2021-08-29 09:29:34 +00:00
|
|
|
|
Wireshark 3.5.1 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
This is an experimental release intended to test new features for
|
2020-10-25 09:14:23 +00:00
|
|
|
|
Wireshark 3.6.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark is the world’s most popular network protocol analyzer. It is
|
|
|
|
|
used for troubleshooting, analysis, development and education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What’s New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2019-06-23 08:20:25 +00:00
|
|
|
|
Many improvements have been made. See the “New and Updated Features”
|
|
|
|
|
section below for more details.
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
New and Updated Features
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2019-07-28 08:20:20 +00:00
|
|
|
|
The following features are new (or have been significantly updated)
|
2020-11-15 19:00:02 +00:00
|
|
|
|
since version 3.4.0:
|
2019-07-28 08:20:20 +00:00
|
|
|
|
|
2021-09-12 09:28:32 +00:00
|
|
|
|
• The Windows installers now ship with Npcap 1.55.
|
2020-12-20 09:14:17 +00:00
|
|
|
|
|
2021-08-27 17:17:38 +00:00
|
|
|
|
• A 64-bit Windows PortableApps package is now available.
|
|
|
|
|
|
|
|
|
|
• A macOS Arm 64 (Apple Silicon) package is now available.
|
|
|
|
|
|
2020-12-06 09:14:20 +00:00
|
|
|
|
• TCP conversations now support a completeness criteria, which
|
|
|
|
|
facilitates the identification of TCP streams having any of
|
|
|
|
|
opening or closing handshakes, a payload, in any combination. It
|
|
|
|
|
is accessed with the new tcp.completeness filter.
|
|
|
|
|
|
2020-11-15 19:00:02 +00:00
|
|
|
|
• Protobuf fields that are not serialized on the wire (missing in
|
|
|
|
|
capture files) can now be displayed with default values by
|
|
|
|
|
setting the new 'add_default_value' preference. The default
|
|
|
|
|
values might be explicitly declared in 'proto2' files, or false
|
|
|
|
|
for bools, first value for enums, zero for numeric types.
|
2020-10-18 09:14:35 +00:00
|
|
|
|
|
2020-12-06 09:14:20 +00:00
|
|
|
|
• Wireshark now supports reading Event Tracing for Windows (ETW). A
|
|
|
|
|
new extcap named ETW reader is created that now can open an etl
|
|
|
|
|
file, convert all events in the file to DLT_ETW packets and write
|
|
|
|
|
to a specified FIFO destination. Also, a new packet_etw dissector
|
|
|
|
|
is created to dissect DLT_ETW packets so Wireshark can display
|
|
|
|
|
the DLT_ETW packet header, its message and packet_etw dissector
|
|
|
|
|
calls packet_mbim sub_dissector if its provider matches the MBIM
|
|
|
|
|
provider GUID.
|
|
|
|
|
|
2021-02-28 09:48:56 +00:00
|
|
|
|
• "Follow DCCP stream" feature to filter for and extract the
|
|
|
|
|
contents of DCCP streams.
|
|
|
|
|
|
2021-03-07 09:49:41 +00:00
|
|
|
|
• Wireshark now supports dissecting the rtp packet with OPUS
|
|
|
|
|
payload.
|
|
|
|
|
|
2021-03-28 09:30:09 +00:00
|
|
|
|
• Importing captures from text files is now also possible based on
|
|
|
|
|
regular expressions. By specifying a regex capturing a single
|
|
|
|
|
packet including capturing groups for relevant fields a textfile
|
2021-08-22 09:30:00 +00:00
|
|
|
|
can be converted to a libpcap capture file. Supported data
|
2021-03-28 09:30:09 +00:00
|
|
|
|
encodings are plain-hexadecimal, -octal, -binary and base64. Also
|
|
|
|
|
the timestamp format now allows the second-fractions to be placed
|
|
|
|
|
anywhere in the timestamp and it will be stored with nanosecond
|
|
|
|
|
instead of microsecond precision.
|
|
|
|
|
|
2021-06-06 09:29:04 +00:00
|
|
|
|
• Display filter literal strings can now be specified using raw
|
|
|
|
|
string syntax, identical to raw strings in the Python programming
|
|
|
|
|
language. This is useful to avoid the complexity of using two
|
|
|
|
|
levels of character escapes with regular expressions.
|
|
|
|
|
|
2021-04-25 09:28:50 +00:00
|
|
|
|
• Significant RTP Player redesign and improvements (see Wireshark
|
|
|
|
|
User Documentation, Playing VoIP Calls[1] and RTP Player
|
|
|
|
|
Window[2])
|
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• RTP Player can play many streams in row
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• UI is more responsive
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• RTP Player maintains playlist, other tools can add/remove
|
|
|
|
|
streams to it
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Every stream can be muted or routed to L/R channel for replay
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Save audio is moved from RTP Analysis to RTP Player. RTP
|
|
|
|
|
Player saves what was played. RTP Player can save in multichannel
|
|
|
|
|
.au or .wav.
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• RTP Player added to menu Telephony>RTP>RTP Player
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player,
|
|
|
|
|
SIP Flows) are non-modal, can stay opened on background
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Same tools are provided across all dialogs (Prepare Filter,
|
2021-04-25 09:28:50 +00:00
|
|
|
|
Analyse, RTP Player …)
|
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Follow stream is now able to follow SIP calls based on their
|
|
|
|
|
Call-ID value.
|
2021-04-25 09:28:50 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Follow stream YAML output format’s has been changed to add
|
|
|
|
|
timestamps and peers information (for more details see the user’s
|
|
|
|
|
guide, Following Protocol Streams[3])
|
2021-05-30 09:29:00 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• IP fragments between public IPv4 addresses are now reassembled
|
|
|
|
|
even if they have different VLAN IDs. Reassembly of IP fragments
|
|
|
|
|
where one endpoint is a private (RFC 1918 section 3) or
|
|
|
|
|
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
|
|
|
|
|
into account, as those addresses can be reused. To revert to the
|
|
|
|
|
previous behavior and not reassemble fragments with different
|
|
|
|
|
VLAN IDs, turn on the "Enable stricter conversation tracking
|
|
|
|
|
heuristics" top level protocol preference.
|
2021-05-30 09:29:00 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• USB Link Layer reassembly has been added, which allows hardware
|
|
|
|
|
captures to be analyzed at the same level as software captures.
|
2021-08-27 17:17:38 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• TShark can now export TLS session keys with the
|
|
|
|
|
--export-tls-session-keys option.
|
2021-06-13 09:28:55 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Wireshark participated in the Google Season of Docs 2020 and the
|
|
|
|
|
User’s Guide has been extensively updated.
|
2021-08-01 09:29:55 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Format of export to CSV in RTP Stream Analysis dialog was
|
|
|
|
|
slightly changed. First line of export contains names of columns
|
|
|
|
|
as in other CSV exports.
|
2021-08-22 09:30:00 +00:00
|
|
|
|
|
2021-09-15 20:35:32 +00:00
|
|
|
|
• Wireshark now supports the Turkish language.
|
2021-08-27 17:17:38 +00:00
|
|
|
|
|
2021-09-19 09:29:54 +00:00
|
|
|
|
• The settings in the 'Import from Hex Dump' dialog is now stored
|
|
|
|
|
in a profile import_hexdump.json file.
|
|
|
|
|
|
2021-08-27 17:17:38 +00:00
|
|
|
|
New File Format Decoding Support
|
|
|
|
|
|
|
|
|
|
Vector Informatik Binary Log File (BLF)
|
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New Protocol Support
|
|
|
|
|
|
2021-08-27 17:17:38 +00:00
|
|
|
|
Bluetooth Link Manager Protocol (BT LMP), E2 Application Protocol
|
|
|
|
|
(E2AP), Event Tracing for Windows (ETW), High-Performance
|
2021-09-05 18:53:03 +00:00
|
|
|
|
Connectivity Tracer (HiPerConTracer), ISO 10681, Kerberos SPAKE,
|
|
|
|
|
Linux psample protocol, Local Interconnect Network (LIN), Microsoft
|
|
|
|
|
Task Scheduler Service, O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN),
|
|
|
|
|
Opus Interactive Audio Codec (OPUS), PDU Transport Protocol, R09.x
|
|
|
|
|
(R09), RDP Dynamic Channel Protocol (DRDYNVC), Real-Time
|
|
|
|
|
Publish-Subscribe Virtual Transport (RTPS-VT), Real-Time
|
|
|
|
|
Publish-Subscribe Wire Protocol (processed) (RTPS-PROC), Shared
|
|
|
|
|
Memory Communications (SMC), Signal PDU, SparkplugB, State
|
|
|
|
|
Synchronization Protocol (SSyncP), Tagged Image File Format (TIFF),
|
|
|
|
|
TP-Link Smart Home Protocol, UAVCAN DSDL, UAVCAN/CAN, Van Jacobson
|
|
|
|
|
PPP compression (VJC), and World of Warcraft World (WOWW)
|
2020-12-13 09:14:28 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
Updated Protocol Support
|
|
|
|
|
|
2018-02-06 20:35:21 +00:00
|
|
|
|
Too many protocols have been updated to list here.
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2021-08-27 17:17:38 +00:00
|
|
|
|
Vector Informatik Binary Log File (BLF)
|
2021-07-18 09:29:30 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark source code and installation packages are available from
|
2019-12-15 08:20:34 +00:00
|
|
|
|
https://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
|
system specific to that platform. A list of third-party packages can
|
2021-05-30 09:29:00 +00:00
|
|
|
|
be found on the download page[4] on the Wireshark web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
File Locations
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark look in several different locations for
|
2018-12-12 23:25:31 +00:00
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
2020-09-15 20:56:25 +00:00
|
|
|
|
locations vary from platform to platform. You can use About → Folders
|
|
|
|
|
to find the default locations on your system.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Getting Help
|
2013-11-01 09:55:26 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The User’s Guide, manual pages and various other documentation can be
|
2019-12-15 08:20:34 +00:00
|
|
|
|
found at https://www.wireshark.org/docs/
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2021-05-30 09:29:00 +00:00
|
|
|
|
Community support is available on Wireshark’s Q&A site[5] and on the
|
2018-12-12 23:25:31 +00:00
|
|
|
|
wireshark-users mailing list. Subscription information and archives
|
2021-05-30 09:29:00 +00:00
|
|
|
|
for all of Wireshark’s mailing lists can be found on the web site[6].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2021-05-30 09:29:00 +00:00
|
|
|
|
Bugs and feature requests can be reported on the issue tracker[7].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Frequently Asked Questions
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2021-05-30 09:29:00 +00:00
|
|
|
|
A complete FAQ is available on the Wireshark web site[8].
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2021-09-19 09:29:54 +00:00
|
|
|
|
Last updated 2021-09-19 09:05:35 UTC
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
References
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2021-04-25 09:28:50 +00:00
|
|
|
|
1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
|
|
|
|
|
.html
|
|
|
|
|
2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
|
|
|
|
|
pPlayer
|
2021-05-30 09:29:00 +00:00
|
|
|
|
3. https://www.wireshark.org/docs/wsug_html_chunked//ChAdvFollowStrea
|
|
|
|
|
mSection.html
|
|
|
|
|
4. https://www.wireshark.org/download.html#thirdparty
|
|
|
|
|
5. https://ask.wireshark.org/
|
|
|
|
|
6. https://www.wireshark.org/lists/
|
|
|
|
|
7. https://gitlab.com/wireshark/wireshark/-/issues
|
|
|
|
|
8. https://www.wireshark.org/faq.html
|