2 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
9 -Use this section to encode all document information
15 <!ENTITY WiresharkCurrentVersion "1.5.0">
20 <title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
22 <section id="WhatIs"><title>What is Wireshark?</title>
24 Wireshark is the world's most popular network protocol analyzer. It
25 is used for troubleshooting, analysis, development and education.
29 <section id="WhatsNew"><title>What's New</title>
30 <section id="BugFixes"><title>Bug Fixes</title>
34 The following bugs have been fixed:
39 Wireshark is unresponsive when capturing from named pipes on Windows.
40 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1759">Bug
45 Ring buffers are no longer turned on by default when using multiple
55 <section id="NewFeatures"><title>New and Updated Features</title>
57 The following features are new (or have been significantly updated)
64 Wireshark can import text dumps, similar to text2pcap.
70 You can now view Wireshark's dissector tables (for example the
71 TCP port to dissector mappings) from the main window.
77 TShark can show a specific occurrence of a field when using '-T fields'.
83 Custom columns can show a specific occurrence of a field.
90 You can hide columns in the packet list.
96 Wireshark can now export SMB objects.
102 dftest and randpkt now have manual pages.
108 TShark can now display iSCSI service response times.
115 Dumpcap can now save files with a user-specified group id.
121 Syntax checking is done for capture filters.
127 You can display the compiled BPF code for capture filters in the
128 Capture Options dialog.
134 You can now navigate backwards and forwards through TCP and UDP
141 Packet length is (finally) a default column.
147 TCP window size is now avaiable both scaled and unscaled.
153 802.1q VLAN tags are now shown by the Ethernet II dissector.
159 Various dissectors now display some UTF-16 strings as proper Unicode
160 including the DCE/RPC and SMB dissectors.
166 The RTP player now has an option to show the time of day in the
167 graph in addition to the seconds since beginning of capture.
176 <section id="NewProtocols"><title>New Protocol Support</title>
183 Constrained Application Protocol (COAP),
187 Fibre Channel over InfiniBand (FCoIB),
191 Infiniband Socket Direct Protocol (SDP),
195 Network Monitor 802.11 radio header,
196 OPC UA ExtensionObjects,
205 Wi-Fi P2P (Wi-Fi Direct)
210 <section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
215 <section id="NewCapture"><title>New and Updated Capture File Support</title>
222 IPFIX (the file format, not the protocol),
224 Microsoft Network Monitor,
234 <section id="GettingWireshark"><title>Getting Wireshark</title>
236 Wireshark source code and installation packages are available from
237 <ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
240 <section id="VendorPackages"><title>Vendor-supplied Packages</title>
242 Most Linux and Unix vendors supply their own Wireshark packages.
243 You can usually install or upgrade Wireshark using the package management
244 system specific to that platform. A list of third-party packages
246 <ulink url="http://www.wireshark.org/download.html#thirdparty">download page</ulink>
247 on the Wireshark web site.
253 <!-- XXX needs to be written
254 <section id="RemovingWireshark"><title>Removing Wireshark</title>
260 <section id="FileLocations"><title>File Locations</title>
262 Wireshark and TShark look in several different locations for
263 preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
264 These locations vary from platform to platform. You can use
265 About→Folders to find the default locations on your system.
269 <section id="KnownProblems"><title>Known Problems</title>
272 Wireshark might make your system disassociate from a wireless network
274 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
279 Dumpcap might not quit if Wireshark or TShark crashes.
280 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
285 The BER dissector might infinitely loop.
286 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
291 Capture filters aren't applied when capturing from named pipes.
292 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
297 Filtering tshark captures with display filters (-R) no longer works.
298 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
303 The 64-bit Windows installer does not ship with libsmi.
304 (<ulink url="http://wiki.wireshark.org/Development/Win64">Win64
305 development page</ulink>)
309 Application crash when changing real-time option.
310 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035">Bug
315 Hex pane display issue after startup.
316 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056">Bug
321 Crash when sorting column while capturing.
322 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4273">Bug
327 Packet list rows are oversized.
328 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357">Bug
333 Summary pane selected frame highlighting not maintained.
334 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445">Bug
339 Character echo pauses in Capture Filter field in Capture Options.
340 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356">Bug
346 <section id="GettingHelp"><title>Getting Help</title>
348 Community support is available on
349 <ulink url="http://ask.wireshark.org/">Wireshark's Q&A site</ulink>
350 and on the wireshark-users mailing list.
351 Subscription information and archives for all of Wireshark's mailing
352 lists can be found on <ulink url="http://www.wireshark.org/lists/">the
356 Training is available from
357 <ulink url="http://www.wiresharktraining.com/">Wireshark University</ulink>.
361 <section id="FAQ"><title>Frequently Asked Questions</title>
363 A complete FAQ is available on the
364 <ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.