173 lines
6.7 KiB
Plaintext
173 lines
6.7 KiB
Plaintext
Wireshark 3.5.0 Release Notes
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 3.6.
|
||
|
||
What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
What’s New
|
||
|
||
Many improvements have been made. See the “New and Updated Features”
|
||
section below for more details.
|
||
|
||
New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 3.4.0:
|
||
|
||
• The Windows installers now ship with Npcap 1.50.
|
||
|
||
• TCP conversations now support a completeness criteria, which
|
||
facilitates the identification of TCP streams having any of
|
||
opening or closing handshakes, a payload, in any combination. It
|
||
is accessed with the new tcp.completeness filter.
|
||
|
||
• Protobuf fields that are not serialized on the wire (missing in
|
||
capture files) can now be displayed with default values by
|
||
setting the new 'add_default_value' preference. The default
|
||
values might be explicitly declared in 'proto2' files, or false
|
||
for bools, first value for enums, zero for numeric types.
|
||
|
||
• Wireshark now supports reading Event Tracing for Windows (ETW). A
|
||
new extcap named ETW reader is created that now can open an etl
|
||
file, convert all events in the file to DLT_ETW packets and write
|
||
to a specified FIFO destination. Also, a new packet_etw dissector
|
||
is created to dissect DLT_ETW packets so Wireshark can display
|
||
the DLT_ETW packet header, its message and packet_etw dissector
|
||
calls packet_mbim sub_dissector if its provider matches the MBIM
|
||
provider GUID.
|
||
|
||
• "Follow DCCP stream" feature to filter for and extract the
|
||
contents of DCCP streams.
|
||
|
||
• Wireshark now supports dissecting the rtp packet with OPUS
|
||
payload.
|
||
|
||
• Importing captures from text files is now also possible based on
|
||
regular expressions. By specifying a regex capturing a single
|
||
packet including capturing groups for relevant fields a textfile
|
||
can be converted to a libcap capture file. Supported data
|
||
encodings are plain-hexadecimal, -octal, -binary and base64. Also
|
||
the timestamp format now allows the second-fractions to be placed
|
||
anywhere in the timestamp and it will be stored with nanosecond
|
||
instead of microsecond precision.
|
||
|
||
• Display filter literal strings can now be specified using raw
|
||
string syntax, identical to raw strings in the Python programming
|
||
language. This is useful to avoid the complexity of using two
|
||
levels of character escapes with regular expressions.
|
||
|
||
• Significant RTP Player redesign and improvements (see Wireshark
|
||
User Documentation, Playing VoIP Calls[1] and RTP Player
|
||
Window[2])
|
||
|
||
• RTP Player can play many streams in row
|
||
|
||
• UI is more responsive
|
||
|
||
• RTP Player maintains playlist, other tools can add/remove streams
|
||
to it
|
||
|
||
• Every stream can be muted or routed to L/R channel for replay
|
||
|
||
• Save audio is moved from RTP Analysis to RTP Player. RTP Player
|
||
saves what was played. RTP Player can save in multichannel .au or
|
||
.wav.
|
||
|
||
• RTP Player added to menu Telephony>RTP>RTP Player
|
||
|
||
VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP
|
||
Flows) are non-modal, can stay opened on background
|
||
|
||
• Same tools are provided acros all dialogs (Prepare Filter,
|
||
Analyse, RTP Player …)
|
||
|
||
Follow stream is now able to follow SIP call by SIP.Call-ID
|
||
|
||
Follow stream YAML output format’s has been changed to add timestamps
|
||
and peers information (for more details see the user’s guide,
|
||
Following Protocol Streams[3])
|
||
|
||
IP fragments between public IPv4 addresses are now reassembled even
|
||
if they have different VLAN IDs. Reassembly of IP fragments where one
|
||
endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927)
|
||
IPv4 address continues to take the VLAN ID into account, as those
|
||
addresses can be reused. To revert to the previous behavior and not
|
||
reassemble fragments with different VLAN IDs, turn on the "Enable
|
||
stricter conversation tracking heuristics" top level protocol
|
||
preference.
|
||
|
||
tshark can now export TLS session keys with the
|
||
--export-tls-session-keys option.
|
||
|
||
New Protocol Support
|
||
|
||
Bluetooth Link Manager Protocol (BT LMP), Event Tracing for Windows
|
||
(ETW), Kerberos SPAKE, Linux psample protocol, Microsoft Task
|
||
Scheduler Service, O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus
|
||
Interactive Audio Codec (OPUS), PDU Transport Protocol, R09.x (R09),
|
||
Real-Time Publish-Subscribe Virtual Transport (RTPS-VT), Real-Time
|
||
Publish-Subscribe Wire Protocol (processed) (RTPS-PROC), Shared
|
||
Memory Communications (SMC), Signal PDU, SparkplugB, State
|
||
Synchronization Protocol (SSyncP), Tagged Image File Format (TIFF),
|
||
and TP-Link Smart Home Protocol
|
||
|
||
Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
New and Updated Capture File Support
|
||
|
||
Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You
|
||
can usually install or upgrade Wireshark using the package management
|
||
system specific to that platform. A list of third-party packages can
|
||
be found on the download page[4] on the Wireshark web site.
|
||
|
||
File Locations
|
||
|
||
Wireshark and TShark look in several different locations for
|
||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
||
locations vary from platform to platform. You can use About → Folders
|
||
to find the default locations on your system.
|
||
|
||
Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/
|
||
|
||
Community support is available on Wireshark’s Q&A site[5] and on the
|
||
wireshark-users mailing list. Subscription information and archives
|
||
for all of Wireshark’s mailing lists can be found on the web site[6].
|
||
|
||
Bugs and feature requests can be reported on the issue tracker[7].
|
||
|
||
Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the Wireshark web site[8].
|
||
|
||
Last updated 2021-07-04 09:05:29 UTC
|
||
|
||
References
|
||
|
||
1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
|
||
.html
|
||
2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
|
||
pPlayer
|
||
3. https://www.wireshark.org/docs/wsug_html_chunked//ChAdvFollowStrea
|
||
mSection.html
|
||
4. https://www.wireshark.org/download.html#thirdparty
|
||
5. https://ask.wireshark.org/
|
||
6. https://www.wireshark.org/lists/
|
||
7. https://gitlab.com/wireshark/wireshark/-/issues
|
||
8. https://www.wireshark.org/faq.html
|