Wireshark-announce: [Wireshark-announce] Wireshark 3.0.0rc1 is now available
From: Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>
Date: Fri, 15 Feb 2019 12:42:04 -0800
I'm proud to announce the release of Wireshark 3.0.0rc1.
This is the first release candidate for Wireshark 3.0.
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
Many user interface improvements have been made. See the “New and
Updated Features” section below for more details.
Bug Fixes
The following bugs have been fixed:
• Data following a TCP ZeroWindowProbe is marked as retransmission
and not passed to subdissectors (Bug 15427[1])
• Lua Error on startup: init.lua: dofile has been disabled due to
running Wireshark as superuser (Bug 15489[2]).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1.
(Bug 3098[3])
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[4])
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.9.0:
• Wireshark now supports the Swedish and Ukrainian languages.
• Initial support for using PKCS #11 tokens for RSA decryption in
TLS. This can be configured at Preferences, RSA Keys.
• The build system now produces reproducible builds (Bug 15163[5]).
• The Windows installers now ship with Qt 5.12.1. Previously they
shipped with Qt 5.12.0.
The following features are new (or have been significantly updated)
since version 2.6.0:
• The Windows .exe installers now ship with Npcap instead of
WinPcap.
• Conversation timestamps are supported for UDP/UDP-Lite protocols
• TShark now supports the -G elastic-mapping option which generates
an ElasticSearch mapping file.
• The “Capture Information” dialog has been added back (Bug
12004[6]).
• The Ethernet and IEEE 802.11 dissectors no longer validate the
frame check sequence (checksum) by default.
• The TCP dissector gained a new “Reassemble out-of-order segments”
preference to fix dissection and decryption issues in case TCP
segments are received out-of-order. See the User’s Guide, chapter
TCP Reassembly for details.
• Decryption support for the new WireGuard dissector (Bug 15011[7],
requires Libgcrypt 1.8).
• The BOOTP dissector has been renamed to DHCP. With the exception
of “bootp.dhcp”, the old “bootp.*” display filter fields are
still supported but may be removed in a future release.
• The SSL dissector has been renamed to TLS. As with BOOTP the old
“ssl.*” display filter fields are supported but may be removed in
a future release.
• Coloring rules, IO graphs, Filter Buttons and protocol preference
tables can now be copied from other profiles using a button in
the corresponding configuration dialogs.
• APT-X has been renamed to aptX.
• When importing from hex dump, it’s now possible to add an
ExportPDU header with a payload name. This calls the specific
dissector directly without lower protocols.
• The sshdump and ciscodump extcap interfaces can now use a proxy
for the SSH connection.
• Dumpcap now supports the -a packets:NUM and -b packets:NUM
options.
• Wireshark now includes a “No Reassembly” configuration profile.
• Wireshark now supports the Russian language.
• The build system now supports AppImage packages.
• The Windows installers now ship with Qt 5.12.0. Previously they
shipped with Qt 5.9.7.
• Support for DTLS and TLS decryption using pcapng files that embed
a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
15252[8]).
• The editcap utility gained a new --inject-secrets option to
inject an existing TLS Key Log file into a pcapng file.
• A new dfilter function string() has been added. It allows the
conversion of non-string fields to strings so string functions
(as contains and matches) can be used on them.
• The Bash test suite has been replaced by one based on Python
unittest/pytest.
• The custom window title can now show file path of the capture
file and it has a conditional separator.
Removed Features and Support
• The legacy (GTK+) user interface has been removed and is no
longer supported.
• The portaudio library is no longer needed due to the removal of
GTK+.
• Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
• Wireshark requires GLib 2.32 or later.
• Wireshark requires GnuTLS 3.2 or later as optional dependency.
• Building Wireshark requires Python 3.4 or newer, Python 2.7 is
unsupported.
• Building Wireshark requires CMake. Autotools is no longer
supported.
• TShark’s -z compare option was removed.
• Building with Cygwin is no longer supported on Windows.
New File Format Decoding Support
Ruby Marshal format
New Protocol Support
Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
RTP), Exablaze trailers, General Circuit Services Notification
Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
Emberplus Data format, Great Britain Companion Specification (GBCS)
used in the Smart Metering Equipment Technical Specifications
(SMETS), GSM-R (User-to-User Information Element usage),
HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
Spirent Test Center Signature decoding for Ethernet and FibreChannel
(STCSIG, disabled by default), Sybase-specific portions of TDS,
systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
Retrieval Protocol
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
and Unigraf DPA-400 DisplayPort AUX channel monitor
New and Updated Capture Interfaces support
dpauxmon, an external capture interface (extcap) that captures
DisplayPort AUX channel data from linux kernel drivers.
sdjournal, an extcap that captures systemd journal entries.
Major API Changes
• Lua: the various logging functions (debug, info, message, warn
and critical) have been removed. Use the print function instead
for debugging purposes.
• Lua: on Windows, file-related functions such as dofile now assume
UTF-8 paths instead of the local code page. This is consistent
with Linux and macOS and improves compatibility on non-English
systems. (Bug 15118[9])
Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html[10].
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[11] on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use About→Folders to
find the default locations on your system.
Getting Help
The User’s Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/[12]
Community support is available on Wireshark’s Q&A site[13] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark’s mailing lists can be found on the web site[14].
Bugs and feature requests can be reported on the bug tracker[15].
Official Wireshark training and certification are available from
Wireshark University[16].
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site[17].
Last updated 2019-02-11 20:58:43 UTC
References
1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15427
2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15489
3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3098
4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15163
6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12004
7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15011
8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15252
9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118
10. https://www.wireshark.org/download.html
11. https://www.wireshark.org/download.html#thirdparty
12. https://www.wireshark.org/docs/
13. https://ask.wireshark.org/
14. https://www.wireshark.org/lists/
15. https://bugs.wireshark.org/
16. http://www.wiresharktraining.com/
17. https://www.wireshark.org/faq.html
Digests
wireshark-3.0.0rc1.tar.xz: 30933416 bytes
SHA256(wireshark-3.0.0rc1.tar.xz)=645d0da09ee67132837faeddb47a6b5684007e4520f8b6da3ab8e76c498d33d8
RIPEMD160(wireshark-3.0.0rc1.tar.xz)=fdd136458276daf6b500275b255a6b6fe12a9441
SHA1(wireshark-3.0.0rc1.tar.xz)=1eb76e4d721333175384aa1fb27f74cfd9282d5f
Wireshark-win32-3.0.0rc1.exe: 54191432 bytes
SHA256(Wireshark-win32-3.0.0rc1.exe)=72779eb13d28c5ed2c68153314cd6d188dad9d3deeb9f06eed60b68693950758
RIPEMD160(Wireshark-win32-3.0.0rc1.exe)=bd2197b0eed365f2b994ca1e5bf8df1a25a78fe4
SHA1(Wireshark-win32-3.0.0rc1.exe)=94a5d36d073ff8a924b299b9cba18130437c2fc8
Wireshark-win64-3.0.0rc1.exe: 59479480 bytes
SHA256(Wireshark-win64-3.0.0rc1.exe)=18dc54d60f84b63a8385ac41f03c3025bb674e42ce99cf5f2d10330a887cac10
RIPEMD160(Wireshark-win64-3.0.0rc1.exe)=4f5661b7c606cb5684a75d0055e0c5ff4c8eeb02
SHA1(Wireshark-win64-3.0.0rc1.exe)=720b6ce96981510418a578f634d894df7b8ae5e3
Wireshark-win64-3.0.0rc1.msi: 47308800 bytes
SHA256(Wireshark-win64-3.0.0rc1.msi)=c78e4772127d9f7e7b755ef70d1e0491bad5a1396a4da4717066059d7067fd09
RIPEMD160(Wireshark-win64-3.0.0rc1.msi)=8212936aaabf05658cdf3823afa2b4e3f1645a36
SHA1(Wireshark-win64-3.0.0rc1.msi)=8274e582accf7d2d895c1f5a92306bd699c08abe
Wireshark-win32-3.0.0rc1.msi: 42094592 bytes
SHA256(Wireshark-win32-3.0.0rc1.msi)=47472148aaee5b1d92a19f7aa4c7ce68f581d13ef74930e9f74c2715e9349326
RIPEMD160(Wireshark-win32-3.0.0rc1.msi)=3cfe8a3c2db34a0c478cd11170863279b5020f1f
SHA1(Wireshark-win32-3.0.0rc1.msi)=5f3014b446d9390fc295bae08b6f39b355b8da9e
WiresharkPortable_3.0.0rc1.paf.exe: 35905136 bytes
SHA256(WiresharkPortable_3.0.0rc1.paf.exe)=d9eff4a710664a0bcdf48a8281be47b74ba540bc6ee7dcb1778f3e8f0612a660
RIPEMD160(WiresharkPortable_3.0.0rc1.paf.exe)=83fbfcd51ec8844d71d3ad65703350dae7b59396
SHA1(WiresharkPortable_3.0.0rc1.paf.exe)=7fa7f75aab4493cb31914f81b81d8c91a0519716
Wireshark 3.0.0rc1 Intel 64.dmg: 85527968 bytes
SHA256(Wireshark 3.0.0rc1 Intel
64.dmg)=8c04874f5751a8bcd80ce7c28e26e51c330e9927b3ab69ae547a86c392fff78e
RIPEMD160(Wireshark 3.0.0rc1 Intel
64.dmg)=f113544b48ce59712261139ec81dc8e7b1e671fc
SHA1(Wireshark 3.0.0rc1 Intel 64.dmg)=f469c31b3f8658d50e765822d2d97e949e256026
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
Attachment:
signature.asc
Description: OpenPGP digital signature
- Next by Date: [Wireshark-announce] Wireshark 3.0.0rc2 is now available
- Next by thread: [Wireshark-announce] Wireshark 3.0.0rc2 is now available
- Index(es):