wireshark/docbook/release-notes.asciidoc

= Wireshark wireshark-version:[] Release Notes
// $Id$

== What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

== What's New

=== Bug Fixes

The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2013-2486[]
//* Wireshark always manages to score tickets for Burning Man, Coachella, and SXSW while you end up working double shifts. (ws-buglink:0000[])

* "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390)
* "Follow TCP Stream" shows only the first HTTP req+res. (ws-buglink:9044[])
* Files with pcap-ng Simple Packet Blocks can't be read. (ws-buglink:9200[])

=== New and Updated Features

The following features are new (or have been significantly updated)
since version 1.11.2:

* Qt port:

** The Capture Interfaces dialog has been added.
** The Decode As dialog has been added.
** Several SCTP dialogs have been added.
** The statistics tree (the backend for many Statistics and Telephony menu
items) dialog has been added.

The following features are new (or have been significantly updated)
since version 1.11.1:

* Mac OS X packaging has been improved.

The following features are new (or have been significantly updated)
since version 1.11.0:

* Dissector output may be encoded as UTF-8. This includes TShark output.

* Qt port:

** The Follow Stream dialog now supports packet and TCP stream selection.
** A Flow Graph (sequence diagram) dialog has been added.
** The main window now respects geometry preferences.


The following features are new (or have been significantly updated)
since version 1.10:

* Wireshark now uses the Qt application framework. The new UI should provide
  a significantly better user experience, particularly on Mac OS X and Windows.
* A more flexible, modular memory manger (wmem) has been added. It was available
  experimentally in 1.10 but is now mature and has mostly replaced the old API.
* Expert info is now filterable and now requires a new API.
* The Windows installer now uninstalls the previous version of Wireshark
  silently.  You can still run the uninstaller manually beforehand if you wish
  to run it interactively.
* The "Number" column shows related packets and protocol conversation spans
  (Qt only).
* When manipulating packets with editcap using the -C <choplen> and/or
  -s <snaplen> options, it is now possible to also adjust the original frame
  length using the -L option.
* You can now pass the -C <choplen> option to editcap multiple times, which
  allows you to chop bytes from the beginning of a packet as well as at the end
  of a packet in a single step.
* You can now specify an optional offset to the -C option for editcap, which
  allows you to start chopping from that offset instead of from the absolute
  packet beginning or end.
* "malformed" display filter has been renamed to "_ws.malformed".  A handful of
  other filters have been given the "_ws." prefix to note they are Wireshark
  application specific filters and not dissector filters.

=== New Protocol Support

--sort-and-group--

802.1AE Secure tag
ATN
ASTERIX
BT 3DS
CARP
Cisco MetaData
ELF file format
EXPORTED PDU
FINGER
HTTP2
IDRP
ILP
Kafka
Kyoto Tycoon binary protocol
MBIM
MiNT
MP4 / ISOBMFF file format
Novell PKIS certificate extensions
NXP PN532 HCI
OpenFlow
Picture Transfer Protocol Over IP
QUIC (Quick UDP Internet Connections)
SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection
Sippy RTPproxy
STANAG 4607
STANAG 5066 DTS
STANAG 5066 SIS
Tinkerforge
UDT
URL Encoded Form Data
WHOIS
Wi-Fi Display

--sort-and-group--

=== Updated Protocol Support

Too many protocols have been updated to list here.

=== New and Updated Capture File Support

--sort-and-group--

Netscaler 2.6
STANAG 4607
STANAG 5066 Data Transfer Sublayer

--sort-and-group--

== Getting Wireshark

Wireshark source code and installation packages are available from
http://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the http://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814)

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

The 64-bit Windows installer does not support Kerberos decryption.
(https://wiki.wireshark.org/Development/Win64[Win64 development page])

Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option.
(ws-buglink:4035[])

Hex pane display issue after startup.
(ws-buglink:4056[])

Packet list rows are oversized.
(ws-buglink:4357[])

Summary pane selected frame highlighting not maintained.
(ws-buglink:4445[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 (ws-buglink:9242[])

== Getting Help

Community support is available on http://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on http://www.wireshark.org/lists/[the web site].

Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].

== Frequently Asked Questions

A complete FAQ is available on the
http://www.wireshark.org/faq.html[Wireshark web site].