1 Wireshark 2.1.0 Release Notes
3 This is a semi-experimental release intended to test new features for
5 __________________________________________________________________
9 Wireshark is the world's most popular network protocol analyzer. It is
10 used for troubleshooting, analysis, development and education.
11 __________________________________________________________________
15 New and Updated Features
17 The following features are new (or have been significantly updated)
19 * You can now switch between between Capture and File Format
20 dissection of the current capture file via the View menu in the Qt
22 * You can now show selected packet bytes as ASCII, HTML, Image, ISO
23 8859-1, Raw, UTF-8, a C array, or YAML.
24 * You can now use regular expressions in Find Packet and in the
26 * Name resolution for packet capture now supports asynchronous DNS
27 lookups only. Therefore the "concurrent DNS resolution" preference
28 has been deprecated and is a no-op. To enable DNS name resolution
29 some build dependencies must be present (currently c-ares). If that
30 is not the case DNS name resolution will be disabled (but other
31 name resolution mechanisms, such as host files, are still
33 * The byte under the mouse in the Packet Bytes pane is now
35 * TShark supports exporting PDUs via the -U flag.
36 * The Windows and OS X installers now come with the "sshdump" and
37 "ciscodump" extcap interfaces.
38 * Most dialogs in the Qt UI now save their size and positions.
39 * The Follow Stream dialog now supports UTF-16.
40 * The Firewall ACL Rules dialog has returned.
41 * The Flow (Sequence) Analysis dialog has been improved.
43 New File Format Decoding Support
45 Wireshark is able to display the format of some types of files (rather
46 than displaying the contents of those files). This is useful when
47 you're curious about, or debugging, a file and its format. To open a
48 capture file (such as PCAP) in this mode specify "MIME Files Format" as
49 the file's format in the Open File dialog.
51 New files that Wireshark can open in this mode include:
55 Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
56 Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control
57 Protocol (ECP), Ericsson IPOS Kernel Packet Header Dissector Added
58 (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY
59 Protocol dissector added (automotive bus), ISO 8583-1, ISO14443, ITU-T
60 G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET),
61 Metamako trailers, Nokia Intelligent Service Interface (ISI), Open
62 Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M
63 TLV), RTI TCP Transport Layer (RTITCP), STANAG 5602 SIMPLE, USB3 Vision
64 Protocol (USB machine vision cameras), USBIP Protocol, UserLog
65 Protocol, and Zigbee Protocol Clusters Dissectors Added (Closures
66 Lighting General Measurement & Sensing HVAC Security & Safety)
68 Updated Protocol Support
70 Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
71 allow to DecodeAs it over USB, TCP and UDP.
73 A preference was added to TCP dissector for handling IPFIX process
74 information. It has been disabled by default.
76 New and Updated Capture File Support
80 New and Updated Capture Interfaces support
82 Non-empty section placeholder.
86 The libwireshark API has undergone some major changes:
87 * The address macros (e.g., SET_ADDRESS) have been removed. Use the
88 (lower case) functions of the same names instead.
89 * "old style" dissector functions (that don't return number of bytes
90 used) have been replaced in name with the "new style" dissector
92 * tvb_get_string and tvb_get_stringz have been replaced with
93 tvb_get_string_enc and tvb_get_stringz_enc respectively.
94 __________________________________________________________________
98 Wireshark source code and installation packages are available from
99 [1]https://www.wireshark.org/download.html.
101 Vendor-supplied Packages
103 Most Linux and Unix vendors supply their own Wireshark packages. You
104 can usually install or upgrade Wireshark using the package management
105 system specific to that platform. A list of third-party packages can be
106 found on the [2]download page on the Wireshark web site.
107 __________________________________________________________________
111 Wireshark and TShark look in several different locations for preference
112 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
113 vary from platform to platform. You can use About->Folders to find the
114 default locations on your system.
115 __________________________________________________________________
119 Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
121 The BER dissector might infinitely loop. ([4]Bug 1516)
123 Capture filters aren't applied when capturing from named pipes. ([5]Bug
126 Filtering tshark captures with read filters (-R) no longer works.
129 Application crash when changing real-time option. ([7]Bug 4035)
131 Packet list rows are oversized. ([8]Bug 4357)
133 Wireshark and TShark will display incorrect delta times in some cases.
136 Wireshark should let you work with multiple capture files. ([10]Bug
139 Dell Backup and Recovery (DBAR) makes many Windows applications crash,
140 including Wireshark. ([11]Bug 12036)
141 __________________________________________________________________
145 Community support is available on [12]Wireshark's Q&A site and on the
146 wireshark-users mailing list. Subscription information and archives for
147 all of Wireshark's mailing lists can be found on [13]the web site.
149 Official Wireshark training and certification are available from
150 [14]Wireshark University.
151 __________________________________________________________________
153 Frequently Asked Questions
155 A complete FAQ is available on the [15]Wireshark web site.
156 __________________________________________________________________
158 Last updated 2016-06-08 17:56:17 UTC
162 1. https://www.wireshark.org/download.html
163 2. https://www.wireshark.org/download.html#thirdparty
164 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
165 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
166 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
167 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
168 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
169 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
170 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
171 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
172 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
173 12. https://ask.wireshark.org/
174 13. https://www.wireshark.org/lists/
175 14. http://www.wiresharktraining.com/
176 15. https://www.wireshark.org/faq.html