2014-04-15 16:31:24 +00:00
|
|
|
Wireshark 1.11.3 Release Notes
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
This is an experimental release intended to test new features
|
|
|
|
for the next stable release.
|
|
|
|
__________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Wireshark is the world's most popular network protocol
|
|
|
|
analyzer. It is used for troubleshooting, analysis, development
|
|
|
|
and education.
|
|
|
|
__________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What's New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Bug Fixes
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
2014-04-15 16:31:24 +00:00
|
|
|
* "On-the-wire" packet lengths are limited to 65535 bytes.
|
|
|
|
([1]Bug 8808, ws-buglink:9390)
|
|
|
|
* "Follow TCP Stream" shows only the first HTTP req+res.
|
|
|
|
([2]Bug 9044)
|
|
|
|
* Files with pcap-ng Simple Packet Blocks can't be read.
|
|
|
|
([3]Bug 9200)
|
2014-02-25 23:52:36 +00:00
|
|
|
* MPLS-over-PPP isn't recognized. ([4]Bug 9492)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
|
|
New and Updated Features
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The following features are new (or have been significantly
|
|
|
|
updated) since version 1.11.2:
|
2013-11-27 23:09:19 +00:00
|
|
|
* Qt port:
|
2014-01-03 10:21:56 +00:00
|
|
|
+ The About dialog has been added
|
2013-12-20 21:41:54 +00:00
|
|
|
+ The Capture Interfaces dialog has been added.
|
2014-04-15 16:31:24 +00:00
|
|
|
+ The Decode As dialog has been added. It managed to
|
|
|
|
swallow up the User Specified Decodes dialog as well.
|
|
|
|
+ The Export PDU dialog has been added.
|
2013-12-20 21:41:54 +00:00
|
|
|
+ Several SCTP dialogs have been added.
|
2014-04-15 16:31:24 +00:00
|
|
|
+ The statistics tree (the backend for many Statistics
|
|
|
|
and Telephony menu items) dialog has been added.
|
|
|
|
+ The I/O Graph dialog has been added.
|
|
|
|
+ French translation has updated.
|
2013-11-27 23:09:19 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The following features are new (or have been significantly
|
|
|
|
updated) since version 1.11.1:
|
2013-11-27 23:09:19 +00:00
|
|
|
* Mac OS X packaging has been improved.
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The following features are new (or have been significantly
|
|
|
|
updated) since version 1.11.0:
|
|
|
|
* Dissector output may be encoded as UTF-8. This includes
|
|
|
|
TShark output.
|
2013-11-15 08:24:08 +00:00
|
|
|
* Qt port:
|
2014-04-15 16:31:24 +00:00
|
|
|
+ The Follow Stream dialog now supports packet and TCP
|
|
|
|
stream selection.
|
2013-11-15 08:24:08 +00:00
|
|
|
+ A Flow Graph (sequence diagram) dialog has been added.
|
|
|
|
+ The main window now respects geometry preferences.
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The following features are new (or have been significantly
|
|
|
|
updated) since version 1.10:
|
|
|
|
* Wireshark now uses the Qt application framework. The new UI
|
|
|
|
should provide a significantly better user experience,
|
|
|
|
particularly on Mac OS X and Windows.
|
|
|
|
* The Windows installer now uninstalls the previous version
|
|
|
|
of Wireshark silently. You can still run the uninstaller
|
|
|
|
manually beforehand if you wish to run it interactively.
|
|
|
|
* Expert information is now filterable when the new API is in
|
|
|
|
use.
|
|
|
|
* The "Number" column shows related packets and protocol
|
|
|
|
conversation spans (Qt only).
|
|
|
|
* When manipulating packets with editcap using the -C
|
|
|
|
<choplen> and/or -s <snaplen> options, it is now possible
|
|
|
|
to also adjust the original frame length using the -L
|
|
|
|
option.
|
|
|
|
* You can now pass the -C <choplen> option to editcap
|
|
|
|
multiple times, which allows you to chop bytes from the
|
|
|
|
beginning of a packet as well as at the end of a packet in
|
|
|
|
a single step.
|
2013-11-01 09:55:26 +00:00
|
|
|
* You can now specify an optional offset to the -C option for
|
2014-04-15 16:31:24 +00:00
|
|
|
editcap, which allows you to start chopping from that
|
|
|
|
offset instead of from the absolute packet beginning or
|
|
|
|
end.
|
|
|
|
* "malformed" display filter has been renamed to
|
|
|
|
"_ws.malformed". A handful of other filters have been given
|
|
|
|
the "_ws." prefix to note they are Wireshark application
|
|
|
|
specific filters and not dissector filters.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-01-09 11:02:29 +00:00
|
|
|
Removed dissectors
|
|
|
|
|
|
|
|
* The ASN1 plugin has been removed as it's deemed obsolete.
|
|
|
|
* The GNM dissector has been removed as it was never used.
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New Protocol Support
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
29West, 802.1AE Secure tag, ACR122, ADB Client-Server, AllJoyn,
|
|
|
|
Apple PKTAP, Aruba Instant AP, ASTERIX, ATN, Bencode, Bluetooth
|
|
|
|
3DS, Bluetooth HSP, Bluetooth Linux Monitor Transport,
|
|
|
|
Bluetooth Low Energy, Bluetooth Low Energy RF Info, CARP, CFDP,
|
|
|
|
Cisco MetaData, DCE/RPC MDSSVC, DeviceNet, ELF file format,
|
|
|
|
EXPORTED PDU, FINGER, HDMI, HTTP2, IDRP, IEEE 1722a, ILP, iWARP
|
|
|
|
Direct Data Placement and Remote Direct Memory Access Protocol,
|
|
|
|
Kafka, Kyoto Tycoon, Landis & Gyr Telegyr 8979, LBM, LBMC,
|
|
|
|
LBMPDM, LBMPDM-TCP, LBMR, LBT-RM, LBT-RU, LBT-TCP, Lightweight
|
|
|
|
Mesh (v1.1.1), Linux netlink, Linux netlink netfilter, Linux
|
|
|
|
netlink sock diag, Linux rtnetlink (route netlink), Logcat,
|
|
|
|
MBIM, MiNT, MP4 / ISOBMFF file format, MQ Telemetry Transport
|
|
|
|
Protocol, Novell PKIS certificate extensions, NXP PN532 HCI,
|
|
|
|
Open Sound Control, OpenFlow, Pathport, PDC, Picture Transfer
|
|
|
|
Protocol Over IP, PKTAP, Private Data Channel, QUIC (Quick UDP
|
|
|
|
Internet Connections), SAE J1939, SEL RTAC (Real Time
|
|
|
|
Automation Controller) EIA-232 Serial-Line Dissection, Sippy
|
|
|
|
RTPproxy, SMB-Direct, STANAG 4607, STANAG 5066 DTS, STANAG 5066
|
2014-02-25 23:52:36 +00:00
|
|
|
SIS, Tinkerforge, Ubertooth, UDT, URL Encoded Form Data, USB
|
2014-04-15 16:31:24 +00:00
|
|
|
Communications and CDC Control, USB Device Firmware Upgrade,
|
|
|
|
VP8, WHOIS, Wi-Fi Display, and ZigBee Green Power profile
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Updated Protocol Support
|
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Too many protocols have been updated to list here.
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer
|
|
|
|
Sublayer
|
2014-02-25 23:52:36 +00:00
|
|
|
|
|
|
|
Major API Changes
|
|
|
|
|
|
|
|
The libwireshark API has undergone some major changes:
|
2014-04-15 16:31:24 +00:00
|
|
|
* A more flexible, modular memory manager (wmem) has been
|
|
|
|
added. It was available experimentally in 1.10 but is now
|
|
|
|
mature and has mostly replaced the old emem API (which is
|
|
|
|
deprecated).
|
|
|
|
* A new API for expert information has been added, replacing
|
|
|
|
the old one.
|
|
|
|
* The tvbuff API has been cleaned up: tvb_length has been
|
|
|
|
renamed to tvb_captured_length for clarity, and
|
|
|
|
tvb_get_string and tvb_get_stringz have been deprecated in
|
|
|
|
favour of tvb_get_string_enc and tvb_get_stringz_enc.
|
|
|
|
__________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Wireshark source code and installation packages are available
|
|
|
|
from [5]http://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark
|
|
|
|
packages. You can usually install or upgrade Wireshark using
|
|
|
|
the package management system specific to that platform. A list
|
|
|
|
of third-party packages can be found on the [6]download page on
|
|
|
|
the Wireshark web site.
|
|
|
|
__________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
File Locations
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Wireshark and TShark look in several different locations for
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
These locations vary from platform to platform. You can use
|
|
|
|
About->Folders to find the default locations on your system.
|
|
|
|
__________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Known Problems
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. ([7]Bug
|
|
|
|
1419)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-02-25 23:52:36 +00:00
|
|
|
The BER dissector might infinitely loop. ([8]Bug 1516)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
|
|
|
(ws-buglink:1814)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer
|
|
|
|
works. ([9]Bug 2234)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The 64-bit Windows installer does not support Kerberos
|
|
|
|
decryption. ([10]Win64 development page)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Resolving ([11]Bug 9044) reopens ([12]Bug 3528) so that
|
|
|
|
Wireshark no longer automatically decodes gzip data when
|
|
|
|
following a TCP stream.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Application crash when changing real-time option. ([13]Bug
|
|
|
|
4035)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-02-25 23:52:36 +00:00
|
|
|
Hex pane display issue after startup. ([14]Bug 4056)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-02-25 23:52:36 +00:00
|
|
|
Packet list rows are oversized. ([15]Bug 4357)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Summary pane selected frame highlighting not maintained.
|
|
|
|
([16]Bug 4445)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Wireshark and TShark will display incorrect delta times in some
|
|
|
|
cases. ([17]Bug 4985)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
The 64-bit Mac OS X installer doesn't support Mac OS X 10.9
|
|
|
|
([18]Bug 9242)
|
|
|
|
__________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Getting Help
|
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Community support is available on [19]Wireshark's Q&A site and
|
|
|
|
on the wireshark-users mailing list. Subscription information
|
|
|
|
and archives for all of Wireshark's mailing lists can be found
|
|
|
|
on [20]the web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Official Wireshark training and certification are available
|
|
|
|
from [21]Wireshark University.
|
|
|
|
__________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Frequently Asked Questions
|
|
|
|
|
2014-02-25 23:52:36 +00:00
|
|
|
A complete FAQ is available on the [22]Wireshark web site.
|
2014-04-15 16:31:24 +00:00
|
|
|
__________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2014-04-15 16:31:24 +00:00
|
|
|
Last updated 2014-04-15 09:19:56 PDT
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
|
|
References
|
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
|
|
|
|
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
|
|
|
|
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
|
2014-02-25 23:52:36 +00:00
|
|
|
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9492
|
|
|
|
5. http://www.wireshark.org/download.html
|
|
|
|
6. http://www.wireshark.org/download.html#thirdparty
|
|
|
|
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
|
|
|
|
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
|
|
|
|
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
|
|
|
|
10. https://wiki.wireshark.org/Development/Win64
|
|
|
|
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
|
|
|
|
12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
|
|
|
|
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
|
|
|
|
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
|
|
|
|
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
|
|
|
|
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
|
|
|
|
17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
|
|
|
|
18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
|
|
|
|
19. http://ask.wireshark.org/
|
|
|
|
20. http://www.wireshark.org/lists/
|
|
|
|
21. http://www.wiresharktraining.com/
|
|
|
|
22. http://www.wireshark.org/faq.html
|