wireshark/docbook/release-notes.asciidoc

include::attributes.asciidoc[]

= Wireshark {wireshark-version} Release Notes
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc

This is a semi-experimental release intended to test new features for
Wireshark 2.6.

== What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

== What's New

Many user interface improvements have been made. See the New and Updated
Features section below for more details.

//=== Bug Fixes

//The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2014-2486[]
//* Wireshark convinced you to switch seats on the plane while neglecting to tell you that its seat was noticeably moist.

//_Non-empty section placeholder._

=== New and Updated Features

The following features are new (or have been significantly updated)
since version 2.4.0:
* Display filter buttons can now be edited, disabled, and removed via a context
  menu directly from the toolbar
* Drag & Drop filter fields to the display filter toolbar or edit to create
  a button on the fly or apply the filter as a display filter.
* Application startup time has been reduced.
* Some keyboard shortcut mix-ups have been resolved by assigning new shortcuts
  to Edit -> Copy methods.
* TShark now supports color using the --color option.
* The "matches" display filter operator is now case-insensitive.
* Display expression (button) preferences have been converted to a UAT.
  This puts the display expressions in their own file.  Wireshark still
  supports preference files that contain the old preferences, but new
  preference files will be written without the old fields.
* SMI private enterprise numbers are now read from the "enterprises.tsv" configuration file.
* The QUIC dissector has been renamed to G(oogle) QUIC (quic => gquic).
* The selected packet number can now be shown in the Status Bar by enabling
  Preferences -> Appearance -> Layout -> Show selected packet number.
* File load time in the Status Bar is now disabled by default and can be enabled in
  Preferences -> Appearance -> Layout -> Show file load time.
* Support for the G.729 codec in the RTP Player is now supported via the bcg729 library.
* Support for hardware-timestamping of packets has been added.
* Improved NetMon .cap support with comments, event tracing, network filter,
  network info types and some Message Analyzer exported types.
* The personal plugins folder on Linux/Unix is now ~/.local/lib/wireshark/plugins.
* TShark can print flow graphs using -z flow...
* Capinfos now prints SHA256 hashes in addition to RIPEMD160 and SHA1. MD5 output
  has been removed.
* The packet editor has been removed (GTK only experimental feature).
* Support BBC micro:bit Bluetooth profile
* The Linux and UNIX installation step for Wireshark will now install
  headers required to build plugins. A pkg-config file is provided to
  help with this (see doc/plugins.example for details). Note you must
  still rebuild all plugins between minor releases (X.Y).

//=== Removed Dissectors

//=== New File Format Decoding Support

=== New Protocol Support

// Add one protocol per line between the --sort-and-group-- delimiters.
--sort-and-group--
ActiveMQ Artemis Core Protocol
AMT (Automatic Multicast Tunneling)
Bluetooth Mesh
Broadcom tags (Broadcom Ethernet switch management frames)
FP Mux
GRPC (gRPC)
IEEE 1905.1a
IEEE 802.3br Frame Preemption Protocol
ISOBUS
LoRaTap
LoRaWAN
Lustre Network
Lustre Filesystem
Network Functional Application Platform Interface (NFAPI) Protocol
NXP 802.15.4 Sniffer Protocol
PFCP (Packet Forwarding Control Protocol)
Protobuf (Protocol Buffers)
QUIC (IETF)
SolarEdge monitoring protocol
Tibia
TWAMP and OWAMP
Wi-Fi Device Provisioning Protocol
--sort-and-group--

=== Updated Protocol Support

Too many protocols have been updated to list here.

=== New and Updated Capture File Support

//_Non-empty section placeholder._
// Add one file type per line between the --sort-and-group-- delimiters.
--sort-and-group--
Microsoft Network Monitor
--sort-and-group--

=== New and Updated Capture Interfaces support

//_Non-empty section placeholder._
--sort-and-group--
LoRaTap
--sort-and-group--

//=== Major API Changes

== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

Application crash when changing real-time option.
(ws-buglink:4035[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

Wireshark should let you work with multiple capture files. (ws-buglink:10488[])

== Getting Help

Community support is available on https://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on https://www.wireshark.org/lists/[the web site].

Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].