Wireshark 2.6.5 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.
The following vulnerabilities have been fixed:
The following bugs have been fixed:
VoIP Calls dialog doesn’t include RTP stream when preparing a filter. Bug 13440.
Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive. Bug 14335.
Closing Enabled Protocols dialog crashes wireshark. Bug 14349.
Unable to Export Objects → HTTP after sorting columns. Bug 14545.
DNS Response to NS query shows as malformed packet. Bug 14574.
Encrypted Alerts corresponds to a wrong selection in the packet bytes pane. Bug 14712.
Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled. Bug 15014.
ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8. Bug 15056.
text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header. Bug 15194.
Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug 15196.
Infinite read loop when extcap exits with error and error message. Bug 15205.
MATE unable to extract fields for PDU. Bug 15208.
Malformed Packet: SV. Bug 15224.
OPC UA Max nesting depth exceeded for valid packet. Bug 15226.
TShark 2.6 does not print GeoIP information. Bug 15230.
ISUP (ANSI) packets malformed in WS versions later than 2.4.8. Bug 15236.
Handover candidate enquire message not decoded. Bug 15237.
TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled. Bug 15248.
ICMPv6 with routing header incorrectly placed. Bug 15270.
IEEE 802.11 Vendor Specific fixed fields display as malformed packets. Bug 15273.
text2pcap -4 and -6 option should require -i as well. Bug 15275.
text2pcap direction sensitivity does not affect dummy ethernet addresses. Bug 15287.
MLE security suite display incorrect. Bug 15288.
Message for incorrect IPv4 option lengths is incorrect. Bug 15290.
TACACS+ dissector does not properly reassemble large accounting messages. Bug 15293.
NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307.
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE 802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa, PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
The BER dissector might infinitely loop. Bug 1516.
Capture filters aren’t applied when capturing from named pipes. Bug 1814.
Filtering tshark captures with read filters (
-R) no longer works.
Application crash when changing real-time option. Bug 4035.
Wireshark and TShark will display incorrect delta times in some cases. Bug 4985.
Wireshark should let you work with multiple capture files. Bug 10488.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.