136 lines
4.9 KiB
Plaintext
136 lines
4.9 KiB
Plaintext
Wireshark 3.7.0 Release Notes
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 3.6.
|
||
|
||
What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
What’s New
|
||
|
||
• The PCRE2 library (https://www.pcre.org/) is now a required
|
||
dependency to build Wireshark.
|
||
|
||
• A compiler with C11 support is required.
|
||
|
||
Many improvements have been made. See the “New and Updated Features”
|
||
section below for more details.
|
||
|
||
New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 3.6.0:
|
||
|
||
• The Windows installers now ship with Npcap 1.60. They previously
|
||
shipped with Npcap 1.55.
|
||
|
||
• Display filter syntax:
|
||
|
||
• Set elements must be separated using a comma, e.g: {1, 2,
|
||
"foo"}. Using only whitespace as separator was deprecated in 3.6
|
||
and is now a syntax error.
|
||
|
||
• Adds support for some additional character escape sequences in
|
||
double quoted strings. Besides octal and hex byte specification
|
||
the following C escape sequences are now supported with the same
|
||
meaning: \a, \b, \f, \n, \r, \t, \v. Previously they were only
|
||
supported with character constants.
|
||
|
||
• Unrecognized escape sequences are now treated as a syntax
|
||
error. Previously they were treated as a literal character. In
|
||
addition to the sequences indicated above, backslash, single
|
||
quotation and double quotation mark are also valid sequences: \\,
|
||
\', \".
|
||
|
||
• The display filter engine now uses PCRE2 instead of GRegex
|
||
(GLib bindings to the older end-of-life PCRE library). PCRE2 is
|
||
compatible with PCRE so the user-visible changes should be
|
||
minimal. Some exotic patterns may now be invalid and require
|
||
rewriting.
|
||
|
||
• Adds a new strict equality operator "===" or "all_eq". The
|
||
expression "a === b" is true if and only if all a’s are equal to
|
||
b. The negation of "===" can now be written as "!==" (any_ne), in
|
||
adittion to "~=" (introduced in Wireshark 3.6.0).
|
||
|
||
• Adds the aliases "any_eq" for "==" and "all_ne" for "!=".
|
||
|
||
• HTTP2 dissector now supports using fake headers to parse the
|
||
DATAs of streams captured without first HEADERS frames of a
|
||
long-lived stream (like gRPC streaming call which allows sending
|
||
many request or response messages in one HTTP2 stream). User can
|
||
specify fake headers according to the server port, stream id and
|
||
direction of the long-lived stream that we start capturing
|
||
packets after it is established.
|
||
|
||
• Mesh Connex (MCX) support in existing 802.11 packets.
|
||
|
||
• Capture Options dialog contains same configuration icon as
|
||
Welcome Screen. It is possible to configure interface there.
|
||
|
||
New File Format Decoding Support
|
||
|
||
New Protocol Support
|
||
|
||
FiveCo’s Legacy Register Access Protocol (5co-legacy), Host IP
|
||
Configuration Protocol (HICP), Mesh Connex (MCX), and Secure Host IP
|
||
Configuration Protocol (SHICP)
|
||
|
||
Updated Protocol Support
|
||
|
||
Too many protocols have been updated to list here.
|
||
|
||
New and Updated Capture File Support
|
||
|
||
Major API Changes
|
||
|
||
• proto.h: The field display types "STR_ASCII" and "STR_UNICODE"
|
||
were removed. Use "BASE_NONE" instead.
|
||
|
||
Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You
|
||
can usually install or upgrade Wireshark using the package management
|
||
system specific to that platform. A list of third-party packages can
|
||
be found on the download page[1] on the Wireshark web site.
|
||
|
||
File Locations
|
||
|
||
Wireshark and TShark look in several different locations for
|
||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
||
locations vary from platform to platform. You can use "Help › About
|
||
Wireshark › Folders" or `tshark -G folders` to find the default
|
||
locations on your system.
|
||
|
||
Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/
|
||
|
||
Community support is available on Wireshark’s Q&A site[2] and on the
|
||
wireshark-users mailing list. Subscription information and archives
|
||
for all of Wireshark’s mailing lists can be found on the web site[3].
|
||
|
||
Bugs and feature requests can be reported on the issue tracker[4].
|
||
|
||
Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the Wireshark web site[5].
|
||
|
||
Last updated 2021-12-26 16:06:41 UTC
|
||
|
||
References
|
||
|
||
1. https://www.wireshark.org/download.html
|
||
2. https://ask.wireshark.org/
|
||
3. https://www.wireshark.org/lists/
|
||
4. https://gitlab.com/wireshark/wireshark/-/issues
|
||
5. https://www.wireshark.org/faq.html
|