I'm proud to announce the release of Wireshark 3.0.0rc1.
This is the first release candidate for Wireshark 3.0. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New Many user interface improvements have been made. See the “New and Updated Features” section below for more details. Bug Fixes The following bugs have been fixed: • Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427) • Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489). Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098) Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) New and Updated Features The following features are new (or have been significantly updated) since version 2.9.0: • Wireshark now supports the Swedish and Ukrainian languages. • Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys. • The build system now produces reproducible builds (Bug 15163). • The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0. The following features are new (or have been significantly updated) since version 2.6.0: • The Windows .exe installers now ship with Npcap instead of WinPcap. • Conversation timestamps are supported for UDP/UDP-Lite protocols • TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file. • The “Capture Information” dialog has been added back (Bug 12004). • The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default. • The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details. • Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8). • The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release. • The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release. • Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs. • APT-X has been renamed to aptX. • When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols. • The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection. • Dumpcap now supports the -a packets:NUM and -b packets:NUM options. • Wireshark now includes a “No Reassembly” configuration profile. • Wireshark now supports the Russian language. • The build system now supports AppImage packages. • The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7. • Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252). • The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file. • A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them. • The Bash test suite has been replaced by one based on Python unittest/pytest. • The custom window title can now show file path of the capture file and it has a conditional separator. Removed Features and Support • The legacy (GTK+) user interface has been removed and is no longer supported. • The portaudio library is no longer needed due to the removal of GTK+. • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported. • Wireshark requires GLib 2.32 or later. • Wireshark requires GnuTLS 3.2 or later as optional dependency. • Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported. • Building Wireshark requires CMake. Autotools is no longer supported. • TShark’s -z compare option was removed. • Building with Cygwin is no longer supported on Windows. New File Format Decoding Support Ruby Marshal format New Protocol Support Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP), BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services Notification Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo Emberplus Data format, Great Britain Companion Specification (GBCS) used in the Smart Metering Equipment Technical Specifications (SMETS), GSM-R (User-to-User Information Element usage), HI3CCLinkData, Intelligent Transport Systems (ITS) application level, ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol, PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable Transport Protocol (SRT), Spirent Test Center Signature decoding for Ethernet and FibreChannel (STCSIG, disabled by default), Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information Retrieval Protocol Updated Protocol Support Too many protocols have been updated to list here. New and Updated Capture File Support RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export, and Unigraf DPA-400 DisplayPort AUX channel monitor New and Updated Capture Interfaces support dpauxmon, an external capture interface (extcap) that captures DisplayPort AUX channel data from linux kernel drivers. sdjournal, an extcap that captures systemd journal entries. Major API Changes • Lua: the various logging functions (debug, info, message, warn and critical) have been removed. Use the print function instead for debugging purposes. • Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118) Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site. File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system. Getting Help The User’s Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/ Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site. Bugs and feature requests can be reported on the bug tracker. Official Wireshark training and certification are available from Wireshark University. Frequently Asked Questions A complete FAQ is available on the Wireshark web site. Last updated 2019-02-11 20:58:43 UTC References 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15427 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15489 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3098 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15163 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12004 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15011 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15252 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118 10. https://www.wireshark.org/download.html 11. https://www.wireshark.org/download.html#thirdparty 12. https://www.wireshark.org/docs/ 13. https://ask.wireshark.org/ 14. https://www.wireshark.org/lists/ 15. https://bugs.wireshark.org/ 16. http://www.wiresharktraining.com/ 17. https://www.wireshark.org/faq.html Digests wireshark-3.0.0rc1.tar.xz: 30933416 bytes SHA256(wireshark-3.0.0rc1.tar.xz)=645d0da09ee67132837faeddb47a6b5684007e4520f8b6da3ab8e76c498d33d8 RIPEMD160(wireshark-3.0.0rc1.tar.xz)=fdd136458276daf6b500275b255a6b6fe12a9441 SHA1(wireshark-3.0.0rc1.tar.xz)=1eb76e4d721333175384aa1fb27f74cfd9282d5f Wireshark-win32-3.0.0rc1.exe: 54191432 bytes SHA256(Wireshark-win32-3.0.0rc1.exe)=72779eb13d28c5ed2c68153314cd6d188dad9d3deeb9f06eed60b68693950758 RIPEMD160(Wireshark-win32-3.0.0rc1.exe)=bd2197b0eed365f2b994ca1e5bf8df1a25a78fe4 SHA1(Wireshark-win32-3.0.0rc1.exe)=94a5d36d073ff8a924b299b9cba18130437c2fc8 Wireshark-win64-3.0.0rc1.exe: 59479480 bytes SHA256(Wireshark-win64-3.0.0rc1.exe)=18dc54d60f84b63a8385ac41f03c3025bb674e42ce99cf5f2d10330a887cac10 RIPEMD160(Wireshark-win64-3.0.0rc1.exe)=4f5661b7c606cb5684a75d0055e0c5ff4c8eeb02 SHA1(Wireshark-win64-3.0.0rc1.exe)=720b6ce96981510418a578f634d894df7b8ae5e3 Wireshark-win64-3.0.0rc1.msi: 47308800 bytes SHA256(Wireshark-win64-3.0.0rc1.msi)=c78e4772127d9f7e7b755ef70d1e0491bad5a1396a4da4717066059d7067fd09 RIPEMD160(Wireshark-win64-3.0.0rc1.msi)=8212936aaabf05658cdf3823afa2b4e3f1645a36 SHA1(Wireshark-win64-3.0.0rc1.msi)=8274e582accf7d2d895c1f5a92306bd699c08abe Wireshark-win32-3.0.0rc1.msi: 42094592 bytes SHA256(Wireshark-win32-3.0.0rc1.msi)=47472148aaee5b1d92a19f7aa4c7ce68f581d13ef74930e9f74c2715e9349326 RIPEMD160(Wireshark-win32-3.0.0rc1.msi)=3cfe8a3c2db34a0c478cd11170863279b5020f1f SHA1(Wireshark-win32-3.0.0rc1.msi)=5f3014b446d9390fc295bae08b6f39b355b8da9e WiresharkPortable_3.0.0rc1.paf.exe: 35905136 bytes SHA256(WiresharkPortable_3.0.0rc1.paf.exe)=d9eff4a710664a0bcdf48a8281be47b74ba540bc6ee7dcb1778f3e8f0612a660 RIPEMD160(WiresharkPortable_3.0.0rc1.paf.exe)=83fbfcd51ec8844d71d3ad65703350dae7b59396 SHA1(WiresharkPortable_3.0.0rc1.paf.exe)=7fa7f75aab4493cb31914f81b81d8c91a0519716 Wireshark 3.0.0rc1 Intel 64.dmg: 85527968 bytes SHA256(Wireshark 3.0.0rc1 Intel 64.dmg)=8c04874f5751a8bcd80ce7c28e26e51c330e9927b3ab69ae547a86c392fff78e RIPEMD160(Wireshark 3.0.0rc1 Intel 64.dmg)=f113544b48ce59712261139ec81dc8e7b1e671fc SHA1(Wireshark 3.0.0rc1 Intel 64.dmg)=f469c31b3f8658d50e765822d2d97e949e256026 You can validate these hashes using the following commands (among others): Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" Other: openssl sha256 wireshark-x.y.z.tar.xz
Description: OpenPGP digital signature
___________________________________________________________________________ Sent via: Wireshark-announce mailing list <email@example.com> Archives: https://www.wireshark.org/lists/wireshark-announce Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-announce mailto:wireshark-announce-requ...@wireshark.org?subject=unsubscribe