+Wireshark 2.5.1 Release Notes
- Wireshark 1.99.0 Release Notes
+ This is a semi-experimental release intended to test new features
+ for Wireshark 2.6.
- This is an experimental release intended to test new features for the
- next stable release.
- __________________________________________________________________
+ What is Wireshark?
-What is Wireshark?
+ Wireshark is the world’s most popular network protocol analyzer.
+ It is used for troubleshooting, analysis, development and
+ education.
- Wireshark is the world's most popular network protocol analyzer. It is
- used for troubleshooting, analysis, development and education.
- __________________________________________________________________
+ What’s New
-What's New
+ Wireshark 2.6 is the last release that will support the legacy
+ (GTK+) user interface. It will not be supported or available in
+ Wireshark 3.0.
- Bug Fixes
+ Many user interface improvements have been made. See the “New
+ and Updated Features” section below for more details.
- The following bugs have been fixed:
- * "On-the-wire" packet lengths are limited to 65535 bytes. ([1]Bug
- 8808, ws-buglink:9390)
- * "Follow TCP Stream" shows only the first HTTP req+res. ([2]Bug
- 9044)
- * Files with pcap-ng Simple Packet Blocks can't be read. ([3]Bug
- 9200)
- * MPLS-over-PPP isn't recognized. ([4]Bug 9492)
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug
+ 1419[1])
New and Updated Features
- The following features are new (or have been significantly updated)
- since version 1.12.0:
- * The I/O Graph in the Gtk+ UI now supports an unlimited number of
- data points (up from 100k).
- * tshark now resets its state when changing files in ring-buffer
- mode.
- * Expert Info severities can now be configured.
- * Qt port:
- + A Polish translation has been added.
- + The Interfaces dialog has been added.
- + The interface list is now updated when interfaces appear or
- disappear.
- + The Conversations dialog has been added.
- + A Japanese translation has been added.
- + It is now possible to manage remote capture interfaces.
- + Windows: taskbar progress support has been added.
-
- The following features are new (or have been significantly updated)
- since version 1.11.3:
- * Transport name resolution is now disabled by default.
- * Support has been added for all versions of the DCBx protocol.
- * Cleanup of LLDP code, all dissected fields are now navigable.
-
- The following features are new (or have been significantly updated)
- since version 1.11.2:
- * Qt port:
- + The About dialog has been added
- + The Capture Interfaces dialog has been added.
- + The Decode As dialog has been added. It managed to swallow up
- the User Specified Decodes dialog as well.
- + The Export PDU dialog has been added.
- + Several SCTP dialogs have been added.
- + The statistics tree (the backend for many Statistics and
- Telephony menu items) dialog has been added.
- + The I/O Graph dialog has been added.
- + French translation has updated.
-
- The following features are new (or have been significantly updated)
- since version 1.11.1:
- * Mac OS X packaging has been improved.
-
- The following features are new (or have been significantly updated)
- since version 1.11.0:
- * Dissector output may be encoded as UTF-8. This includes TShark
- output.
- * Qt port:
- + The Follow Stream dialog now supports packet and TCP stream
- selection.
- + A Flow Graph (sequence diagram) dialog has been added.
- + The main window now respects geometry preferences.
-
- The following features are new (or have been significantly updated)
- since version 1.10:
- * Wireshark now uses the Qt application framework. The new UI should
- provide a significantly better user experience, particularly on Mac
- OS X and Windows.
- * The Windows installer now uninstalls the previous version of
- Wireshark silently. You can still run the uninstaller manually
- beforehand if you wish to run it interactively.
- * Expert information is now filterable when the new API is in use.
- * The "Number" column shows related packets and protocol conversation
- spans (Qt only).
- * When manipulating packets with editcap using the -C <choplen>
- and/or -s <snaplen> options, it is now possible to also adjust the
- original frame length using the -L option.
- * You can now pass the -C <choplen> option to editcap multiple times,
- which allows you to chop bytes from the beginning of a packet as
- well as at the end of a packet in a single step.
- * You can now specify an optional offset to the -C option for
- editcap, which allows you to start chopping from that offset
- instead of from the absolute packet beginning or end.
- * "malformed" display filter has been renamed to "_ws.malformed". A
- handful of other filters have been given the "_ws." prefix to note
- they are Wireshark application specific filters and not dissector
- filters.
- * The Kerberos dissector has been replaced with an auto generated one
- from ASN1 protocol description, changing a lot of filter names.
+ The following features are new (or have been significantly
+ updated) since version 2.5.0:
- New Protocol Support
+ • HTTP Referer statistics are now supported.
- ceph, corosync/totemnet, corosync/totemsrp, Generic Network
- Virtualization Encapsulation (Geneve), IPMI Trace, iSER, OptoMMP, and
- Stateless Transport Tunneling
+ • Wireshark now supports MaxMind DB files. Support for GeoIP
+ and GeoLite Legacy databases has been removed.
- Updated Protocol Support
+ • The Windows packages are now built using Microsoft Visual
+ Studio 2017.
- Too many protocols have been updated to list here.
+ • The IP map feature (the “Map” button in the “Endpoints”
+ dialog) has been removed.
- New and Updated Capture File Support
+ The following features are new (or have been significantly
+ updated) since version 2.4.0:
- Android logcat text files
+ • Display filter buttons can now be edited, disabled, and
+ removed via a context menu directly from the toolbar
- Major API Changes
+ • Drag & Drop filter fields to the display filter toolbar or
+ edit to create a button on the fly or apply the filter as a
+ display filter.
- The libwireshark API has undergone some major changes:
- * Many of the ep_ and se_ memory allocation routines have been
- removed.
- * The (long-since-broken) Python bindings support has been removed
- from Wireshark. If you want to write dissectors in something other
- than C, use Lua.
- __________________________________________________________________
+ • Application startup time has been reduced.
-Getting Wireshark
+ • Some keyboard shortcut mix-ups have been resolved by
+ assigning new shortcuts to Edit → Copy methods.
- Wireshark source code and installation packages are available from
- [5]http://www.wireshark.org/download.html.
+ • TShark now supports color using the --color option.
- Vendor-supplied Packages
+ • The "matches" display filter operator is now
+ case-insensitive.
+
+ • Display expression (button) preferences have been converted
+ to a UAT. This puts the display expressions in their own
+ file. Wireshark still supports preference files that
+ contain the old preferences, but new preference files will
+ be written without the old fields.
+
+ • SMI private enterprise numbers are now read from the
+ "enterprises.tsv" configuration file.
+
+ • The QUIC dissector has been renamed to Google QUIC (quic →
+ gquic).
+
+ • The selected packet number can now be shown in the Status
+ Bar by enabling Preferences → Appearance → Layout → Show
+ selected packet number.
+
+ • File load time in the Status Bar is now disabled by default
+ and can be enabled in Preferences → Appearance → Layout →
+ Show file load time.
+
+ • Support for the G.729A codec in the RTP Player is now added
+ via the bcg729 library.
+
+ • Support for hardware-timestamping of packets has been
+ added.
+
+ • Improved NetMon .cap support with comments, event tracing,
+ network filter, network info types and some Message
+ Analyzer exported types.
+
+ • The personal plugins folder on Linux/Unix is now
+ ~/.local/lib/wireshark/plugins.
+
+ • TShark can print flow graphs using -z flow…
+
+ • Capinfos now prints SHA256 hashes in addition to RIPEMD160
+ and SHA1. MD5 output has been removed.
- Most Linux and Unix vendors supply their own Wireshark packages. You
- can usually install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages can be
- found on the [6]download page on the Wireshark web site.
- __________________________________________________________________
+ • The packet editor has been removed. (This was a GTK+ only
+ experimental feature.)
-File Locations
+ • Support BBC micro:bit Bluetooth profile
- Wireshark and TShark look in several different locations for preference
- files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
- vary from platform to platform. You can use About->Folders to find the
- default locations on your system.
- __________________________________________________________________
+ • The Linux and UNIX installation step for Wireshark will now
+ install headers required to build plugins. A pkg-config
+ file is provided to help with this (see doc/plugins.example
+ for details). Note you must still rebuild all plugins
+ between minor releases (X.Y).
-Known Problems
+ • The Windows installers and packages now ship with Qt 5.9.4.
- Dumpcap might not quit if Wireshark or TShark crashes. ([7]Bug 1419)
+ • The generic data dissector can now uncompress zlib
+ compressed data.
- The BER dissector might infinitely loop. ([8]Bug 1516)
+ New Protocol Support
+
+ ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast
+ Tunneling), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet
+ switch management frames), CAN-ETH, CVS password server,
+ Excentis DOCSIS31 XRA header, F5ethtrailer, FP Mux, GRPC
+ (gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN
+ (HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport
+ of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame
+ Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
+ Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency
+ Protocol (UDP), Network Functional Application Platform
+ Interface (NFAPI) Protocol, New Radio Radio Resource Control
+ protocol, NXP 802.15.4 Sniffer Protocol, PFCP (Packet
+ Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC
+ (IETF), RFC 4108 Using CMS to Protect Firmware Packages,
+ Session Multiplex Protocol, SolarEdge monitoring protocol,
+ Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and
+ OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
+ Protocol
+
+ Updated Protocol Support
+
+ Too many protocols have been updated to list here.
+
+ New and Updated Capture File Support
+
+ Microsoft Network Monitor
+
+ New and Updated Capture Interfaces support
+
+ LoRaTap
+
+ Getting Wireshark
+
+ Wireshark source code and installation packages are available
+ from https://www.wireshark.org/download.html[2].
+
+ Vendor-supplied Packages
- Capture filters aren't applied when capturing from named pipes.
- (ws-buglink:1814)
+ Most Linux and Unix vendors supply their own Wireshark
+ packages. You can usually install or upgrade Wireshark using
+ the package management system specific to that platform. A list
+ of third-party packages can be found on the download page[3] on
+ the Wireshark web site.
- Filtering tshark captures with read filters (-R) no longer works.
- ([9]Bug 2234)
+ File Locations
- The 64-bit Windows installer does not support Kerberos decryption.
- ([10]Win64 development page)
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
+ These locations vary from platform to platform. You can use
+ About→Folders to find the default locations on your system.
- Resolving ([11]Bug 9044) reopens ([12]Bug 3528) so that Wireshark no
- longer automatically decodes gzip data when following a TCP stream.
+ Known Problems
- Application crash when changing real-time option. ([13]Bug 4035)
+ The BER dissector might infinitely loop. (Bug 1516[4])
- Hex pane display issue after startup. ([14]Bug 4056)
+ Capture filters aren’t applied when capturing from named pipes.
+ (Bug 1814[5])
- Packet list rows are oversized. ([15]Bug 4357)
+ Filtering tshark captures with read filters (-R) no longer
+ works. (Bug 2234[6])
- Summary pane selected frame highlighting not maintained. ([16]Bug 4445)
+ Application crash when changing real-time option. (Bug 4035[7])
- Wireshark and TShark will display incorrect delta times in some cases.
- ([17]Bug 4985)
+ Wireshark and TShark will display incorrect delta times in some
+ cases. (Bug 4985[8])
- The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 ([18]Bug
- 9242)
- __________________________________________________________________
+ Wireshark should let you work with multiple capture files. (Bug
+ 10488[9])
-Getting Help
+ Getting Help
- Community support is available on [19]Wireshark's Q&A site and on the
- wireshark-users mailing list. Subscription information and archives for
- all of Wireshark's mailing lists can be found on [20]the web site.
+ Community support is available on Wireshark’s Q&A site[10] and
+ on the wireshark-users mailing list. Subscription information
+ and archives for all of Wireshark’s mailing lists can be found
+ on the web site[11].
- Official Wireshark training and certification are available from
- [21]Wireshark University.
- __________________________________________________________________
+ Official Wireshark training and certification are available from
+ Wireshark University[12].
-Frequently Asked Questions
+ Frequently Asked Questions
- A complete FAQ is available on the [22]Wireshark web site.
- __________________________________________________________________
+ A complete FAQ is available on the Wireshark web site[13].
- Last updated 2014-08-17 20:04:58 UTC
+ Last updated 2018-03-13 19:13:27 UTC
-References
+ References
- 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
- 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
- 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9492
- 5. http://www.wireshark.org/download.html
- 6. http://www.wireshark.org/download.html#thirdparty
- 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
- 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
- 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
- 10. https://wiki.wireshark.org/Development/Win64
- 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
- 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
- 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
- 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
- 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
- 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
- 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
- 19. http://ask.wireshark.org/
- 20. http://www.wireshark.org/lists/
- 21. http://www.wiresharktraining.com/
- 22. http://www.wireshark.org/faq.html
+ 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 2. https://www.wireshark.org/download.html
+ 3. https://www.wireshark.org/download.html#thirdparty
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
+ 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
+ 10. https://ask.wireshark.org/
+ 11. https://www.wireshark.org/lists/
+ 12. http://www.wiresharktraining.com/
+ 13. https://www.wireshark.org/faq.html
git.samba.org / metze / wireshark / wip.git / blobdiff