2013-03-18 22:17:42 +00:00
|
|
|
= Wireshark wireshark-version:[] Release Notes
|
2014-04-15 16:31:24 +00:00
|
|
|
|
|
|
|
This is an experimental release intended to test new features for the next
|
|
|
|
stable release.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
== What is Wireshark?
|
|
|
|
|
|
|
|
Wireshark is the world's most popular network protocol analyzer. It is
|
|
|
|
used for troubleshooting, analysis, development and education.
|
|
|
|
|
|
|
|
== What's New
|
|
|
|
|
|
|
|
=== Bug Fixes
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
|
|
|
|
2013-03-15 18:25:42 +00:00
|
|
|
//* ws-buglink:5000[]
|
|
|
|
//* ws-buglink:6000[Wireshark bug]
|
2014-05-23 20:56:41 +00:00
|
|
|
//* cve-idlink:2014-2486[]
|
|
|
|
//* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-11-07 02:11:51 +00:00
|
|
|
* "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390)
|
2013-10-10 19:48:37 +00:00
|
|
|
* "Follow TCP Stream" shows only the first HTTP req+res. (ws-buglink:9044[])
|
2013-09-28 21:25:44 +00:00
|
|
|
* Files with pcap-ng Simple Packet Blocks can't be read. (ws-buglink:9200[])
|
2014-02-22 00:47:55 +00:00
|
|
|
* MPLS-over-PPP isn't recognized. (ws-buglink:9492[])
|
2013-09-28 21:25:44 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
=== New and Updated Features
|
|
|
|
|
2013-11-18 17:41:00 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2014-04-21 22:25:27 +00:00
|
|
|
since version 1.11.3:
|
|
|
|
|
|
|
|
* Transport name resolution is now disabled by default.
|
|
|
|
|
|
|
|
The following features are new (or have been significantly updated)
|
2013-11-18 17:41:00 +00:00
|
|
|
since version 1.11.2:
|
|
|
|
|
2013-11-21 01:31:36 +00:00
|
|
|
* Qt port:
|
|
|
|
|
2014-01-03 10:21:56 +00:00
|
|
|
** The About dialog has been added
|
2013-12-13 19:00:51 +00:00
|
|
|
** The Capture Interfaces dialog has been added.
|
2014-04-14 16:53:01 +00:00
|
|
|
** The Decode As dialog has been added. It managed to swallow up the
|
|
|
|
User Specified Decodes dialog as well.
|
2014-04-13 18:27:05 +00:00
|
|
|
** The Export PDU dialog has been added.
|
2013-12-13 19:00:51 +00:00
|
|
|
** Several SCTP dialogs have been added.
|
|
|
|
** The statistics tree (the backend for many Statistics and Telephony menu
|
|
|
|
items) dialog has been added.
|
2014-04-14 16:53:01 +00:00
|
|
|
** The I/O Graph dialog has been added.
|
2014-04-13 18:27:05 +00:00
|
|
|
** French translation has updated.
|
2013-11-18 17:41:00 +00:00
|
|
|
|
2013-11-15 22:34:31 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.11.1:
|
|
|
|
|
2013-11-18 16:44:16 +00:00
|
|
|
* Mac OS X packaging has been improved.
|
2013-11-15 22:34:31 +00:00
|
|
|
|
2013-11-14 23:54:41 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since version 1.11.0:
|
|
|
|
|
2013-11-21 17:44:12 +00:00
|
|
|
* Dissector output may be encoded as UTF-8. This includes TShark output.
|
|
|
|
|
2013-11-14 23:54:41 +00:00
|
|
|
* Qt port:
|
|
|
|
|
|
|
|
** The Follow Stream dialog now supports packet and TCP stream selection.
|
|
|
|
** A Flow Graph (sequence diagram) dialog has been added.
|
|
|
|
** The main window now respects geometry preferences.
|
|
|
|
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
2013-05-25 03:46:08 +00:00
|
|
|
since version 1.10:
|
|
|
|
|
2013-10-08 18:25:10 +00:00
|
|
|
* Wireshark now uses the Qt application framework. The new UI should provide
|
|
|
|
a significantly better user experience, particularly on Mac OS X and Windows.
|
2013-07-12 17:14:19 +00:00
|
|
|
* The Windows installer now uninstalls the previous version of Wireshark
|
|
|
|
silently. You can still run the uninstaller manually beforehand if you wish
|
|
|
|
to run it interactively.
|
2014-02-22 19:16:44 +00:00
|
|
|
* Expert information is now filterable when the new API is in use.
|
2013-07-12 17:14:19 +00:00
|
|
|
* The "Number" column shows related packets and protocol conversation spans
|
|
|
|
(Qt only).
|
|
|
|
* When manipulating packets with editcap using the -C <choplen> and/or
|
|
|
|
-s <snaplen> options, it is now possible to also adjust the original frame
|
|
|
|
length using the -L option.
|
|
|
|
* You can now pass the -C <choplen> option to editcap multiple times, which
|
|
|
|
allows you to chop bytes from the beginning of a packet as well as at the end
|
|
|
|
of a packet in a single step.
|
2013-09-08 20:29:26 +00:00
|
|
|
* You can now specify an optional offset to the -C option for editcap, which
|
|
|
|
allows you to start chopping from that offset instead of from the absolute
|
|
|
|
packet beginning or end.
|
2013-10-09 12:56:19 +00:00
|
|
|
* "malformed" display filter has been renamed to "_ws.malformed". A handful of
|
|
|
|
other filters have been given the "_ws." prefix to note they are Wireshark
|
|
|
|
application specific filters and not dissector filters.
|
2014-04-16 19:58:16 +00:00
|
|
|
* The Kerberos dissector has been replaced with an auto generated one from ASN1
|
|
|
|
protocol description, changing a lot of filter names.
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-01-03 09:48:53 +00:00
|
|
|
=== Removed dissectors
|
|
|
|
|
|
|
|
* The ASN1 plugin has been removed as it's deemed obsolete.
|
|
|
|
* The GNM dissector has been removed as it was never used.
|
2014-04-16 19:58:16 +00:00
|
|
|
* The Kerberos hand made dissector has been replaced by one generated from ASN1 code.
|
2014-01-03 09:48:53 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
=== New Protocol Support
|
|
|
|
|
2013-03-18 22:17:42 +00:00
|
|
|
--sort-and-group--
|
|
|
|
|
2014-04-07 20:33:51 +00:00
|
|
|
29West
|
2013-10-16 00:35:02 +00:00
|
|
|
802.1AE Secure tag
|
2014-05-04 13:12:46 +00:00
|
|
|
A21
|
2014-02-11 22:15:56 +00:00
|
|
|
ACR122
|
2014-04-14 16:53:01 +00:00
|
|
|
ADB Client-Server
|
|
|
|
AllJoyn
|
|
|
|
Apple PKTAP
|
2014-02-11 22:15:56 +00:00
|
|
|
Aruba Instant AP
|
2013-05-25 03:46:08 +00:00
|
|
|
ASTERIX
|
2014-02-11 22:15:56 +00:00
|
|
|
ATN
|
|
|
|
Bencode
|
|
|
|
Bluetooth 3DS
|
|
|
|
Bluetooth HSP
|
|
|
|
Bluetooth Linux Monitor Transport
|
|
|
|
Bluetooth Low Energy
|
2014-03-08 09:01:53 +00:00
|
|
|
Bluetooth Low Energy RF Info
|
2013-10-16 00:35:02 +00:00
|
|
|
CARP
|
2014-02-11 22:15:56 +00:00
|
|
|
CFDP
|
2013-10-16 00:35:02 +00:00
|
|
|
Cisco MetaData
|
2014-04-14 16:53:01 +00:00
|
|
|
DCE/RPC MDSSVC
|
2014-02-11 22:15:56 +00:00
|
|
|
DeviceNet
|
2014-04-20 10:58:31 +00:00
|
|
|
Ethernet Local Management Interface (E-LMI)
|
2014-04-22 20:16:40 +00:00
|
|
|
Ethernet Passive Optical Network (EPON)
|
2013-11-11 19:57:38 +00:00
|
|
|
ELF file format
|
2013-10-20 12:53:04 +00:00
|
|
|
EXPORTED PDU
|
2013-11-16 03:21:06 +00:00
|
|
|
FINGER
|
2014-01-23 17:10:27 +00:00
|
|
|
HDMI
|
2014-04-25 06:16:12 +00:00
|
|
|
High-Speed LAN Instrument Protocol (HiSLIP)
|
2013-10-16 00:35:02 +00:00
|
|
|
HTTP2
|
|
|
|
IDRP
|
2014-03-24 21:06:57 +00:00
|
|
|
IEEE 1722a
|
2013-10-20 18:43:00 +00:00
|
|
|
ILP
|
2014-04-14 16:53:01 +00:00
|
|
|
iWARP Direct Data Placement and Remote Direct Memory Access Protocol
|
2013-10-16 00:35:02 +00:00
|
|
|
Kafka
|
2014-02-11 22:15:56 +00:00
|
|
|
Kyoto Tycoon
|
2014-03-24 21:06:57 +00:00
|
|
|
Landis & Gyr Telegyr 8979
|
2014-04-07 20:33:51 +00:00
|
|
|
LBM
|
|
|
|
LBMC
|
|
|
|
LBMPDM
|
|
|
|
LBMPDM-TCP
|
|
|
|
LBMR
|
|
|
|
LBT-RM
|
|
|
|
LBT-RU
|
|
|
|
LBT-TCP
|
2014-02-11 22:15:56 +00:00
|
|
|
Lightweight Mesh (v1.1.1)
|
2014-05-10 12:46:47 +00:00
|
|
|
Link16
|
2014-02-11 22:15:56 +00:00
|
|
|
Linux netlink
|
2014-02-25 22:36:24 +00:00
|
|
|
Linux netlink netfilter
|
|
|
|
Linux rtnetlink (route netlink)
|
|
|
|
Linux netlink sock diag
|
2014-02-24 20:03:01 +00:00
|
|
|
Logcat
|
2013-10-16 00:35:02 +00:00
|
|
|
MBIM
|
2014-02-06 00:03:15 +00:00
|
|
|
Media Agnostic USB (MA USB)
|
2013-10-20 12:53:04 +00:00
|
|
|
MiNT
|
2013-10-16 00:35:02 +00:00
|
|
|
MP4 / ISOBMFF file format
|
2014-04-14 16:53:01 +00:00
|
|
|
MQ Telemetry Transport Protocol
|
2014-03-24 10:10:48 +00:00
|
|
|
MS NLB (Rewrite)
|
2013-12-31 14:25:28 +00:00
|
|
|
Novell PKIS certificate extensions
|
2013-10-27 22:40:45 +00:00
|
|
|
NXP PN532 HCI
|
2013-10-16 00:35:02 +00:00
|
|
|
OpenFlow
|
2014-03-06 13:19:13 +00:00
|
|
|
Open Sound Control
|
2014-04-14 16:53:01 +00:00
|
|
|
PDC
|
2014-02-11 22:15:56 +00:00
|
|
|
Pathport
|
2013-10-16 00:35:02 +00:00
|
|
|
Picture Transfer Protocol Over IP
|
2014-04-03 01:42:15 +00:00
|
|
|
PKTAP
|
2014-03-09 13:23:27 +00:00
|
|
|
Private Data Channel
|
2013-11-11 19:57:38 +00:00
|
|
|
QUIC (Quick UDP Internet Connections)
|
2014-02-11 22:15:56 +00:00
|
|
|
SAE J1939
|
2013-05-30 21:37:26 +00:00
|
|
|
SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection
|
2013-10-16 00:35:02 +00:00
|
|
|
Sippy RTPproxy
|
2014-02-25 22:36:24 +00:00
|
|
|
SMB-Direct
|
2014-04-13 15:47:59 +00:00
|
|
|
SPDY
|
2013-10-16 00:35:02 +00:00
|
|
|
STANAG 4607
|
2013-11-30 08:30:04 +00:00
|
|
|
STANAG 5066 DTS
|
2013-10-16 00:35:02 +00:00
|
|
|
STANAG 5066 SIS
|
2013-10-28 21:19:21 +00:00
|
|
|
Tinkerforge
|
2014-02-11 22:15:56 +00:00
|
|
|
Ubertooth
|
2013-06-02 17:21:43 +00:00
|
|
|
UDT
|
2013-10-16 00:35:02 +00:00
|
|
|
URL Encoded Form Data
|
2014-02-11 22:15:56 +00:00
|
|
|
USB Communications and CDC Control
|
|
|
|
USB Device Firmware Upgrade
|
|
|
|
VP8
|
2013-11-14 21:04:05 +00:00
|
|
|
WHOIS
|
2013-10-16 00:35:02 +00:00
|
|
|
Wi-Fi Display
|
2014-04-14 16:53:01 +00:00
|
|
|
ZigBee Green Power profile
|
2013-03-18 22:17:42 +00:00
|
|
|
|
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
=== Updated Protocol Support
|
|
|
|
|
|
|
|
Too many protocols have been updated to list here.
|
|
|
|
|
|
|
|
=== New and Updated Capture File Support
|
|
|
|
|
2013-03-18 23:03:31 +00:00
|
|
|
--sort-and-group--
|
|
|
|
|
2013-05-25 03:46:08 +00:00
|
|
|
Netscaler 2.6
|
2013-07-28 23:41:18 +00:00
|
|
|
STANAG 4607
|
2013-11-30 08:30:04 +00:00
|
|
|
STANAG 5066 Data Transfer Sublayer
|
2013-03-18 23:03:31 +00:00
|
|
|
|
|
|
|
--sort-and-group--
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2014-02-22 19:16:44 +00:00
|
|
|
=== Major API Changes
|
|
|
|
|
|
|
|
The libwireshark API has undergone some major changes:
|
|
|
|
|
More tvbuff API deprecation, comment expansion, and documentation updates.
Do with tvb_get_stringz() what was done with tvb_get_string().
Redo the comments for the string get routines to try to give more detail
in a fashion that's a bit less hard to read.
Warn, in comments, of the problems with using
tvb_get_string()/tvb_get_stringz() (i.e., if your strings are non-ASCII,
all bytes with the 8th bit set are going be replaced by the Unicode
REPLACEMENT CHARACTER, and displayed as such).
Warn, in a comment, of the problems with tvb_get_const_stringz() (i.e.,
it gives you raw bytes, rather than guaranteed-to-be-valid UTF-8).
Update documentation and release notes appropriately.
Change-Id: Ibd3efb92a203861f507ce71bc8d04d19d9d38a93
Reviewed-on: https://code.wireshark.org/review/327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-02-23 22:16:24 +00:00
|
|
|
* A more flexible, modular memory manager (wmem) has been added. It was
|
|
|
|
available experimentally in 1.10 but is now mature and has mostly
|
|
|
|
replaced the old emem API (which is deprecated).
|
2014-02-22 19:16:44 +00:00
|
|
|
* A new API for expert information has been added, replacing the old one.
|
|
|
|
* The tvbuff API has been cleaned up: tvb_length has been renamed to
|
More tvbuff API deprecation, comment expansion, and documentation updates.
Do with tvb_get_stringz() what was done with tvb_get_string().
Redo the comments for the string get routines to try to give more detail
in a fashion that's a bit less hard to read.
Warn, in comments, of the problems with using
tvb_get_string()/tvb_get_stringz() (i.e., if your strings are non-ASCII,
all bytes with the 8th bit set are going be replaced by the Unicode
REPLACEMENT CHARACTER, and displayed as such).
Warn, in a comment, of the problems with tvb_get_const_stringz() (i.e.,
it gives you raw bytes, rather than guaranteed-to-be-valid UTF-8).
Update documentation and release notes appropriately.
Change-Id: Ibd3efb92a203861f507ce71bc8d04d19d9d38a93
Reviewed-on: https://code.wireshark.org/review/327
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2014-02-23 22:16:24 +00:00
|
|
|
tvb_captured_length for clarity, and tvb_get_string and tvb_get_stringz
|
|
|
|
have been deprecated in favour of tvb_get_string_enc and
|
|
|
|
tvb_get_stringz_enc.
|
2014-05-20 10:54:20 +00:00
|
|
|
* dissector_try_heuristic() signature has been changed to return heur_dtbl_entry_t
|
|
|
|
to make it possible to save it and use it in subsequent calls to avoid the overhead
|
|
|
|
of going trough the heuristics list.
|
2014-02-22 19:16:44 +00:00
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Wireshark
|
|
|
|
|
|
|
|
Wireshark source code and installation packages are available from
|
|
|
|
http://www.wireshark.org/download.html.
|
|
|
|
|
|
|
|
=== Vendor-supplied Packages
|
|
|
|
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You can
|
|
|
|
usually install or upgrade Wireshark using the package management system
|
|
|
|
specific to that platform. A list of third-party packages can be found
|
|
|
|
on the http://www.wireshark.org/download.html#thirdparty[download page]
|
|
|
|
on the Wireshark web site.
|
|
|
|
|
|
|
|
== File Locations
|
|
|
|
|
|
|
|
Wireshark and TShark look in several different locations for preference
|
|
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
|
|
|
from platform to platform. You can use About→Folders to find the default
|
|
|
|
locations on your system.
|
|
|
|
|
|
|
|
== Known Problems
|
|
|
|
|
|
|
|
Dumpcap might not quit if Wireshark or TShark crashes.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1419[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
The BER dissector might infinitely loop.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:1516[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Capture filters aren't applied when capturing from named pipes.
|
|
|
|
(ws-buglink:1814)
|
|
|
|
|
2013-03-28 21:46:37 +00:00
|
|
|
Filtering tshark captures with read filters (-R) no longer works.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:2234[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
The 64-bit Windows installer does not support Kerberos decryption.
|
|
|
|
(https://wiki.wireshark.org/Development/Win64[Win64 development page])
|
|
|
|
|
2013-10-10 19:48:37 +00:00
|
|
|
Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
|
|
|
|
no longer automatically decodes gzip data when following a TCP stream.
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
Application crash when changing real-time option.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4035[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Hex pane display issue after startup.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4056[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Packet list rows are oversized.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4357[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Summary pane selected frame highlighting not maintained.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4445[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
|
|
|
Wireshark and TShark will display incorrect delta times in some cases.
|
2013-03-15 18:25:07 +00:00
|
|
|
(ws-buglink:4985[])
|
2013-03-15 01:33:46 +00:00
|
|
|
|
2013-10-08 18:25:10 +00:00
|
|
|
The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 (ws-buglink:9242[])
|
|
|
|
|
2013-03-15 01:33:46 +00:00
|
|
|
== Getting Help
|
|
|
|
|
|
|
|
Community support is available on http://ask.wireshark.org/[Wireshark's
|
|
|
|
Q&A site] and on the wireshark-users mailing list. Subscription
|
|
|
|
information and archives for all of Wireshark's mailing lists can be
|
|
|
|
found on http://www.wireshark.org/lists/[the web site].
|
|
|
|
|
|
|
|
Official Wireshark training and certification are available from
|
|
|
|
http://www.wiresharktraining.com/[Wireshark University].
|
|
|
|
|
|
|
|
== Frequently Asked Questions
|
|
|
|
|
|
|
|
A complete FAQ is available on the
|
|
|
|
http://www.wireshark.org/faq.html[Wireshark web site].
|