2021-10-08 22:29:42 +00:00
|
|
|
|
Wireshark 3.7.0 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
This is an experimental release intended to test new features for
|
2022-01-09 16:38:45 +00:00
|
|
|
|
Wireshark 4.0.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark is the world’s most popular network protocol analyzer. It is
|
|
|
|
|
used for troubleshooting, analysis, development and education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What’s New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
• We no longer ship Windows Installer (.msi) packages for 32-bit
|
|
|
|
|
Windows. Issue 17779[1]
|
|
|
|
|
|
2021-11-21 16:24:28 +00:00
|
|
|
|
• The PCRE2 library (https://www.pcre.org/) is now a required
|
|
|
|
|
dependency to build Wireshark.
|
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
• You must now have a compiler with C11 support in order to build
|
|
|
|
|
Wireshark.
|
2021-12-19 16:39:29 +00:00
|
|
|
|
|
2019-06-23 08:20:25 +00:00
|
|
|
|
Many improvements have been made. See the “New and Updated Features”
|
|
|
|
|
section below for more details.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
New and Updated Features
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2019-07-28 08:20:20 +00:00
|
|
|
|
The following features are new (or have been significantly updated)
|
2021-11-21 16:24:28 +00:00
|
|
|
|
since version 3.6.0:
|
2021-10-08 22:29:42 +00:00
|
|
|
|
|
2021-12-12 17:54:42 +00:00
|
|
|
|
• The Windows installers now ship with Npcap 1.60. They previously
|
|
|
|
|
shipped with Npcap 1.55.
|
|
|
|
|
|
2021-10-17 09:30:23 +00:00
|
|
|
|
• Display filter syntax:
|
|
|
|
|
|
2021-10-31 16:39:46 +00:00
|
|
|
|
• Set elements must be separated using a comma, e.g: {1, 2,
|
|
|
|
|
"foo"}. Using only whitespace as separator was deprecated in 3.6
|
|
|
|
|
and is now a syntax error.
|
|
|
|
|
|
2021-11-07 16:40:28 +00:00
|
|
|
|
• Adds support for some additional character escape sequences in
|
|
|
|
|
double quoted strings. Besides octal and hex byte specification
|
|
|
|
|
the following C escape sequences are now supported with the same
|
|
|
|
|
meaning: \a, \b, \f, \n, \r, \t, \v. Previously they were only
|
2021-11-28 16:24:55 +00:00
|
|
|
|
supported with character constants.
|
|
|
|
|
|
|
|
|
|
• Unrecognized escape sequences are now treated as a syntax
|
|
|
|
|
error. Previously they were treated as a literal character. In
|
|
|
|
|
addition to the sequences indicated above, backslash, single
|
|
|
|
|
quotation and double quotation mark are also valid sequences: \\,
|
|
|
|
|
\', \".
|
2021-11-07 16:40:28 +00:00
|
|
|
|
|
2021-11-21 16:24:28 +00:00
|
|
|
|
• The display filter engine now uses PCRE2 instead of GRegex
|
|
|
|
|
(GLib bindings to the older end-of-life PCRE library). PCRE2 is
|
|
|
|
|
compatible with PCRE so the user-visible changes should be
|
|
|
|
|
minimal. Some exotic patterns may now be invalid and require
|
|
|
|
|
rewriting.
|
2021-10-31 16:39:46 +00:00
|
|
|
|
|
2021-12-26 16:40:09 +00:00
|
|
|
|
• Adds a new strict equality operator "===" or "all_eq". The
|
|
|
|
|
expression "a === b" is true if and only if all a’s are equal to
|
2022-03-13 16:46:10 +00:00
|
|
|
|
b. The negation of "===" can now be written as "!==" (any_ne).
|
2021-12-26 16:40:09 +00:00
|
|
|
|
|
|
|
|
|
• Adds the aliases "any_eq" for "==" and "all_ne" for "!=".
|
|
|
|
|
|
2022-04-03 16:43:35 +00:00
|
|
|
|
• The operator "~=" is deprecated and will be removed in a
|
|
|
|
|
future version. Use "!==" with the same meaning instead.
|
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
• Date and time can be given in UTC using ISO 8601 (with 'Z'
|
|
|
|
|
timezone) or by appending the suffix "UTC" to the legacy formats.
|
|
|
|
|
Otherwise local time is used.
|
|
|
|
|
|
2022-02-27 16:38:33 +00:00
|
|
|
|
• Integer literal constants may be written in binary (in
|
|
|
|
|
addition to decimal/octal/hexadecimal) using the prefix "0b" or
|
|
|
|
|
"0B".
|
|
|
|
|
|
2022-03-06 16:41:06 +00:00
|
|
|
|
• New syntax to disambiguate literals from identifiers. Every
|
|
|
|
|
value with a leading dot is a protocol or protocol field. Every
|
|
|
|
|
value with a leading colon or in between angle brackets is a
|
|
|
|
|
literal value. See the User Guide for details.
|
|
|
|
|
|
|
|
|
|
• Floats must be written with a leading and ending digit. For
|
|
|
|
|
example the values ".7" and "7." are now invalid as floats. It
|
2022-04-03 16:43:35 +00:00
|
|
|
|
must be written "0.7" and "7.0" respectively.
|
2022-03-13 16:46:10 +00:00
|
|
|
|
|
2022-03-27 16:40:12 +00:00
|
|
|
|
• The "bitwise and" operator is now a first-class bit operator,
|
|
|
|
|
not a boolean operator. In particular this means it is now
|
|
|
|
|
possible to mask bits, e.g.: frame[0] & 0x0F == 3.
|
|
|
|
|
|
2022-04-10 19:23:47 +00:00
|
|
|
|
• Arithmetic is supported for numeric fields with the usual
|
|
|
|
|
operators: +, -, *, /, %. Arithmetic expressions must be grouped
|
|
|
|
|
using curly brackets (not parenthesis).
|
|
|
|
|
|
|
|
|
|
• Logical AND now has higher precedence than logical OR, in line
|
|
|
|
|
with most programming languages.
|
2022-04-03 16:43:35 +00:00
|
|
|
|
|
2022-01-16 16:40:05 +00:00
|
|
|
|
• text2pcap and "Import from Hex Dump":
|
2022-01-09 16:38:45 +00:00
|
|
|
|
|
|
|
|
|
• text2pcap supports writing the output file in all the capture
|
|
|
|
|
file formats that wiretap library supports, using the same "-F"
|
|
|
|
|
option as editcap, mergecap, and tshark.
|
|
|
|
|
|
2022-01-16 16:40:05 +00:00
|
|
|
|
• text2pcap supports selecting the encapsulation type of the
|
|
|
|
|
output file format using the wiretap library short names with an
|
|
|
|
|
"-E" option, similiar to the "-T" option of editcap.
|
|
|
|
|
|
2022-01-09 16:38:45 +00:00
|
|
|
|
• text2pcap has been updated to use the new logging output
|
|
|
|
|
options and the "-d" flag has been removed. The "debug" log level
|
2022-01-02 16:39:07 +00:00
|
|
|
|
corresponds to the old "-d" flag, and the "noisy" log level
|
|
|
|
|
corresponds to using "-d" multiple times.
|
|
|
|
|
|
2022-01-16 16:40:05 +00:00
|
|
|
|
• text2pcap and Import from Hex Dump support writing fake IP
|
|
|
|
|
headers (and fake TCP, UDP, and SCTP headers) to files with Raw
|
|
|
|
|
IP, Raw IPv4, and Raw IPv6 encapsulations, in addition to
|
|
|
|
|
Ethernet encapsulation as previously.
|
|
|
|
|
|
|
|
|
|
• text2pcap supports scanning the input file using a custom
|
|
|
|
|
regular expression, as supported in Import from Hex Dump in
|
|
|
|
|
Wireshark 3.6.x.
|
|
|
|
|
|
|
|
|
|
• In general, text2pcap and wireshark’s Import from Hex Dump
|
|
|
|
|
have feature parity.
|
|
|
|
|
|
2021-11-28 16:24:55 +00:00
|
|
|
|
• HTTP2 dissector now supports using fake headers to parse the
|
|
|
|
|
DATAs of streams captured without first HEADERS frames of a
|
|
|
|
|
long-lived stream (like gRPC streaming call which allows sending
|
|
|
|
|
many request or response messages in one HTTP2 stream). User can
|
|
|
|
|
specify fake headers according to the server port, stream id and
|
|
|
|
|
direction of the long-lived stream that we start capturing
|
|
|
|
|
packets after it is established.
|
|
|
|
|
|
2021-12-05 16:24:19 +00:00
|
|
|
|
• Mesh Connex (MCX) support in existing 802.11 packets.
|
|
|
|
|
|
2021-12-12 17:54:42 +00:00
|
|
|
|
• Capture Options dialog contains same configuration icon as
|
|
|
|
|
Welcome Screen. It is possible to configure interface there.
|
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
• Extcap dialog remembers password items during runtime therefore
|
|
|
|
|
it is possible to run extcap multiple times in row. Passwords are
|
|
|
|
|
never stored to disk.
|
|
|
|
|
|
|
|
|
|
• It is possible to set extcap passwords on cli for tshark and
|
|
|
|
|
other cli tools.
|
|
|
|
|
|
2022-01-09 16:38:45 +00:00
|
|
|
|
• Extcap configuration dialog now supports and remembers empty
|
|
|
|
|
strings. There are new buttons to reset a value back to default
|
|
|
|
|
value.
|
|
|
|
|
|
2022-03-06 16:41:06 +00:00
|
|
|
|
• Support to display JSON mapping for Protobuf message.
|
|
|
|
|
|
|
|
|
|
• macOS debugging symbols are now shipped in separate packages.
|
|
|
|
|
|
2022-04-03 16:43:35 +00:00
|
|
|
|
• ZigBee ZCL Messaging: rename zbee_zcl_se.msg.msg_ctrl.depreciated
|
|
|
|
|
to zbee_zcl_se.msg.msg_ctrl.deprecated
|
|
|
|
|
|
2022-01-09 16:38:45 +00:00
|
|
|
|
Removed Features and Support
|
|
|
|
|
|
|
|
|
|
• CMake: The options starting with DISABLE_something were renamed
|
|
|
|
|
ENABLE_something for consistency. For example DISABLE_WERROR=On
|
|
|
|
|
became ENABLE_WERROR=Off. The defaults are unchanged.
|
|
|
|
|
|
2021-08-27 17:17:38 +00:00
|
|
|
|
New File Format Decoding Support
|
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New Protocol Support
|
|
|
|
|
|
2022-02-13 16:39:57 +00:00
|
|
|
|
Allied Telesis Loop Detection (AT LDF), AUTOSAR I-PDU Multiplexer
|
|
|
|
|
(AUTOSAR I-PduM), DTN Bundle Protocol Security (BPSec), DTN Bundle
|
|
|
|
|
Protocol Version 7 (BPv7), DTN TCP Convergence Layer Protocol
|
|
|
|
|
(TCPCL), DVB Selection Information Table (DVB SIT), Enhanced Cash
|
|
|
|
|
Trading Interface 10.0 (XTI), Enhanced Order Book Interface 10.0
|
|
|
|
|
(EOBI), Enhanced Trading Interface 10.0 (ETI), FiveCo’s Legacy
|
|
|
|
|
Register Access Protocol (5co-legacy), Generic Data Transfer Protocol
|
2022-03-06 16:41:06 +00:00
|
|
|
|
(GDT), gRPC Web (gRPC-Web), Host IP Configuration Protocol (HICP),
|
|
|
|
|
Mesh Connex (MCX), Microsoft Cluster Remote Control Protocol (RCP),
|
2022-03-27 16:40:12 +00:00
|
|
|
|
Realtek, REdis Serialization Protocol v2 (RESP), Secure File Transfer
|
|
|
|
|
Protocol (sftp), Secure Host IP Configuration Protocol (SHICP), USB
|
|
|
|
|
Attached SCSI (UASP), and ZBOSS NCP
|
2020-12-13 09:14:28 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
Updated Protocol Support
|
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
Too many protocols have been updated to list here.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2021-12-05 16:24:19 +00:00
|
|
|
|
Major API Changes
|
|
|
|
|
|
|
|
|
|
• proto.h: The field display types "STR_ASCII" and "STR_UNICODE"
|
|
|
|
|
were removed. Use "BASE_NONE" instead.
|
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark source code and installation packages are available from
|
2019-12-15 08:20:34 +00:00
|
|
|
|
https://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
|
system specific to that platform. A list of third-party packages can
|
2022-01-02 16:39:07 +00:00
|
|
|
|
be found on the download page[2] on the Wireshark web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
File Locations
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark look in several different locations for
|
2018-12-12 23:25:31 +00:00
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
2021-10-08 22:29:42 +00:00
|
|
|
|
locations vary from platform to platform. You can use "Help › About
|
|
|
|
|
Wireshark › Folders" or `tshark -G folders` to find the default
|
|
|
|
|
locations on your system.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Getting Help
|
2013-11-01 09:55:26 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The User’s Guide, manual pages and various other documentation can be
|
2019-12-15 08:20:34 +00:00
|
|
|
|
found at https://www.wireshark.org/docs/
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
Community support is available on Wireshark’s Q&A site[3] and on the
|
2018-12-12 23:25:31 +00:00
|
|
|
|
wireshark-users mailing list. Subscription information and archives
|
2022-01-02 16:39:07 +00:00
|
|
|
|
for all of Wireshark’s mailing lists can be found on the web site[4].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
Bugs and feature requests can be reported on the issue tracker[5].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Frequently Asked Questions
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
A complete FAQ is available on the Wireshark web site[6].
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2022-04-10 19:23:47 +00:00
|
|
|
|
Last updated 2022-04-04 15:52:11 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
References
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2022-01-02 16:39:07 +00:00
|
|
|
|
1. https://gitlab.com/wireshark/wireshark/-/issues/17779
|
|
|
|
|
2. https://www.wireshark.org/download.html
|
|
|
|
|
3. https://ask.wireshark.org/
|
|
|
|
|
4. https://www.wireshark.org/lists/
|
|
|
|
|
5. https://gitlab.com/wireshark/wireshark/-/issues
|
|
|
|
|
6. https://www.wireshark.org/faq.html
|