2013-03-18 22:17:42 +00:00
|
|
|
= Wireshark wireshark-version:[] Release Notes
|
2014-10-02 21:15:05 +00:00
|
|
|
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc
|
2014-04-15 16:31:24 +00:00
|
|
|
|
2015-07-24 17:14:09 +00:00
|
|
|
This is a semi-experimental release intended to test new features for Wireshark 2.0.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
== What is Wireshark?
|
|
|
|
|
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
|
|
|
|
== What's New
|
|
|
|
|
2014-10-02 21:15:05 +00:00
|
|
|
//=== Bug Fixes
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-10-01 15:17:44 +00:00
|
|
|
//The following bugs have been fixed:
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-03-15 18:25:42 +00:00
|
|
|
//* ws-buglink:5000[]
|
|
|
|
//* ws-buglink:6000[Wireshark bug]
|
2014-05-23 20:56:41 +00:00
|
|
|
//* cve-idlink:2014-2486[]
|
|
|
|
//* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== New and Updated Features
|
|
|
|
|
2015-05-13 15:33:28 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2015-07-09 16:46:06 +00:00
|
|
|
since version 1.99.7:
|
|
|
|
|
|
|
|
* Qt port:
|
2015-05-13 15:33:28 +00:00
|
|
|
|
2015-07-23 18:35:35 +00:00
|
|
|
** The Enabled Protocols dialog has been added.
|
2015-07-09 16:46:06 +00:00
|
|
|
** Many statistics dialogs have been added, including Service response time,
|
2015-07-24 17:14:09 +00:00
|
|
|
DHCP/BOOTP, and ANSI.
|
2015-07-23 18:35:35 +00:00
|
|
|
** The RTP Analysis dialog has been added.
|
2015-07-09 16:46:06 +00:00
|
|
|
** Lua dialog support has been added.
|
2015-07-23 18:35:35 +00:00
|
|
|
** You can now manually resolve addresses.
|
|
|
|
** The Resolved Addresses dialog has been added.
|
|
|
|
** The packet list scrollbar now has a minimap.
|
2015-07-09 16:46:06 +00:00
|
|
|
** The capture interfaces dialog has been updated.
|
2015-07-23 18:35:35 +00:00
|
|
|
** You can now colorize conversations.
|
2015-07-09 16:46:06 +00:00
|
|
|
** Welcome screen behavior has been improved.
|
|
|
|
** Plugin support has been improved.
|
|
|
|
** Many dialogs should now more correctly minimize and maximize.
|
|
|
|
** The reload button has been added back to the toolbar.
|
|
|
|
** The "Decode As" dialog no longer saves decoding behavior.
|
|
|
|
** You can now stop loading large capture files.
|
2015-06-08 17:38:48 +00:00
|
|
|
** The Bluetooth HCI Summary has been added.
|
2015-06-18 20:01:05 +00:00
|
|
|
|
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.6:
|
|
|
|
|
2015-05-13 15:33:28 +00:00
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** The Bluetooth Devices dialog has been added.
|
2015-06-16 21:02:14 +00:00
|
|
|
** The wireless toolbar has been added.
|
|
|
|
** Opening files via drag and drop is now supported.
|
|
|
|
** The Capture Filter and Display Filter dialogs have been added.
|
|
|
|
** The Display Filter Expression dialog has been added.
|
|
|
|
** Conversation Filter menu items have been added.
|
|
|
|
** You can change protocol preferences by right clicking on the packet list
|
|
|
|
and details.
|
2015-05-13 15:33:28 +00:00
|
|
|
|
2015-05-11 21:00:41 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.4 and 1.99.5:
|
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** Capture restarts are now supported.
|
|
|
|
** Menu items for plugins are now supported.
|
|
|
|
** Extcap interfaces are now supported.
|
|
|
|
** The Expert Information dialog has been added.
|
2015-05-28 18:47:31 +00:00
|
|
|
** Display and capture filter completion is now supported.
|
|
|
|
** Many bugs have been fixed.
|
2015-05-11 21:00:41 +00:00
|
|
|
** Translations have been updated.
|
|
|
|
|
2015-03-19 16:05:54 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.3:
|
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** Several interface bugs have been fixed.
|
|
|
|
** Translations have been updated.
|
|
|
|
|
2015-02-14 18:18:26 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.2:
|
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** Several bugs have been fixed.
|
|
|
|
** You can now open a packet in a new window.
|
|
|
|
** The Bluetooth ATT Server Attributes dialog has been added.
|
|
|
|
** The Coloring Rules dialog has been added.
|
2015-03-05 18:12:07 +00:00
|
|
|
** Many translations have been updated. Chinese, Italian and Polish
|
|
|
|
translations are complete.
|
2015-03-04 20:20:56 +00:00
|
|
|
** General user interface and usability improvements.
|
|
|
|
** Automatic scrolling during capture now works.
|
2015-03-05 18:12:07 +00:00
|
|
|
** The related packet indicator has been updated.
|
2015-02-14 18:18:26 +00:00
|
|
|
|
2015-02-04 17:44:40 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.1:
|
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** The welcome screen layout has been updated.
|
|
|
|
** The Preferences dialog no longer crashes on Windows.
|
|
|
|
** The packet list header menu has been added.
|
|
|
|
** Statistics tree plugins are now supported.
|
|
|
|
** The window icon is now displayed properly in the Windows taskbar.
|
|
|
|
** A packet list an byte view selection bug has been fixed (ws-buglink:10896[])
|
|
|
|
** The RTP Streams dialog has been added.
|
|
|
|
** The Protocol Hierarchy Statistics dialog has been added.
|
|
|
|
|
2014-10-24 20:24:23 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.99.0:
|
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** You can now show and hide toolbars and major widgets using the View menu.
|
|
|
|
** You can now set the time display format and precision.
|
|
|
|
** The byte view widget is much faster, particularly when selecting large
|
|
|
|
reassembled packets.
|
2014-12-10 17:30:32 +00:00
|
|
|
** The byte view is explorable. Hovering over it highlights the corresponding
|
|
|
|
field and shows a description in the status bar.
|
2014-10-28 15:15:57 +00:00
|
|
|
** An Italian translation has been added.
|
2014-11-12 22:24:16 +00:00
|
|
|
** The Summary dialog has been updated and renamed to Capture File Properties.
|
2014-11-19 00:21:42 +00:00
|
|
|
** The VoIP Calls and SIP Flows dialogs have been added.
|
2014-12-10 19:55:04 +00:00
|
|
|
** Support for HiDPI / Retina displays has been improved in the official packages.
|
2014-10-24 20:24:23 +00:00
|
|
|
|
2015-01-19 12:10:59 +00:00
|
|
|
* DNS stats:
|
|
|
|
+ A new stats tree has been added to the Statistics menu. Now it
|
|
|
|
is possible to collect stats such as qtype/qclass distribution,
|
|
|
|
number of resource record per response section, and stats data
|
|
|
|
(min, max, avg) for values such as query name length or DNS
|
|
|
|
payload.
|
|
|
|
|
2015-01-13 14:13:27 +00:00
|
|
|
* HPFEEDS stats:
|
|
|
|
+ A new stats tree has been added to the statistics menu. Now it
|
|
|
|
is possible to collect stats per channel (messages count and payload
|
|
|
|
size), and opcode distribution.
|
|
|
|
|
2015-01-08 16:35:58 +00:00
|
|
|
* HTTP2 stats:
|
|
|
|
+ A new stats tree has been added to the statistics menu. Now it
|
|
|
|
is possible to collect stats (type distribution).
|
|
|
|
|
2014-07-29 00:04:28 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.12.0:
|
|
|
|
|
|
|
|
* The I/O Graph in the Gtk+ UI now supports an unlimited number of data points
|
|
|
|
(up from 100k).
|
2014-10-07 16:13:53 +00:00
|
|
|
* TShark now resets its state when changing files in ring-buffer mode.
|
2014-07-29 00:04:28 +00:00
|
|
|
* Expert Info severities can now be configured.
|
2014-09-04 15:31:30 +00:00
|
|
|
* Wireshark now supports external capture interfaces. External capture
|
|
|
|
interfaces can be anything from a tcpdump-over-ssh pipe to a program that
|
|
|
|
captures from proprietary or non-standard hardware. This functionality is not
|
|
|
|
available in the Qt UI yet.
|
2014-07-29 00:04:28 +00:00
|
|
|
|
|
|
|
* Qt port:
|
|
|
|
|
2014-09-04 15:31:30 +00:00
|
|
|
** The Qt UI is now the default (program name is wireshark).
|
2014-07-29 00:04:28 +00:00
|
|
|
** A Polish translation has been added.
|
|
|
|
** The Interfaces dialog has been added.
|
|
|
|
** The interface list is now updated when interfaces appear or disappear.
|
2014-10-01 15:42:20 +00:00
|
|
|
** The Conversations and Endpoints dialogs have been added.
|
2014-07-29 00:04:28 +00:00
|
|
|
** A Japanese translation has been added.
|
2014-08-15 18:20:01 +00:00
|
|
|
** It is now possible to manage remote capture interfaces.
|
|
|
|
** Windows: taskbar progress support has been added.
|
2014-10-01 15:42:20 +00:00
|
|
|
** Most toolbar actions are in place and work.
|
|
|
|
** More command line options are now supported
|
2014-07-29 00:04:28 +00:00
|
|
|
|
2014-06-06 18:39:55 +00:00
|
|
|
//=== Removed Dissectors
|
2014-01-03 09:48:53 +00:00
|
|
|
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
=== New Protocol Support
|
|
|
|
|
2013-03-18 22:17:42 +00:00
|
|
|
--sort-and-group--
|
2014-06-16 22:40:37 +00:00
|
|
|
Generic Network Virtualization Encapsulation (Geneve)
|
2014-07-29 00:04:28 +00:00
|
|
|
IPMI Trace
|
2014-06-11 07:29:01 +00:00
|
|
|
iSER
|
2014-07-25 21:05:51 +00:00
|
|
|
OptoMMP
|
2015-02-15 17:32:14 +00:00
|
|
|
corosync/totemnet corosync cluster engine ( lowest levelencryption/decryption protocol)
|
|
|
|
corosync/totemsrp corosync cluster engine ( totem single ring protocol)
|
2014-05-01 21:13:35 +00:00
|
|
|
ceph
|
2015-02-15 17:32:14 +00:00
|
|
|
GVSP GigE Vision (TM) Streaming Protocol
|
2015-01-12 13:31:16 +00:00
|
|
|
HCrt
|
2014-08-04 23:02:09 +00:00
|
|
|
Stateless Transport Tunneling
|
2014-10-02 21:15:05 +00:00
|
|
|
CP ``Cooper'' 2179
|
2014-09-04 15:31:30 +00:00
|
|
|
S7 Communication
|
2014-09-29 15:05:38 +00:00
|
|
|
KNXnetIP
|
|
|
|
Dynamic Source Routing (RFC 4728)
|
2014-10-07 18:21:46 +00:00
|
|
|
MCPE (Minecraft Pocket Edition)
|
|
|
|
RakNet games library
|
2014-09-22 18:10:45 +00:00
|
|
|
(LISP) TCP Control Message
|
2014-02-02 18:12:55 +00:00
|
|
|
Android ADB
|
|
|
|
Android Logcat text
|
2014-07-09 12:58:13 +00:00
|
|
|
Couchbase
|
2014-10-28 15:15:57 +00:00
|
|
|
AllJoyn Reliable Datagram Protocol
|
2014-10-20 11:07:56 +00:00
|
|
|
HiQnet
|
2014-11-12 09:36:49 +00:00
|
|
|
Elasticsearch
|
2014-11-18 18:13:46 +00:00
|
|
|
Shared Memory Communications - RDMA
|
2015-01-25 05:08:06 +00:00
|
|
|
Remote Shared Virtual Disk - RSVD
|
2014-12-04 10:22:22 +00:00
|
|
|
Riemann
|
2014-12-13 20:14:20 +00:00
|
|
|
MACsec Key Agreement - EAPoL-MKA
|
2015-01-09 21:47:44 +00:00
|
|
|
DJI UAV Drone Control Protocol
|
2014-12-24 11:42:16 +00:00
|
|
|
ZVT Kassenschnittstelle
|
2015-01-15 10:19:41 +00:00
|
|
|
ETSI Card Application Toolkit - Transport Protocol
|
2015-03-24 20:35:50 +00:00
|
|
|
Apache Tribes Heartbeat
|
2015-02-15 17:32:14 +00:00
|
|
|
QNEX6 (QNET)
|
2015-01-15 02:15:05 +00:00
|
|
|
Secure Socket Tunnel Protocol (SSTP)
|
2015-02-09 18:20:20 +00:00
|
|
|
BGP Monitoring Prototol (BMP)
|
2015-03-08 00:26:52 +00:00
|
|
|
Video Services over IP (VSIP)
|
2015-04-05 02:10:26 +00:00
|
|
|
OCFS2
|
2015-04-16 14:47:31 +00:00
|
|
|
Geospatial and Imagery Access Service (GIAS)
|
2015-04-09 01:27:10 +00:00
|
|
|
C15 Call History Protocol dissection (C15ch)
|
2015-05-05 16:12:45 +00:00
|
|
|
Thrift
|
2015-05-18 00:33:12 +00:00
|
|
|
IP Detail Record (IPDR)
|
2015-05-31 03:48:44 +00:00
|
|
|
Performance Co-Pilot Proxy
|
2015-03-02 16:42:44 +00:00
|
|
|
Aeron
|
2015-06-03 08:48:45 +00:00
|
|
|
Network File System over Remote Direct Memory Access (NFSoRDMA)
|
2015-06-19 20:20:51 +00:00
|
|
|
eXpressive Internet Protocol (XIP)
|
2012-09-17 11:22:32 +00:00
|
|
|
Windows Search Protocol (MS-WSP)
|
2015-07-20 12:37:49 +00:00
|
|
|
Message Queuing Telemetry Transport For Sensor Networks (MQTT-SN)
|
2013-03-18 22:17:42 +00:00
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== Updated Protocol Support
|
|
|
|
|
|
|
|
Too many protocols have been updated to list here.
|
|
|
|
|
|
|
|
=== New and Updated Capture File Support
|
|
|
|
|
2014-09-29 15:05:38 +00:00
|
|
|
--sort-and-group--
|
2014-02-02 18:12:55 +00:00
|
|
|
Android Logcat text files
|
2014-09-29 15:05:38 +00:00
|
|
|
Wireshark now supports nanosecond timestamp resolution in PCAP-NG files.
|
2014-10-28 15:15:57 +00:00
|
|
|
Colasoft Capsa files
|
2015-04-16 14:47:31 +00:00
|
|
|
Netscaler 3.5
|
2015-07-26 11:54:12 +00:00
|
|
|
3GPP TS 32.423 Trace
|
2014-09-29 15:05:38 +00:00
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2015-04-08 14:09:03 +00:00
|
|
|
=== New and Updated Capture Interfaces support
|
|
|
|
|
|
|
|
--sort-and-group--
|
|
|
|
Androiddump - provide interfaces to capture (Logcat and Bluetooth) from connected Android devices
|
|
|
|
--sort-and-group--
|
|
|
|
|
2014-02-22 19:16:44 +00:00
|
|
|
=== Major API Changes
|
|
|
|
|
|
|
|
The libwireshark API has undergone some major changes:
|
|
|
|
|
2015-02-04 15:02:41 +00:00
|
|
|
* The emem framework (including all ep_ and se_ memory allocation routines) has
|
|
|
|
been completely removed in favour of wmem which is now fully mature.
|
2014-10-01 15:17:44 +00:00
|
|
|
* The (long-since-broken) Python bindings support has been removed. If
|
|
|
|
you want to write dissectors in something other than C, use Lua.
|
2015-04-16 14:47:31 +00:00
|
|
|
* Plugins can now create GUI menu items.
|
2015-07-17 14:53:48 +00:00
|
|
|
* Heuristic dissectors can now be globally enabled/disabled so
|
|
|
|
heur_dissector_add() has a few more parameters to make that possible
|
2014-07-29 00:04:28 +00:00
|
|
|
|
2014-02-22 19:16:44 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Wireshark
|
|
|
|
|
|
|
|
Wireshark source code and installation packages are available from
|
2014-09-17 00:15:56 +00:00
|
|
|
https://www.wireshark.org/download.html.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== Vendor-supplied Packages
|
|
|
|
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You can
|
|
|
|
usually install or upgrade Wireshark using the package management system
|
|
|
|
specific to that platform. A list of third-party packages can be found
|
2014-09-17 00:15:56 +00:00
|
|
|
on the https://www.wireshark.org/download.html#thirdparty[download page]
|
2013-03-15 01:33:46 +00:00
|
|
|
on the Wireshark web site.
|
|
|
|
|
|
|
|
== File Locations
|
|
|
|
|
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
|
|
|
from platform to platform. You can use About→Folders to find the default
|
|
|
|
locations on your system.
|
|
|
|
|
|
|
|
== Known Problems
|
|
|
|
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1419[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
The BER dissector might infinitely loop.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1516[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
2014-10-01 15:17:44 +00:00
|
|
|
(ws-buglink:1814[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-03-28 21:46:37 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:2234[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-10-10 19:48:37 +00:00
|
|
|
Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
|
|
|
|
no longer automatically decodes gzip data when following a TCP stream.
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
Application crash when changing real-time option.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4035[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Hex pane display issue after startup.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4056[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Packet list rows are oversized.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4357[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4985[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-09-29 21:34:13 +00:00
|
|
|
The 64-bit version of Wireshark will leak memory on Windows when the display
|
|
|
|
depth is set to 16 bits (ws-buglink:9914[])
|
|
|
|
|
2014-12-15 17:24:01 +00:00
|
|
|
Wireshark should let you work with multiple capture files. (ws-buglink:10488[])
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Help
|
|
|
|
|
2015-03-10 17:46:50 +00:00
|
|
|
Community support is available on https://ask.wireshark.org/[Wireshark's
|
2013-03-15 01:33:46 +00:00
|
|
|
Q&A site] and on the wireshark-users mailing list. Subscription
|
|
|
|
information and archives for all of Wireshark's mailing lists can be
|
2014-09-17 00:15:56 +00:00
|
|
|
found on https://www.wireshark.org/lists/[the web site].
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Official Wireshark training and certification are available from
|
|
|
|
http://www.wiresharktraining.com/[Wireshark University].
|
|
|
|
|
|
|
|
== Frequently Asked Questions
|
|
|
|
|
|
|
|
A complete FAQ is available on the
|
2014-09-17 00:15:56 +00:00
|
|
|
https://www.wireshark.org/faq.html[Wireshark web site].
|