forked from osmocom/wireshark
163 lines
6.5 KiB
Plaintext
163 lines
6.5 KiB
Plaintext
include::attributes.adoc[]
|
||
:stylesheet: ws.css
|
||
:linkcss:
|
||
:copycss: {stylesheet}
|
||
|
||
= Wireshark {wireshark-version} Release Notes
|
||
// Asciidoctor Syntax Quick Reference:
|
||
// https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/
|
||
|
||
This is an experimental release intended to test new features for Wireshark 3.6.
|
||
|
||
== What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer.
|
||
It is used for troubleshooting, analysis, development and education.
|
||
|
||
== What’s New
|
||
|
||
// If we expand this to all Win32 packages we should make this more prominent, e.g. with an admonition.
|
||
* We no longer ship Windows Installer (.msi) packages for 32-bit Windows. wsbuglink:17779[]
|
||
|
||
* The PCRE2 library (https://www.pcre.org/) is now a required dependency to build Wireshark.
|
||
|
||
* You must now have a compiler with C11 support in order to build Wireshark.
|
||
|
||
Many improvements have been made.
|
||
See the “New and Updated Features” section below for more details.
|
||
|
||
// === Bug Fixes
|
||
|
||
// The following bugs have been fixed:
|
||
|
||
//* wsbuglink:5000[]
|
||
//* wsbuglink:6000[Wireshark bug]
|
||
//* cveidlink:2014-2486[]
|
||
//* Wireshark insists on subscribing to two dozen streaming services but only watches three.
|
||
|
||
=== New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated) since version 3.6.0:
|
||
|
||
* The Windows installers now ship with Npcap 1.60.
|
||
They previously shipped with Npcap 1.55.
|
||
|
||
* Display filter syntax:
|
||
** Set elements must be separated using a comma, e.g: {1, 2, "foo"}. Using only whitespace as separator was deprecated in 3.6 and is now a syntax error.
|
||
** Adds support for some additional character escape sequences in double quoted strings.
|
||
Besides octal and hex byte specification the following C escape sequences are now supported with the same meaning: \a, \b, \f, \n, \r, \t, \v.
|
||
Previously they were only supported with character constants.
|
||
** Unrecognized escape sequences are now treated as a syntax error. Previously they were treated as a literal character.
|
||
In addition to the sequences indicated above, backslash, single quotation and double quotation mark are also valid sequences: \\, \', \".
|
||
** The display filter engine now uses PCRE2 instead of GRegex (GLib bindings to the older end-of-life PCRE library).
|
||
PCRE2 is compatible with PCRE so the user-visible changes should be minimal.
|
||
Some exotic patterns may now be invalid and require rewriting.
|
||
** Adds a new strict equality operator "===" or "all_eq". The expression "a === b" is true if and only if all a's are equal to b.
|
||
The negation of "===" can now be written as "!==" (any_ne), in addition to "~=" (introduced in Wireshark 3.6.0).
|
||
** Adds the aliases "any_eq" for "==" and "all_ne" for "!=".
|
||
** Date and time can be given in UTC using ISO 8601 (with 'Z' timezone) or by appending the suffix "UTC" to the legacy formats.
|
||
Otherwise local time is used.
|
||
|
||
* text2pcap has been updated to use the new logging output options and the
|
||
"-d" flag has been removed. The "debug" log level corresponds to the old
|
||
"-d" flag, and the "noisy" log level corresponds to using "-d" multiple times.
|
||
|
||
* HTTP2 dissector now supports using fake headers to parse the DATAs of streams captured without first HEADERS frames of a long-lived stream (like
|
||
gRPC streaming call which allows sending many request or response messages in one HTTP2 stream). User can specify fake headers according to the
|
||
server port, stream id and direction of the long-lived stream that we start capturing packets after it is established.
|
||
|
||
* Mesh Connex (MCX) support in existing 802.11 packets.
|
||
|
||
* Capture Options dialog contains same configuration icon as Welcome Screen. It is possible to configure interface there.
|
||
|
||
* Extcap dialog remembers password items during runtime therefore it is possible to run extcap multiple times in row. Passwords are never stored to disk.
|
||
|
||
* It is possible to set extcap passwords on cli for tshark and other cli tools.
|
||
|
||
=== Removed Features and Support
|
||
|
||
* CMake: The options starting with DISABLE_something were renamed ENABLE_something for consistency.
|
||
For example DISABLE_WERROR=On became ENABLE_WERROR=Off. The defaults are unchanged.
|
||
|
||
// === Removed Dissectors
|
||
|
||
=== New File Format Decoding Support
|
||
|
||
[commaize]
|
||
--
|
||
--
|
||
|
||
=== New Protocol Support
|
||
|
||
// Add one protocol per line between the -- delimiters in the format
|
||
// “Full protocol name (Abbreviation)”
|
||
// git log --oneline --diff-filter=A --stat v3.7.0rc0.. epan/dissectors plugins
|
||
[commaize]
|
||
--
|
||
Host IP Configuration Protocol (HICP)
|
||
Secure Host IP Configuration Protocol (SHICP)
|
||
Mesh Connex (MCX)
|
||
FiveCo's Legacy Register Access Protocol (5co-legacy)
|
||
--
|
||
|
||
=== Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
=== New and Updated Capture File Support
|
||
|
||
// There is no new or updated capture file support in this release.
|
||
// Add one file type per line between the -- delimiters.
|
||
[commaize]
|
||
--
|
||
--
|
||
|
||
// === New and Updated Capture Interfaces support
|
||
|
||
//_Non-empty section placeholder._
|
||
|
||
=== Major API Changes
|
||
|
||
* proto.h: The field display types "STR_ASCII" and "STR_UNICODE" were removed. Use "BASE_NONE" instead.
|
||
|
||
== Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
=== Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages.
|
||
You can usually install or upgrade Wireshark using the package management system specific to that platform.
|
||
A list of third-party packages can be found on the
|
||
https://www.wireshark.org/download.html[download page]
|
||
on the Wireshark web site.
|
||
|
||
== File Locations
|
||
|
||
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
||
These locations vary from platform to platform.
|
||
You can use menu:Help[About Wireshark,Folders] or `tshark -G folders` to find the default locations on your system.
|
||
|
||
== Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be found at
|
||
https://www.wireshark.org/docs/
|
||
|
||
Community support is available on
|
||
https://ask.wireshark.org/[Wireshark’s Q&A site]
|
||
and on the wireshark-users mailing list.
|
||
Subscription information and archives for all of Wireshark’s mailing lists can be found on
|
||
https://www.wireshark.org/lists/[the web site].
|
||
|
||
Bugs and feature requests can be reported on
|
||
https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker].
|
||
|
||
// Official Wireshark training and certification are available from
|
||
// https://www.wiresharktraining.com/[Wireshark University].
|
||
|
||
== Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the
|
||
https://www.wireshark.org/faq.html[Wireshark web site].
|