Wireshark 2.9.0 Development Release

December 12, 2018

Wireshark 2.9.0 has been released.

This is a semi-experimental release intended to test new features for Wireshark 3.0.

The following features are new (or have been significantly updated) since version 2.6.0:

  • The Windows .exe installers now ship with Npcap instead of WinPcap.

  • Conversation timestamps are supported for UDP/UDP-Lite protocols

  • TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.

  • The “Capture Information” dialog has been added back (Bug 12004).

  • The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.

  • The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.

  • Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).

  • The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.

  • The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.

  • Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.

  • APT-X has been renamed to aptX.

  • When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.

  • The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.

  • Dumpcap now supports the -a packets:NUM and -b packets:NUM options.

  • Wireshark now includes a “No Reassembly” configuration profile.

  • Wireshark now supports the Russian language.

  • The build system now supports AppImage packages.

  • The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.

Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More