2005-07-28 14:29:19 +00:00
|
|
|
<?xml version="1.0"?>
|
2006-03-17 22:59:24 +00:00
|
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
2005-07-28 14:29:19 +00:00
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
|
2005-08-02 06:39:04 +00:00
|
|
|
<!-- $Id$ -->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<!--
|
|
|
|
DOCUMENT SECTION
|
|
|
|
-Use this section to encode all document information
|
|
|
|
-->
|
|
|
|
|
|
|
|
<!--
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark Info
|
2005-07-28 14:29:19 +00:00
|
|
|
-->
|
2011-01-24 19:27:38 +00:00
|
|
|
<!ENTITY WiresharkCurrentVersion "1.5.1">
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
]>
|
|
|
|
|
|
|
|
<article>
|
2006-06-06 13:04:30 +00:00
|
|
|
<title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="WhatIs"><title>What is Wireshark?</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2006-05-22 08:14:01 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It
|
2010-05-16 16:58:04 +00:00
|
|
|
is used for troubleshooting, analysis, development and education.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="WhatsNew"><title>What's New</title>
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="BugFixes"><title>Bug Fixes</title>
|
2006-03-07 19:53:57 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
<para>
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
|
|
|
|
2007-09-25 21:35:20 +00:00
|
|
|
<itemizedlist>
|
|
|
|
|
|
|
|
<listitem><para>
|
2010-05-10 21:58:44 +00:00
|
|
|
Wireshark is unresponsive when capturing from named pipes on Windows.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1759">Bug
|
|
|
|
1759</ulink>)
|
2007-11-16 20:00:00 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
2011-01-13 17:25:22 +00:00
|
|
|
<listitem><para>
|
|
|
|
Ring buffers are no longer turned on by default when using multiple
|
|
|
|
capture files.
|
|
|
|
</para></listitem>
|
|
|
|
|
2007-09-25 21:35:20 +00:00
|
|
|
</itemizedlist>
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
</para>
|
|
|
|
|
2005-10-14 18:50:25 +00:00
|
|
|
</section>
|
2005-09-06 22:07:35 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewFeatures"><title>New and Updated Features</title>
|
2005-08-17 22:32:40 +00:00
|
|
|
<para>
|
2005-10-14 16:00:04 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2011-01-12 23:20:03 +00:00
|
|
|
since version 1.4:
|
2005-08-17 22:32:40 +00:00
|
|
|
|
2007-08-30 00:24:40 +00:00
|
|
|
<itemizedlist>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
Wireshark can import text dumps, similar to text2pcap.
|
2009-05-15 18:27:25 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2009-09-15 19:57:51 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
You can now view Wireshark's dissector tables (for example the
|
|
|
|
TCP port to dissector mappings) from the main window.
|
2009-09-15 19:57:51 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 08:35:29 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
TShark can show a specific occurrence of a field when using '-T fields'.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 00:52:32 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Custom columns can show a specific occurrence of a field.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
You can hide columns in the packet list.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2009-05-15 18:27:25 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
Wireshark can now export SMB objects.
|
2009-05-19 22:40:22 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2009-10-27 00:10:52 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
dftest and randpkt now have manual pages.
|
2009-10-27 00:10:52 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2010-02-09 19:13:57 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
TShark can now display iSCSI service response times.
|
2010-06-02 00:24:03 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 08:35:29 +00:00
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Dumpcap can now save files with a user-specified group id.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 00:52:32 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Syntax checking is done for capture filters.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
You can display the compiled BPF code for capture filters in the
|
|
|
|
Capture Options dialog.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 08:35:29 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
You can now navigate backwards and forwards through TCP and UDP
|
2011-01-13 22:08:26 +00:00
|
|
|
sessions using
|
2011-01-16 18:36:04 +00:00
|
|
|
<keycombo><keycap>Ctrl</keycap><keycap>,</keycap></keycombo>
|
2011-01-13 22:08:26 +00:00
|
|
|
and
|
2011-01-16 18:36:04 +00:00
|
|
|
<keycombo><keycap>Ctrl</keycap><keycap>.</keycap></keycombo>
|
2011-01-13 22:08:26 +00:00
|
|
|
.
|
2011-01-13 08:35:29 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 00:52:32 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Packet length is (finally) a default column.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 08:35:29 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-01-13 22:43:01 +00:00
|
|
|
TCP window size is now avaiable both scaled and unscaled. A TCP
|
|
|
|
window scaling graph is available in the GUI.
|
2011-01-13 08:35:29 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 17:25:22 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
802.1q VLAN tags are now shown by the Ethernet II dissector.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Various dissectors now display some UTF-16 strings as proper Unicode
|
|
|
|
including the DCE/RPC and SMB dissectors.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The RTP player now has an option to show the time of day in the
|
|
|
|
graph in addition to the seconds since beginning of capture.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-13 21:17:24 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
The RTP player now shows why media interruptions occur.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-01-17 22:23:35 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Graphs now save as PNG images by default.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2007-08-30 00:24:40 +00:00
|
|
|
</itemizedlist>
|
|
|
|
|
2005-08-17 22:32:40 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
2005-10-12 16:17:03 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewProtocols"><title>New Protocol Support</title>
|
2005-10-12 16:17:03 +00:00
|
|
|
<para>
|
|
|
|
|
2011-01-12 23:20:03 +00:00
|
|
|
ADwin,
|
|
|
|
ADwin-Config,
|
|
|
|
Apache Etch,
|
|
|
|
Aruba PAPI,
|
|
|
|
Constrained Application Protocol (COAP),
|
|
|
|
Digium TDMoE,
|
2011-02-04 16:25:55 +00:00
|
|
|
Erlang Distribution Protocol,
|
2011-01-12 23:20:03 +00:00
|
|
|
Ether-S-I/O,
|
|
|
|
FastCGI,
|
|
|
|
Fibre Channel over InfiniBand (FCoIB),
|
|
|
|
Gopher,
|
|
|
|
Gigamon GMHDR,
|
|
|
|
IDMP,
|
|
|
|
Infiniband Socket Direct Protocol (SDP),
|
|
|
|
JSON,
|
2011-01-22 00:18:03 +00:00
|
|
|
LISP Data,
|
2011-01-12 23:20:03 +00:00
|
|
|
MikroTik MAC-Telnet,
|
|
|
|
Mongo Wire Protocol,
|
|
|
|
Network Monitor 802.11 radio header,
|
|
|
|
OPC UA ExtensionObjects,
|
|
|
|
PPI-GEOLOCATION-GPS,
|
|
|
|
ReLOAD,
|
|
|
|
ReLOAD Framing,
|
2011-01-26 07:24:06 +00:00
|
|
|
RSIP,
|
2011-01-12 23:20:03 +00:00
|
|
|
SAMETIME,
|
|
|
|
SCoP,
|
|
|
|
SGSAP,
|
|
|
|
Tektronix Teklink,
|
|
|
|
WAI authentication,
|
|
|
|
Wi-Fi P2P (Wi-Fi Direct)
|
|
|
|
|
2005-10-12 16:17:03 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
|
2005-10-12 16:17:03 +00:00
|
|
|
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewCapture"><title>New and Updated Capture File Support</title>
|
2005-10-12 16:17:03 +00:00
|
|
|
<para>
|
|
|
|
|
2011-01-13 00:52:32 +00:00
|
|
|
Apple PacketLogger,
|
|
|
|
Catapult DCT2000,
|
|
|
|
Daintree SNA,
|
|
|
|
Endace ERF,
|
2011-01-13 22:45:27 +00:00
|
|
|
HP OpenVMS TCPTrace,
|
2011-01-13 00:52:32 +00:00
|
|
|
IPFIX (the file format, not the protocol),
|
|
|
|
Lucent/Ascend debug,
|
|
|
|
Microsoft Network Monitor,
|
|
|
|
Network Instruments,
|
2011-01-13 22:45:27 +00:00
|
|
|
TamoSoft CommView
|
2011-01-12 23:20:03 +00:00
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
</para>
|
2005-10-12 16:17:03 +00:00
|
|
|
</section>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="GettingWireshark"><title>Getting Wireshark</title>
|
2006-08-15 20:54:51 +00:00
|
|
|
<para>
|
|
|
|
Wireshark source code and installation packages are available from
|
2009-10-27 22:05:09 +00:00
|
|
|
<ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
|
2006-08-15 20:54:51 +00:00
|
|
|
</para>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="VendorPackages"><title>Vendor-supplied Packages</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2010-05-16 16:58:04 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages.
|
|
|
|
You can usually install or upgrade Wireshark using the package management
|
|
|
|
system specific to that platform. A list of third-party packages
|
|
|
|
can be found on the
|
|
|
|
<ulink url="http://www.wireshark.org/download.html#thirdparty">download page</ulink>
|
|
|
|
on the Wireshark web site.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</section>
|
|
|
|
|
2006-03-17 22:59:24 +00:00
|
|
|
<!-- XXX needs to be written
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="RemovingWireshark"><title>Removing Wireshark</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
|
|
|
</para>
|
|
|
|
</section>
|
2005-09-21 14:20:43 +00:00
|
|
|
-->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<section id="FileLocations"><title>File Locations</title>
|
|
|
|
<para>
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark and TShark look in several different locations for
|
2005-09-06 19:21:48 +00:00
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
These locations vary from platform to platform. You can use
|
2011-01-12 23:20:03 +00:00
|
|
|
About→Folders to find the default locations on your system.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="KnownProblems"><title>Known Problems</title>
|
2006-03-20 20:27:52 +00:00
|
|
|
|
2008-03-27 22:05:52 +00:00
|
|
|
<para>
|
|
|
|
Wireshark might make your system disassociate from a wireless network
|
2010-05-10 21:58:44 +00:00
|
|
|
on OS X 10.4.
|
2008-03-27 22:05:52 +00:00
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
|
|
|
|
1315</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
|
|
|
|
1419</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The BER dissector might infinitely loop.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
|
|
|
|
1516</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
|
|
|
|
1814</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Filtering tshark captures with display filters (-R) no longer works.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
|
|
|
|
2234</ulink>)
|
2006-03-20 20:27:52 +00:00
|
|
|
</para>
|
|
|
|
|
2009-11-11 00:09:03 +00:00
|
|
|
<para>
|
2011-01-12 23:20:03 +00:00
|
|
|
The 64-bit Windows installer does not ship with libsmi.
|
|
|
|
(<ulink url="http://wiki.wireshark.org/Development/Win64">Win64
|
|
|
|
development page</ulink>)
|
2009-11-11 00:09:03 +00:00
|
|
|
</para>
|
|
|
|
|
2010-05-10 22:10:59 +00:00
|
|
|
<para>
|
|
|
|
Application crash when changing real-time option.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035">Bug
|
|
|
|
4035</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Hex pane display issue after startup.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056">Bug
|
|
|
|
4056</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Crash when sorting column while capturing.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4273">Bug
|
|
|
|
4273</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Packet list rows are oversized.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357">Bug
|
|
|
|
4357</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Summary pane selected frame highlighting not maintained.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445">Bug
|
|
|
|
4445</ulink>)
|
|
|
|
</para>
|
|
|
|
|
2011-01-13 00:52:32 +00:00
|
|
|
<para>
|
|
|
|
Character echo pauses in Capture Filter field in Capture Options.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5356">Bug
|
|
|
|
5356</ulink>)
|
|
|
|
</para>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="GettingHelp"><title>Getting Help</title>
|
|
|
|
<para>
|
2010-10-04 18:43:20 +00:00
|
|
|
Community support is available on
|
|
|
|
<ulink url="http://ask.wireshark.org/">Wireshark's Q&A site</ulink>
|
|
|
|
and on the wireshark-users mailing list.
|
2006-06-06 13:04:30 +00:00
|
|
|
Subscription information and archives for all of Wireshark's mailing
|
2006-05-31 19:12:15 +00:00
|
|
|
lists can be found on <ulink url="http://www.wireshark.org/lists/">the
|
2006-06-06 13:04:30 +00:00
|
|
|
web site</ulink>.
|
2005-09-21 14:20:43 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2010-05-10 21:58:44 +00:00
|
|
|
Training is available from
|
|
|
|
<ulink url="http://www.wiresharktraining.com/">Wireshark University</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="FAQ"><title>Frequently Asked Questions</title>
|
|
|
|
<para>
|
2005-09-21 14:20:43 +00:00
|
|
|
A complete FAQ is available on the
|
2006-06-06 13:04:30 +00:00
|
|
|
<ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</article>
|