wireshark/NEWS

                         Wireshark 2.5.0 Release Notes

   This is a semi-experimental release intended to test new features for
   Wireshark 2.6.
     __________________________________________________________________

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
     __________________________________________________________________

What's New

   Many user interface improvements have been made. See the New and
   Updated Features section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.4.0:
     * Display filter buttons can now be edited, disabled, and removed via
       a context menu directly from the toolbar
     * Drag & Drop filter fields to the display filter toolbar or edit to
       create a button on the fly or apply the filter as a display filter.
     * Application startup time has been reduced.
     * Some keyboard shortcut mix-ups have been resolved by assigning new
       shortcuts to Edit -> Copy methods.
     * TShark now supports color using the --color option.
     * The "matches" display filter operator is now case-insensitive.
     * Display expression (button) preferences have been converted to a
       UAT. This puts the display expressions in their own file. Wireshark
       still supports preference files that contain the old preferences,
       but new preference files will be written without the old fields.
     * SMI private enterprise numbers are now read from the
       "enterprises.tsv" configuration file.
     * The QUIC dissector has been renamed to Google QUIC (quic -> gquic).
     * The selected packet number can now be shown in the Status Bar by
       enabling Preferences -> Appearance -> Layout -> Show selected
       packet number.
     * File load time in the Status Bar is now disabled by default and can
       be enabled in Preferences -> Appearance -> Layout -> Show file load
       time.
     * Support for the G.729A codec in the RTP Player is now added via the
       bcg729 library.
     * Support for hardware-timestamping of packets has been added.
     * Improved NetMon .cap support with comments, event tracing, network
       filter, network info types and some Message Analyzer exported
       types.
     * The personal plugins folder on Linux/Unix is now
       ~/.local/lib/wireshark/plugins.
     * TShark can print flow graphs using -z flow...
     * Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
       SHA1. MD5 output has been removed.
     * The packet editor has been removed. (This was a GTK+ only
       experimental feature.)
     * Support BBC micro:bit Bluetooth profile
     * The Linux and UNIX installation step for Wireshark will now install
       headers required to build plugins. A pkg-config file is provided to
       help with this (see doc/plugins.example for details). Note you must
       still rebuild all plugins between minor releases (X.Y).
     * The Windows installers and packages now ship with Qt 5.9.4.

  New Protocol Support

   802.11ax (High Efficiency WLAN (HEW)), ActiveMQ Artemis Core Protocol,
   AMT (Automatic Multicast Tunneling), Bluetooth Mesh, Broadcom tags
   (Broadcom Ethernet switch management frames), CAN-ETH, CVS password
   server, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.3br Frame
   Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre Filesystem,
   Lustre Network, Network Functional Application Platform Interface
   (NFAPI) Protocol, New Radio Radio Resource Control protocol, NXP
   802.15.4 Sniffer Protocol, PFCP (Packet Forwarding Control Protocol),
   Protobuf (Protocol Buffers), QUIC (IETF), Session Multiplex Protocol,
   SolarEdge monitoring protocol, Tibia, TWAMP and OWAMP, and Wi-Fi Device
   Provisioning Protocol

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Microsoft Network Monitor

  New and Updated Capture Interfaces support

   LoRaTap
     __________________________________________________________________

Getting Wireshark

   Wireshark source code and installation packages are available from
   [1]https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [2]download page on the Wireshark web site.
     __________________________________________________________________

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.
     __________________________________________________________________

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)

   The BER dissector might infinitely loop. ([4]Bug 1516)

   Capture filters aren't applied when capturing from named pipes. ([5]Bug
   1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([6]Bug 2234)

   Application crash when changing real-time option. ([7]Bug 4035)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([8]Bug 4985)

   Wireshark should let you work with multiple capture files. ([9]Bug
   10488)
     __________________________________________________________________

Getting Help

   Community support is available on [10]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [11]the web site.

   Official Wireshark training and certification are available from
   [12]Wireshark University.
     __________________________________________________________________

Frequently Asked Questions

   A complete FAQ is available on the [13]Wireshark web site.
     __________________________________________________________________

   Last updated 2018-02-06 20:11:41 UTC

References

   1. https://www.wireshark.org/download.html
   2. https://www.wireshark.org/download.html#thirdparty
   3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  10. https://ask.wireshark.org/
  11. https://www.wireshark.org/lists/
  12. http://www.wiresharktraining.com/
  13. https://www.wireshark.org/faq.html