2018-02-06 20:35:21 +00:00
|
|
|
Wireshark 2.5.0 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
2015-07-24 17:14:09 +00:00
|
|
|
This is a semi-experimental release intended to test new features for
|
2018-02-06 20:35:21 +00:00
|
|
|
Wireshark 2.6.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What's New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Many user interface improvements have been made. See the New and
|
|
|
|
Updated Features section below for more details.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
New and Updated Features
|
2016-07-14 18:05:17 +00:00
|
|
|
|
2015-09-02 16:19:40 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2018-02-06 20:35:21 +00:00
|
|
|
since version 2.4.0:
|
|
|
|
* Display filter buttons can now be edited, disabled, and removed via
|
|
|
|
a context menu directly from the toolbar
|
|
|
|
* Drag & Drop filter fields to the display filter toolbar or edit to
|
|
|
|
create a button on the fly or apply the filter as a display filter.
|
|
|
|
* Application startup time has been reduced.
|
|
|
|
* Some keyboard shortcut mix-ups have been resolved by assigning new
|
|
|
|
shortcuts to Edit -> Copy methods.
|
|
|
|
* TShark now supports color using the --color option.
|
|
|
|
* The "matches" display filter operator is now case-insensitive.
|
|
|
|
* Display expression (button) preferences have been converted to a
|
|
|
|
UAT. This puts the display expressions in their own file. Wireshark
|
|
|
|
still supports preference files that contain the old preferences,
|
|
|
|
but new preference files will be written without the old fields.
|
|
|
|
* SMI private enterprise numbers are now read from the
|
|
|
|
"enterprises.tsv" configuration file.
|
|
|
|
* The QUIC dissector has been renamed to Google QUIC (quic -> gquic).
|
|
|
|
* The selected packet number can now be shown in the Status Bar by
|
|
|
|
enabling Preferences -> Appearance -> Layout -> Show selected
|
|
|
|
packet number.
|
|
|
|
* File load time in the Status Bar is now disabled by default and can
|
|
|
|
be enabled in Preferences -> Appearance -> Layout -> Show file load
|
|
|
|
time.
|
|
|
|
* Support for the G.729A codec in the RTP Player is now added via the
|
|
|
|
bcg729 library.
|
|
|
|
* Support for hardware-timestamping of packets has been added.
|
|
|
|
* Improved NetMon .cap support with comments, event tracing, network
|
|
|
|
filter, network info types and some Message Analyzer exported
|
|
|
|
types.
|
|
|
|
* The personal plugins folder on Linux/Unix is now
|
|
|
|
~/.local/lib/wireshark/plugins.
|
|
|
|
* TShark can print flow graphs using -z flow...
|
|
|
|
* Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
|
|
|
|
SHA1. MD5 output has been removed.
|
|
|
|
* The packet editor has been removed. (This was a GTK+ only
|
|
|
|
experimental feature.)
|
|
|
|
* Support BBC micro:bit Bluetooth profile
|
|
|
|
* The Linux and UNIX installation step for Wireshark will now install
|
|
|
|
headers required to build plugins. A pkg-config file is provided to
|
|
|
|
help with this (see doc/plugins.example for details). Note you must
|
|
|
|
still rebuild all plugins between minor releases (X.Y).
|
|
|
|
* The Windows installers and packages now ship with Qt 5.9.4.
|
2015-09-02 16:19:40 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New Protocol Support
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
802.11ax (High Efficiency WLAN (HEW)), ActiveMQ Artemis Core Protocol,
|
|
|
|
AMT (Automatic Multicast Tunneling), Bluetooth Mesh, Broadcom tags
|
|
|
|
(Broadcom Ethernet switch management frames), CAN-ETH, CVS password
|
|
|
|
server, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.3br Frame
|
|
|
|
Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre Filesystem,
|
|
|
|
Lustre Network, Network Functional Application Platform Interface
|
|
|
|
(NFAPI) Protocol, New Radio Radio Resource Control protocol, NXP
|
|
|
|
802.15.4 Sniffer Protocol, PFCP (Packet Forwarding Control Protocol),
|
|
|
|
Protobuf (Protocol Buffers), QUIC (IETF), Session Multiplex Protocol,
|
|
|
|
SolarEdge monitoring protocol, Tibia, TWAMP and OWAMP, and Wi-Fi Device
|
|
|
|
Provisioning Protocol
|
2014-06-20 23:03:44 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Updated Protocol Support
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Too many protocols have been updated to list here.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Microsoft Network Monitor
|
2015-05-28 18:47:31 +00:00
|
|
|
|
|
|
|
New and Updated Capture Interfaces support
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
LoRaTap
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark source code and installation packages are available from
|
2016-06-08 18:50:18 +00:00
|
|
|
[1]https://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
system specific to that platform. A list of third-party packages can be
|
2016-06-08 18:50:18 +00:00
|
|
|
found on the [2]download page on the Wireshark web site.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
File Locations
|
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
|
|
|
|
vary from platform to platform. You can use About->Folders to find the
|
|
|
|
default locations on your system.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Known Problems
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
The BER dissector might infinitely loop. ([4]Bug 1516)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Capture filters aren't applied when capturing from named pipes. ([5]Bug
|
2014-10-28 15:15:57 +00:00
|
|
|
1814)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2016-06-08 18:50:18 +00:00
|
|
|
([6]Bug 2234)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Application crash when changing real-time option. ([7]Bug 4035)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2018-02-06 20:35:21 +00:00
|
|
|
([8]Bug 4985)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Wireshark should let you work with multiple capture files. ([9]Bug
|
2015-01-09 21:47:44 +00:00
|
|
|
10488)
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Getting Help
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Community support is available on [10]Wireshark's Q&A site and on the
|
2014-10-28 15:15:57 +00:00
|
|
|
wireshark-users mailing list. Subscription information and archives for
|
2018-02-06 20:35:21 +00:00
|
|
|
all of Wireshark's mailing lists can be found on [11]the web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Official Wireshark training and certification are available from
|
2018-02-06 20:35:21 +00:00
|
|
|
[12]Wireshark University.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Frequently Asked Questions
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
A complete FAQ is available on the [13]Wireshark web site.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
Last updated 2018-02-06 20:11:41 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
|
|
References
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
1. https://www.wireshark.org/download.html
|
|
|
|
2. https://www.wireshark.org/download.html#thirdparty
|
|
|
|
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
|
|
|
|
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
|
|
|
|
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
|
|
|
|
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
|
|
|
|
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
|
2018-02-06 20:35:21 +00:00
|
|
|
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
|
|
|
|
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
|
|
|
|
10. https://ask.wireshark.org/
|
|
|
|
11. https://www.wireshark.org/lists/
|
|
|
|
12. http://www.wiresharktraining.com/
|
|
|
|
13. https://www.wireshark.org/faq.html
|