November 18, 2013
Wireshark 1.11.2 has been released. This is an experimental release intended to test features that will go into the next major release of Wireshark. Installers for Windows, OS X, and source code are now available.
New and Updated Features
The following features are new (or have been significantly updated) since version 1.11.1:
- Mac OS X packaging has been improved.
The following features are new (or have been significantly updated) since version 1.11.0:
- The Follow Stream dialog now supports packet and TCP stream selection.
- A Flow Graph (sequence diagram) dialog has been added.
- The main window now respects geometry preferences.
The following features are new (or have been significantly updated) since version 1.10:
- Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
- A more flexible, modular memory manger (wmem) has been added. It was available experimentally in 1.10 but is now mature and has mostly replaced the old API.
- Expert info is now filterable and now requires a new API.
- The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
- The "Number" column shows related packets and protocol conversation spans (Qt only).
- When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
- You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
- You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
- "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
Official releases are available right now from the download page.
I have a lot of traffic...
ANSWER: SteelCentral™ Packet Analyzer PE $29.95/yr
- • Visually rich, powerful LAN analyzer
- • Quickly access very large pcap files
- • Professional, customizable reports
- • Advanced triggers and alerts
- • Fully integrated with Wireshark and AirPcap™