wireshark/NEWS

                     Wireshark 1.11.3 Release Notes

   This is an experimental release intended to test new features
   for the next stable release.
     __________________________________________________________

What is Wireshark?

   Wireshark is the world's most popular network protocol
   analyzer. It is used for troubleshooting, analysis, development
   and education.
     __________________________________________________________

What's New

  Bug Fixes

   The following bugs have been fixed:
     * "On-the-wire" packet lengths are limited to 65535 bytes.
       ([1]Bug 8808, ws-buglink:9390)
     * "Follow TCP Stream" shows only the first HTTP req+res.
       ([2]Bug 9044)
     * Files with pcap-ng Simple Packet Blocks can't be read.
       ([3]Bug 9200)
     * MPLS-over-PPP isn't recognized. ([4]Bug 9492)

  New and Updated Features

   The following features are new (or have been significantly
   updated) since version 1.11.2:
     * Qt port:
          + The About dialog has been added
          + The Capture Interfaces dialog has been added.
          + The Decode As dialog has been added. It managed to
            swallow up the User Specified Decodes dialog as well.
          + The Export PDU dialog has been added.
          + Several SCTP dialogs have been added.
          + The statistics tree (the backend for many Statistics
            and Telephony menu items) dialog has been added.
          + The I/O Graph dialog has been added.
          + French translation has updated.

   The following features are new (or have been significantly
   updated) since version 1.11.1:
     * Mac OS X packaging has been improved.

   The following features are new (or have been significantly
   updated) since version 1.11.0:
     * Dissector output may be encoded as UTF-8. This includes
       TShark output.
     * Qt port:
          + The Follow Stream dialog now supports packet and TCP
            stream selection.
          + A Flow Graph (sequence diagram) dialog has been added.
          + The main window now respects geometry preferences.

   The following features are new (or have been significantly
   updated) since version 1.10:
     * Wireshark now uses the Qt application framework. The new UI
       should provide a significantly better user experience,
       particularly on Mac OS X and Windows.
     * The Windows installer now uninstalls the previous version
       of Wireshark silently. You can still run the uninstaller
       manually beforehand if you wish to run it interactively.
     * Expert information is now filterable when the new API is in
       use.
     * The "Number" column shows related packets and protocol
       conversation spans (Qt only).
     * When manipulating packets with editcap using the -C
       <choplen> and/or -s <snaplen> options, it is now possible
       to also adjust the original frame length using the -L
       option.
     * You can now pass the -C <choplen> option to editcap
       multiple times, which allows you to chop bytes from the
       beginning of a packet as well as at the end of a packet in
       a single step.
     * You can now specify an optional offset to the -C option for
       editcap, which allows you to start chopping from that
       offset instead of from the absolute packet beginning or
       end.
     * "malformed" display filter has been renamed to
       "_ws.malformed". A handful of other filters have been given
       the "_ws." prefix to note they are Wireshark application
       specific filters and not dissector filters.

  Removed dissectors

     * The ASN1 plugin has been removed as it's deemed obsolete.
     * The GNM dissector has been removed as it was never used.

  New Protocol Support

   29West, 802.1AE Secure tag, ACR122, ADB Client-Server, AllJoyn,
   Apple PKTAP, Aruba Instant AP, ASTERIX, ATN, Bencode, Bluetooth
   3DS, Bluetooth HSP, Bluetooth Linux Monitor Transport,
   Bluetooth Low Energy, Bluetooth Low Energy RF Info, CARP, CFDP,
   Cisco MetaData, DCE/RPC MDSSVC, DeviceNet, ELF file format,
   EXPORTED PDU, FINGER, HDMI, HTTP2, IDRP, IEEE 1722a, ILP, iWARP
   Direct Data Placement and Remote Direct Memory Access Protocol,
   Kafka, Kyoto Tycoon, Landis & Gyr Telegyr 8979, LBM, LBMC,
   LBMPDM, LBMPDM-TCP, LBMR, LBT-RM, LBT-RU, LBT-TCP, Lightweight
   Mesh (v1.1.1), Linux netlink, Linux netlink netfilter, Linux
   netlink sock diag, Linux rtnetlink (route netlink), Logcat,
   MBIM, MiNT, MP4 / ISOBMFF file format, MQ Telemetry Transport
   Protocol, Novell PKIS certificate extensions, NXP PN532 HCI,
   Open Sound Control, OpenFlow, Pathport, PDC, Picture Transfer
   Protocol Over IP, PKTAP, Private Data Channel, QUIC (Quick UDP
   Internet Connections), SAE J1939, SEL RTAC (Real Time
   Automation Controller) EIA-232 Serial-Line Dissection, Sippy
   RTPproxy, SMB-Direct, STANAG 4607, STANAG 5066 DTS, STANAG 5066
   SIS, Tinkerforge, Ubertooth, UDT, URL Encoded Form Data, USB
   Communications and CDC Control, USB Device Firmware Upgrade,
   VP8, WHOIS, Wi-Fi Display, and ZigBee Green Power profile

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer
   Sublayer

  Major API Changes

   The libwireshark API has undergone some major changes:
     * A more flexible, modular memory manager (wmem) has been
       added. It was available experimentally in 1.10 but is now
       mature and has mostly replaced the old emem API (which is
       deprecated).
     * A new API for expert information has been added, replacing
       the old one.
     * The tvbuff API has been cleaned up: tvb_length has been
       renamed to tvb_captured_length for clarity, and
       tvb_get_string and tvb_get_stringz have been deprecated in
       favour of tvb_get_string_enc and tvb_get_stringz_enc.
     __________________________________________________________

Getting Wireshark

   Wireshark source code and installation packages are available
   from [5]http://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark
   packages. You can usually install or upgrade Wireshark using
   the package management system specific to that platform. A list
   of third-party packages can be found on the [6]download page on
   the Wireshark web site.
     __________________________________________________________

File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About->Folders to find the default locations on your system.
     __________________________________________________________

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([7]Bug
   1419)

   The BER dissector might infinitely loop. ([8]Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   (ws-buglink:1814)

   Filtering tshark captures with read filters (-R) no longer
   works. ([9]Bug 2234)

   The 64-bit Windows installer does not support Kerberos
   decryption. ([10]Win64 development page)

   Resolving ([11]Bug 9044) reopens ([12]Bug 3528) so that
   Wireshark no longer automatically decodes gzip data when
   following a TCP stream.

   Application crash when changing real-time option. ([13]Bug
   4035)

   Hex pane display issue after startup. ([14]Bug 4056)

   Packet list rows are oversized. ([15]Bug 4357)

   Summary pane selected frame highlighting not maintained.
   ([16]Bug 4445)

   Wireshark and TShark will display incorrect delta times in some
   cases. ([17]Bug 4985)

   The 64-bit Mac OS X installer doesn't support Mac OS X 10.9
   ([18]Bug 9242)
     __________________________________________________________

Getting Help

   Community support is available on [19]Wireshark's Q&A site and
   on the wireshark-users mailing list. Subscription information
   and archives for all of Wireshark's mailing lists can be found
   on [20]the web site.

   Official Wireshark training and certification are available
   from [21]Wireshark University.
     __________________________________________________________

Frequently Asked Questions

   A complete FAQ is available on the [22]Wireshark web site.
     __________________________________________________________

   Last updated 2014-04-15 09:19:56 PDT

References

   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
   3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9492
   5. http://www.wireshark.org/download.html
   6. http://www.wireshark.org/download.html#thirdparty
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
  10. https://wiki.wireshark.org/Development/Win64
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
  12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
  13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
  14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
  15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
  16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
  17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
  19. http://ask.wireshark.org/
  20. http://www.wireshark.org/lists/
  21. http://www.wiresharktraining.com/
  22. http://www.wireshark.org/faq.html