wireshark/Wireshark_Release_Notes.adoc at 812f277d0e9aa0a68dbeff716f428dfbf4e2e726

Joakim Karlsson 812f277d0e Add LibXml2 to the required library list

Library is supported by all OS, and we effectivly already require the
library due to GLIB, libgcrypt, and GnuTLS also require LibXml2.

Ping #20508

2025-05-19 12:48:54 +00:00

301 lines

13 KiB

Plaintext

Raw Blame History

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

 include::attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: {css_dir}/{stylesheet}
 = Wireshark {wireshark-version} Release Notes
 // Asciidoctor Syntax Quick Reference:
 // https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/
 This is an experimental release intended to test new features for Wireshark 5.0.
 == What is Wireshark?
 Wireshark is the world’s most popular network protocol analyzer.
 It is used for troubleshooting, analysis, development and education.
 Wireshark is hosted by the Wireshark Foundation, a nonprofit which promotes protocol analysis education.
 Wireshark and the foundation depend on your contributions in order to do their work.
 If you or your organization would like to contribute or become a sponsor, please visit https://wiresharkfoundation.org[wiresharkfoundation.org].
 == What’s New
 // Add a summary of **major** changes here.
 // Add other changes to "New and Updated Features" below.
 Many other improvements have been made.
 See the “New and Updated Features” section below for more details.
 //=== Bug Fixes
 //The following bugs have been fixed:
 //* wsbuglink:5000[]
 //* wsbuglink:6000[Wireshark bug]
 //* cveidlink:2014-2486[]
 //* Wireshark grabs your ID at 3 am, goes to Waffle House, and insults people.
 === New and Updated Features
 The following features are either new or have been significantly updated since version 4.4.0:
 * The Windows installers now ship with Npcap 1.80.
   They previously shipped with Npcap 1.79.
 * The Windows installers now ship with Qt 6.8.1.
   They previously shipped with Qt 6.5.3.
 * WinPcap is no longer supported. On Windows, use Npcap instead, uninstalling
   WinPcap if necessary. The last release ever of WinPcap, 4.1.3, was on
 -03-08 and only supports up to Windows 8, which is no longer supported
   by Microsoft or Wireshark.
 * We now ship universal macOS installers instead of separate packages
 for Arm64 and Intel. wsbuglink:17294[]
 * Source packages are now compressed using zstd.
 * Live captures can be compressed while writing. (Previously there was
   support for compressing when performing multiple file capture, at file
   rotation time.) The `--compress` option in TShark works on live captures
   as well. wsbuglink:9311[]
 * Absolute time fields, regardless of field display in the Packet Details,
   are always written in ISO 8601 format in UTC with -T json. This was already
   the case for -T ek since version 4.2.0. JSON is primarily a data interchange
   format read by software, so a standard format is desirable.
 * When absolute times field are output with -T fields, the "show" field of -T
   pdml, or in custom columns (including CSV output of columns), the formatting
   similar to asctime (e.g., Dec 18, 2017 05:28:39.071704055 EST) has been
   deprecated in favor of ISO 8601. For backwards compatibility, a preference
   has been added, protocols.display_abs_time_ascii, which can be set to continue
   to format times as before. This preference can also be set to never use ASCII
   time and to use ISO 8601 time formatting in the protocol tree (Packet Details)
   as well. It is possible that a future release will remove the ascitime style
   formatting entirely.
 * UTC frame time column formats (including "Time (format as specified)" when
   a UTC time display format is selected) have a "Z" suffix per ISO 8601. Local
   time formats remain unqualified (including if the local time zone is UTC.)
   Custom columns displaying FT_ABSOLUTE_TIME already had time zone indication.
 * The TShark `-G` option for generating glossary reports does not need to be the
   first option given on the command line anymore. In addition, the reports now
   are affected by other command line options such as `-o`, `-d`, and
   `--disable-protocol`, in addition to the `-C` option, which was already supported.
   (The `defaultprefs` report remains unaffected by any other options.)
   As a part of this change, `-G` with no argument, which was previously deprecated,
   is no longer supported. Use `tshark -G fields` to produce the same report.
   Also, the syntax for only listing fields with a certain prefix has changed to
   `tshark -G fields,prefix`.
 * The underlying type of EUI-64 fields has been switched to bytes when packet
   matching, similar to most other address formats. This means that EUI-64
   addresses can be sliced and compared to other bytes types, e.g. the filter
   `wpan.src64[:3] == eth.src[:3]`. Fields can still be specified using 64-bit
   unsigned integer literals, though arithmetic with other integers is no longer
   supported.
 * Wireshark can now decrypt NTP packets using NTS (Network Time Security). To decrypt packets,
   the NTS-KE (Network Time Security Key Establishment Protocol) packets need to be present,
   alongside the TLS client and exporter secrets. Additionally, the parts of a NTP packet which
   can be cryptographically authenticated (from NTP packet header until the end  of the last
   extension field that precedes the NTS Authenticator and Encrypted Extension Fields
   extension field) are checked for validity.
 * Wiresharks' capability to decrypt MACsec packets has been expanded to either
   use the SAK unwrapped by the MKA dissector, or the PSK configured in the
   MACsec dissector. To enable the MKA dissector to unwrap the SAK, the CAK for
   the applicable CKN can be entered in the extended CKN/CAK Info UAT in the
   MKA dissector preferences. The ability of the MACsec dissector to decrypt
   packets using a PSK has been extended to a list of PSKs, which can entered
   through a new UAT.
 * The TCP Stream Graph axes now use units with SI prefixes. wsbuglink:20197[]
 * Custom columns have an option to show the values using the same format as
   in Packet Details.
 * Custom column complex expressions (e.g., with arithmetic, filter functions,
   etc.) that return numeric results are sorted numerically instead of
   lexicographically.
 * A display filter function `double` is added to allow explicitly converting
   field types like integers and times to doubles. This can be used to perform
   further arithmetic operations on fields of different types, including in
   custom column definitions.
 * The minimum width of the I/O Graph dialog window is reduced, so it should
   work better on small resolution desktops, especially in certain languages.
   To enable this, some checkbox controls were moved to the graph right-click
   context menu. wsbuglink:20147[]
 * X.509 certificates, used in TLS and elsewhere, can be exported via the
   File->Export Objects menu in Wireshark (under the name "X509AF") and
   `--export-objects` in TShark (with the protocol name `x509af`.)
 * Zstandard Content-Encoding is supported in the HTTP and HTTP/2 dissectors.
 * Follow Stream is supported for MPEG 2 Transport Stream PIDs, and for
   Packetized Elementary Streams contained within MPEG 2 TS. The latter
   can be used to extract audio or video for playback with other tools.
 * DNP 3 (Distributed Network Protocol 3) is now supported in the Conversations
   and Endpoints table dialogs.
 * The Lua supplied preloaded libraries `bit` and `rex_pcre2` are loaded in
   a way that adds them to the `package.loaded` table, as though through
   `require`, so that `require("bit")` and `require("rex_pcre2")` statements
   in Lua dissectors, while usually superfluous, behave as expected. wsbuglink:20213[]
 * The packet list (Wireshark) and event list (Stratoshark) no longer support rows with multiple lines.
   wsbuglink:14424[]
 * The `ethers` file can also contain EUI-64 to name mappings. wsbuglink:15487[]
 * Wireshark "Import from Hex Dump" and text2pcap support byte groups with 2 to
 bytes (with an option for little-endian byte order), and support hexadecimal
   offsets with a `0x` or `0X` prefix (as produced by `tcpdump -x`, among others).
   wsbuglink:16193[]
 * Frame timestamps can be added as preamble to hex dumps in Wireshark from
   the "Print" and "Export Packet Dissection" dialogs, and in TShark with
   the `--hexdump time` option. wsbuglink:17132[]
 * Lua now has a `Conversation` object, which exposes conversations and conversation
   data to Lua. Resolves wsbuglink:15396[]
 * Supports "Copy in HTML" format via main menu, context menu and keyboard
   shortcut. It also provides an option (via knobs in preferences) to copy plain
   text with aligned columns along with an ability to select a copy format to be
   used when copied via keyboard shortcut.
 * The "no duplicate keys" version of JSON output that tshark has supported
   since 2.6.0 is available through the GUI Export Dissections Dialog.
   Note that this format does not necessarily preserve the ordering of all
   children in a tree, if sibling with identical keys are not consecutive.
 * The GUI Export Dissections Dialog can output raw hex bytes of the frame
   data for each field with or without exporting the field values, the same
   formats as the "-T json -x" and "-T jsonraw" output modes, respectively,
   of TShark.
 * The Conversations and Endpoints dialogs have an option to display byte counts
   and bit rates in exact counts instead of human-readable numbers with SI units.
   The default setting when opening a dialog is controlled by a Statistics
   preference, "conv.machine_readable". The same preference controls whether
   precise byte counts are used in the TShark "-z conv" and "-z endpoints" taps.
 * The output format for some TShark statistics taps (those selected with
   "-z <tap>,tree", which use the stats_tree system) can be controlled via
   a preference "-o statistics.output_format".
 * The color scheme can be set to Light or Dark mode independently of the
   current OS default on Windows and macOS, if Wireshark is built with
   Qt 6.8 or later as the official installers do. wsbuglink:19328[]
 * LibXml2 is now a required dependency.
 === Removed Features and Support
 Wireshark no longer supports AirPcap and WinPcap.
 // === Removed Dissectors
 //=== New File Format Decoding Support
 //[commaize]
 //--
 //--
 === New Protocol Support
 // Add one protocol per line between the -- delimiters in the format
 // “Full protocol name (Abbreviation)”
 // git log --oneline --diff-filter=A --stat v4.3.0rc0.. epan/dissectors plugins
 [commaize]
 --
 Lenbrook Service Discovery Protocol (LSDP)
 Network Time Security Key Establishment Protocol (NTS-KE)
 Private Line Emulation (PLE)
 Roughtime (Roughtime)
 SBAS L5 messages
 Universal Measurement and Calibration Protocol (XCP)
 vSomeIP Internal Protocol (vSomeIP)
 VLP-16 Data and Position messaging
 --
 === Updated Protocol Support
 Too many protocol updates have been made to list them all here.
 //=== New and Updated Capture File Support
 There is no new or updated capture file support in this release.
 // Add one file type per line between the -- delimiters.
 // [commaize]
 // --
 // --
 // === New and Updated Capture Interfaces support
 // [commaize]
 // --
 // --
 //=== New and Updated Codec support
 //_Non-empty section placeholder._
 // === Major API Changes
 The Lua API now supports Libgcrypt symmetric cipher functions.
 == Getting Wireshark
 Wireshark source code and installation packages are available from
 https://www.wireshark.org/download.html.
 === Vendor-supplied Packages
 Most Linux and Unix vendors supply their own Wireshark packages.
 You can usually install or upgrade Wireshark using the package management system specific to that platform.
 A list of third-party packages can be found on the
 https://www.wireshark.org/download.html[download page]
 on the Wireshark web site.
 == File Locations
 Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
 These locations vary from platform to platform.
 You can use menu:Help[About Wireshark,Folders] or `tshark -G folders` to find the default locations on your system.
 == Getting Help
 The User’s Guide, manual pages and various other documentation can be found at
 https://www.wireshark.org/docs/
 Community support is available on
 https://ask.wireshark.org/[Wireshark’s Q&A site]
 and on the wireshark-users mailing list.
 Subscription information and archives for all of Wireshark’s mailing lists can be found on https://lists.wireshark.org/lists/[the mailing list site].
 Bugs and feature requests can be reported on
 https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker].
 You can learn protocol analysis and meet Wireshark’s developers at
 https://sharkfest.wireshark.org[SharkFest].
 // Official Wireshark training and certification are available from
 // https://www.wiresharktraining.com/[Wireshark University].
 == How You Can Help
 The Wireshark Foundation helps as many people as possible understand their networks as much as possible.
 You can find out more and donate at https://wiresharkfoundation.org[wiresharkfoundation.org].
 == Frequently Asked Questions
 A complete FAQ is available on the
 https://www.wireshark.org/faq.html[Wireshark web site].

301 lines 13 KiB Plaintext Raw Blame History Unescape Escape

301 lines

13 KiB

Plaintext

Raw Blame History