2016-07-16 07:53:37 +00:00
|
|
|
= Wireshark {wireshark-version} Release Notes
|
2014-10-02 21:15:05 +00:00
|
|
|
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc
|
2014-04-15 16:31:24 +00:00
|
|
|
|
2016-07-21 22:53:54 +00:00
|
|
|
This is a semi-experimental release intended to test new features for
|
|
|
|
Wireshark 2.4.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
== What is Wireshark?
|
|
|
|
|
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
|
|
|
|
== What's New
|
|
|
|
|
2014-10-02 21:15:05 +00:00
|
|
|
//=== Bug Fixes
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-10-01 15:17:44 +00:00
|
|
|
//The following bugs have been fixed:
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-03-15 18:25:42 +00:00
|
|
|
//* ws-buglink:5000[]
|
|
|
|
//* ws-buglink:6000[Wireshark bug]
|
2014-05-23 20:56:41 +00:00
|
|
|
//* cve-idlink:2014-2486[]
|
2016-07-21 22:53:54 +00:00
|
|
|
//* Wireshark keeps leaving voicemails advertising timeshare condominiums in Fresno. (ws-buglink:0000[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2016-06-08 16:15:24 +00:00
|
|
|
//_Non-empty section placeholder._
|
2015-10-13 21:59:56 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
=== New and Updated Features
|
|
|
|
|
2016-07-14 21:06:14 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 2.1.1:
|
|
|
|
|
2016-07-27 22:31:06 +00:00
|
|
|
* Source code releases are now compressed using xz.
|
|
|
|
|
2016-06-08 21:55:06 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 2.1.0:
|
|
|
|
|
2016-06-19 06:33:13 +00:00
|
|
|
* Added -d option for Decode As support in Wireshark (mimics TShark
|
|
|
|
functionality)
|
2016-06-23 20:10:52 +00:00
|
|
|
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
|
|
|
|
TShark can additionally export packets as Elasticsearch-compatible
|
|
|
|
JSON.
|
|
|
|
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
|
|
|
|
deprecated.
|
|
|
|
* The Conversations and Endpoints dialogs are more responsive when
|
|
|
|
viewing large numbers of items.
|
|
|
|
* The RTP player now allows up to 30 minutes of silence frames.
|
2016-06-30 16:24:57 +00:00
|
|
|
* Packet bytes can now be displayed as EBCDIC.
|
2016-07-14 18:05:17 +00:00
|
|
|
* The Qt UI loads captures faster on Windows.
|
2016-07-11 03:47:28 +00:00
|
|
|
* proto_tree_add_checksum was added as an API. This attempts to
|
|
|
|
standardize how checksums are reported and filtered for within
|
|
|
|
*Shark. There are no more individual "good" and "bad" filter
|
|
|
|
fields, protocols now have a "checksum.status" field that records
|
|
|
|
"Good", "Bad" and "Unverified" (neither good or bad). Color filters
|
|
|
|
provided with Wireshark have been adjusted to the new display filter
|
|
|
|
names, but custom ones may need to be updated.
|
2016-06-08 21:55:06 +00:00
|
|
|
|
2015-06-29 11:05:32 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 2.0.0:
|
2016-06-08 16:15:24 +00:00
|
|
|
|
2016-06-15 20:17:41 +00:00
|
|
|
* The intelligent scroll bar now sits to the left of a normal scroll bar and
|
|
|
|
provides a clickable map of nearby packets.
|
2016-05-11 23:41:15 +00:00
|
|
|
* You can now switch between between Capture and File Format dissection of
|
2015-10-26 14:55:21 +00:00
|
|
|
the current capture file via the View menu in the Qt GUI.
|
2016-05-11 23:41:15 +00:00
|
|
|
* You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8,
|
|
|
|
a C array, or YAML.
|
|
|
|
* You can now use regular expressions in Find Packet and in the advanced preferences.
|
|
|
|
* Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the
|
2016-03-26 03:16:17 +00:00
|
|
|
"concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name
|
|
|
|
resolution some build dependencies must be present (currently c-ares). If that is not the case DNS
|
|
|
|
name resolution will be disabled (but other name resolution mechanisms, such as host files,
|
|
|
|
are still available).
|
2016-05-11 23:41:15 +00:00
|
|
|
* The byte under the mouse in the Packet Bytes pane is now highlighted.
|
|
|
|
* TShark supports exporting PDUs via the `-U` flag.
|
2016-06-03 16:21:21 +00:00
|
|
|
* The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
|
2016-05-11 23:41:15 +00:00
|
|
|
* Most dialogs in the Qt UI now save their size and positions.
|
2016-06-03 16:21:21 +00:00
|
|
|
* The Follow Stream dialog now supports UTF-16.
|
|
|
|
* The Firewall ACL Rules dialog has returned.
|
|
|
|
* The Flow (Sequence) Analysis dialog has been improved.
|
2016-06-08 21:55:06 +00:00
|
|
|
* We no longer provide packages for 32-bit versions of OS X.
|
2015-05-19 09:55:01 +00:00
|
|
|
* The Bluetooth Device details dialog has been added.
|
2015-06-29 11:05:32 +00:00
|
|
|
|
2014-06-06 18:39:55 +00:00
|
|
|
//=== Removed Dissectors
|
2014-01-03 09:48:53 +00:00
|
|
|
|
2015-10-16 01:50:17 +00:00
|
|
|
=== New File Format Decoding Support
|
|
|
|
|
|
|
|
Wireshark is able to display the format of some types of files (rather than
|
|
|
|
displaying the contents of those files). This is useful when you're curious
|
|
|
|
about, or debugging, a file and its format. To open a capture file (such as
|
|
|
|
PCAP) in this mode specify "MIME Files Format" as the file's format in the
|
|
|
|
Open File dialog.
|
|
|
|
|
|
|
|
New files that Wireshark can open in this mode include:
|
2015-06-26 13:40:22 +00:00
|
|
|
|
2016-06-08 16:15:24 +00:00
|
|
|
//_Non-empty section placeholder._
|
2015-06-26 13:40:22 +00:00
|
|
|
--sort-and-group--
|
|
|
|
--sort-and-group--
|
2014-01-03 09:48:53 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
=== New Protocol Support
|
2016-06-03 16:21:21 +00:00
|
|
|
|
2016-06-08 16:15:24 +00:00
|
|
|
// Add one protocol per line between the --sort-and-group-- delimiters.
|
2016-06-03 16:21:21 +00:00
|
|
|
--sort-and-group--
|
2015-11-10 11:27:10 +00:00
|
|
|
CISCO ERSPAN3 Marker
|
2015-11-05 15:10:47 +00:00
|
|
|
Nokia Intelligent Service Interface (ISI)
|
2015-12-02 00:03:27 +00:00
|
|
|
ISO14443
|
|
|
|
Extensible Control & Management Protocol (eCMP)
|
2015-12-15 18:47:29 +00:00
|
|
|
RTI TCP Transport Layer (RTITCP)
|
2016-01-04 16:53:41 +00:00
|
|
|
ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP)
|
2016-01-12 07:25:23 +00:00
|
|
|
Zigbee Protocol Clusters Dissectors Added (Closures, Lighting, General, Measurement & Sensing, HVAC, Security & Safety)
|
2016-01-08 09:32:35 +00:00
|
|
|
LAT protocol (DECNET)
|
2016-01-14 00:07:12 +00:00
|
|
|
Ericsson IPOS Kernel Packet Header Dissector Added (IPOS)
|
2016-01-18 23:23:39 +00:00
|
|
|
STANAG 5602 SIMPLE
|
2015-08-22 13:55:31 +00:00
|
|
|
UserLog Protocol
|
2016-02-03 08:59:08 +00:00
|
|
|
FLEXRAY Protocol dissector added (automotive bus)
|
2016-02-19 15:33:15 +00:00
|
|
|
USB3 Vision Protocol (USB machine vision cameras)
|
2016-01-31 02:07:45 +00:00
|
|
|
USBIP Protocol
|
2016-02-08 20:31:46 +00:00
|
|
|
Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV)
|
2016-03-01 05:10:24 +00:00
|
|
|
Metamako trailers
|
2016-03-03 02:53:13 +00:00
|
|
|
ISO 8583-1
|
2014-12-18 14:54:38 +00:00
|
|
|
Bluetooth Pseudoheader for BR/EDR
|
2016-04-08 13:34:19 +00:00
|
|
|
Edge Control Protocol (ECP)
|
2016-04-26 08:21:42 +00:00
|
|
|
Bachmann bluecom Protocol
|
2016-05-22 13:41:59 +00:00
|
|
|
Apache Cassandra - CQL version 3.0
|
2016-06-03 15:56:54 +00:00
|
|
|
Real Time Location System (RTLS)
|
2016-07-04 20:41:29 +00:00
|
|
|
Network-Based IP Flow Mobility (NBIFOM)
|
2016-07-12 17:28:38 +00:00
|
|
|
IEEE 802.1BR E-Tag
|
2016-07-21 07:55:03 +00:00
|
|
|
Nordic BLE Sniffer
|
2016-07-16 16:34:34 +00:00
|
|
|
Ericsson A-bis TFP (Traffic Forwarding Protocol)
|
2016-07-16 18:36:11 +00:00
|
|
|
Ericsson A-bis P-GSL
|
2016-07-25 01:33:41 +00:00
|
|
|
vSocket
|
2016-07-16 07:53:37 +00:00
|
|
|
ISO 15765
|
2016-07-16 07:54:23 +00:00
|
|
|
Unified Diagnostic Services (UDS)
|
2016-08-03 21:59:48 +00:00
|
|
|
Encrypted UDP based FTP with multicast
|
2016-05-25 21:36:51 +00:00
|
|
|
SCTE-35 Digital Program Insertion Messages
|
2016-08-16 14:40:38 +00:00
|
|
|
Windows Cluster Management API (clusapi)
|
2016-05-25 21:36:51 +00:00
|
|
|
|
2013-03-18 22:17:42 +00:00
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== Updated Protocol Support
|
|
|
|
|
2016-01-27 12:01:49 +00:00
|
|
|
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to
|
|
|
|
DecodeAs it over USB, TCP and UDP.
|
|
|
|
|
2016-04-28 02:40:07 +00:00
|
|
|
A preference was added to TCP dissector for handling IPFIX process
|
|
|
|
information. It has been disabled by default.
|
|
|
|
|
2016-06-08 16:15:24 +00:00
|
|
|
//Too many protocols have been updated to list here.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== New and Updated Capture File Support
|
|
|
|
|
2016-02-09 15:16:15 +00:00
|
|
|
//_Non-empty section placeholder._
|
2016-06-08 16:15:24 +00:00
|
|
|
// Add one file type per line between the --sort-and-group-- delimiters.
|
2014-09-29 15:05:38 +00:00
|
|
|
--sort-and-group--
|
2016-06-03 16:21:21 +00:00
|
|
|
Micropross mplog
|
2014-09-29 15:05:38 +00:00
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2015-04-08 14:09:03 +00:00
|
|
|
=== New and Updated Capture Interfaces support
|
|
|
|
|
2015-10-13 21:59:56 +00:00
|
|
|
_Non-empty section placeholder._
|
2015-04-08 14:09:03 +00:00
|
|
|
--sort-and-group--
|
|
|
|
--sort-and-group--
|
|
|
|
|
2014-02-22 19:16:44 +00:00
|
|
|
=== Major API Changes
|
|
|
|
|
|
|
|
The libwireshark API has undergone some major changes:
|
|
|
|
|
2015-10-26 14:55:21 +00:00
|
|
|
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
|
|
|
|
(lower case) functions of the same names instead.
|
2014-07-29 00:04:28 +00:00
|
|
|
|
2015-11-25 15:11:53 +00:00
|
|
|
* "old style" dissector functions (that don't return number of bytes
|
|
|
|
used) have been replaced in name with the "new style" dissector
|
|
|
|
functions.
|
|
|
|
|
2015-11-26 20:10:06 +00:00
|
|
|
* tvb_get_string and tvb_get_stringz have been replaced with
|
|
|
|
tvb_get_string_enc and tvb_get_stringz_enc respectively.
|
|
|
|
|
2014-02-22 19:16:44 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Wireshark
|
|
|
|
|
|
|
|
Wireshark source code and installation packages are available from
|
2014-09-17 00:15:56 +00:00
|
|
|
https://www.wireshark.org/download.html.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== Vendor-supplied Packages
|
|
|
|
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You can
|
|
|
|
usually install or upgrade Wireshark using the package management system
|
|
|
|
specific to that platform. A list of third-party packages can be found
|
2014-09-17 00:15:56 +00:00
|
|
|
on the https://www.wireshark.org/download.html#thirdparty[download page]
|
2013-03-15 01:33:46 +00:00
|
|
|
on the Wireshark web site.
|
|
|
|
|
|
|
|
== File Locations
|
|
|
|
|
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
|
|
|
from platform to platform. You can use About→Folders to find the default
|
|
|
|
locations on your system.
|
|
|
|
|
|
|
|
== Known Problems
|
|
|
|
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1419[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
The BER dissector might infinitely loop.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1516[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
2014-10-01 15:17:44 +00:00
|
|
|
(ws-buglink:1814[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-03-28 21:46:37 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:2234[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Application crash when changing real-time option.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4035[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Packet list rows are oversized.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4357[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4985[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-12-15 17:24:01 +00:00
|
|
|
Wireshark should let you work with multiple capture files. (ws-buglink:10488[])
|
|
|
|
|
2016-01-29 17:03:52 +00:00
|
|
|
Dell Backup and Recovery (DBAR) makes many Windows applications crash,
|
|
|
|
including Wireshark. (ws-buglink:12036[])
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Help
|
|
|
|
|
2015-03-10 17:46:50 +00:00
|
|
|
Community support is available on https://ask.wireshark.org/[Wireshark's
|
2013-03-15 01:33:46 +00:00
|
|
|
Q&A site] and on the wireshark-users mailing list. Subscription
|
|
|
|
information and archives for all of Wireshark's mailing lists can be
|
2014-09-17 00:15:56 +00:00
|
|
|
found on https://www.wireshark.org/lists/[the web site].
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Official Wireshark training and certification are available from
|
|
|
|
http://www.wiresharktraining.com/[Wireshark University].
|
|
|
|
|
|
|
|
== Frequently Asked Questions
|
|
|
|
|
|
|
|
A complete FAQ is available on the
|
2014-09-17 00:15:56 +00:00
|
|
|
https://www.wireshark.org/faq.html[Wireshark web site].
|