forked from osmocom/wireshark
251 lines
8.6 KiB
Plaintext
251 lines
8.6 KiB
Plaintext
Wireshark 2.9.1 Release Notes
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 3.0.
|
||
|
||
What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
What’s New
|
||
|
||
Many user interface improvements have been made. See the “New and
|
||
Updated Features” section below for more details.
|
||
|
||
Bug Fixes
|
||
|
||
The following bugs have been fixed:
|
||
|
||
• Data following a TCP ZeroWindowProbe is marked as retransmission
|
||
and not passed to subdissectors (Bug 15427[1])
|
||
|
||
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1.
|
||
(Bug 3098[2])
|
||
|
||
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[3])
|
||
|
||
New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.9.0:
|
||
|
||
• Wireshark now supports the Swedish and Ukrainian language.
|
||
|
||
• Initial support for using PKCS #11 tokens for RSA decryption in
|
||
TLS. This can be configured at Preferences, RSA Keys.
|
||
|
||
• The build system now produces reproducible builds (Bug 15163[4]).
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.6.0:
|
||
|
||
• The Windows .exe installers now ship with Npcap instead of
|
||
WinPcap.
|
||
|
||
• Conversation timestamps are supported for UDP/UDP-Lite protocols
|
||
|
||
• TShark now supports the -G elastic-mapping option which generates
|
||
an ElasticSearch mapping file.
|
||
|
||
• The “Capture Information” dialog has been added back (Bug
|
||
12004[5]).
|
||
|
||
• The Ethernet and IEEE 802.11 dissectors no longer validate the
|
||
frame check sequence (checksum) by default.
|
||
|
||
• The TCP dissector gained a new “Reassemble out-of-order segments”
|
||
preference to fix dissection and decryption issues in case TCP
|
||
segments are received out-of-order. See the User’s Guide, chapter
|
||
TCP Reassembly for details.
|
||
|
||
• Decryption support for the new WireGuard dissector (Bug 15011[6],
|
||
requires Libgcrypt 1.8).
|
||
|
||
• The BOOTP dissector has been renamed to DHCP. With the exception
|
||
of “bootp.dhcp”, the old “bootp.*” display filter fields are
|
||
still supported but may be removed in a future release.
|
||
|
||
• The SSL dissector has been renamed to TLS. As with BOOTP the old
|
||
“ssl.*” display filter fields are supported but may be removed in
|
||
a future release.
|
||
|
||
• Coloring rules, IO graphs, Filter Buttons and protocol preference
|
||
tables can now be copied from other profiles using a button in
|
||
the corresponding configuration dialogs.
|
||
|
||
• APT-X has been renamed to aptX.
|
||
|
||
• When importing from hex dump, it’s now possible to add an
|
||
ExportPDU header with a payload name. This calls the specific
|
||
dissector directly without lower protocols.
|
||
|
||
• The sshdump and ciscodump extcap interfaces can now use a proxy
|
||
for the SSH connection.
|
||
|
||
• Dumpcap now supports the -a packets:NUM and -b packets:NUM
|
||
options.
|
||
|
||
• Wireshark now includes a “No Reassembly” configuration profile.
|
||
|
||
• Wireshark now supports the Russian language.
|
||
|
||
• The build system now supports AppImage packages.
|
||
|
||
• The Windows installers now ship with Qt 5.12.0. Previously they
|
||
shipped with Qt 5.9.7.
|
||
|
||
• Support for DTLS and TLS decryption using pcapng files that embed
|
||
a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
|
||
15252[7]).
|
||
|
||
• The editcap utility gained a new --inject-secrets option to
|
||
inject an existing TLS Key Log file into a pcapng file.
|
||
|
||
• A new dfilter function string() has been added. It allows the
|
||
conversion of non-string fields to strings so string functions
|
||
(as contains and matches) can be used on them.
|
||
|
||
• The Bash test suite has been replaced by one based on Python
|
||
unittest/pytest.
|
||
|
||
• The custom window title can now show file path of the capture
|
||
file and it has a conditional separator.
|
||
|
||
Removed Features and Support
|
||
|
||
• The legacy (GTK+) user interface has been removed and is no
|
||
longer supported.
|
||
|
||
• The portaudio library is no longer needed due to the removal of
|
||
GTK+.
|
||
|
||
• Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
|
||
|
||
• Wireshark requires GLib 2.32 or later.
|
||
|
||
• Wireshark requires GnuTLS 3.2 or later as optional dependency.
|
||
|
||
• Building Wireshark requires Python 3.4 or newer, Python 2.7 is
|
||
unsupported.
|
||
|
||
• Building Wireshark requires CMake. Autotools is no longer
|
||
supported.
|
||
|
||
• TShark’s -z compare option was removed.
|
||
|
||
• Building with Cygwin is no longer supported on Windows.
|
||
|
||
New File Format Decoding Support
|
||
|
||
Ruby Marshal format
|
||
|
||
New Protocol Support
|
||
|
||
Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
|
||
BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
|
||
over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
|
||
Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
|
||
RTP), Exablaze trailers, General Circuit Services Notification
|
||
Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
|
||
Emberplus Data format, Great Britain Companion Specification (GBCS)
|
||
used in the Smart Metering Equipment Technical Specifications
|
||
(SMETS), GSM-R (User-to-User Information Element usage),
|
||
HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
|
||
ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
|
||
ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
|
||
Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
|
||
Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
|
||
PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
|
||
Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
|
||
Spirent Test Center Signature decoding for Ethernet and FibreChannel
|
||
(STCSIG, disabled by default), Sybase-specific portions of TDS,
|
||
systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
|
||
Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
|
||
Retrieval Protocol
|
||
|
||
Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
New and Updated Capture File Support
|
||
|
||
RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
|
||
and Unigraf DPA-400 DisplayPort AUX channel monitor
|
||
|
||
New and Updated Capture Interfaces support
|
||
|
||
dpauxmon, an external capture interface (extcap) that captures
|
||
DisplayPort AUX channel data from linux kernel drivers.
|
||
|
||
sdjournal, an extcap that captures systemd journal entries.
|
||
|
||
Major API Changes
|
||
|
||
• Lua: the various logging functions (debug, info, message, warn
|
||
and critical) have been removed. Use the print function instead
|
||
for debugging purposes.
|
||
|
||
• Lua: on Windows, file-related functions such as dofile now assume
|
||
UTF-8 paths instead of the local code page. This is consistent
|
||
with Linux and macOS and improves compatibility on non-English
|
||
systems. (Bug 15118[8])
|
||
|
||
Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html[9].
|
||
|
||
Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You
|
||
can usually install or upgrade Wireshark using the package management
|
||
system specific to that platform. A list of third-party packages can
|
||
be found on the download page[10] on the Wireshark web site.
|
||
|
||
File Locations
|
||
|
||
Wireshark and TShark look in several different locations for
|
||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
||
locations vary from platform to platform. You can use About→Folders to
|
||
find the default locations on your system.
|
||
|
||
Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/[11]
|
||
|
||
Community support is available on Wireshark’s Q&A site[12] and on the
|
||
wireshark-users mailing list. Subscription information and archives
|
||
for all of Wireshark’s mailing lists can be found on the web site[13].
|
||
|
||
Bugs and feature requests can be reported on the bug tracker[14].
|
||
|
||
Official Wireshark training and certification are available from
|
||
Wireshark University[15].
|
||
|
||
Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the Wireshark web site[16].
|
||
|
||
Last updated 2019-02-03 08:18:33 UTC
|
||
|
||
References
|
||
|
||
1. 1
|
||
2. 2
|
||
3. 3
|
||
4. 4
|
||
5. 5
|
||
6. 6
|
||
7. 7
|
||
8. 8
|
||
9. 9
|
||
10. 10
|
||
11. 11
|
||
12. 12
|
||
13. 13
|
||
14. 14
|
||
15. 15
|
||
16. 16
|