= Wireshark wireshark-version:[] Release Notes This is an experimental release intended to test new features for the next stable release. == What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. == What's New === Bug Fixes The following bugs have been fixed: //* ws-buglink:5000[] //* ws-buglink:6000[Wireshark bug] //* cve-idlink:2014-2486[] //* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[]) * "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390) * "Follow TCP Stream" shows only the first HTTP req+res. (ws-buglink:9044[]) * Files with pcap-ng Simple Packet Blocks can't be read. (ws-buglink:9200[]) * MPLS-over-PPP isn't recognized. (ws-buglink:9492[]) === New and Updated Features The following features are new (or have been significantly updated) since version 1.11.3: * Transport name resolution is now disabled by default. * Support has been added for all versions of the DCBx protocol. * Cleanup of LLDP code, all dissected fields are now navigable. The following features are new (or have been significantly updated) since version 1.11.2: * Qt port: ** The About dialog has been added ** The Capture Interfaces dialog has been added. ** The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well. ** The Export PDU dialog has been added. ** Several SCTP dialogs have been added. ** The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added. ** The I/O Graph dialog has been added. ** French translation has updated. The following features are new (or have been significantly updated) since version 1.11.1: * Mac OS X packaging has been improved. The following features are new (or have been significantly updated) since version 1.11.0: * Dissector output may be encoded as UTF-8. This includes TShark output. * Qt port: ** The Follow Stream dialog now supports packet and TCP stream selection. ** A Flow Graph (sequence diagram) dialog has been added. ** The main window now respects geometry preferences. The following features are new (or have been significantly updated) since version 1.10: * Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows. * The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively. * Expert information is now filterable when the new API is in use. * The "Number" column shows related packets and protocol conversation spans (Qt only). * When manipulating packets with editcap using the -C and/or -s options, it is now possible to also adjust the original frame length using the -L option. * You can now pass the -C option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step. * You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end. * "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters. * The Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, changing a lot of filter names. //=== Removed Dissectors === New Protocol Support --sort-and-group-- Generic Network Virtualization Encapsulation (Geneve) --sort-and-group-- === Updated Protocol Support Too many protocols have been updated to list here. === New and Updated Capture File Support --sort-and-group-- --sort-and-group-- === Major API Changes The libwireshark API has undergone some major changes: == Getting Wireshark Wireshark source code and installation packages are available from http://www.wireshark.org/download.html. === Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the http://www.wireshark.org/download.html#thirdparty[download page] on the Wireshark web site. == File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system. == Known Problems Dumpcap might not quit if Wireshark or TShark crashes. (ws-buglink:1419[]) The BER dissector might infinitely loop. (ws-buglink:1516[]) Capture filters aren't applied when capturing from named pipes. (ws-buglink:1814) Filtering tshark captures with read filters (-R) no longer works. (ws-buglink:2234[]) The 64-bit Windows installer does not support Kerberos decryption. (https://wiki.wireshark.org/Development/Win64[Win64 development page]) Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark no longer automatically decodes gzip data when following a TCP stream. Application crash when changing real-time option. (ws-buglink:4035[]) Hex pane display issue after startup. (ws-buglink:4056[]) Packet list rows are oversized. (ws-buglink:4357[]) Summary pane selected frame highlighting not maintained. (ws-buglink:4445[]) Wireshark and TShark will display incorrect delta times in some cases. (ws-buglink:4985[]) The 64-bit Mac OS X installer doesn't support Mac OS X 10.9 (ws-buglink:9242[]) == Getting Help Community support is available on http://ask.wireshark.org/[Wireshark's Q&A site] and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on http://www.wireshark.org/lists/[the web site]. Official Wireshark training and certification are available from http://www.wiresharktraining.com/[Wireshark University]. == Frequently Asked Questions A complete FAQ is available on the http://www.wireshark.org/faq.html[Wireshark web site].