171 lines
5.7 KiB
Plaintext
171 lines
5.7 KiB
Plaintext
include::attributes.asciidoc[]
|
||
:stylesheet: ws.css
|
||
:linkcss:
|
||
|
||
= Wireshark {wireshark-version} Release Notes
|
||
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc
|
||
// Asciidoctor Syntax Quick Reference:
|
||
// http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 3.0.
|
||
|
||
== What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
== What’s New
|
||
|
||
Many user interface improvements have been made. See the “New and Updated
|
||
Features” section below for more details.
|
||
|
||
=== Bug Fixes
|
||
|
||
The following bugs have been fixed:
|
||
|
||
//* wsbuglink:5000[]
|
||
//* wsbuglink:6000[Wireshark bug]
|
||
//* cveidlink:2014-2486[]
|
||
//* Wireshark slowly leaked water under the kitchen sink over the course of several months, causing a big mess.
|
||
|
||
//_Non-empty section placeholder._
|
||
|
||
Dumpcap might not quit if Wireshark or TShark crashes.
|
||
(wsbuglink:1419[])
|
||
|
||
=== New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.6.0:
|
||
|
||
* TShark now supports the `-G elastic-mapping` option which generates an ElasticSearch mapping file.
|
||
* The “Capture Information” dialog has been added back (wsbuglink:12004[]).
|
||
* The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
|
||
* The TCP dissector gained a new “Reassemble out-of-order segments” preference
|
||
to fix dissection and decryption issues in case TCP segments are received
|
||
out-of-order. See the User’s Guide, chapter _TCP Reassembly_ for details.
|
||
* Decryption support for the new WireGuard dissector (wsbuglink:15011[], requires Libgcrypt 1.8).
|
||
* The BOOTP dissector has been renamed to DHCP. With the exception of
|
||
“bootp.dhcp”, the old “bootp.*” display filter fields are still supported
|
||
but may be removed in a future release.
|
||
* The SSL dissector has been renamed to TLS. As with BOOTP the old
|
||
“ssl.*” display filter fields are supported but may be removed in a
|
||
future release.
|
||
* Coloring rules, IO graphs, Filter Buttons and protocol preference tables
|
||
can now be copied from other profiles using a button in the corresponding
|
||
configuration dialogs.
|
||
|
||
=== Removed Features and Support
|
||
|
||
* The legacy (GTK+) user interface has been removed and is no longer supported.
|
||
* Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
|
||
* Wireshark requires GLib 2.32 or later.
|
||
* Building Wireshark requires CMake. Autotools is no longer supported.
|
||
* The tshark -z compare option was removed.
|
||
|
||
//=== Removed Dissectors
|
||
|
||
//=== New File Format Decoding Support
|
||
|
||
=== New Protocol Support
|
||
|
||
// Add one protocol per line between the -- delimiters.
|
||
[commaize]
|
||
--
|
||
Cisco Meraki Discovery Protocol (MDP)
|
||
DoIP (ISO 13400-2 Diagnostic communication over Internet Protocol)
|
||
DXL protocol
|
||
E1AP (5G) protocol
|
||
EVS (3GPP TS 26.445 A.2 EVS RTP)
|
||
Exablaze trailers
|
||
GLOW Lawo Emberplus Data format
|
||
GSM-R protocol (User-to-User Information Element usage)
|
||
GSUP (Osmocom Generic Subscriber Update Protocol)
|
||
MsgPack protocol
|
||
NGAP (5G) protocol
|
||
NR (5G) PDCP protocol
|
||
PKCS#10 (RFC2986 Certification Request Syntax)
|
||
PROXY (v2) protocol
|
||
Ruby Distributed protocol
|
||
Ruby Marshal format
|
||
S101 Lawo Emberplus transport frame
|
||
STCSIG (Spirent Test Center Signature decoding for Ethernet and FibreChannel, disabled by default)
|
||
systemd Journal Export
|
||
TPM 2.0 protocol
|
||
Ubiquiti Discovery Protocol (UBDP)
|
||
XnAP (5G) protocol
|
||
WireGuard protocol
|
||
--
|
||
|
||
=== Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
=== New and Updated Capture File Support
|
||
|
||
//_Non-empty section placeholder._
|
||
// Add one file type per line between the --sort-and-group-- delimiters.
|
||
[commaize]
|
||
--
|
||
RFC 7468 (PEM)
|
||
Ruby marshal object files
|
||
systemd Journal Export
|
||
Unigraf DPA-400 DisplayPort AUX channel monitor
|
||
--
|
||
|
||
=== New and Updated Capture Interfaces support
|
||
|
||
//_Non-empty section placeholder._
|
||
|
||
dpauxmon, an external capture interface (extcap) that captures
|
||
DisplayPort AUX channel data from linux kernel drivers.
|
||
|
||
sdjournal, an extcap that captures systemd journal entries.
|
||
|
||
=== Major API Changes
|
||
|
||
* Lua: the various logging functions (debug, info, message, warn and critical)
|
||
have been removed. Use the print function instead for debugging purposes.
|
||
|
||
== Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
=== Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You can
|
||
usually install or upgrade Wireshark using the package management system
|
||
specific to that platform. A list of third-party packages can be found
|
||
on the https://www.wireshark.org/download.html#thirdparty[download page]
|
||
on the Wireshark web site.
|
||
|
||
== File Locations
|
||
|
||
Wireshark and TShark look in several different locations for preference
|
||
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
||
from platform to platform. You can use About→Folders to find the default
|
||
locations on your system.
|
||
|
||
== Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/
|
||
|
||
Community support is available on https://ask.wireshark.org/[Wireshark’s
|
||
Q&A site] and on the wireshark-users mailing list. Subscription
|
||
information and archives for all of Wireshark’s mailing lists can be
|
||
found on https://www.wireshark.org/lists/[the web site].
|
||
|
||
Bugs and feature requests can be reported on
|
||
https://bugs.wireshark.org/[the bug tracker].
|
||
|
||
Official Wireshark training and certification are available from
|
||
http://www.wiresharktraining.com/[Wireshark University].
|
||
|
||
== Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the
|
||
https://www.wireshark.org/faq.html[Wireshark web site].
|