207 lines
7.1 KiB
Plaintext
207 lines
7.1 KiB
Plaintext
include::attributes.asciidoc[]
|
||
:stylesheet: ws.css
|
||
:linkcss:
|
||
|
||
= Wireshark {wireshark-version} Release Notes
|
||
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc
|
||
// Asciidoctor Syntax Quick Reference:
|
||
// http://asciidoctor.org/docs/asciidoc-syntax-quick-reference/
|
||
|
||
This is a semi-experimental release intended to test new features for
|
||
Wireshark 2.6.
|
||
|
||
== What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
== What’s New
|
||
|
||
Wireshark 2.6 is the last release that will support the legacy (GTK+)
|
||
user interface. It will not be supported or available in Wireshark 3.0.
|
||
|
||
Many user interface improvements have been made. See the “New and Updated
|
||
Features” section below for more details.
|
||
|
||
//=== Bug Fixes
|
||
|
||
//The following bugs have been fixed:
|
||
|
||
//* ws_buglink:5000[]
|
||
//* ws_buglink:6000[Wireshark bug]
|
||
//* cve_idlink:2014-2486[]
|
||
//* Wireshark convinced you to switch seats on the plane while neglecting to tell you that its seat was noticeably moist.
|
||
|
||
//_Non-empty section placeholder._
|
||
|
||
=== New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.5.0:
|
||
|
||
* HTTP Referer statistics are now supported.
|
||
* Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite
|
||
Legacy databases has been removed.
|
||
* The Windows packages are now built using Microsoft Visual Studio 2017.
|
||
* The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 2.4.0:
|
||
|
||
* Display filter buttons can now be edited, disabled, and removed via a context
|
||
menu directly from the toolbar
|
||
* Drag & Drop filter fields to the display filter toolbar or edit to create
|
||
a button on the fly or apply the filter as a display filter.
|
||
* Application startup time has been reduced.
|
||
* Some keyboard shortcut mix-ups have been resolved by assigning new shortcuts
|
||
to Edit -> Copy methods.
|
||
* TShark now supports color using the --color option.
|
||
* The "matches" display filter operator is now case-insensitive.
|
||
* Display expression (button) preferences have been converted to a UAT.
|
||
This puts the display expressions in their own file. Wireshark still
|
||
supports preference files that contain the old preferences, but new
|
||
preference files will be written without the old fields.
|
||
* SMI private enterprise numbers are now read from the "enterprises.tsv" configuration file.
|
||
* The QUIC dissector has been renamed to **G**oogle QUIC (quic -> **g**quic).
|
||
* The selected packet number can now be shown in the Status Bar by enabling
|
||
Preferences -> Appearance -> Layout -> Show selected packet number.
|
||
* File load time in the Status Bar is now disabled by default and can be enabled in
|
||
Preferences -> Appearance -> Layout -> Show file load time.
|
||
* Support for the G.729A codec in the RTP Player is now added via the bcg729 library.
|
||
* Support for hardware-timestamping of packets has been added.
|
||
* Improved NetMon .cap support with comments, event tracing, network filter,
|
||
network info types and some Message Analyzer exported types.
|
||
* The personal plugins folder on Linux/Unix is now {tilde}/.local/lib/wireshark/plugins.
|
||
* TShark can print flow graphs using `-z flow…`
|
||
* Capinfos now prints SHA256 hashes in addition to RIPEMD160 and SHA1. MD5 output
|
||
has been removed.
|
||
* The packet editor has been removed. (This was a GTK+ only experimental feature.)
|
||
* Support BBC micro:bit Bluetooth profile
|
||
* The Linux and UNIX installation step for Wireshark will now install
|
||
headers required to build plugins. A pkg-config file is provided to
|
||
help with this (see doc/plugins.example for details). Note you must
|
||
still rebuild all plugins between minor releases (X.Y).
|
||
* The Windows installers and packages now ship with Qt 5.9.4.
|
||
* The generic data dissector can now uncompress zlib compressed data.
|
||
|
||
//=== Removed Dissectors
|
||
|
||
//=== New File Format Decoding Support
|
||
|
||
=== New Protocol Support
|
||
|
||
// Add one protocol per line between the -- delimiters.
|
||
[commaize]
|
||
--
|
||
ActiveMQ Artemis Core Protocol
|
||
AMT (Automatic Multicast Tunneling)
|
||
Bluetooth Mesh
|
||
Broadcom tags (Broadcom Ethernet switch management frames)
|
||
CVS password server
|
||
CAN-ETH
|
||
Excentis DOCSIS31 XRA header
|
||
FP Mux
|
||
GRPC (gRPC)
|
||
IEEE 802.3br Frame Preemption Protocol
|
||
IEEE 802.11ax (High Efficiency WLAN (HEW))
|
||
IEEE 802.15.9 IEEE Recommended Practice for Transport of Key Management Protocol (KMP) Datagrams
|
||
IEEE 1905.1a
|
||
ISOBUS
|
||
LoRaTap
|
||
LoRaWAN
|
||
Lustre Network
|
||
Lustre Filesystem
|
||
Network Functional Application Platform Interface (NFAPI) Protocol
|
||
New Radio Radio Resource Control protocol
|
||
NXP 802.15.4 Sniffer Protocol
|
||
PFCP (Packet Forwarding Control Protocol)
|
||
Protobuf (Protocol Buffers)
|
||
QUIC (IETF)
|
||
RFC 4108 Using CMS to Protect Firmware Packages
|
||
SolarEdge monitoring protocol
|
||
Session Multiplex Protocol
|
||
Steam In-Home Streaming Discovery Protocol
|
||
Tibia
|
||
TWAMP and OWAMP
|
||
Wi-Fi Device Provisioning Protocol
|
||
Wi-SUN FAN Protocol
|
||
--
|
||
|
||
=== Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
=== New and Updated Capture File Support
|
||
|
||
//_Non-empty section placeholder._
|
||
// Add one file type per line between the --sort-and-group-- delimiters.
|
||
[commaize]
|
||
Microsoft Network Monitor
|
||
|
||
=== New and Updated Capture Interfaces support
|
||
|
||
//_Non-empty section placeholder._
|
||
[commaize]
|
||
--
|
||
LoRaTap
|
||
--
|
||
|
||
//=== Major API Changes
|
||
|
||
== Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
=== Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You can
|
||
usually install or upgrade Wireshark using the package management system
|
||
specific to that platform. A list of third-party packages can be found
|
||
on the https://www.wireshark.org/download.html#thirdparty[download page]
|
||
on the Wireshark web site.
|
||
|
||
== File Locations
|
||
|
||
Wireshark and TShark look in several different locations for preference
|
||
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
||
from platform to platform. You can use About→Folders to find the default
|
||
locations on your system.
|
||
|
||
== Known Problems
|
||
|
||
Dumpcap might not quit if Wireshark or TShark crashes.
|
||
(ws_buglink:1419[])
|
||
|
||
The BER dissector might infinitely loop.
|
||
(ws_buglink:1516[])
|
||
|
||
Capture filters aren't applied when capturing from named pipes.
|
||
(ws_buglink:1814[])
|
||
|
||
Filtering tshark captures with read filters (-R) no longer works.
|
||
(ws_buglink:2234[])
|
||
|
||
Application crash when changing real-time option.
|
||
(ws_buglink:4035[])
|
||
|
||
Wireshark and TShark will display incorrect delta times in some cases.
|
||
(ws_buglink:4985[])
|
||
|
||
Wireshark should let you work with multiple capture files. (ws_buglink:10488[])
|
||
|
||
== Getting Help
|
||
|
||
Community support is available on https://ask.wireshark.org/[Wireshark’s
|
||
Q&A site] and on the wireshark-users mailing list. Subscription
|
||
information and archives for all of Wireshark’s mailing lists can be
|
||
found on https://www.wireshark.org/lists/[the web site].
|
||
|
||
Official Wireshark training and certification are available from
|
||
http://www.wiresharktraining.com/[Wireshark University].
|
||
|
||
== Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the
|
||
https://www.wireshark.org/faq.html[Wireshark web site].
|