2013-11-01 09:55:26 +00:00
|
|
|
|
2013-11-27 23:09:19 +00:00
|
|
|
Wireshark 1.11.3 Release Notes
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What's New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Bug Fixes
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
2013-11-08 00:03:51 +00:00
|
|
|
* "On-the-wire" packet lengths are limited to 65535 bytes. ([1]Bug
|
|
|
|
8808, ws-buglink:9390)
|
|
|
|
* "Follow TCP Stream" shows only the first HTTP req+res. ([2]Bug
|
2013-11-01 09:55:26 +00:00
|
|
|
9044)
|
2013-11-08 00:03:51 +00:00
|
|
|
* Files with pcap-ng Simple Packet Blocks can't be read. ([3]Bug
|
2013-11-01 09:55:26 +00:00
|
|
|
9200)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
|
|
New and Updated Features
|
|
|
|
|
2013-11-27 23:09:19 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.11.2:
|
|
|
|
* Qt port:
|
2013-12-20 21:41:54 +00:00
|
|
|
+ The Capture Interfaces dialog has been added.
|
|
|
|
+ The Decode As dialog has been added.
|
|
|
|
+ Several SCTP dialogs have been added.
|
|
|
|
+ The statistics tree (the backend for many Statistics and
|
|
|
|
Telephony menu items) dialog has been added.
|
2013-11-27 23:09:19 +00:00
|
|
|
|
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.11.1:
|
|
|
|
* Mac OS X packaging has been improved.
|
|
|
|
|
2013-11-15 08:24:08 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.11.0:
|
2013-11-27 23:09:19 +00:00
|
|
|
* Dissector output may be encoded as UTF-8. This includes TShark
|
|
|
|
output.
|
2013-11-15 08:24:08 +00:00
|
|
|
* Qt port:
|
|
|
|
+ The Follow Stream dialog now supports packet and TCP stream
|
|
|
|
selection.
|
|
|
|
+ A Flow Graph (sequence diagram) dialog has been added.
|
|
|
|
+ The main window now respects geometry preferences.
|
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2013-11-01 09:55:26 +00:00
|
|
|
since version 1.10:
|
|
|
|
* Wireshark now uses the Qt application framework. The new UI should
|
|
|
|
provide a significantly better user experience, particularly on Mac
|
|
|
|
OS X and Windows.
|
|
|
|
* A more flexible, modular memory manger (wmem) has been added. It
|
|
|
|
was available experimentally in 1.10 but is now mature and has
|
|
|
|
mostly replaced the old API.
|
|
|
|
* Expert info is now filterable and now requires a new API.
|
|
|
|
* The Windows installer now uninstalls the previous version of
|
|
|
|
Wireshark silently. You can still run the uninstaller manually
|
|
|
|
beforehand if you wish to run it interactively.
|
|
|
|
* The "Number" column shows related packets and protocol conversation
|
|
|
|
spans (Qt only).
|
|
|
|
* When manipulating packets with editcap using the -C <choplen>
|
|
|
|
and/or -s <snaplen> options, it is now possible to also adjust the
|
|
|
|
original frame length using the -L option.
|
|
|
|
* You can now pass the -C <choplen> option to editcap multiple times,
|
|
|
|
which allows you to chop bytes from the beginning of a packet as
|
|
|
|
well as at the end of a packet in a single step.
|
|
|
|
* You can now specify an optional offset to the -C option for
|
|
|
|
editcap, which allows you to start chopping from that offset
|
|
|
|
instead of from the absolute packet beginning or end.
|
|
|
|
* "malformed" display filter has been renamed to "_ws.malformed". A
|
|
|
|
handful of other filters have been given the "_ws." prefix to note
|
|
|
|
they are Wireshark application specific filters and not dissector
|
|
|
|
filters.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
|
|
New Protocol Support
|
|
|
|
|
2013-11-15 08:24:08 +00:00
|
|
|
802.1AE Secure tag, ASTERIX, ATN, BT 3DS, CARP, Cisco MetaData, ELF
|
2013-11-27 23:09:19 +00:00
|
|
|
file format, EXPORTED PDU, FINGER, HTTP2, IDRP, ILP, Kafka, Kyoto
|
|
|
|
Tycoon binary protocol, MBIM, MiNT, MP4 / ISOBMFF file format, NXP
|
|
|
|
PN532 HCI, OpenFlow, Picture Transfer Protocol Over IP, QUIC (Quick UDP
|
|
|
|
Internet Connections), SEL RTAC (Real Time Automation Controller)
|
|
|
|
EIA-232 Serial-Line Dissection, Sippy RTPproxy, STANAG 4607, STANAG
|
2013-12-01 10:05:16 +00:00
|
|
|
5066 DTS, STANAG 5066 SIS, Tinkerforge, UDT, URL Encoded Form Data,
|
|
|
|
WHOIS, and Wi-Fi Display
|
2013-03-28 17:48:31 +00:00
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
Updated Protocol Support
|
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Too many protocols have been updated to list here.
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2013-12-01 10:05:16 +00:00
|
|
|
Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer Sublayer
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Wireshark source code and installation packages are available from
|
2013-11-08 00:03:51 +00:00
|
|
|
[4]http://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
system specific to that platform. A list of third-party packages can be
|
2013-11-08 00:03:51 +00:00
|
|
|
found on the [5]download page on the Wireshark web site.
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
File Locations
|
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
|
|
|
|
vary from platform to platform. You can use About->Folders to find the
|
|
|
|
default locations on your system.
|
|
|
|
__________________________________________________________________
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Known Problems
|
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes. ([6]Bug 1419)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
The BER dissector might infinitely loop. ([7]Bug 1516)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
|
|
|
(ws-buglink:1814)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-01 09:55:26 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2013-11-08 00:03:51 +00:00
|
|
|
([8]Bug 2234)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
The 64-bit Windows installer does not support Kerberos decryption.
|
2013-11-08 00:03:51 +00:00
|
|
|
([9]Win64 development page)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Resolving ([10]Bug 9044) reopens ([11]Bug 3528) so that Wireshark no
|
2013-11-01 09:55:26 +00:00
|
|
|
longer automatically decodes gzip data when following a TCP stream.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Application crash when changing real-time option. ([12]Bug 4035)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Hex pane display issue after startup. ([13]Bug 4056)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Packet list rows are oversized. ([14]Bug 4357)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Summary pane selected frame highlighting not maintained. ([15]Bug 4445)
|
2009-09-14 23:31:02 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2013-11-08 00:03:51 +00:00
|
|
|
([16]Bug 4985)
|
2013-11-01 09:55:26 +00:00
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 ([17]Bug
|
2013-11-01 09:55:26 +00:00
|
|
|
9242)
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Getting Help
|
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
Community support is available on [18]Wireshark's Q&A site and on the
|
2013-03-28 17:48:31 +00:00
|
|
|
wireshark-users mailing list. Subscription information and archives for
|
2013-11-08 00:03:51 +00:00
|
|
|
all of Wireshark's mailing lists can be found on [19]the web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
2013-03-28 17:48:31 +00:00
|
|
|
Official Wireshark training and certification are available from
|
2013-11-08 00:03:51 +00:00
|
|
|
[20]Wireshark University.
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Frequently Asked Questions
|
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
A complete FAQ is available on the [21]Wireshark web site.
|
2013-03-28 17:48:31 +00:00
|
|
|
__________________________________________________________________
|
|
|
|
|
2013-12-20 21:41:54 +00:00
|
|
|
Last updated 2013-12-13 20:00:51 CET
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
|
|
References
|
|
|
|
|
2013-11-08 00:03:51 +00:00
|
|
|
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808
|
|
|
|
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
|
|
|
|
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200
|
|
|
|
4. http://www.wireshark.org/download.html
|
|
|
|
5. http://www.wireshark.org/download.html#thirdparty
|
|
|
|
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
|
|
|
|
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
|
|
|
|
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
|
|
|
|
9. https://wiki.wireshark.org/Development/Win64
|
|
|
|
10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
|
|
|
|
11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
|
|
|
|
12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
|
|
|
|
13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
|
|
|
|
14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
|
|
|
|
15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
|
|
|
|
16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
|
|
|
|
17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9242
|
|
|
|
18. http://ask.wireshark.org/
|
|
|
|
19. http://www.wireshark.org/lists/
|
|
|
|
20. http://www.wiresharktraining.com/
|
|
|
|
21. http://www.wireshark.org/faq.html
|