Wireshark-dev: [Wireshark-dev] Wireshark 2.2.0 is now available
From: Gerald Combs <[email protected]>
Date: Wed, 7 Sep 2016 11:53:25 -0700
I'm proud to announce the release of Wireshark 2.2.0. __________________________________________________________________ What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. __________________________________________________________________ What's New Bug Fixes * Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712) * Extcap errors not reported back to UI. (Bug 11892) New and Updated Features The following features are new (or have been significantly updated) since version 2.2.0rc2: * No major changes since 2.2.0rc2. The following features are new (or have been significantly updated) since version 2.2.0rc1: "Decode As" supports SSL (TLS) over TCP. The following features are new (or have been significantly updated) since version 2.1.1: * Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2. The following features are new (or have been significantly updated) since version 2.1.0: * Added -d option for Decode As support in Wireshark (mimics TShark functionality) * The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON. * The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated. * The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items. * The RTP player now allows up to 30 minutes of silence frames. * Packet bytes can now be displayed as EBCDIC. * The Qt UI loads captures faster on Windows. * proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated. The following features are new (or have been significantly updated) since version 2.0.0: * The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets. * You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI. * You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML. * You can now use regular expressions in Find Packet and in the advanced preferences. * Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available). * The byte under the mouse in the Packet Bytes pane is now highlighted. * TShark supports exporting PDUs via the -U flag. * The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces. * Most dialogs in the Qt UI now save their size and positions. * The Follow Stream dialog now supports UTF-16. * The Firewall ACL Rules dialog has returned. * The Flow (Sequence) Analysis dialog has been improved. * We no longer provide packages for 32-bit versions of OS X. * The Bluetooth Device details dialog has been added. New File Format Decoding Support Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you're curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file's format in the Open File dialog. New Protocol Support Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag, Digital Equipment Corporation Local Area Transport, Distributed Object Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol (automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network Service Header for Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service, STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters (Closures Lighting General Measurement & Sensing HVAC Security & Safety) Updated Protocol Support Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), which allows it to be used with "Decode As" over USB, TCP and UDP. A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default. New and Updated Capture File Support Micropross mplog New and Updated Capture Interfaces support Non-empty section placeholder. Major API Changes The libwireshark API has undergone some major changes: * The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead. * "old style" dissector functions (that don't return number of bytes used) have been replaced in name with the "new style" dissector functions. * tvb_get_string and tvb_get_stringz have been replaced with tvb_get_string_enc and tvb_get_stringz_enc respectively. __________________________________________________________________ Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site. __________________________________________________________________ File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system. __________________________________________________________________ Known Problems Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) The BER dissector might infinitely loop. (Bug 1516) Capture filters aren't applied when capturing from named pipes. (Bug 1814) Filtering tshark captures with read filters (-R) no longer works. (Bug 2234) Application crash when changing real-time option. (Bug 4035) Packet list rows are oversized. (Bug 4357) Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985) Wireshark should let you work with multiple capture files. (Bug 10488) Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036) __________________________________________________________________ Getting Help Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site. Official Wireshark training and certification are available from Wireshark University. __________________________________________________________________ Frequently Asked Questions A complete FAQ is available on the Wireshark web site. __________________________________________________________________ Last updated 2016-09-07 16:55:02 UTC References 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12712 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11892 3. https://www.wireshark.org/download.html 4. https://www.wireshark.org/download.html#thirdparty 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036 14. https://ask.wireshark.org/ 15. https://www.wireshark.org/lists/ 16. http://www.wiresharktraining.com/ 17. https://www.wireshark.org/faq.html Digests wireshark-2.2.0.tar.bz2: 32141141 bytes SHA256(wireshark-2.2.0.tar.bz2)=a6847e741efcba6cb9d92d464d4219917bee3ad0b8f5b0f80d4388ad2f3f1104 RIPEMD160(wireshark-2.2.0.tar.bz2)=bfcd77da458dc9f427cd423876a60968e8fa66ad SHA1(wireshark-2.2.0.tar.bz2)=4b47bf8e2053073585318646e27d2aa9dc7c7238 MD5(wireshark-2.2.0.tar.bz2)=c7de0997f74934f25b456846cf75cb81 Wireshark-win64-2.2.0.exe: 48513256 bytes SHA256(Wireshark-win64-2.2.0.exe)=439133f4cc5a71bffc0667a1a085c92a048a0cd82e6d1c5b8b6d0091a6593634 RIPEMD160(Wireshark-win64-2.2.0.exe)=1cad997dea40a42ab5afe48d625ce2730adb9aa0 SHA1(Wireshark-win64-2.2.0.exe)=5450d9b3ed6d3690327481c1a5c247e94a55b50e MD5(Wireshark-win64-2.2.0.exe)=0e3ab4a244754c762bbff4b298667ecb Wireshark-win32-2.2.0.exe: 44810232 bytes SHA256(Wireshark-win32-2.2.0.exe)=edec161d63255f06f4c89852749d7c33e931c6ed6f85fa8a0019795d6a5fff5b RIPEMD160(Wireshark-win32-2.2.0.exe)=010eec40b63b8e84db0aa7718e7df5afe338d65b SHA1(Wireshark-win32-2.2.0.exe)=d5ad9ca342449306486a4b31a0a889daca485cad MD5(Wireshark-win32-2.2.0.exe)=e533b9fcdf87f7ab5b4a89b66dcd68d1 WiresharkPortable_2.2.0.paf.exe: 46448144 bytes SHA256(WiresharkPortable_2.2.0.paf.exe)=65d71783a8fe3b7ffe9769cbffcae1490123d7e663ddb44f1e997a01428e7fd4 RIPEMD160(WiresharkPortable_2.2.0.paf.exe)=aeb87768fafd7dd5d4e96abf70fb9b694dd210a6 SHA1(WiresharkPortable_2.2.0.paf.exe)=ea5694c45b755068f9d43d7d5e1df273e6c0d3e9 MD5(WiresharkPortable_2.2.0.paf.exe)=a809f06f781501c46e70d6280f83ca75 Wireshark 2.2.0 Intel 64.dmg: 32691388 bytes SHA256(Wireshark 2.2.0 Intel 64.dmg)=b74177a860e670bb147c8bb3fe4befffa743f39ca706067e8cdc297ff6222dca RIPEMD160(Wireshark 2.2.0 Intel 64.dmg)=60c4357bec88fac9e0606286bc83c34d6a76f9d8 SHA1(Wireshark 2.2.0 Intel 64.dmg)=2653978bb55d8d1bed4041e286c0542a147cfaa5 MD5(Wireshark 2.2.0 Intel 64.dmg)=a9ce381485da290d9a65d7e3499ad1db
Description: OpenPGP digital signature
- Prev by Date: [Wireshark-dev] How does a LUA Field Extractor work?
- Next by Date: Re: [Wireshark-dev] Has anyone created an XDR to Dissector tool?
- Previous by thread: [Wireshark-dev] How does a LUA Field Extractor work?
- Next by thread: [Wireshark-dev] Wireshark 2.0.6 is now available