Wireshark 2.6.0 Released

April 24, 2018

Wireshark 2.6.0 has been released. Installers for Windows, macOS, and source code are now available.

New and Updated Features

The following features are new (or have been significantly updated) since version 2.5.0:

HTTP Request sequences are now supported.
Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite Legacy databases has been removed.
The Windows packages are now built using Microsoft Visual Studio 2017.
The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.

The following features are new (or have been significantly updated) since version 2.4.0:

Display filter buttons can now be edited, disabled, and removed via a context menu directly from the toolbar
Drag & Drop filter fields to the display filter toolbar or edit to create a button on the fly or apply the filter as a display filter.
Application startup time has been reduced.
Some keyboard shortcut mix-ups have been resolved by assigning new shortcuts to Edit → Copy methods.
TShark now supports color using the --color option.
The "matches" display filter operator is now case-insensitive.
Display expression (button) preferences have been converted to a UAT. This puts the display expressions in their own file. Wireshark still supports preference files that contain the old preferences, but new preference files will be written without the old fields.
SMI private enterprise numbers are now read from the “enterprises.tsv” configuration file.
The QUIC dissector has been renamed to Google QUIC (quic → gquic).
The selected packet number can now be shown in the Status Bar by enabling Preferences → Appearance → Layout → Show selected packet number.
File load time in the Status Bar is now disabled by default and can be enabled in Preferences → Appearance → Layout → Show file load time.
Support for the G.729A codec in the RTP Player is now added via the bcg729 library.
Support for hardware-timestamping of packets has been added.
Improved NetMon .cap support with comments, event tracing, network filter, network info types and some Message Analyzer exported types.
The personal plugins folder on Linux/Unix is now ~/.local/lib/wireshark/plugins.
TShark can print flow graphs using -z flow…
Capinfos now prints SHA256 hashes in addition to RIPEMD160 and SHA1. MD5 output has been removed.
The packet editor has been removed. (This was a GTK+ only experimental feature.)
Support BBC micro:bit Bluetooth profile
The Linux and UNIX installation step for Wireshark will now install headers required to build plugins. A pkg-config file is provided to help with this (see “doc/plugins.example” for details). Note you must still rebuild all plugins between minor releases (X.Y).
The Windows installers and packages now ship with Qt 5.9.4.
The generic data dissector can now uncompress zlib compressed data.
DNS Stats now supports service level statistics.
DNS filters for retransmissions and unsolicited responses have been added.
The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero window advertisements.
The membership operator now supports ranges, allowing display filters such as tcp.port in {4430..4434} to be expressed. See the User’s Guide, chapter Building display filter expressions for details.

New Protocol Support

ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling), AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet switch management frames), CAN-ETH, CVS password server, Excentis DOCSIS31 XRA header, F1 Application Protocol, F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol (UDP), Network Functional Application Platform Interface (NFAPI) Protocol, New Radio Radio Link Control protocol, New Radio Radio Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer Protocol, Object Security for Constrained RESTful Environments (OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN Protocol

Official releases are available right now from the download page.