= Wireshark wireshark-version:[] Release Notes // AsciiDoc quick reference: http://powerman.name/doc/asciidoc This is an experimental release intended to test new features for Wireshark 2.0. == What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. == What's New //=== Bug Fixes //The following bugs have been fixed: //* ws-buglink:5000[] //* ws-buglink:6000[Wireshark bug] //* cve-idlink:2014-2486[] //* Wireshark insists on calling you on your land line which is keeping you from abandoning it for cellular. (ws-buglink:0000[]) === New and Updated Features The following features are new (or have been significantly updated) since version 1.99.0: * Qt port: ** You can now show and hide toolbars and major widgets using the View menu. ** You can now set the time display format and precision. ** The byte view widget is much faster, particularly when selecting large reassembled packets. ** Hovering over a byte-view field causes the field to be highlighted and a description to be shown in the status bar. ** An Italian translation has been added. The following features are new (or have been significantly updated) since version 1.12.0: * The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k). * TShark now resets its state when changing files in ring-buffer mode. * Expert Info severities can now be configured. * Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet. * Qt port: ** The Qt UI is now the default (program name is wireshark). ** A Polish translation has been added. ** The Interfaces dialog has been added. ** The interface list is now updated when interfaces appear or disappear. ** The Conversations and Endpoints dialogs have been added. ** A Japanese translation has been added. ** It is now possible to manage remote capture interfaces. ** Windows: taskbar progress support has been added. ** Most toolbar actions are in place and work. ** More command line options are now supported //=== Removed Dissectors === New Protocol Support --sort-and-group-- Generic Network Virtualization Encapsulation (Geneve) IPMI Trace iSER OptoMMP corosync/totemnet corosync/totemsrp ceph GVSP Stateless Transport Tunneling CP ``Cooper'' 2179 S7 Communication KNXnetIP Dynamic Source Routing (RFC 4728) MCPE (Minecraft Pocket Edition) RakNet games library (LISP) TCP Control Message Android ADB Android Logcat text Couchbase AllJoyn Reliable Datagram Protocol --sort-and-group-- === Updated Protocol Support Too many protocols have been updated to list here. === New and Updated Capture File Support --sort-and-group-- Android Logcat text files Wireshark now supports nanosecond timestamp resolution in PCAP-NG files. Colasoft Capsa files --sort-and-group-- === Major API Changes The libwireshark API has undergone some major changes: * Many of the ep_ and se_ memory allocation routines have been removed. * The (long-since-broken) Python bindings support has been removed. If you want to write dissectors in something other than C, use Lua. == Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. === Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the https://www.wireshark.org/download.html#thirdparty[download page] on the Wireshark web site. == File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system. == Known Problems Dumpcap might not quit if Wireshark or TShark crashes. (ws-buglink:1419[]) The BER dissector might infinitely loop. (ws-buglink:1516[]) Capture filters aren't applied when capturing from named pipes. (ws-buglink:1814[]) Filtering tshark captures with read filters (-R) no longer works. (ws-buglink:2234[]) The 64-bit Windows installer does not support Kerberos decryption. (http://wiki.wireshark.org/Development/Win64[Win64 development page]) Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark no longer automatically decodes gzip data when following a TCP stream. Application crash when changing real-time option. (ws-buglink:4035[]) Hex pane display issue after startup. (ws-buglink:4056[]) Packet list rows are oversized. (ws-buglink:4357[]) Wireshark and TShark will display incorrect delta times in some cases. (ws-buglink:4985[]) The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (ws-buglink:9914[]) == Getting Help Community support is available on http://ask.wireshark.org/[Wireshark's Q&A site] and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on https://www.wireshark.org/lists/[the web site]. Official Wireshark training and certification are available from http://www.wiresharktraining.com/[Wireshark University]. == Frequently Asked Questions A complete FAQ is available on the https://www.wireshark.org/faq.html[Wireshark web site].