2023-10-01 16:23:06 +00:00
|
|
|
|
Wireshark 4.3.0 Release Notes
|
2014-05-11 19:16:39 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
This is an experimental release intended to test new features for
|
2023-10-01 16:23:06 +00:00
|
|
|
|
Wireshark 4.4.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark is the world’s most popular network protocol analyzer. It is
|
|
|
|
|
used for troubleshooting, analysis, development and education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
What’s New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2023-10-01 16:23:06 +00:00
|
|
|
|
Improved display filter support for value strings (optional string
|
|
|
|
|
representations for numeric fields).
|
2022-11-27 16:47:44 +00:00
|
|
|
|
|
2023-10-29 16:26:06 +00:00
|
|
|
|
Display filter functions can be implemented as runtime-loadable C
|
|
|
|
|
plugins.
|
|
|
|
|
|
2023-12-04 20:39:59 +00:00
|
|
|
|
Plugin registration API was refactored. Plugin authors must update
|
|
|
|
|
their plugins as described below.
|
|
|
|
|
|
2023-11-12 16:25:42 +00:00
|
|
|
|
Many other improvements have been made. See the “New and Updated
|
|
|
|
|
Features” section below for more details.
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
New and Updated Features
|
2018-03-15 20:46:30 +00:00
|
|
|
|
|
2023-09-17 16:23:39 +00:00
|
|
|
|
The following features are new (or have been significantly updated)
|
2023-10-01 16:23:06 +00:00
|
|
|
|
since version 4.2.0:
|
2023-07-30 19:52:02 +00:00
|
|
|
|
|
2023-10-01 16:23:06 +00:00
|
|
|
|
• Display filter syntax-related enhancements:
|
2023-05-14 16:46:02 +00:00
|
|
|
|
|
2023-10-01 16:23:06 +00:00
|
|
|
|
• Better handling of comparisons with value strings. Now the
|
|
|
|
|
display filter engine can correctly handle cases where multiple
|
|
|
|
|
different numeric values map to the same value string, including
|
|
|
|
|
but not limited to range-type value strings.
|
2023-06-04 16:23:40 +00:00
|
|
|
|
|
2023-10-01 16:23:06 +00:00
|
|
|
|
• Fields with value strings now support regular expression
|
|
|
|
|
matching.
|
2023-09-17 16:23:39 +00:00
|
|
|
|
|
2023-10-22 16:24:58 +00:00
|
|
|
|
• Date and time values now support arithmetic, with some
|
|
|
|
|
restrictions: the multiplier/divisor must be an integer or float
|
|
|
|
|
and appear on the right-hand side of the operator.
|
2023-10-15 16:24:27 +00:00
|
|
|
|
|
2023-10-29 16:26:06 +00:00
|
|
|
|
• The keyword "bitand" can be used as an alternative syntax for
|
|
|
|
|
the bitwise-and operator.
|
|
|
|
|
|
|
|
|
|
• Functions alone can now be used as an entire logical
|
|
|
|
|
expression. The result of the expression is the truthiness of the
|
|
|
|
|
function return value (or of all values if more than one). This
|
|
|
|
|
is useful for example to write "len(something)" instead of
|
|
|
|
|
"len(something) != 0". Even more so if a function returns itself
|
|
|
|
|
a boolean value, it is now possible to write
|
|
|
|
|
"bool_test(some.field)" instead of having to write
|
|
|
|
|
"bool_test(some.field) == True" (both forms are now valid).
|
|
|
|
|
|
2023-11-05 16:25:04 +00:00
|
|
|
|
• Display filter references can be written without curly braces.
|
|
|
|
|
It is now possible to write `$frame.number` instead of
|
|
|
|
|
`${frame.number}` for example.
|
|
|
|
|
|
|
|
|
|
• Added new display filter functions to test various IP address
|
|
|
|
|
properties. Check the wireshark-filter(5) manpage for more
|
|
|
|
|
information.
|
|
|
|
|
|
2023-11-12 16:25:42 +00:00
|
|
|
|
• Display filter macros can be written using a function-like
|
|
|
|
|
notation. The macro `${mymacro:arg1; …; argN}` can be written
|
|
|
|
|
$mymacro(arg1, …, argN)`.
|
|
|
|
|
|
|
|
|
|
• Display filter functions can be implemented as libwireshark
|
|
|
|
|
plugins. Plugins are loaded during startup from the usual binary
|
|
|
|
|
plugin configuration directories. See the `ipaddr.c` source file
|
|
|
|
|
in the distribution for an example of a display filter C plugin
|
|
|
|
|
and the doc/plugins.example folder for generic instructions how
|
|
|
|
|
to build a plugin.
|
|
|
|
|
|
2023-10-29 16:26:06 +00:00
|
|
|
|
• Display filter autocompletions now also include display filter
|
|
|
|
|
functions.
|
|
|
|
|
|
2023-11-12 16:25:42 +00:00
|
|
|
|
• The display filter macro configuration file has changed format.
|
|
|
|
|
It now uses the same format as the "dfilters" file and has been
|
|
|
|
|
renamed accordingly to "dmacros". Internally it no longer uses
|
|
|
|
|
the UAT API and the display filter macro GUI dialog has been
|
|
|
|
|
updated. There is some basic migration logic implemented but it
|
|
|
|
|
is advisable to check that the "dfilter_macros" (old) and
|
|
|
|
|
"dmacros" (new) files in the profile directory are consistent.
|
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
• When selecting "Manage Interfaces" from "Capture Options",
|
|
|
|
|
Wireshark only attempts to reconnect to rpcap (remote) hosts that
|
|
|
|
|
were connected to in the last session, instead of every remote
|
|
|
|
|
host that the current profile has ever connected to. Issue
|
|
|
|
|
17484[1]
|
|
|
|
|
|
|
|
|
|
• Adding interfaces at startup is about twice as fast, and has many
|
|
|
|
|
fewer UAC pop-ups when npcap is installed with access restricted
|
|
|
|
|
to Administrators on Windows
|
|
|
|
|
|
2023-12-04 20:39:59 +00:00
|
|
|
|
• The Resolved Addresses dialog only shows what addresses and ports
|
|
|
|
|
are present in the file (not including information from static
|
|
|
|
|
files), and selected rows or the entire table can be saved or
|
|
|
|
|
copied to the clipboard in several formats.
|
|
|
|
|
|
2023-12-10 16:24:43 +00:00
|
|
|
|
• New "Tools › Install Plugin" option provides a convenient method
|
|
|
|
|
to install a binary plugin to the personal folder.
|
|
|
|
|
|
|
|
|
|
• The personal binary plugins folder now has higher priority than
|
|
|
|
|
the global folder.
|
|
|
|
|
|
2023-12-17 16:25:51 +00:00
|
|
|
|
• The binary plugins folder path no longer uses an X.Y version
|
|
|
|
|
component. Plugins are required to add the ABI version to the
|
|
|
|
|
file name.
|
|
|
|
|
|
2023-12-24 16:25:52 +00:00
|
|
|
|
Removed Features and Support
|
|
|
|
|
|
|
|
|
|
• The tshark `-G` option with no argument is deprecated and will be
|
|
|
|
|
removed in a future version. Use `tshark -G fields` to produce
|
|
|
|
|
the same report.
|
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
New Protocol Support
|
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
EGNOS Message Server (EMS) file format, MAC NR Framed
|
|
|
|
|
(mac-nr-framed), RF4CE Network Layer (RF4CE), and RF4CE Profile
|
|
|
|
|
(RF4CE Profile)
|
2023-10-29 16:26:06 +00:00
|
|
|
|
|
2009-09-14 23:31:02 +00:00
|
|
|
|
Updated Protocol Support
|
|
|
|
|
|
2023-10-29 16:26:06 +00:00
|
|
|
|
• IPv6: The "show address detail" preference is now enabled by
|
|
|
|
|
default. The address details provided have been extended to
|
|
|
|
|
include more special purpose address block properties
|
|
|
|
|
(forwardable, globally-routable, etc).
|
|
|
|
|
|
|
|
|
|
Too many other protocol updates have been made to list them all here.
|
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
EGNOS Messager Server (EMS) files
|
|
|
|
|
|
2023-10-29 16:26:06 +00:00
|
|
|
|
Major API Changes
|
|
|
|
|
|
2023-12-04 20:39:59 +00:00
|
|
|
|
• Plugin registration API was refactored. Plugin authors must do
|
2023-12-10 16:24:43 +00:00
|
|
|
|
the following: 1 - Remove the existing boilerplate (version,
|
2023-12-04 20:39:59 +00:00
|
|
|
|
want_major` and `want_minor` and plugin API declarations. 2 - Add
|
|
|
|
|
a struct ws_module to the plugin. 3 - Call one of the
|
|
|
|
|
WIRESHARK_PLUGIN_REGISTER_* macros. See README.plugins sections 5
|
|
|
|
|
and doc/plugins.example/hello.c for details and examples.
|
2023-08-25 17:09:01 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Wireshark source code and installation packages are available from
|
2019-12-15 08:20:34 +00:00
|
|
|
|
https://www.wireshark.org/download.html.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages. You
|
|
|
|
|
can usually install or upgrade Wireshark using the package management
|
|
|
|
|
system specific to that platform. A list of third-party packages can
|
2023-11-26 16:24:33 +00:00
|
|
|
|
be found on the download page[2] on the Wireshark web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
File Locations
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Wireshark and TShark look in several different locations for
|
2018-12-12 23:25:31 +00:00
|
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
2021-10-08 22:29:42 +00:00
|
|
|
|
locations vary from platform to platform. You can use "Help › About
|
|
|
|
|
Wireshark › Folders" or `tshark -G folders` to find the default
|
|
|
|
|
locations on your system.
|
2009-09-14 23:31:02 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
Getting Help
|
2013-11-01 09:55:26 +00:00
|
|
|
|
|
2018-12-12 23:25:31 +00:00
|
|
|
|
The User’s Guide, manual pages and various other documentation can be
|
2019-12-15 08:20:34 +00:00
|
|
|
|
found at https://www.wireshark.org/docs/
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
Community support is available on Wireshark’s Q&A site[3] and on the
|
2018-12-12 23:25:31 +00:00
|
|
|
|
wireshark-users mailing list. Subscription information and archives
|
2023-11-26 16:24:33 +00:00
|
|
|
|
for all of Wireshark’s mailing lists can be found on the web site[4].
|
2022-08-21 16:39:53 +00:00
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
Bugs and feature requests can be reported on the issue tracker[5].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2022-08-21 16:39:53 +00:00
|
|
|
|
You can learn protocol analysis and meet Wireshark’s developers at
|
2023-11-26 16:24:33 +00:00
|
|
|
|
SharkFest[6].
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2023-01-15 16:48:11 +00:00
|
|
|
|
How You Can Help
|
|
|
|
|
|
|
|
|
|
The Wireshark Foundation helps as many people as possible understand
|
|
|
|
|
their networks as much as possible. You can find out more and donate
|
2023-11-26 16:24:33 +00:00
|
|
|
|
at wiresharkfoundation.org[7].
|
2023-01-15 16:48:11 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
Frequently Asked Questions
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
A complete FAQ is available on the Wireshark web site[8].
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2018-03-15 20:46:30 +00:00
|
|
|
|
References
|
2013-03-28 17:48:31 +00:00
|
|
|
|
|
2023-11-26 16:24:33 +00:00
|
|
|
|
1. https://gitlab.com/wireshark/wireshark/-/issues/17484
|
|
|
|
|
2. https://www.wireshark.org/download.html
|
|
|
|
|
3. https://ask.wireshark.org/
|
|
|
|
|
4. https://www.wireshark.org/lists/
|
|
|
|
|
5. https://gitlab.com/wireshark/wireshark/-/issues
|
|
|
|
|
6. https://sharkfest.wireshark.org
|
|
|
|
|
7. https://wiresharkfoundation.org
|
|
|
|
|
8. https://www.wireshark.org/faq.html
|