osmocom/wireshark
14
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity
wireshark/NEWS
Gerald Combs 5ee5f6fb40 [Automatic update for 2023-08-13] 
Update manuf, services enterprise numbers, translations, and other items.

services failed.
2023-08-13 16:23:17 +00:00

323 lines
13 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Wireshark 4.1.0 Release Notes
This is an experimental release intended to test new features for
Wireshark 4.2.
What is Wireshark?
Wireshark is the worlds most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
Whats New
A Windows installer for Arm64 has been added.
Windows installer file names now have the format
Wireshark-<version>-<architecture>.exe.
Wireshark is now better about generating valid UTF-8 output.
A new display filter feature for filtering raw bytes has been added.
Display filter autocomplete is smarter about not suggesting invalid
syntax.
"Tools Lua Scripts Launch with SSLKEYLOGFILE" can launch your web
browser with the SSLKEYLOGFILE environment variable set to the
appropriate value.
The personal extcap plugin folder location on Unix has been changed to
follow existing conventions for architecture-dependent files. The
extcap personal folder is now `$HOME/.local/lib/wireshark/extcap`.
Previously it was `$XDG_CONFIG_HOME/wireshark/extcap`.
The installation target no longer installs development headers by
default. That must be done explicitly using `cmake --install
<builddir> --component Development`.
The Wireshark installation is relocatable on Linux (and other ELF
platforms with support for relative RPATHs).
Support for building an NSIS Windows installer using the MinGW-w64
toolchain and MSYS2[1]. Read README.msys2 in the distribution for more
information.
When changing the dissector via the Decode As table for values that
have default dissectors registered, selecting "(none)" will select no
dissection (while still allowing heuristic dissectors to attempt to
dissect.) The previous behavior was to reset the dissector to the
default. To facilitate resetting the dissector, the default dissector
is now sorted at the top of the list of possible dissector options.
Packet list sorting has been updated: * When sorting packet list with
a filter applied, only the visible packets are sorted, which greatly
increases sorting speed. * The cache size for column text is limited
to a default of 10000 rows, which limits the maximum memory usage. The
maximum value can be changed in Preferences→Appearance→Layout * Due to
the above, columns that require packet dissection can only be sorted
if the number of visible rows is less than the cache size. If there
are more rows visible, a warning will appear. Columns that do not
require packet dissection (those that calculated directly from the
capture file frame headers, such as packet number, time, and frame
length) can be sorted with any number of visible rows. * Sorting can
be interrupted.
Many other improvements have been made. See the “New and Updated
Features” section below for more details.
Bug Fixes
The following bugs have been fixed:
• Issue 18413[2] - RTP player do not play audio frequently on Win32
builds with Qt6
• Issue 18510[3] - Playback marker do not move after unpause with
Qt6
New and Updated Features
The following features are new (or have been significantly updated)
since version 4.0.0:
• The Windows installers now ship with Qt 6.5.2. They previously
shipped with Qt 6.2.3.
• The API has been updated to ensure that the dissection engine
produces valid UTF-8 strings.
• Wireshark now builds with Qt6 by default. To use Qt5 instead pass
USE_qt6=OFF to CMake.
• ciscodump support Cisco IOS XE 17.x
• The default interval between GUI updates when capturing has been
decreased from 500ms to 100ms, and is now configurable.
• The -n option also now disables IP address geolocation
information lookup in configured MaxMind databases (and
geolocation lookup can be enabled with -Ng.) This is most
relevant for tshark, where geolocation lookups are synchronous.
• Implement built-in dissector for FiRa UWB Controller Interface
(UCI) protocol. Recognizes PCAP traces with the link type
LINKTYPE_FIRA_UCI=299.
• The reassemble_streaming_data_and_call_subdissector() API has
been added to provide a simpler way to reassemble the streaming
data of a high level protocol that is not on top of TCP.
• The display filter drop-down list is now sorted by "most recently
used" instead of "most recently created".
• Display filter syntax-related changes:
• It is now possible to filter on raw packet data for any field
by using the syntax `@some.field == <bytes…>`. This can be
useful to filter on malformed UTF-8 strings, among other use
cases where it is necessary to look at the fields raw data.
• Negation (unary minus) now works with any display filter
arithmetic expression.
• Using the slice operator with strings produces a string.
Previously it would produce a byte array. This is useful to
index/slice UTF-8 multibyte strings. String byte slices can still
be obtained using the "@" (raw operator) prefix.
• Arithmetic expressions are allowed as set elements.
• Absolute date and time values can be written as Unix time.
• The limitation where a minus sign needed to be preceded by a
space character has been removed.
• Added XOR logical operator.
• Fixed the implementation of `all …​ in` membership operator
(#19188[4]).
• The deprecated ~≃ operator symbol has been removed. It was
replaced by !== in version 4.0.
• Running the test suite requires the pytest[5] Python module. The
emulation layer that allowed running tests without pytest
installed has been removed.
• When saving files or exporting packets after changing their time
with the "Time Shift" dialog, the shifted time is written to the
new file.
• TLS secrets used in decrypting packets can be embedded (or
discarded) from the capture file via the GUI, similar to the
options --inject-secrets and --discard-all-secrets in editcap.
• The text of any configured column (displayed or hidden) can be
filtered anywhere that filters are used - in display filters,
filters in taps, coloring rules, Wireshark read filters, and the
-Y, -R, and -e options to tshark, the "Apply as Filter" GUI
option, etc.
• The filter field names are prefixed by "ws.col", followed by a
lowercase version of the COL name found in epan/column-utils.h,
e.g. "_ws.col.info" or "_ws.col.protocol"
• Using the column names as a filter is slower than other filter
types because the columns must be constructed, so when the same
filtering can be achieved via other fields, prefer that.
• The external name resolution text files "manuf", "enterprises"
and "services" have been removed and replaced with static binary
data. You can dump the respective internal data using `tshark -G
manuf|enterprises|services`.
• New GUI dialog (under Tools menu) to lookup a MAC address in the
IEEE OUI registry.
• The Windows build has a new SpeexDSP external dependency
(https://www.speex.org). The speex code that was previously
bundled has been removed.
Removed Features and Support
• With the addition of the universal and consistent filtering
support for column text, the previous support in the -e option to
tshark for displaying column text via the column title, e.g.
"_ws.col.Info", has been removed. The previous implementation
allowed names that are not legal filter names and Issue 16576[6]
New Protocol Support
ASAM Capture Module Protocol (CMP), DECT DLC protocol layer
(DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary
Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier
Resolution Protocol (DO-IRP), FiRa UWB Controller Interface (UCI),
FiveCos Register Access Protocol (5CoRAP), GPS L1 C/A LNAV
navigation messages, High Speed Fahrzeugzugang (HSFZ), ID3v2, Low
Level Signalling (ATSC3 LLS), Management Component Transport Protocol
(MCTP), Management Component Transport Protocol - Control Protocol
(MCTP CP), Matter home automation protocol, Non-volatile Memory
Express - Management Interface (NVMe-MI) over MCTP, SAP Enqueue
Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network
Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message
Server (SAPMS), SAP Network Interface (SAPNI), SAP Router
(SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation
Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), Train Real-Time
Data Protocol (TRDP), UBX protocol of u-blox GNSS receivers (UBX),
UDP Tracker Protocol for BitTorrent (BT-Tracker), Video Protocol 9
(VP9), Windows Delivery Optimization (MS-DO), and Zabbix Protocol
(Zabbix)
Updated Protocol Support
• The JSON dissector now has a preference to enable/disable
"unescaping" of string values. By default it is off. Previously
it was always on.
• The JSON dissector now supports "Display JSON in raw form".
• The IPv6 dissector has a new preference to show some semantic
details about addresses (default off).
• The IPv6 dissector now supports dissecting Application-aware IPv6
Networking (APN6) option[7] in the Hop-by-Hop Options Header
(HBH) and Destination Options Header (DOH). This feature supports
to dissect all three types of APN ID, which are 32-bit, 64-bit
and 128-bit in length.
• The XML dissector now supports display character according to the
"encoding" attribute of the XML declaration, and has a new
preference to set default character encoding for some XML
document without "encoding" attribute.
• The SIP dissector now has a new preference to set default charset
for displaying the body of SIP messages in raw text view.
• The HTTP dissector now supports dissecting chunked data in
streaming reassembly mode. Subdissectors of HTTP can register
itself in "streaming_content_type" subdissector table for
enabling streaming reassembly mode while transferring in chunked
encoding. This feature ensures the server stream messages of
GRPC-Web over HTTP/1.1 can be dissected even if the last chunk is
absent.
• The media type dissector table now properly treats media types
and subtypes as case-insensitive automatically, per RFC 6838.
Media types no longer need to be lower cased before registering
or looking up in the table.
• The CFM dissector has been overhauled and updated to the level of
IEEE std 802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This
includes dissection of additional PDU types and TLVs as well as
deeper dissection of existing PDUs and TLVs.
Too many other protocols have been updated to list them all here.
New and Updated Capture File Support
New and Updated Codec support
Adaptive Multi-Rate (AMR), if compiled with opencore-amr[8]
Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[9] on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use "Help About
Wireshark Folders" or `tshark -G folders` to find the default
locations on your system.
Getting Help
The Users Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/
Community support is available on Wiresharks Q&A site[10] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wiresharks mailing lists can be found on the web site[11].
Bugs and feature requests can be reported on the issue tracker[12].
You can learn protocol analysis and meet Wiresharks developers at
SharkFest[13].
How You Can Help
The Wireshark Foundation helps as many people as possible understand
their networks as much as possible. You can find out more and donate
at wiresharkfoundation.org[14].
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site[15].
References
1. https://www.msys2.org/
2. https://gitlab.com/wireshark/wireshark/-/issues/18413
3. https://gitlab.com/wireshark/wireshark/-/issues/18510
4. https://gitlab.com/wireshark/wireshark/-/issues/19188
5. https://pypi.org/project/pytest/
6. https://gitlab.com/wireshark/wireshark/-/issues/16576
7. https://www.ipv6plus.net/Phase3/apn6/
8. https://sourceforge.net/projects/opencore-amr/
9. https://www.wireshark.org/download.html
10. https://ask.wireshark.org/
11. https://www.wireshark.org/lists/
12. https://gitlab.com/wireshark/wireshark/-/issues
13. https://sharkfest.wireshark.org
14. https://wiresharkfoundation.org
15. https://www.wireshark.org/faq.html
Reference in a new issue View git blame Copy permalink