Wireshark-announce: [Wireshark-announce] Wireshark 2.4.0 is now available
Date Prev Thread Prev
From: Wireshark announcements <[email protected]>
Date: Wed, 19 Jul 2017 11:26:23 -0700
I'm proud to announce the release of Wireshark 2.4.0.


What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.

What's New

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.2.0:
     * Experimental 32-bit and 64-bit Windows Installer (.msi) packages
       are available. It is recommended that you use these independently
       of the NSIS (.exe) installers. That is, you should make sure the
       NSIS package is completely uninstalled before installing the
       Windows Installer package and vice-versa.
     * Source packages are now compressed using xz instead of bzip2.
     * The legacy (GTK+) UI is disabled by default in the Windows
     * The legacy (GTK+) UI is disabled by default in the development
       environment (Autotools and CMake).
     * SS7 Point Codes can now be resolved into names with a hosts-like
     * Wireshark can now go fullscreen to have more room for packets.
     * TShark can now export objects like the other GUI interfaces.
     * Support for G.722 and G.726 codecs in the RTP Player (via the
       SpanDSP library).
     * You can now choose the output device when playing RTP streams.
     * Added support for dissectors to include a unit name natively in
       their hf field. A field can now automatically append "seconds" or
       "ms" to its value without additional printf-style APIs.
     * The Default profile can now be reset to default values.
     * You can move back and forth in the selection history in the Qt UI.
     * IEEE 802.15.4 dissector now uses an UAT for decryption keys. The
       original decryption key preference has been obsoleted.
     * Extcap utilities can now provide configuration for a GUI interface
       toolbar to control the extcap utility while capturing.
     * Extcap utilities can now validate the capture filter.
     * Display filter function len() can now be used on all string and
       byte fields.
     * Added an experimental timeline view for 802.11 wireless packet data
       which can be enabled via the "802.11 radio information"
     * Added TLS 1.3 (draft 21) dissection and decryption support ([1]Bug
     * The (D)TLS Application Layer protocol (e.g. HTTP or CoAP) can now
       be changed via the Decode As dialog.
     * The RSA keys dialog for SSL keys has improved feedback for invalid
       settings and no longer requires the IP address, Port or Protocol
       fields to be set in addition to the Key File.
     * TCP Analysis will detect and flag more spurious retransmissions.

  New Protocol Support

   Bluetooth HCI Vendor Intel, CAN FD, Citrix NetScaler Metric Exchange
   Protocol, Citrix NetScaler RPC Protocol, DirectPlay 8 protocol,
   Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol),
   Facebook Zero, Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux,
   GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message
   service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix
   protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local
   Service Discovery (LSD), M2 Application Protocol, Mesh Link
   Establishment (MLE), MUDURL, Netgear Ensemble Protocol, NetScaler HA
   Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol,
   NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs,
   OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion
   Messages, Snort Post-dissector, Thread CoAP, UDP based FTP w/ multicast
   (UFTP and UFTP4), Unified Diagnostic Services (UDS), vSocket, Windows
   Cluster Management API (clusapi), and X-Rite i1 Display Pro (and
   derivatives) USB protocol

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   ERF, IxVeriWave, Libpcap, and Pcap-ng

  Major API Changes

   IEEE802.11: wlan_mgt display filter element got renamed to wlan.

   Libgcrypt is now a required dependency.

Getting Wireshark

   Wireshark source code and installation packages are available from

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [3]download page on the Wireshark web site.

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([4]Bug 1419)

   The BER dissector might infinitely loop. ([5]Bug 1516)

   Capture filters aren't applied when capturing from named pipes. ([6]Bug

   Filtering tshark captures with read filters (-R) no longer works.
   ([7]Bug 2234)

   Application crash when changing real-time option. ([8]Bug 4035)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([9]Bug 4985)

   Wireshark should let you work with multiple capture files. ([10]Bug

Getting Help

   Community support is available on [11]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [12]the web site.

   Official Wireshark training and certification are available from
   [13]Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the [14]Wireshark web site.

   Last updated 2017-07-19 17:49:40 UTC


   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779
   2. https://www.wireshark.org/download.html
   3. https://www.wireshark.org/download.html#thirdparty
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  11. https://ask.wireshark.org/
  12. https://www.wireshark.org/lists/
  13. http://www.wiresharktraining.com/
  14. https://www.wireshark.org/faq.html


wireshark-2.4.0.tar.xz: 28755596 bytes

Wireshark-win64-2.4.0.exe: 59110928 bytes

Wireshark-win32-2.4.0.exe: 53570224 bytes

Wireshark-win32-2.4.0.msi: 43032576 bytes

Wireshark-win64-2.4.0.msi: 48455680 bytes

WiresharkPortable_2.4.0.paf.exe: 46243888 bytes

Wireshark 2.4.0 Intel 64.dmg: 35144406 bytes
SHA256(Wireshark 2.4.0 Intel
RIPEMD160(Wireshark 2.4.0 Intel
SHA1(Wireshark 2.4.0 Intel 64.dmg)=5aecbddef5a762a0a4c36c9312b727bf671c0992
MD5(Wireshark 2.4.0 Intel 64.dmg)=2cf632f801dc810c5f0378fa983fc9e9

Attachment: signature.asc
Description: OpenPGP digital signature