June 7, 2011
Wireshark 1.6.0 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.
New in 1.6.0
Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets.
Large file (greater than 2 GB) support has been improved.
Wireshark and TShark can import text dumps, similar to text2pcap.
You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
Wireshark can export SSL session keys via→ →
TShark can show a specific occurrence of a field when using '-T fields'.
Custom columns can show a specific occurrence of a field.
You can hide columns in the packet list.
Wireshark can now export SMB objects.
dftest and randpkt now have manual pages.
TShark can now display iSCSI, ICMP and ICMPv6 service response times.
Dumpcap can now save files with a user-specified group id.
Syntax checking is done for capture filters.
You can display the compiled BPF code for capture filters in the Capture Options dialog.
You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
Packet length is (finally) a default column.
TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
802.1q VLAN tags are now shown in the Ethernet II protocol tree instead of a separate tree.
Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
The RTP player now shows why media interruptions occur.
Graphs now save as PNG images by default.
TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via
TShark's -z option now uses the
syntax instead of
for all protocols that support service response time statistics. This matches Wireshark's syntax for this option.
Wireshark and TShark can now read compressed Windows Sniffer files.
For a complete list of changes, please refer to the 1.6.0 release notes.
Official releases are available right now from the download page.