-$Id$
+Wireshark 2.5.1 Release Notes
-== August 23, 2006
+ This is a semi-experimental release intended to test new features
+ for Wireshark 2.6.
-Wireshark 0.99.3 has been released.
+ What is Wireshark?
- ------------------------------------------------------------------
+ Wireshark is the world’s most popular network protocol analyzer.
+ It is used for troubleshooting, analysis, development and
+ education.
-What is Wireshark?
+ What’s New
- Wireshark is the world's most popular network protocol analyzer.
- It is used for troubleshooting, analysis, development, and
- education.
+ Wireshark 2.6 is the last release that will support the legacy
+ (GTK+) user interface. It will not be supported or available in
+ Wireshark 3.0.
-What's New
+ Many user interface improvements have been made. See the “New
+ and Updated Features” section below for more details.
- Bug Fixes
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug
+ 1419[1])
- The following vulnerabilities have been fixed:
+ New and Updated Features
+
+ The following features are new (or have been significantly
+ updated) since version 2.5.0:
- o The SCSI dissector could crash. Versions affected: 0.99.2.
+ • HTTP Referer statistics are now supported.
- o If Wireshark was compiled with ESP decryption support, the
- IPsec ESP preference parser was susceptible to off-by-one
- errors. Versions affected: 0.99.2.
+ • Wireshark now supports MaxMind DB files. Support for GeoIP
+ and GeoLite Legacy databases has been removed.
- o The DHCP dissector (and possibly others) in the Windows
- version of Wireshark could trigger a bug in Glib and crash.
- Versions affected: 0.10.13 - 0.99.2.
+ • The Windows packages are now built using Microsoft Visual
+ Studio 2017.
- o If the SSCOP dissector has a port range configured and the
- SSCOP payload protocol is Q.2931, a malformed packet could
- make the Q.2931 dissector use up available memory. No port
- range is configured by default. Versions affected: 0.7.9 -
- 0.99.2.
+ • The IP map feature (the “Map” button in the “Endpoints”
+ dialog) has been removed.
- The following bugs have been fixed:
+ The following features are new (or have been significantly
+ updated) since version 2.4.0:
- o The VOIP call analysis feature could cause an assertion.
+ • Display filter buttons can now be edited, disabled, and
+ removed via a context menu directly from the toolbar
- o The RTP analysis feature could freeze for an extended period.
+ • Drag & Drop filter fields to the display filter toolbar or
+ edit to create a button on the fly or apply the filter as a
+ display filter.
- o Selecting "Apply as Filter" wouldn't work for some tree items.
+ • Application startup time has been reduced.
- New and Updated Features
+ • Some keyboard shortcut mix-ups have been resolved by
+ assigning new shortcuts to Edit → Copy methods.
- The following features are new (or have been significantly
- updated) since the last release:
+ • TShark now supports color using the --color option.
+
+ • The "matches" display filter operator is now
+ case-insensitive.
+
+ • Display expression (button) preferences have been converted
+ to a UAT. This puts the display expressions in their own
+ file. Wireshark still supports preference files that
+ contain the old preferences, but new preference files will
+ be written without the old fields.
+
+ • SMI private enterprise numbers are now read from the
+ "enterprises.tsv" configuration file.
+
+ • The QUIC dissector has been renamed to Google QUIC (quic →
+ gquic).
+
+ • The selected packet number can now be shown in the Status
+ Bar by enabling Preferences → Appearance → Layout → Show
+ selected packet number.
- o ESP, Kerberos, and SSL decryption are now supported in the
- Windows installer. (As as result, Wireshark is now subject to
- United States export controls.)
+ • File load time in the Status Bar is now disabled by default
+ and can be enabled in Preferences → Appearance → Layout →
+ Show file load time.
- o The packet list context menu now includes a conversation
- filter.
+ • Support for the G.729A codec in the RTP Player is now added
+ via the bcg729 library.
- o Wireshark can now generate ACL rules for several popular
- firewall products.
+ • Support for hardware-timestamping of packets has been
+ added.
- o Wireshark now supports AirPcap, including raw 802.11 captures
- under Windows.
+ • Improved NetMon .cap support with comments, event tracing,
+ network filter, network info types and some Message
+ Analyzer exported types.
+
+ • The personal plugins folder on Linux/Unix is now
+ ~/.local/lib/wireshark/plugins.
+
+ • TShark can print flow graphs using -z flow…
+
+ • Capinfos now prints SHA256 hashes in addition to RIPEMD160
+ and SHA1. MD5 output has been removed.
+
+ • The packet editor has been removed. (This was a GTK+ only
+ experimental feature.)
+
+ • Support BBC micro:bit Bluetooth profile
+
+ • The Linux and UNIX installation step for Wireshark will now
+ install headers required to build plugins. A pkg-config
+ file is provided to help with this (see doc/plugins.example
+ for details). Note you must still rebuild all plugins
+ between minor releases (X.Y).
+
+ • The Windows installers and packages now ship with Qt 5.9.4.
+
+ • The generic data dissector can now uncompress zlib
+ compressed data.
New Protocol Support
- Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control,
- Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
+ ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast
+ Tunneling), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet
+ switch management frames), CAN-ETH, CVS password server,
+ Excentis DOCSIS31 XRA header, F5ethtrailer, FP Mux, GRPC
+ (gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN
+ (HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport
+ of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame
+ Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
+ Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency
+ Protocol (UDP), Network Functional Application Platform
+ Interface (NFAPI) Protocol, New Radio Radio Resource Control
+ protocol, NXP 802.15.4 Sniffer Protocol, PFCP (Packet
+ Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC
+ (IETF), RFC 4108 Using CMS to Protect Firmware Packages,
+ Session Multiplex Protocol, SolarEdge monitoring protocol,
+ Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and
+ OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
+ Protocol
Updated Protocol Support
- All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637,
- AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS,
- EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER,
- DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP,
- Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT,
- Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny,
- SMB, SSL, TCP, text/media, Time, XML
+ Too many protocols have been updated to list here.
New and Updated Capture File Support
- Catapult DCT2000, nettl
+ Microsoft Network Monitor
+
+ New and Updated Capture Interfaces support
-Getting Wireshark
+ LoRaTap
- Wireshark source code and installation packages are available from
- the [1]download page on the main web site.
+ Getting Wireshark
+
+ Wireshark source code and installation packages are available
+ from https://www.wireshark.org/download.html[2].
Vendor-supplied Packages
- Most Linux and Unix vendors supply their own Wireshark packages.
- You can install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages
- can be found on the [2]download page on the Wireshark web site.
+ Most Linux and Unix vendors supply their own Wireshark
+ packages. You can usually install or upgrade Wireshark using
+ the package management system specific to that platform. A list
+ of third-party packages can be found on the download page[3] on
+ the Wireshark web site.
+
+ File Locations
-File Locations
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
+ These locations vary from platform to platform. You can use
+ About→Folders to find the default locations on your system.
- Wireshark and TShark look in several different locations for
- preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
- These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
+ Known Problems
-Known Problems
+ The BER dissector might infinitely loop. (Bug 1516[4])
- On Windows systems the packet list scroll bar can sometimes
- disappear or become unusable. Until the problem is fixed you can
- work around it by resizing the packet list or the main window.
- ([3]Bug #220)
+ Capture filters aren’t applied when capturing from named pipes.
+ (Bug 1814[5])
- The Filter button is nonfunctional in the file dialogs under
- Windows.
+ Filtering tshark captures with read filters (-R) no longer
+ works. (Bug 2234[6])
- Trying to save flow data may crash Wireshark. ([4]Bug #396)
+ Application crash when changing real-time option. (Bug 4035[7])
- It may not be possible to re-order coloring rules under Windows.
- ([5]Bug #699)
+ Wireshark and TShark will display incorrect delta times in some
+ cases. (Bug 4985[8])
- Multiple tap interfaces may cause a crash under FreeBSD. ([6]Bug
- #757)
+ Wireshark should let you work with multiple capture files. (Bug
+ 10488[9])
- Wireshark may crash while viewing TCP streams. ([7]Bug #852)
+ Getting Help
-Getting Help
+ Community support is available on Wireshark’s Q&A site[10] and
+ on the wireshark-users mailing list. Subscription information
+ and archives for all of Wireshark’s mailing lists can be found
+ on the web site[11].
- Community support is available on the wireshark-users mailing
- list. Subscription information and archives for all of Wireshark's
- mailing lists can be found on [8]the web site.
+ Official Wireshark training and certification are available from
+ Wireshark University[12].
- Commercial support, training, and development services are
- available from [9]CACE Technologies.
+ Frequently Asked Questions
-Frequently Asked Questions
+ A complete FAQ is available on the Wireshark web site[13].
- A complete FAQ is available on the [10]Wireshark web site.
+ Last updated 2018-03-13 19:13:27 UTC
-References
+ References
- Visible links
- 1. http://www.wireshark.org/download.html
- 2. http://www.wireshark.org/download.html#otherplat
- 3. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
- 4. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=396
- 5. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=699
- 6. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=757
- 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=852
- 8. http://www.wireshark.org/lists/
- 9. http://www.cacetech.com/
- 10. http://www.wireshark.org/faq.html
+ 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 2. https://www.wireshark.org/download.html
+ 3. https://www.wireshark.org/download.html#thirdparty
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
+ 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
+ 10. https://ask.wireshark.org/
+ 11. https://www.wireshark.org/lists/
+ 12. http://www.wiresharktraining.com/
+ 13. https://www.wireshark.org/faq.html