Table of Contents
- 1. What is Wireshark?
- 2. What’s New
- 3. Getting Wireshark
- 4. File Locations
- 5. Known Problems
- 6. Getting Help
- 7. Frequently Asked Questions
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
- Invalid coloring rules are now disabled instead of discarded. This will provide forward compatibility with a coloring rule change in Wireshark 2.2.
The following vulnerabilities have been fixed:
QNX6 QNET dissector crash. (Bug 11850)
H.225 dissector crash. (Bug 12700)
Catapult DCT2000 dissector crash. (Bug 12750)
UMTS FP dissector crash. (Bug 12751)
Catapult DCT2000 dissector crash. (Bug 12752)
IPMI trace dissector crash. (Bug 12782)
The following bugs have been fixed:
- Apply display filter when changing configuration profiles. (Bug 6130)
- Unrecognized text: CDATA in XML not parsed correctly. (Bug 11755)
- asn2wrs.py "Unexpected token" error. (Bug 12621)
- PMKID is incorrectly decoded under RSN Vendor specific IE in EAPOL packet 1. (Bug 12675)
- CIP dissector fails tvb initialization assertion. (Bug 12676)
- GTP: Decoding of NSAPI is broken in version 2.0.5. (Bug 12686)
- Small bug in Modbus (mbtcp.c/h) dissector exception information. (Bug 12693)
- Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
- ZGP encrypted differencce between packet details and bytes. (Bug 12728)
- Crash in ISAKMP dissector after modifying UAT with IKEv2 keys. (Bug 12748)
- Incorrect parsing of NLMv4 FREE_ALL request. (Bug 12764)
- Malformed Packet: CDP (forced entry aging). (Bug 12767)
- tshark -z io,stat does not count frame not correctly when applying an interval of 0. (Bug 12778)
- MODE SENSE 10 : Mode parameter header 10 : block descriptor length needs to be 2 bytes not 1 byte. (Bug 12780)
- Organization Specific Slow Protocol dissection errors when retrieving OUI. (Bug 12801)
ASN.1 BER, CAN, CDP, CIP, DCT2000, GTP, IEEE 802.11, IPMI, ISAKMP, L&G 8979, Modbus, NAS EPS, NLM, OCFS2, OSSP, QNX6 QNET, S1AP, SCSI, SEL Protocol, SSL/TLS, UMTS FP, XML, XMPP, and ZBEE NWK GP
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (Bug 9914)
Wireshark should let you work with multiple capture files. (Bug 10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.