Wireshark 2.4.2 Release Notes


1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following bugs have been fixed:

  • Wireshark crash when end capturing with "Update list of packets in real-time" option off. (Bug 13024)
  • Diameter service response time statistics broken in 2.2.4. (Bug 13442)
  • Sequence number isn’t shown as the X axis in TCP Stream Graph - RTT. (Bug 13740)
  • Using an SSL subdissector will cause SSL data to not be decoded (related to reassembly of application data). (Bug 13885)
  • Wireshark 2.4.0 doesn’t build with Qt 4.8. (Bug 13909)
  • Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
  • Voip Flow Sequence button crash. (Bug 14010)
  • wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in wrong place ?. (Bug 14016)
  • wireshark-2.4.1/ui/qt/tcp_stream_dialog.cpp:1206: sanity check in odd place ?. (Bug 14017)
  • [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). (Bug 14025)
  • [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). (Bug 14032)
  • Own interface toolbar logger dialog for each log command. (Bug 14033)
  • Wireshark crashes when dissecting DOCSIS REGRSPMP which contains UCD. (Bug 14038)
  • Broken installation instructions for Visual Studio Community Edition. (Bug 14039)
  • RTP Analysis "save as CSV" saves twice the forward stream, if two streams are selected. (Bug 14040)
  • VWR file read ends early with vwr: Invalid data length 0. (Bug 14051)
  • reordercap fails with segmentation fault 11 on MacOS. (Bug 14055)
  • Cannot Apply Bitmask to Long Unsigned. (Bug 14063)
  • text2pcap since version 2.4 aborts when there are no arguments. (Bug 14082)
  • gtpprime: Missing in frame.protocols. (Bug 14083)
  • HTTP dissector believes ICY response is a request. (Bug 14091)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

6LoWPAN, Bluetooth, BOOTP/DHCP, BT ATT, BT LE, DCERPC, DMP, DOCSIS, EPL, GTP, H.248, HTTP, InfiniBand, MBIM, RPC, RTSP, SSL, and WSP

2.5. New and Updated Capture File Support

Ixia IxVeriWave

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.