2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark 2.9.0 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
This is an experimental release intended to test new features for
|
|
|
|
|
Wireshark 3.0.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark is the world’s most popular network protocol analyzer. It is
|
|
|
|
|
used for troubleshooting, analysis, development and education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What’s New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Many user interface improvements have been made. See the “New and
|
|
|
|
|
Updated Features” section below for more details.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Bug Fixes
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The following bugs have been fixed:
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
|
2016-07-14 18:05:17 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
New and Updated Features
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
|
since version 2.6.0:
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The Windows .exe installers now ship with Npcap instead of
|
|
|
|
|
WinPcap.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Conversation timestamps are supported for UDP/UDP-Lite protocols
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• TShark now supports the -G elastic-mapping option which generates
|
|
|
|
|
an ElasticSearch mapping file.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The “Capture Information” dialog has been added back (Bug
|
|
|
|
|
12004[2]).
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The Ethernet and IEEE 802.11 dissectors no longer validate the
|
|
|
|
|
frame check sequence (checksum) by default.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The TCP dissector gained a new “Reassemble out-of-order segments”
|
|
|
|
|
preference to fix dissection and decryption issues in case TCP
|
|
|
|
|
segments are received out-of-order. See the User’s Guide, chapter
|
|
|
|
|
TCP Reassembly for details.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Decryption support for the new WireGuard dissector (Bug 15011[3],
|
|
|
|
|
requires Libgcrypt 1.8).
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The BOOTP dissector has been renamed to DHCP. With the exception
|
|
|
|
|
of “bootp.dhcp”, the old “bootp.*” display filter fields are
|
|
|
|
|
still supported but may be removed in a future release.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The SSL dissector has been renamed to TLS. As with BOOTP the old
|
|
|
|
|
“ssl.*” display filter fields are supported but may be removed in
|
|
|
|
|
a future release.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Coloring rules, IO graphs, Filter Buttons and protocol preference
|
|
|
|
|
tables can now be copied from other profiles using a button in
|
|
|
|
|
the corresponding configuration dialogs.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• APT-X has been renamed to aptX.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• When importing from hex dump, it’s now possible to add an
|
|
|
|
|
ExportPDU header with a payload name. This calls the specific
|
|
|
|
|
dissector directly without lower protocols.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The sshdump and ciscodump extcap interfaces can now use a proxy
|
|
|
|
|
for the SSH connection.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Dumpcap now supports the -a packets:NUM and -b packets:NUM
|
|
|
|
|
options.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Wireshark now includes a “No Reassembly” configuration profile.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Wireshark now supports the Russian language.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The build system now supports AppImage packages.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The Windows installers now ship with Qt 5.12.0. Previously they
|
|
|
|
|
shipped with Qt 5.9.7.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Removed Features and Support
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• The legacy (GTK+) user interface has been removed and is no
|
|
|
|
|
longer supported.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Wireshark requires GLib 2.32 or later.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• Building Wireshark requires CMake. Autotools is no longer
|
|
|
|
|
supported.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
• TShark’s -z compare option was removed.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
New File Format Decoding Support
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Ruby Marshal format
|
2015-09-02 16:19:40 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New Protocol Support
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Apple Wireless Direct Link (AWDL), BLIP Couchbase Mobile (BLIP), CDMA
|
|
|
|
|
2000, Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb),
|
|
|
|
|
DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers,
|
|
|
|
|
General Circuit Services Notification Application Protocol (GCSNA),
|
|
|
|
|
GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
|
|
|
|
|
Element usage), HI3CCLinkData, ISO 13400-2 Diagnostic communication
|
|
|
|
|
over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules
|
|
|
|
|
(OER), Local Number Portability Database Query Protocol (ANSI),
|
|
|
|
|
MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update
|
|
|
|
|
Protocol (GSUP), PKCS#10 (RFC2986 Certification Request Syntax),
|
|
|
|
|
PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable
|
|
|
|
|
Transport Protocol (SRT), Spirent Test Center Signature decoding for
|
|
|
|
|
Ethernet and FibreChannel (STCSIG, disabled by default),
|
|
|
|
|
Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3
|
|
|
|
|
DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, and XnAP
|
|
|
|
|
(5G)
|
2014-06-20 23:03:44 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
Updated Protocol Support
|
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
Too many protocols have been updated to list here.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
|
|
|
|
|
and Unigraf DPA-400 DisplayPort AUX channel monitor
|
2015-05-28 18:47:31 +00:00
|
|
|
|
|
|
|
|
|
New and Updated Capture Interfaces support
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
dpauxmon, an external capture interface (extcap) that captures
|
|
|
|
|
DisplayPort AUX channel data from linux kernel drivers.
|
|
|
|
|
|
|
|
|
|
sdjournal, an extcap that captures systemd journal entries.
|
|
|
|
|
|
|
|
|
|
Major API Changes
|
|
|
|
|
|
|
|
|
|
• Lua: the various logging functions (debug, info, message, warn
|
|
|
|
|
and critical) have been removed. Use the print function instead
|
|
|
|
|
for debugging purposes.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark source code and installation packages are available from
|
|
|
|
|
https://www.wireshark.org/download.html[4].
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
|
system specific to that platform. A list of third-party packages can
|
|
|
|
|
be found on the download page[5] on the Wireshark web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
File Locations
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark look in several different locations for
|
2018-12-12 23:25:31 +00:00
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
|
|
|
|
locations vary from platform to platform. You can use About→Folders to
|
|
|
|
|
find the default locations on your system.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Getting Help
|
2013-11-01 09:55:26 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The User’s Guide, manual pages and various other documentation can be
|
|
|
|
|
found at https://www.wireshark.org/docs/[6]
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Community support is available on Wireshark’s Q&A site[7] and on the
|
|
|
|
|
wireshark-users mailing list. Subscription information and archives
|
|
|
|
|
for all of Wireshark’s mailing lists can be found on the web site[8].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Bugs and feature requests can be reported on the bug tracker[9].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Official Wireshark training and certification are available from
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark University[10].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Frequently Asked Questions
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
A complete FAQ is available on the Wireshark web site[11].
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Last updated 2018-12-12 23:05:55 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
References
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
1. 1
|
|
|
|
|
2. 2
|
|
|
|
|
3. 3
|
|
|
|
|
4. 4
|
|
|
|
|
5. 5
|
|
|
|
|
6. 6
|
|
|
|
|
7. 7
|
|
|
|
|
8. 8
|
|
|
|
|
9. 9
|
|
|
|
|
10. 10
|
|
|
|
|
11. 11
|