2016-07-14 18:05:17 +00:00
|
|
|
Wireshark 2.1.1 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
2015-07-24 17:14:09 +00:00
|
|
|
This is a semi-experimental release intended to test new features for
|
2016-06-08 18:50:18 +00:00
|
|
|
Wireshark 2.2.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What's New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New and Updated Features
|
|
|
|
|
2016-07-14 18:05:17 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 2.1.0:
|
|
|
|
* Added -d option for Decode As support in Wireshark (mimics TShark
|
|
|
|
functionality)
|
|
|
|
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
|
|
|
|
TShark can additionally export packets as Elasticsearch-compatible
|
|
|
|
JSON.
|
|
|
|
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
|
|
|
|
deprecated.
|
|
|
|
* The Conversations and Endpoints dialogs are more responsive when
|
|
|
|
viewing large numbers of items.
|
|
|
|
* The RTP player now allows up to 30 minutes of silence frames.
|
|
|
|
* Packet bytes can now be displayed as EBCDIC.
|
|
|
|
* The Qt UI loads captures faster on Windows.
|
|
|
|
|
2015-09-02 16:19:40 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2016-06-08 18:50:18 +00:00
|
|
|
since version 2.0.0:
|
2016-07-14 18:05:17 +00:00
|
|
|
* The intelligent scroll bar now sits to the left of a normal scroll
|
|
|
|
bar and provides a clickable map of nearby packets.
|
2016-06-08 18:50:18 +00:00
|
|
|
* You can now switch between between Capture and File Format
|
|
|
|
dissection of the current capture file via the View menu in the Qt
|
|
|
|
GUI.
|
|
|
|
* You can now show selected packet bytes as ASCII, HTML, Image, ISO
|
|
|
|
8859-1, Raw, UTF-8, a C array, or YAML.
|
|
|
|
* You can now use regular expressions in Find Packet and in the
|
|
|
|
advanced preferences.
|
|
|
|
* Name resolution for packet capture now supports asynchronous DNS
|
|
|
|
lookups only. Therefore the "concurrent DNS resolution" preference
|
|
|
|
has been deprecated and is a no-op. To enable DNS name resolution
|
|
|
|
some build dependencies must be present (currently c-ares). If that
|
|
|
|
is not the case DNS name resolution will be disabled (but other
|
|
|
|
name resolution mechanisms, such as host files, are still
|
|
|
|
available).
|
|
|
|
* The byte under the mouse in the Packet Bytes pane is now
|
|
|
|
highlighted.
|
|
|
|
* TShark supports exporting PDUs via the -U flag.
|
|
|
|
* The Windows and OS X installers now come with the "sshdump" and
|
|
|
|
"ciscodump" extcap interfaces.
|
|
|
|
* Most dialogs in the Qt UI now save their size and positions.
|
|
|
|
* The Follow Stream dialog now supports UTF-16.
|
|
|
|
* The Firewall ACL Rules dialog has returned.
|
|
|
|
* The Flow (Sequence) Analysis dialog has been improved.
|
2016-07-14 18:05:17 +00:00
|
|
|
* We no longer provide packages for 32-bit versions of OS X.
|
|
|
|
* The Bluetooth Device details dialog has been added.
|
2016-06-08 18:50:18 +00:00
|
|
|
|
|
|
|
New File Format Decoding Support
|
|
|
|
|
|
|
|
Wireshark is able to display the format of some types of files (rather
|
|
|
|
than displaying the contents of those files). This is useful when
|
|
|
|
you're curious about, or debugging, a file and its format. To open a
|
|
|
|
capture file (such as PCAP) in this mode specify "MIME Files Format" as
|
|
|
|
the file's format in the Open File dialog.
|
|
|
|
|
|
|
|
New files that Wireshark can open in this mode include:
|
2015-09-02 16:19:40 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New Protocol Support
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
|
|
|
|
Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control
|
|
|
|
Protocol (ECP), Ericsson IPOS Kernel Packet Header Dissector Added
|
|
|
|
(IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY
|
2016-07-14 18:05:17 +00:00
|
|
|
Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO
|
|
|
|
8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
|
|
|
|
LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow
|
|
|
|
Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open
|
2016-06-08 18:50:18 +00:00
|
|
|
Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M
|
2016-07-14 18:05:17 +00:00
|
|
|
TLV), Real Time Location System (RTLS), RTI TCP Transport Layer
|
|
|
|
(RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision
|
|
|
|
cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol
|
|
|
|
Clusters Dissectors Added (Closures Lighting General Measurement &
|
|
|
|
Sensing HVAC Security & Safety)
|
2014-06-20 23:03:44 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Updated Protocol Support
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
|
|
|
|
allow to DecodeAs it over USB, TCP and UDP.
|
|
|
|
|
|
|
|
A preference was added to TCP dissector for handling IPFIX process
|
|
|
|
information. It has been disabled by default.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
and Micropross mplog
|
2015-05-28 18:47:31 +00:00
|
|
|
|
|
|
|
New and Updated Capture Interfaces support
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Non-empty section placeholder.
|
2014-08-15 18:20:01 +00:00
|
|
|
|
2014-02-25 23:52:36 +00:00
|
|
|
Major API Changes
|
|
|
|
|
|
|
|
The libwireshark API has undergone some major changes:
|
2016-06-08 18:50:18 +00:00
|
|
|
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
|
|
|
|
(lower case) functions of the same names instead.
|
|
|
|
* "old style" dissector functions (that don't return number of bytes
|
|
|
|
used) have been replaced in name with the "new style" dissector
|
|
|
|
functions.
|
|
|
|
* tvb_get_string and tvb_get_stringz have been replaced with
|
|
|
|
tvb_get_string_enc and tvb_get_stringz_enc respectively.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark source code and installation packages are available from
|
2016-06-08 18:50:18 +00:00
|
|
|
[1]https://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
system specific to that platform. A list of third-party packages can be
|
2016-06-08 18:50:18 +00:00
|
|
|
found on the [2]download page on the Wireshark web site.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
File Locations
|
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
|
|
|
|
vary from platform to platform. You can use About->Folders to find the
|
|
|
|
default locations on your system.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Known Problems
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
The BER dissector might infinitely loop. ([4]Bug 1516)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Capture filters aren't applied when capturing from named pipes. ([5]Bug
|
2014-10-28 15:15:57 +00:00
|
|
|
1814)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2016-06-08 18:50:18 +00:00
|
|
|
([6]Bug 2234)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Application crash when changing real-time option. ([7]Bug 4035)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Packet list rows are oversized. ([8]Bug 4357)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2016-06-08 18:50:18 +00:00
|
|
|
([9]Bug 4985)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Wireshark should let you work with multiple capture files. ([10]Bug
|
2015-01-09 21:47:44 +00:00
|
|
|
10488)
|
2016-06-08 18:50:18 +00:00
|
|
|
|
|
|
|
Dell Backup and Recovery (DBAR) makes many Windows applications crash,
|
|
|
|
including Wireshark. ([11]Bug 12036)
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Getting Help
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
Community support is available on [12]Wireshark's Q&A site and on the
|
2014-10-28 15:15:57 +00:00
|
|
|
wireshark-users mailing list. Subscription information and archives for
|
2016-06-08 18:50:18 +00:00
|
|
|
all of Wireshark's mailing lists can be found on [13]the web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
2014-10-28 15:15:57 +00:00
|
|
|
Official Wireshark training and certification are available from
|
2016-06-08 18:50:18 +00:00
|
|
|
[14]Wireshark University.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Frequently Asked Questions
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
A complete FAQ is available on the [15]Wireshark web site.
|
2014-10-28 15:15:57 +00:00
|
|
|
__________________________________________________________________
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2016-07-14 18:05:17 +00:00
|
|
|
Last updated 2016-07-14 18:05:31 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
|
|
References
|
|
|
|
|
2016-06-08 18:50:18 +00:00
|
|
|
1. https://www.wireshark.org/download.html
|
|
|
|
2. https://www.wireshark.org/download.html#thirdparty
|
|
|
|
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
|
|
|
|
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
|
|
|
|
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
|
|
|
|
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
|
|
|
|
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
|
|
|
|
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
|
|
|
|
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
|
|
|
|
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
|
|
|
|
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
|
|
|
|
12. https://ask.wireshark.org/
|
|
|
|
13. https://www.wireshark.org/lists/
|
|
|
|
14. http://www.wiresharktraining.com/
|
|
|
|
15. https://www.wireshark.org/faq.html
|