134 lines
4.7 KiB
Plaintext
134 lines
4.7 KiB
Plaintext
Wireshark 4.3.0 Release Notes
|
||
|
||
This is an experimental release intended to test new features for
|
||
Wireshark 4.4.
|
||
|
||
What is Wireshark?
|
||
|
||
Wireshark is the world’s most popular network protocol analyzer. It is
|
||
used for troubleshooting, analysis, development and education.
|
||
|
||
What’s New
|
||
|
||
Improved display filter support for value strings (optional string
|
||
representations for numeric fields).
|
||
|
||
Display filter functions can be implemented as runtime-loadable C
|
||
plugins.
|
||
|
||
New and Updated Features
|
||
|
||
The following features are new (or have been significantly updated)
|
||
since version 4.2.0:
|
||
|
||
• Display filter syntax-related enhancements:
|
||
|
||
• Better handling of comparisons with value strings. Now the
|
||
display filter engine can correctly handle cases where multiple
|
||
different numeric values map to the same value string, including
|
||
but not limited to range-type value strings.
|
||
|
||
• Fields with value strings now support regular expression
|
||
matching.
|
||
|
||
• Date and time values now support arithmetic, with some
|
||
restrictions: the multiplier/divisor must be an integer or float
|
||
and appear on the right-hand side of the operator.
|
||
|
||
• The keyword "bitand" can be used as an alternative syntax for
|
||
the bitwise-and operator.
|
||
|
||
• Functions alone can now be used as an entire logical
|
||
expression. The result of the expression is the truthiness of the
|
||
function return value (or of all values if more than one). This
|
||
is useful for example to write "len(something)" instead of
|
||
"len(something) != 0". Even more so if a function returns itself
|
||
a boolean value, it is now possible to write
|
||
"bool_test(some.field)" instead of having to write
|
||
"bool_test(some.field) == True" (both forms are now valid).
|
||
|
||
• Display filter references can be written without curly braces.
|
||
It is now possible to write `$frame.number` instead of
|
||
`${frame.number}` for example.
|
||
|
||
• Added new display filter functions to test various IP address
|
||
properties. Check the wireshark-filter(5) manpage for more
|
||
information.
|
||
|
||
• Display filter autocompletions now also include display filter
|
||
functions.
|
||
|
||
New Protocol Support
|
||
|
||
MAC NR Framed (mac-nr-framed), RF4CE Network Layer (RF4CE), and RF4CE
|
||
Profile (RF4CE Profile)
|
||
|
||
Updated Protocol Support
|
||
|
||
• IPv6: The "show address detail" preference is now enabled by
|
||
default. The address details provided have been extended to
|
||
include more special purpose address block properties
|
||
(forwardable, globally-routable, etc).
|
||
|
||
Too many other protocol updates have been made to list them all here.
|
||
|
||
Major API Changes
|
||
|
||
• Plugins should provide a `plugin_describe()` function that
|
||
returns an ORed list of flags consisting of the plugin types used
|
||
(declared in wsutil/plugins.h).
|
||
|
||
Getting Wireshark
|
||
|
||
Wireshark source code and installation packages are available from
|
||
https://www.wireshark.org/download.html.
|
||
|
||
Vendor-supplied Packages
|
||
|
||
Most Linux and Unix vendors supply their own Wireshark packages. You
|
||
can usually install or upgrade Wireshark using the package management
|
||
system specific to that platform. A list of third-party packages can
|
||
be found on the download page[1] on the Wireshark web site.
|
||
|
||
File Locations
|
||
|
||
Wireshark and TShark look in several different locations for
|
||
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
|
||
locations vary from platform to platform. You can use "Help › About
|
||
Wireshark › Folders" or `tshark -G folders` to find the default
|
||
locations on your system.
|
||
|
||
Getting Help
|
||
|
||
The User’s Guide, manual pages and various other documentation can be
|
||
found at https://www.wireshark.org/docs/
|
||
|
||
Community support is available on Wireshark’s Q&A site[2] and on the
|
||
wireshark-users mailing list. Subscription information and archives
|
||
for all of Wireshark’s mailing lists can be found on the web site[3].
|
||
|
||
Bugs and feature requests can be reported on the issue tracker[4].
|
||
|
||
You can learn protocol analysis and meet Wireshark’s developers at
|
||
SharkFest[5].
|
||
|
||
How You Can Help
|
||
|
||
The Wireshark Foundation helps as many people as possible understand
|
||
their networks as much as possible. You can find out more and donate
|
||
at wiresharkfoundation.org[6].
|
||
|
||
Frequently Asked Questions
|
||
|
||
A complete FAQ is available on the Wireshark web site[7].
|
||
|
||
References
|
||
|
||
1. https://www.wireshark.org/download.html
|
||
2. https://ask.wireshark.org/
|
||
3. https://www.wireshark.org/lists/
|
||
4. https://gitlab.com/wireshark/wireshark/-/issues
|
||
5. https://sharkfest.wireshark.org
|
||
6. https://wiresharkfoundation.org
|
||
7. https://www.wireshark.org/faq.html
|