1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
= Wireshark wireshark-version:[] Release Notes
// AsciiDoc quick reference: http://powerman.name/doc/asciidoc
This is a semi-experimental release intended to test new features for Wireshark 2.2.
== What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
== What's New
//=== Bug Fixes
//The following bugs have been fixed:
//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2014-2486[]
//* Wireshark accepted your prom invitation then cancelled at the last minute. (ws-buglink:0000[])
_Non-empty section placeholder._
=== New and Updated Features
The following features are new (or have been significantly updated)
since version 2.0.0:
** You can now switch between between Capture and File Format dissection of
the current capture file via the View menu in the Qt GUI.
** You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw or UTF-8.
** You can now use regular expressions in Find Packet.
//=== Removed Dissectors
=== New File Format Decoding Support
Wireshark is able to display the format of some types of files (rather than
displaying the contents of those files). This is useful when you're curious
about, or debugging, a file and its format. To open a capture file (such as
PCAP) in this mode specify "MIME Files Format" as the file's format in the
Open File dialog.
New files that Wireshark can open in this mode include:
_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--
=== New Protocol Support
CISCO ERSPAN3 Marker
Nokia Intelligent Service Interface (ISI)
ISO14443
Extensible Control & Management Protocol (eCMP)
RTI TCP Transport Layer (RTITCP)
ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP)
Zigbee Protocol Clusters Dissectors Added (Closures, Lighting, General, Measurement & Sensing, HVAC, Security & Safety)
LAT protocol (DECNET)
Ericsson IPOS Kernel Packet Header Dissector Added (IPOS)
STANAG 5602 SIMPLE
UserLog Protocol
FLEXRAY Protocol dissector added (automotive bus)
USB3 Vision Protocol (USB machine vision cameras)
USBIP Protocol
Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV)
// Items in --sort-and-group-- blocks will be sorted and comma-separated.
--sort-and-group--
--sort-and-group--
=== Updated Protocol Support
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to
DecodeAs it over USB, TCP and UDP.
Too many protocols have been updated to list here.
=== New and Updated Capture File Support
_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--
=== New and Updated Capture Interfaces support
_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--
=== Major API Changes
The libwireshark API has undergone some major changes:
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
(lower case) functions of the same names instead.
* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.
* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.
== Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.
=== Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.
== File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.
== Known Problems
Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])
The BER dissector might infinitely loop.
(ws-buglink:1516[])
Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])
Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])
Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option.
(ws-buglink:4035[])
Hex pane display issue after startup.
(ws-buglink:4056[])
Packet list rows are oversized.
(ws-buglink:4357[])
Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])
The 64-bit version of Wireshark will leak memory on Windows when the display
depth is set to 16 bits (ws-buglink:9914[])
Wireshark should let you work with multiple capture files. (ws-buglink:10488[])
Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. (ws-buglink:12036[])
== Getting Help
Community support is available on https://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on https://www.wireshark.org/lists/[the web site].
Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].
== Frequently Asked Questions
A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].
|
