Wireshark 2.0.0 Released

November 18, 2015

Wireshark 2.0.0 has been released.

Installers for Windows, OS X, and source code are now available.

The following features are new (or have been significantly updated) since version 2.0.0rc3:

  • An RTP player crash has been fixed.
  • Flow graph issues have been fixed. Bug Bug 11710.
  • A Follow Stream dialog crash has been fixed. Bug Bug 11711.
  • An extcap crash has been fixed.
  • A file merge crash has been fixed. Bug Bug 11718.
  • A handle leak crash has been fixed. Bug Bug 11702.
  • Several other crashes and usability issues have been fixed.

The following features are new (or have been significantly updated) since version 2.0.0rc2:

  • “File”→Merge no longer crashes on Windows. Bug Bug 11684.
  • Icons in the main toolbar obey magnification settings on Windows. Bug Bug 11675.
  • The Windows installer does a better job of detecting WinPcap. Bug Bug 10867.
  • The main window no longer appears off-screen on Windows. Bug Bug 11568.

The following features are new (or have been significantly updated) since version 2.0.0rc1:

  • For new installations on UN*X, the directory for user preferences is $HOME/.config/wireshark rather than $HOME/.wireshark. If that directory is absent, preferences will still be found and stored under $HOME/.wireshark.
  • Qt port:

    • The SIP Statistics dialog has been added.
    • You can now create filter expressions from the display filter toolbar.
    • Bugs in the UAT prefererences dialog has been fixed.
  • Several dissector and Qt UI crash bugs have been fixed.
  • Problems with the Mac OS X application bundle have been fixed.

The following features are new (or have been significantly updated) since version 1.99.9:

  • Qt port:

    • The LTE RLC Graph dialog has been added.
    • The LTE MAC Statistics dialog has been added.
    • The LTE RLC Statistics dialog has been added.
    • The IAX2 Analysis dialog has been added.
    • The Conversation Hash Tables dialog has been added.
    • The Dissector Tables dialog has been added.
    • The Supported Protocols dialog has been added.
    • You can now zoom the I/O and TCP Stream graph X and Y axes independently.
    • The RTP Player dialog has been added.
    • Several memory leaks have been fixed.

The following features are new (or have been significantly updated) since version 1.99.8:

  • Qt port:

    • The MTP3 statistics and summary dialogs have been added.
    • The WAP-WSP statistics dialog has been added.
    • The UDP multicast statistics dialog has been added.
    • The WLAN statistics dialog has been added.
    • The display filter macros dialog has been added.
    • The capture file properties dialog now includes packet comments.
    • Many more statistics dialogs can be opened from the command line via -z ....
    • Most dialogs now have a cancellable progress bar.
    • Many packet list and packet detail context menus items have been added.
    • Lua plugins can be reloaded from the Analyze menu.
    • Many bug fixes and improvements.

The following features are new (or have been significantly updated) since version 1.99.7:

  • Qt port:

    • The Enabled Protocols dialog has been added.
    • Many statistics dialogs have been added, including Service response time, DHCP/BOOTP, and ANSI.
    • The RTP Analysis dialog has been added.
    • Lua dialog support has been added.
    • You can now manually resolve addresses.
    • The Resolved Addresses dialog has been added.
    • The packet list scrollbar now has a minimap.
    • The capture interfaces dialog has been updated.
    • You can now colorize conversations.
    • Welcome screen behavior has been improved.
    • Plugin support has been improved.
    • Many dialogs should now more correctly minimize and maximize.
    • The reload button has been added back to the toolbar.
    • The "Decode As" dialog no longer saves decoding behavior.
    • You can now stop loading large capture files.
    • The Bluetooth HCI Summary has been added.

The following features are new (or have been significantly updated) since version 1.99.6:

  • Qt port:

    • The Bluetooth Devices dialog has been added.
    • The wireless toolbar has been added.
    • Opening files via drag and drop is now supported.
    • The Capture Filter and Display Filter dialogs have been added.
    • The Display Filter Expression dialog has been added.
    • Conversation Filter menu items have been added.
    • You can change protocol preferences by right clicking on the packet list and details.

The following features are new (or have been significantly updated) since version 1.99.4 and 1.99.5:

  • Qt port:

    • Capture restarts are now supported.
    • Menu items for plugins are now supported.
    • Extcap interfaces are now supported.
    • The Expert Information dialog has been added.
    • Display filter completion is now supported.
    • Several interface bugs have been fixed.
    • Translations have been updated.

The following features are new (or have been significantly updated) since version 1.99.3:

  • Qt port:

    • Several interface bugs have been fixed.
    • Translations have been updated.

The following features are new (or have been significantly updated) since version 1.99.2:

  • Qt port:

    • Several bugs have been fixed.
    • You can now open a packet in a new window.
    • The Bluetooth ATT Server Attributes dialog has been added.
    • The Coloring Rules dialog has been added.
    • Many translations have been updated. Chinese, Italian and Polish translations are complete.
    • General user interface and usability improvements.
    • Automatic scrolling during capture now works.
    • The related packet indicator has been updated.

The following features are new (or have been significantly updated) since version 1.99.1:

  • Qt port:

    • The welcome screen layout has been updated.
    • The Preferences dialog no longer crashes on Windows.
    • The packet list header menu has been added.
    • Statistics tree plugins are now supported.
    • The window icon is now displayed properly in the Windows taskbar.
    • A packet list an byte view selection bug has been fixed (Bug 10896)
    • The RTP Streams dialog has been added.
    • The Protocol Hierarchy Statistics dialog has been added.

The following features are new (or have been significantly updated) since version 1.99.0:

  • Qt port:

    • You can now show and hide toolbars and major widgets using the View menu.
    • You can now set the time display format and precision.
    • The byte view widget is much faster, particularly when selecting large reassembled packets.
    • The byte view is explorable. Hovering over it highlights the corresponding field and shows a description in the status bar.
    • An Italian translation has been added.
    • The Summary dialog has been updated and renamed to Capture File Properties.
    • The VoIP Calls and SIP Flows dialogs have been added.

The following features are new (or have been significantly updated) since version 1.12.0:

  • The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
  • TShark now resets its state when changing files in ring-buffer mode.
  • Expert Info severities can now be configured.
  • Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.
  • Qt port:

    • The Qt UI is now the default (program name is wireshark).
    • A Polish translation has been added.
    • The Interfaces dialog has been added.
    • The interface list is now updated when interfaces appear or disappear.
    • The Conversations and Endpoints dialogs have been added.
    • A Japanese translation has been added.
    • It is now possible to manage remote capture interfaces.
    • Windows: taskbar progress support has been added.
    • Most toolbar actions are in place and work.
    • More command line options are now supported

Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
  • • Fully integrated with Wireshark and AirPcap™
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More

I need to capture wireless traffic...

ANSWER: AirPcap™ 802.11 Packet Capture
  • • WLAN packet capture and transmission
  • • Full 802.11 a/b/g/n support
  • • View management, control and data frames
  • • Multi-channel aggregation (with multiple adapters)
Learn More Buy Now