-= Wireshark 1.9.1 Release Notes
+= Wireshark wireshark-version:[] Release Notes
+
+This is an experimental release intended to test new features for the next
+stable release.
== What is Wireshark?
The following bugs have been fixed:
-//* ws-buglink:5000
-//* cve-idlink:2013-2486
+//* ws-buglink:5000[]
+//* ws-buglink:6000[Wireshark bug]
+//* cve-idlink:2014-2486[]
+//* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[])
+
+* "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390)
+* "Follow TCP Stream" shows only the first HTTP req+res. (ws-buglink:9044[])
+* Files with pcap-ng Simple Packet Blocks can't be read. (ws-buglink:9200[])
+* MPLS-over-PPP isn't recognized. (ws-buglink:9492[])
=== New and Updated Features
The following features are new (or have been significantly updated)
-since version 1.8:
-
-* Wireshark on 32- and 64-bit Windows supports automatic updates.
-* The packet bytes view is faster.
-* You can now display a list of resolved host names in "hosts" format
-within Wireshark.
-* The wireless toolbar has been updated.
-* Wireshark on Linux does a better job of detecting interface addition
-and removal.
-* It is now possible to compare two fields in a display filter (for
-example: udp.srcport != udp.dstport). The two fields must be of the same
-type for this to work.
-* The main welcome screen and status bar now display file sizes using
-strict SI prefixes instead of old-style binary prefixes.
-* Capinfos now prints human-readable statistics with SI suffixes by
-default.
+since version 1.12.0:
+
+* The I/O Graph in the Gtk+ UI now supports an unlimited number of data points
+(up from 100k).
+* tshark now resets its state when changing files in ring-buffer mode.
+* Expert Info severities can now be configured.
+
+* Qt port:
+
+** A Polish translation has been added.
+** The Interfaces dialog has been added.
+** The interface list is now updated when interfaces appear or disappear.
+** The Conversations dialog has been added.
+** A Japanese translation has been added.
+** It is now possible to manage remote capture interfaces.
+** Windows: taskbar progress support has been added.
+
+The following features are new (or have been significantly updated)
+since version 1.11.3:
+
+* Transport name resolution is now disabled by default.
+* Support has been added for all versions of the DCBx protocol.
+* Cleanup of LLDP code, all dissected fields are now navigable.
+
+The following features are new (or have been significantly updated)
+since version 1.11.2:
+
+* Qt port:
+
+** The About dialog has been added
+** The Capture Interfaces dialog has been added.
+** The Decode As dialog has been added. It managed to swallow up the
+User Specified Decodes dialog as well.
+** The Export PDU dialog has been added.
+** Several SCTP dialogs have been added.
+** The statistics tree (the backend for many Statistics and Telephony menu
+items) dialog has been added.
+** The I/O Graph dialog has been added.
+** French translation has updated.
+
+The following features are new (or have been significantly updated)
+since version 1.11.1:
+
+* Mac OS X packaging has been improved.
+
+The following features are new (or have been significantly updated)
+since version 1.11.0:
+
+* Dissector output may be encoded as UTF-8. This includes TShark output.
+
+* Qt port:
+
+** The Follow Stream dialog now supports packet and TCP stream selection.
+** A Flow Graph (sequence diagram) dialog has been added.
+** The main window now respects geometry preferences.
+
+
+The following features are new (or have been significantly updated)
+since version 1.10:
+
+* Wireshark now uses the Qt application framework. The new UI should provide
+ a significantly better user experience, particularly on Mac OS X and Windows.
+* The Windows installer now uninstalls the previous version of Wireshark
+ silently. You can still run the uninstaller manually beforehand if you wish
+ to run it interactively.
+* Expert information is now filterable when the new API is in use.
+* The "Number" column shows related packets and protocol conversation spans
+ (Qt only).
+* When manipulating packets with editcap using the -C <choplen> and/or
+ -s <snaplen> options, it is now possible to also adjust the original frame
+ length using the -L option.
+* You can now pass the -C <choplen> option to editcap multiple times, which
+ allows you to chop bytes from the beginning of a packet as well as at the end
+ of a packet in a single step.
+* You can now specify an optional offset to the -C option for editcap, which
+ allows you to start chopping from that offset instead of from the absolute
+ packet beginning or end.
+* "malformed" display filter has been renamed to "_ws.malformed". A handful of
+ other filters have been given the "_ws." prefix to note they are Wireshark
+ application specific filters and not dissector filters.
+* The Kerberos dissector has been replaced with an auto generated one from ASN1
+ protocol description, changing a lot of filter names.
+
+//=== Removed Dissectors
+
=== New Protocol Support
-No new protocols
+--sort-and-group--
+Generic Network Virtualization Encapsulation (Geneve)
+IPMI Trace
+iSER
+OptoMMP
+corosync/totemnet
+corosync/totemsrp
+ceph
+Stateless Transport Tunneling
+CP 'Cooper' 2179
+--sort-and-group--
=== Updated Protocol Support
=== New and Updated Capture File Support
-No new or updated capture files.
+//--sort-and-group--
+Android logcat text files
+//--sort-and-group--
+
+=== Major API Changes
+
+The libwireshark API has undergone some major changes:
+
+* Many of the ep_ and se_ memory allocation routines have been removed.
+* The (long-since-broken) Python bindings support has been removed from
+Wireshark. If you want to write dissectors in something other than C,
+use Lua.
+
== Getting Wireshark
== Known Problems
Dumpcap might not quit if Wireshark or TShark crashes.
-(ws-buglink:1419)
+(ws-buglink:1419[])
The BER dissector might infinitely loop.
-(ws-buglink:1516)
+(ws-buglink:1516[])
Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814)
-Filtering tshark captures with display filters (-R) no longer works.
-(ws-buglink:2234)
+Filtering tshark captures with read filters (-R) no longer works.
+(ws-buglink:2234[])
The 64-bit Windows installer does not support Kerberos decryption.
(https://wiki.wireshark.org/Development/Win64[Win64 development page])
+Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
+no longer automatically decodes gzip data when following a TCP stream.
+
Application crash when changing real-time option.
-(ws-buglink:4035)
+(ws-buglink:4035[])
Hex pane display issue after startup.
-(ws-buglink:4056)
+(ws-buglink:4056[])
Packet list rows are oversized.
-(ws-buglink:4357)
+(ws-buglink:4357[])
Summary pane selected frame highlighting not maintained.
-(ws-buglink:4445)
+(ws-buglink:4445[])
Wireshark and TShark will display incorrect delta times in some cases.
-(ws-buglink:4985)
+(ws-buglink:4985[])
+
+The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 (ws-buglink:9242[])
== Getting Help