<!--
Wireshark Info
-->
- <!ENTITY WiresharkCurrentVersion "0.99.7">
+<!ENTITY WiresharkCurrentVersion "1.7.1">
]>
<section id="WhatIs"><title>What is Wireshark?</title>
<para>
Wireshark is the world's most popular network protocol analyzer. It
- is used for troubleshooting, analysis, development, and education.
+ is used for troubleshooting, analysis, development and education.
</para>
</section>
<section id="WhatsNew"><title>What's New</title>
- <section><title>Bug Fixes</title>
+ <section id="BugFixes"><title>Bug Fixes</title>
+
<para>
- The following vulnerabilities have been fixed. See the
- <ulink url="http://www.wireshark.org/security/wnpa-sec-2007-02.html">security advisory</ulink> for details and a workaround.
+ The following bugs have been fixed:
+
+ <itemizedlist>
+
+ <listitem><para>
+ .
+ </para></listitem>
+
+ </itemizedlist>
+
+ </para>
+
+ </section>
+
+ <section id="NewFeatures"><title>New and Updated Features</title>
+ <para>
+ The following features are new (or have been significantly updated)
+ since version 1.6:
<itemizedlist>
<listitem>
<para>
- Wireshark could crash when reading an MP3 file.
- <!-- Fixed in r22261 -->
- <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=???">???</ulink>) -->
- </para>
- <para>Versions affected: 0.99.6</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ Wireshark supports capturing from multiple interfaces at once.
</para>
</listitem>
<listitem>
<para>
- Beyond Security discovered that Wireshark could loop
- excessively while reading a malformed DNP packet.
- <!-- Fixed in r22811 -->
- </para>
- <para>Versions affected: 0.10.12 to 0.99.6</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ Wireshark, TShark, and their associated utilities now save files
+ using the pcap-ng file format by default. (Your copy of Wireshark
+ might still use the pcap file format if pcap-ng is disabled in
+ your preferences.)
</para>
</listitem>
<listitem>
<para>
- Stefan Esser discovered a buffer overflow in the SSL dissector.
- <!-- Fixed in r22883 -->
- </para>
- <para>Versions affected: 0.99.0 to 0.99.6</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ Decryption key management for IEEE 802.11, IPsec, and ISAKMP
+ is easier.
</para>
</listitem>
<listitem>
<para>
- The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.
- <!-- Fixed in r22892 -->
- <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1844">1844</ulink>) -->
+ OID resolution is now supported on 64-bit Windows.
</para>
- <para>Versions affected: 0.99.5 to 0.99.6</para>
+ </listitem>
+
+ <listitem>
<para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ When saving packets, the default choice is now to save
+ only the displayed packets rather than all packets.
</para>
</listitem>
<listitem>
<para>
- The Firebird/Interbase dissector could go into an infinite loop or crash.
- <!-- Fixed in r23251 -->
- <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1931">1931</ulink>) -->
- <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1932">1932</ulink>) -->
+ TCP fast retransmissions are now indicated as an expert info note,
+ rather than a warning, just as TCP retransmissions are.
</para>
- <para>Versions affected: 0.99.6</para>
+ </listitem>
+
+ <listitem>
<para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ TCP window updates are no longer colorized as "Bad TCP".
</para>
</listitem>
- </itemizedlist>
-
- </para>
-
- <para>
-
- The following bugs have been fixed:
-
- <itemizedlist>
-
- <listitem><para>
- Wireshark could crash while editing a coloring rule.
- </para></listitem>
-
- </itemizedlist>
-
- </para>
-
- </section>
-
- <section><title>New and Updated Features</title>
- <para>
- The following features are new (or have been significantly updated)
- since the last release:
-
- <itemizedlist>
-
<listitem>
<para>
- Most of the capture code has been moved out of the GUI, which
- means that Wireshark no longer needs to be run as root.
+ TShark's command-line options have changed. The previously
+ undocumented -P option is now -2 option for performing a two-pass
+ analysis; the former -S option is now the -P option for printing
+ packets even if writing to a file, and the -S option is now used to
+ specify a different line separator between packets.
</para>
</listitem>
<listitem>
<para>
- You can now filter directly on SNMP OIDs.
+ GeoIP IPv6 databases are now supported.
</para>
</listitem>
</para>
</section>
- <section><title>New Protocol Support</title>
+ <section id="NewProtocols"><title>New Protocol Support</title>
<para>
+<!-- Sorted, one per line -->
+
</para>
</section>
- <section><title>Updated Protocol Support</title> <para>
+ <section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
</para>
</section>
- <section><title>New and Updated Capture File Support</title>
+ <section id="NewCapture"><title>New and Updated Capture File Support</title>
<para>
+<!-- Sorted, one per line -->
+
</para>
</section>
<section id="GettingWireshark"><title>Getting Wireshark</title>
<para>
Wireshark source code and installation packages are available from
- the <ulink url="http://www.wireshark.org/download.html">download
- page</ulink> on the main web site.
+ <ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
</para>
- <section><title>Vendor-supplied Packages</title>
+ <section id="VendorPackages"><title>Vendor-supplied Packages</title>
<para>
- Most Linux and Unix vendors supply their own Wireshark packages.
- You can usually install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages
- can be found on the
- <ulink url="http://www.wireshark.org/download.html#otherplat">download page</ulink> on the Wireshark web site.
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages
+ can be found on the
+ <ulink url="http://www.wireshark.org/download.html#thirdparty">download page</ulink>
+ on the Wireshark web site.
</para>
</section>
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
- About->Folders to find the default locations on your system.
+ About→Folders to find the default locations on your system.
</para>
</section>
<section id="KnownProblems"><title>Known Problems</title>
<para>
- The <guibutton>Filter</guibutton> button is nonfunctional in the
- file dialogs under Windows.
- (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942">Bug
- 942</ulink>)
+ Wireshark might make your system disassociate from a wireless network
+ on OS X 10.4.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
+ 1315</ulink>)
+ </para>
+
+ <para>
+ Dumpcap might not quit if Wireshark or TShark crashes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
+ 1419</ulink>)
+ </para>
+
+ <para>
+ The BER dissector might infinitely loop.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
+ 1516</ulink>)
+ </para>
+
+ <para>
+ Capture filters aren't applied when capturing from named pipes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
+ 1814</ulink>)
+ </para>
+
+ <para>
+ Filtering tshark captures with display filters (-R) no longer works.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
+ 2234</ulink>)
+ </para>
+
+ <para>
+ The 64-bit Windows installer does not support Kerberos decryption.
+ (<ulink url="http://wiki.wireshark.org/Development/Win64">Win64
+ development page</ulink>)
+ </para>
+
+ <para>
+ Application crash when changing real-time option.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035">Bug
+ 4035</ulink>)
+ </para>
+
+ <para>
+ Hex pane display issue after startup.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056">Bug
+ 4056</ulink>)
+ </para>
+
+ <para>
+ Packet list rows are oversized.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357">Bug
+ 4357</ulink>)
+ </para>
+
+ <para>
+ Summary pane selected frame highlighting not maintained.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445">Bug
+ 4445</ulink>)
+ </para>
+
+ <para>
+ Wireshark and TShark will display incorrect delta times in some cases.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356">Bug
+ 4985</ulink>
+ and
+ <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356">bug
+ 5580</ulink>)
+ </para>
+
+ <para>
+ Character echo pauses in Capture Filter field in Capture Options.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356">Bug
+ 5356</ulink>)
</para>
</section>
<section id="GettingHelp"><title>Getting Help</title>
<para>
- Community support is available on the wireshark-users mailing list.
+ Community support is available on
+ <ulink url="http://ask.wireshark.org/">Wireshark's Q&A site</ulink>
+ and on the wireshark-users mailing list.
Subscription information and archives for all of Wireshark's mailing
lists can be found on <ulink url="http://www.wireshark.org/lists/">the
web site</ulink>.
</para>
<para>
- Commercial support, training, and development services are available
- from <ulink url="http://www.cacetech.com/">CACE Technologies</ulink>.
+ Training is available from
+ <ulink url="http://www.wiresharktraining.com/">Wireshark University</ulink>.
</para>
</section>