Wireshark 3.0.0rc2 Released

February 21, 2019

Wireshark 3.0.0rc2 has been released. This is the second release candidate for Wireshark 3.0.0. Installers for Windows, macOS, and source code are now available.

The following features are new (or have been significantly updated) since version 3.0.0rc1:

  • The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).

  • The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.

  • The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.

The following features are new (or have been significantly updated) since version 2.9.0:

  • Wireshark now supports the Swedish and Ukrainian languages.

  • Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.

  • The build system now produces reproducible builds (Bug 15163).

  • The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.

The following features are new (or have been significantly updated) since version 2.6.0:

  • The Windows .exe installers now ship with Npcap instead of WinPcap.

  • Conversation timestamps are supported for UDP/UDP-Lite protocols

  • TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.

  • The “Capture Information” dialog has been added back (Bug 12004).

  • The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.

  • The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.

  • Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).

  • The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.

  • The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.

  • Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.

  • APT-X has been renamed to aptX.

  • When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.

  • The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.

  • Dumpcap now supports the -a packets:NUM and -b packets:NUM options.

  • Wireshark now includes a “No Reassembly” configuration profile.

  • Wireshark now supports the Russian language.

  • The build system now supports AppImage packages.

  • The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.

  • Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).

  • The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.

  • A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.

  • The Bash test suite has been replaced by one based on Python unittest/pytest.

  • The custom window title can now show file path of the capture file and it has a conditional separator.

Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More