2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark 2.5.1 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
This is a semi-experimental release intended to test new features
|
|
|
|
|
for Wireshark 2.6.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark is the world’s most popular network protocol analyzer.
|
|
|
|
|
It is used for troubleshooting, analysis, development and
|
|
|
|
|
education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What’s New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark 2.6 is the last release that will support the legacy
|
|
|
|
|
(GTK+) user interface. It will not be supported or available in
|
|
|
|
|
Wireshark 3.0.
|
|
|
|
|
|
|
|
|
|
Many user interface improvements have been made. See the “New
|
|
|
|
|
and Updated Features” section below for more details.
|
|
|
|
|
|
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. (Bug
|
|
|
|
|
1419[1])
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
New and Updated Features
|
2016-07-14 18:05:17 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
The following features are new (or have been significantly
|
|
|
|
|
updated) since version 2.5.0:
|
|
|
|
|
|
|
|
|
|
• HTTP Referer statistics are now supported.
|
|
|
|
|
|
|
|
|
|
• Wireshark now supports MaxMind DB files. Support for GeoIP
|
|
|
|
|
and GeoLite Legacy databases has been removed.
|
|
|
|
|
|
|
|
|
|
• The Windows packages are now built using Microsoft Visual
|
|
|
|
|
Studio 2017.
|
|
|
|
|
|
|
|
|
|
• The IP map feature (the “Map” button in the “Endpoints”
|
|
|
|
|
dialog) has been removed.
|
|
|
|
|
|
|
|
|
|
The following features are new (or have been significantly
|
|
|
|
|
updated) since version 2.4.0:
|
|
|
|
|
|
|
|
|
|
• Display filter buttons can now be edited, disabled, and
|
|
|
|
|
removed via a context menu directly from the toolbar
|
|
|
|
|
|
|
|
|
|
• Drag & Drop filter fields to the display filter toolbar or
|
|
|
|
|
edit to create a button on the fly or apply the filter as a
|
|
|
|
|
display filter.
|
|
|
|
|
|
|
|
|
|
• Application startup time has been reduced.
|
|
|
|
|
|
|
|
|
|
• Some keyboard shortcut mix-ups have been resolved by
|
|
|
|
|
assigning new shortcuts to Edit → Copy methods.
|
|
|
|
|
|
|
|
|
|
• TShark now supports color using the --color option.
|
|
|
|
|
|
|
|
|
|
• The "matches" display filter operator is now
|
|
|
|
|
case-insensitive.
|
|
|
|
|
|
|
|
|
|
• Display expression (button) preferences have been converted
|
|
|
|
|
to a UAT. This puts the display expressions in their own
|
|
|
|
|
file. Wireshark still supports preference files that
|
|
|
|
|
contain the old preferences, but new preference files will
|
|
|
|
|
be written without the old fields.
|
|
|
|
|
|
|
|
|
|
• SMI private enterprise numbers are now read from the
|
2018-02-06 20:35:21 +00:00
|
|
|
|
"enterprises.tsv" configuration file.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
|
|
|
|
• The QUIC dissector has been renamed to Google QUIC (quic →
|
|
|
|
|
gquic).
|
|
|
|
|
|
|
|
|
|
• The selected packet number can now be shown in the Status
|
|
|
|
|
Bar by enabling Preferences → Appearance → Layout → Show
|
|
|
|
|
selected packet number.
|
|
|
|
|
|
|
|
|
|
• File load time in the Status Bar is now disabled by default
|
|
|
|
|
and can be enabled in Preferences → Appearance → Layout →
|
|
|
|
|
Show file load time.
|
|
|
|
|
|
|
|
|
|
• Support for the G.729A codec in the RTP Player is now added
|
|
|
|
|
via the bcg729 library.
|
|
|
|
|
|
|
|
|
|
• Support for hardware-timestamping of packets has been
|
|
|
|
|
added.
|
|
|
|
|
|
|
|
|
|
• Improved NetMon .cap support with comments, event tracing,
|
|
|
|
|
network filter, network info types and some Message
|
|
|
|
|
Analyzer exported types.
|
|
|
|
|
|
|
|
|
|
• The personal plugins folder on Linux/Unix is now
|
2018-02-06 20:35:21 +00:00
|
|
|
|
~/.local/lib/wireshark/plugins.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
|
|
|
|
• TShark can print flow graphs using -z flow…
|
|
|
|
|
|
|
|
|
|
• Capinfos now prints SHA256 hashes in addition to RIPEMD160
|
|
|
|
|
and SHA1. MD5 output has been removed.
|
|
|
|
|
|
|
|
|
|
• The packet editor has been removed. (This was a GTK+ only
|
2018-02-06 20:35:21 +00:00
|
|
|
|
experimental feature.)
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
|
|
|
|
• Support BBC micro:bit Bluetooth profile
|
|
|
|
|
|
|
|
|
|
• The Linux and UNIX installation step for Wireshark will now
|
|
|
|
|
install headers required to build plugins. A pkg-config
|
|
|
|
|
file is provided to help with this (see doc/plugins.example
|
|
|
|
|
for details). Note you must still rebuild all plugins
|
|
|
|
|
between minor releases (X.Y).
|
|
|
|
|
|
|
|
|
|
• The Windows installers and packages now ship with Qt 5.9.4.
|
|
|
|
|
|
|
|
|
|
• The generic data dissector can now uncompress zlib
|
|
|
|
|
compressed data.
|
2015-09-02 16:19:40 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New Protocol Support
|
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast
|
|
|
|
|
Tunneling), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet
|
|
|
|
|
switch management frames), CAN-ETH, CVS password server,
|
|
|
|
|
Excentis DOCSIS31 XRA header, F5ethtrailer, FP Mux, GRPC
|
|
|
|
|
(gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN
|
|
|
|
|
(HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport
|
|
|
|
|
of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame
|
|
|
|
|
Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
|
|
|
|
|
Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency
|
|
|
|
|
Protocol (UDP), Network Functional Application Platform
|
|
|
|
|
Interface (NFAPI) Protocol, New Radio Radio Resource Control
|
|
|
|
|
protocol, NXP 802.15.4 Sniffer Protocol, PFCP (Packet
|
|
|
|
|
Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC
|
|
|
|
|
(IETF), RFC 4108 Using CMS to Protect Firmware Packages,
|
|
|
|
|
Session Multiplex Protocol, SolarEdge monitoring protocol,
|
|
|
|
|
Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and
|
|
|
|
|
OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
|
|
|
|
|
Protocol
|
2014-06-20 23:03:44 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
Updated Protocol Support
|
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
Too many protocols have been updated to list here.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
Microsoft Network Monitor
|
2015-05-28 18:47:31 +00:00
|
|
|
|
|
|
|
|
|
New and Updated Capture Interfaces support
|
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
LoRaTap
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark source code and installation packages are available
|
|
|
|
|
from https://www.wireshark.org/download.html[2].
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark
|
|
|
|
|
packages. You can usually install or upgrade Wireshark using
|
|
|
|
|
the package management system specific to that platform. A list
|
|
|
|
|
of third-party packages can be found on the download page[3] on
|
|
|
|
|
the Wireshark web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
File Locations
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark look in several different locations for
|
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
|
These locations vary from platform to platform. You can use
|
|
|
|
|
About→Folders to find the default locations on your system.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Known Problems
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
The BER dissector might infinitely loop. (Bug 1516[4])
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Capture filters aren’t applied when capturing from named pipes.
|
|
|
|
|
(Bug 1814[5])
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Filtering tshark captures with read filters (-R) no longer
|
|
|
|
|
works. (Bug 2234[6])
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Application crash when changing real-time option. (Bug 4035[7])
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark will display incorrect delta times in some
|
|
|
|
|
cases. (Bug 4985[8])
|
2013-11-01 09:55:26 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark should let you work with multiple capture files. (Bug
|
|
|
|
|
10488[9])
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Help
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Community support is available on Wireshark’s Q&A site[10] and
|
|
|
|
|
on the wireshark-users mailing list. Subscription information
|
|
|
|
|
and archives for all of Wireshark’s mailing lists can be found
|
|
|
|
|
on the web site[11].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Official Wireshark training and certification are available from
|
|
|
|
|
Wireshark University[12].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Frequently Asked Questions
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
A complete FAQ is available on the Wireshark web site[13].
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Last updated 2018-03-13 19:13:27 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
References
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
|
|
|
|
|
2. https://www.wireshark.org/download.html
|
|
|
|
|
3. https://www.wireshark.org/download.html#thirdparty
|
2016-06-08 18:50:18 +00:00
|
|
|
|
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
|
|
|
|
|
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
|
|
|
|
|
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
|
|
|
|
|
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
|
2018-02-06 20:35:21 +00:00
|
|
|
|
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
|
|
|
|
|
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
|
|
|
|
|
10. https://ask.wireshark.org/
|
|
|
|
|
11. https://www.wireshark.org/lists/
|
|
|
|
|
12. http://www.wiresharktraining.com/
|
|
|
|
|
13. https://www.wireshark.org/faq.html
|