2005-07-28 14:29:19 +00:00
|
|
|
<?xml version="1.0"?>
|
2006-03-17 22:59:24 +00:00
|
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
2005-07-28 14:29:19 +00:00
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
|
2005-08-02 06:39:04 +00:00
|
|
|
<!-- $Id$ -->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<!--
|
|
|
|
DOCUMENT SECTION
|
|
|
|
-Use this section to encode all document information
|
|
|
|
-->
|
|
|
|
|
|
|
|
<!--
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark Info
|
2005-07-28 14:29:19 +00:00
|
|
|
-->
|
2011-11-17 17:12:42 +00:00
|
|
|
<!ENTITY WiresharkCurrentVersion "1.7.1">
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
]>
|
|
|
|
|
|
|
|
<article>
|
2006-06-06 13:04:30 +00:00
|
|
|
<title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="WhatIs"><title>What is Wireshark?</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2006-05-22 08:14:01 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It
|
2010-05-16 16:58:04 +00:00
|
|
|
is used for troubleshooting, analysis, development and education.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="WhatsNew"><title>What's New</title>
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="BugFixes"><title>Bug Fixes</title>
|
2006-03-07 19:53:57 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
<para>
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
|
|
|
|
2007-09-25 21:35:20 +00:00
|
|
|
<itemizedlist>
|
|
|
|
|
2012-04-03 16:03:42 +00:00
|
|
|
<!-- Sort by bug # -->
|
|
|
|
<!--
|
|
|
|
<listitem><para>
|
|
|
|
Wireshark will strip the paint off your car, then apply a hideous
|
|
|
|
flame job to the hood and fenders using gray, red, and black primer.
|
|
|
|
(<ulink url="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=0000">Bug
|
|
|
|
0000</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
-->
|
|
|
|
|
2011-01-13 17:25:22 +00:00
|
|
|
<listitem><para>
|
2011-11-02 20:44:05 +00:00
|
|
|
.
|
2011-01-13 17:25:22 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
2007-09-25 21:35:20 +00:00
|
|
|
</itemizedlist>
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
</para>
|
|
|
|
|
2005-10-14 18:50:25 +00:00
|
|
|
</section>
|
2005-09-06 22:07:35 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewFeatures"><title>New and Updated Features</title>
|
2005-08-17 22:32:40 +00:00
|
|
|
<para>
|
2005-10-14 16:00:04 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2011-05-17 19:26:00 +00:00
|
|
|
since version 1.6:
|
2005-08-17 22:32:40 +00:00
|
|
|
|
2007-08-30 00:24:40 +00:00
|
|
|
<itemizedlist>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-06-17 17:52:31 +00:00
|
|
|
Wireshark supports capturing from multiple interfaces at once.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2012-03-06 21:11:08 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2012-03-21 00:47:32 +00:00
|
|
|
You can now add, edit, and save packet annotations.
|
2012-03-06 21:11:08 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-06-17 17:52:31 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Wireshark, TShark, and their associated utilities now save files
|
|
|
|
using the pcap-ng file format by default. (Your copy of Wireshark
|
|
|
|
might still use the pcap file format if pcap-ng is disabled in
|
|
|
|
your preferences.)
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
Decryption key management for IEEE 802.11, IPsec, and ISAKMP
|
2011-11-02 20:44:05 +00:00
|
|
|
is easier.
|
2011-03-23 20:38:16 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-06-27 20:48:26 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
OID resolution is now supported on 64-bit Windows.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-11-17 17:12:42 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
When saving packets, the default choice is now to save
|
|
|
|
only the displayed packets rather than all packets.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-06-29 16:59:37 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
TCP fast retransmissions are now indicated as an expert info note,
|
|
|
|
rather than a warning, just as TCP retransmissions are.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-06-29 18:45:14 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
TCP window updates are no longer colorized as "Bad TCP".
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-09-27 18:32:59 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
2011-11-02 20:44:05 +00:00
|
|
|
TShark's command-line options have changed. The previously
|
|
|
|
undocumented -P option is now -2 option for performing a two-pass
|
|
|
|
analysis; the former -S option is now the -P option for printing
|
|
|
|
packets even if writing to a file, and the -S option is now used to
|
|
|
|
specify a different line separator between packets.
|
2011-09-27 18:32:59 +00:00
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2011-10-05 22:27:51 +00:00
|
|
|
<listitem>
|
|
|
|
<para>
|
|
|
|
GeoIP IPv6 databases are now supported.
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
|
2007-08-30 00:24:40 +00:00
|
|
|
</itemizedlist>
|
|
|
|
|
2005-08-17 22:32:40 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
2005-10-12 16:17:03 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewProtocols"><title>New Protocol Support</title>
|
2005-10-12 16:17:03 +00:00
|
|
|
<para>
|
|
|
|
|
2011-05-17 19:26:00 +00:00
|
|
|
<!-- Sorted, one per line -->
|
2011-01-12 23:20:03 +00:00
|
|
|
|
2012-04-03 16:03:42 +00:00
|
|
|
Aastra Signalling Protocol (AASP),
|
|
|
|
Bandwidth Reservation Protocol (BRP),
|
|
|
|
Bazaar,
|
|
|
|
BitTorrent DHT,
|
|
|
|
C12.22,
|
|
|
|
CANopen,
|
|
|
|
CIP Motion,
|
|
|
|
CIP Safety,
|
|
|
|
Cisco FabricPath MiM,
|
|
|
|
DVB Bouquet Association Table,
|
|
|
|
DVB Event Information Table,
|
|
|
|
DVB MultiProtocol Encapsulation (DVB-MPE),
|
|
|
|
DVB Network Information Table,
|
|
|
|
DVB Service Description Table,
|
|
|
|
DVB Time and Date Table,
|
|
|
|
DVB Time Offset Table,
|
|
|
|
DVB/ETSI IP Data Cast (IPDC) Electronic Service Guide (ESG),
|
|
|
|
ECP VDP,
|
|
|
|
EIA-709.1 (LonTalk),
|
|
|
|
EIA-852 (CN/IP),
|
|
|
|
ELCOM,
|
|
|
|
Ericsson A-bis OML (OM 2000),
|
|
|
|
Ericsson HDLC,
|
|
|
|
Ericsson Proprietary PCAP,
|
|
|
|
ETSI CAT,
|
|
|
|
ETV-AM Data,
|
|
|
|
ETV-AM EISS Section,
|
|
|
|
Flight Message Transfer Protocol (FMTP),
|
|
|
|
Gadu-Gadu,
|
|
|
|
GEO-Mobile Radio (1) BCCH,
|
|
|
|
GEO-Mobile Radio (1) Common,
|
|
|
|
GEO-Mobile Radio (1) DTAP,
|
|
|
|
GEO-Mobile Radio (1) Radio Resource,
|
|
|
|
GSM A-bis OML,
|
|
|
|
GSM CBCH,
|
|
|
|
GSM Cell Broadcast Service,
|
|
|
|
GSM SIM,
|
|
|
|
H.248.2,
|
|
|
|
Hadoop Distributed File System (HDFS),
|
|
|
|
HART/IP,
|
|
|
|
Hazelcast,
|
|
|
|
HDFS Data,
|
|
|
|
High bandwidth Digital Content Protection (HDCP),
|
|
|
|
High-availability Seamless Redundancy (HSR),
|
|
|
|
HomePlug AV,
|
|
|
|
HSR/PRP,
|
|
|
|
IEEE 1722.1,
|
|
|
|
Kismet drone/server protocol,
|
|
|
|
KristalliNet,
|
|
|
|
LCS-AP,
|
|
|
|
Link Access Procedure, Satellite channel (LAPSat),
|
|
|
|
LTE Positioning Protocol A (LPPa),
|
|
|
|
LTE Positioning Protocol,
|
|
|
|
M3 Application Protocol (M3AP),
|
|
|
|
MAC Address Acquisition Protocol,
|
|
|
|
Microsoft Credential Security Support Provider (CredSSP),
|
|
|
|
MPEG Conditional Access,
|
|
|
|
MPEG descriptors,
|
|
|
|
MPEG DSM-CC,
|
|
|
|
MPEG Program Association Table (PAT),
|
|
|
|
MPEG Program Map Table,
|
|
|
|
MPEG Section,
|
|
|
|
MPLS Packet Loss and Delay Measurement,
|
|
|
|
MPLS-TP Protection State Coordination,
|
|
|
|
Multiple VLAN Registration Protocol (MRVP),
|
|
|
|
Netfilter LOG,
|
|
|
|
NOE,
|
|
|
|
NXP MiFare,
|
|
|
|
NXP PN532,
|
|
|
|
openSAFETY,
|
|
|
|
Performance Co-Pilot (PCP),
|
|
|
|
PPI Sensor,
|
|
|
|
RDP,
|
|
|
|
RTP-MIDI,
|
|
|
|
SBc Application Part (SBc-AP),
|
|
|
|
Solaris IP over InfiniBand,
|
|
|
|
Sony FeliCa,
|
|
|
|
T.124,
|
|
|
|
UA (Universal Alcatel),
|
|
|
|
UA3G,
|
|
|
|
UASIP,
|
|
|
|
UAUDP,
|
|
|
|
USB Integrated Circuit Card Interface Device Class (CCID),
|
|
|
|
Virtual eXtensible Local Area Network (VXLAN),
|
|
|
|
VSS-Monitoring,
|
|
|
|
Vuze DHT,
|
|
|
|
XMCP
|
|
|
|
|
2005-10-12 16:17:03 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
|
2005-10-12 16:17:03 +00:00
|
|
|
|
2012-04-03 16:03:42 +00:00
|
|
|
Too many protocols have been updated to list here.
|
|
|
|
|
2005-10-12 16:17:03 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="NewCapture"><title>New and Updated Capture File Support</title>
|
2005-10-12 16:17:03 +00:00
|
|
|
<para>
|
|
|
|
|
2011-05-17 19:26:00 +00:00
|
|
|
<!-- Sorted, one per line -->
|
2011-01-12 23:20:03 +00:00
|
|
|
|
2012-04-03 16:03:42 +00:00
|
|
|
Aethra Telecommunications' PC108,
|
|
|
|
Catapult DCT2000,
|
|
|
|
Citrix NetScaler,
|
|
|
|
Endace ERF,
|
|
|
|
Generic MIME,
|
|
|
|
IBM iSeries,
|
|
|
|
LANalyzer,
|
|
|
|
Microsoft NetMon,
|
|
|
|
MPEG2-TS,
|
|
|
|
Network Instruments Observer,
|
|
|
|
Nokia DCT3,
|
|
|
|
pcap,
|
|
|
|
pcap-ng,
|
|
|
|
Solaris snoop,
|
|
|
|
TamoSoft CommView,
|
|
|
|
Tektronix K12xx
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
</para>
|
2005-10-12 16:17:03 +00:00
|
|
|
</section>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="GettingWireshark"><title>Getting Wireshark</title>
|
2006-08-15 20:54:51 +00:00
|
|
|
<para>
|
|
|
|
Wireshark source code and installation packages are available from
|
2009-10-27 22:05:09 +00:00
|
|
|
<ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
|
2006-08-15 20:54:51 +00:00
|
|
|
</para>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
2008-03-03 22:05:25 +00:00
|
|
|
<section id="VendorPackages"><title>Vendor-supplied Packages</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2010-05-16 16:58:04 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages.
|
|
|
|
You can usually install or upgrade Wireshark using the package management
|
|
|
|
system specific to that platform. A list of third-party packages
|
|
|
|
can be found on the
|
|
|
|
<ulink url="http://www.wireshark.org/download.html#thirdparty">download page</ulink>
|
|
|
|
on the Wireshark web site.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</section>
|
|
|
|
|
2006-03-17 22:59:24 +00:00
|
|
|
<!-- XXX needs to be written
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="RemovingWireshark"><title>Removing Wireshark</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
|
|
|
</para>
|
|
|
|
</section>
|
2005-09-21 14:20:43 +00:00
|
|
|
-->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<section id="FileLocations"><title>File Locations</title>
|
|
|
|
<para>
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark and TShark look in several different locations for
|
2005-09-06 19:21:48 +00:00
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
These locations vary from platform to platform. You can use
|
2011-01-12 23:20:03 +00:00
|
|
|
About→Folders to find the default locations on your system.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="KnownProblems"><title>Known Problems</title>
|
2006-03-20 20:27:52 +00:00
|
|
|
|
2008-03-27 22:05:52 +00:00
|
|
|
<para>
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
|
|
|
|
1419</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
The BER dissector might infinitely loop.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
|
|
|
|
1516</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
|
|
|
|
1814</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Filtering tshark captures with display filters (-R) no longer works.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
|
|
|
|
2234</ulink>)
|
2006-03-20 20:27:52 +00:00
|
|
|
</para>
|
|
|
|
|
2009-11-11 00:09:03 +00:00
|
|
|
<para>
|
2011-07-02 15:45:28 +00:00
|
|
|
The 64-bit Windows installer does not support Kerberos decryption.
|
2011-01-12 23:20:03 +00:00
|
|
|
(<ulink url="http://wiki.wireshark.org/Development/Win64">Win64
|
|
|
|
development page</ulink>)
|
2009-11-11 00:09:03 +00:00
|
|
|
</para>
|
|
|
|
|
2010-05-10 22:10:59 +00:00
|
|
|
<para>
|
|
|
|
Application crash when changing real-time option.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035">Bug
|
|
|
|
4035</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Hex pane display issue after startup.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056">Bug
|
|
|
|
4056</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Packet list rows are oversized.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357">Bug
|
|
|
|
4357</ulink>)
|
|
|
|
</para>
|
|
|
|
|
|
|
|
<para>
|
|
|
|
Summary pane selected frame highlighting not maintained.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445">Bug
|
|
|
|
4445</ulink>)
|
|
|
|
</para>
|
|
|
|
|
2011-05-20 17:02:20 +00:00
|
|
|
<para>
|
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2012-04-03 17:18:34 +00:00
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985">Bug
|
|
|
|
4985</ulink>)
|
2011-01-13 00:52:32 +00:00
|
|
|
</para>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="GettingHelp"><title>Getting Help</title>
|
|
|
|
<para>
|
2010-10-04 18:43:20 +00:00
|
|
|
Community support is available on
|
|
|
|
<ulink url="http://ask.wireshark.org/">Wireshark's Q&A site</ulink>
|
|
|
|
and on the wireshark-users mailing list.
|
2006-06-06 13:04:30 +00:00
|
|
|
Subscription information and archives for all of Wireshark's mailing
|
2006-05-31 19:12:15 +00:00
|
|
|
lists can be found on <ulink url="http://www.wireshark.org/lists/">the
|
2006-06-06 13:04:30 +00:00
|
|
|
web site</ulink>.
|
2005-09-21 14:20:43 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
2010-05-10 21:58:44 +00:00
|
|
|
Training is available from
|
|
|
|
<ulink url="http://www.wiresharktraining.com/">Wireshark University</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="FAQ"><title>Frequently Asked Questions</title>
|
|
|
|
<para>
|
2005-09-21 14:20:43 +00:00
|
|
|
A complete FAQ is available on the
|
2006-06-06 13:04:30 +00:00
|
|
|
<ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</article>
|