDT, URL Encoded Form Data,
+ WHOIS, and Wi-Fi Display
- The total running time of the capture is now displayed in the capture
- progress dialog box. The capture progress dialog also shows ARP packets.
+ Updated Protocol Support
+
+ Too many protocols have been updated to list here.
+
+ New and Updated Capture File Support
+
+ Netscaler 2.6, and STANAG 4607
+ __________________________________________________________________
+
+Getting Wireshark
+
+ Wireshark source code and installation packages are available from
+ [4]http://www.wireshark.org/download.html.
+
+ Vendor-supplied Packages
+
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can be
+ found on the [5]download page on the Wireshark web site.
+ __________________________________________________________________
+
+File Locations
+
+ Wireshark and TShark look in several different locations for preference
+ files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
+ vary from platform to platform. You can use About->Folders to find the
+ default locations on your system.
+ __________________________________________________________________
+
+Known Problems
+
+ Dumpcap might not quit if Wireshark or TShark crashes. ([6]Bug 1419)
+
+ The BER dissector might infinitely loop. ([7]Bug 1516)
+
+ Capture filters aren't applied when capturing from named pipes.
+ (ws-buglink:1814)
+
+ Filtering tshark captures with read filters (-R) no longer works.
+ ([8]Bug 2234)
+
+ The 64-bit Windows installer does not support Kerberos decryption.
+ ([9]Win64 development page)
+
+ Resolving ([10]Bug 9044) reopens ([11]Bug 3528) so that Wireshark no
+ longer automatically decodes gzip data when following a TCP stream.
+
+ Application crash when changing real-time option. ([12]Bug 4035)
+
+ Hex pane display issue after startup. ([13]Bug 4056)
+
+ Packet list rows are oversized. ([14]Bug 4357)
+
+ Summary pane selected frame highlighting not maintained. ([15]Bug 4445)
+
+ Wireshark and TShark will display incorrect delta times in some cases.
+ ([16]Bug 4985)
+
+ The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 ([17]Bug
+ 9242)
+ __________________________________________________________________
+
+Getting Help
+
+ Community support is available on [18]Wireshark's Q&A site and on the
+ wireshark-users mailing list. Subscription information and archives for
+ all of Wireshark's mailing lists can be found on [19]the web site.
- The look of the plugins dialog was revamped.
+ Official Wireshark training and certification are available from
+ [20]Wireshark University.
+ __________________________________________________________________
+Frequently Asked Questions
-Bug Fixes and Updates
+ A complete FAQ is available on the [21]Wireshark web site.
+ __________________________________________________________________
- A bug which caused Ethereal under Windows to crash when "Update list of
- packets in real time" was enabled has been fixed.
+ Last updated 2013-11-15 00:54:41 CET
- Serious problems with the BGP, LMP, PPP, and TDS dissectors have been
- discovered. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00007.html
-
- for more details.
-
- The stability of the text2pcap utility has been improved.
-
- In tethereal, the packet count is properly displayed when you ^C out of a
- capture.
-
-
-New Protocols
-
- ARCNET, ClearCase NFS, DCERPC LSA_DS, HyperSCSI, MDNS, PCLI, RPL
-
-
-Updated Protocols
-
- AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
- DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GTP, HTTP, IPv6CP, IPX, iSCSI,
- ISDN, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS, NTLMSSP, OSPF, PPP,
- PPPoE, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP, Spanning Tree, SPNEGO,
- SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120, WEP, YPSERV
-
-
-Updated Capture File Support
-
- AIX tcpdump, NetXRay, Sniffer, snoop
-
-
-== September 28, 2002
-
-Ethereal 0.9.7 has been released.
-
-New Features
-
- In order to improve the out-of-box responsiveness of Ethereal and
- Tethereal, network name resolution has been disabled by default.
-
- TCP analysis (a feature added in the 0.9.6 release) was improved.
-
- The NCP code base received quite a few updates.
-
- Initial support for version 2 of the GTK+ library was added.
-
- RPC staticstics (which use the new Tap API) were added.
-
- Due to added and updated support for the NTLM, SNEGO, and GSS-API
- protocols, Ethereal can now dissect most of the security blobs for
- Windows 2000 authentication.
-
- The Ethernet "manuf" file now handles addresses specified with a
- mask, and contains many well-known addresses.
-
-
-New Protocols
-
- 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and Juniper),
- SCCP-Management, SPNEGO
-
- The following DCE/RPC protocols were also added:
-
- AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, DNSSERVER,
- DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, REP_PROC,
- ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
- RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
-
-
-Updated Protocols
-
- AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, DCE/RPC
- NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-IS,
- Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, OSI
- Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, WSP,
-
-
-== August 20, 2002
-
-Ethereal 0.9.6 has been released.
-
-Bugs Fixed
-
- A buffer overflow in the ISIS dissector has been fixed. More
- information can be found at
- http://www.ethereal.com/appnotes/enpa-sa-00006.html.
-
- A bad TCP header could cause problems for the "Follow TCP Stream"
- feature.
-
- Setting "column.format" from the command line no longer crashes
- Ethereal and Tethereal.
-
- Problems with capture files being overwritten (e.g. if you try to save over
- the current capture file) have been fixed.
-
- An SMB conversation handling bug has been fixed.
-
- Thanks to Valgrind, several memory leaks have been fixed.
-
- Some problems with printing under Windows have been fixed.
-
-
-New Features
-
- TCP sequence number analysis has been added.
-
- The DCE RPC NETLOGON dissector has received a major overhaul.
-
- Data types throughout the code have been cleaned up.
-
-
-New Protocols
-
- CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
-
-
-Updated Protocols
-
- 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC
- REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP,
- LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP,
- Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
- SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
-
-
-Capture File Updates
-
-CheckPoint Firewall-1 monitor file support and CoSine debug file support
-were added. Support for pppdump and Netmon files was updated.
-
-
-== June 28, 2002
-
-Ethereal 0.9.5 has been released. This version fixes several potential
-security problems revealed since the release of 0.9.4. See the security
-advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
-more details.
-
-
-New Features:
-
-The ability to read packet data from a pipe was enhanced. Printing
-under Windows now works.
-
-
-New Protocols
-
-802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
-
-
-Updated Protocols
-
-ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
-MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
-SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
-WCP, WEP, WSP, WTP
-
-
-Capture File Updates
-
-Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
-NetXRay, and libpcap code all received updates.
+References
+ 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
+ 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
+ 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
+ 4. http://www.wireshark.org/download.html
+ 5. http://www.wireshark.org/download.html#thirdparty
+ 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 9. https://wiki.wireshark.org/Development/Win64
+ 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
+ 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
+ 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
+ 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
+ 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
+ 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
+ 18. http://ask.wireshark.org/
+ 19. http://www.wireshark.org/lists/
+ 20. http://www.wiresharktraining.com/
+ 21. http://www.wireshark.org/faq.html