I'm proud to announce the release of Wireshark 3.5.0.
This is an experimental release intended to test new features for Wireshark 3.6. What is Wireshark? Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What’s New Many improvements have been made. See the “New and Updated Features” section below for more details. New and Updated Features The following features are new (or have been significantly updated) since version 3.4.0: • The Windows installers now ship with Npcap 1.50. • A 64-bit Windows PortableApps package is now available. • A macOS Arm 64 (Apple Silicon) package is now available. • TCP conversations now support a completeness criteria, which facilitates the identification of TCP streams having any of opening or closing handshakes, a payload, in any combination. It is accessed with the new tcp.completeness filter. • Protobuf fields that are not serialized on the wire (missing in capture files) can now be displayed with default values by setting the new 'add_default_value' preference. The default values might be explicitly declared in 'proto2' files, or false for bools, first value for enums, zero for numeric types. • Wireshark now supports reading Event Tracing for Windows (ETW). A new extcap named ETW reader is created that now can open an etl file, convert all events in the file to DLT_ETW packets and write to a specified FIFO destination. Also, a new packet_etw dissector is created to dissect DLT_ETW packets so Wireshark can display the DLT_ETW packet header, its message and packet_etw dissector calls packet_mbim sub_dissector if its provider matches the MBIM provider GUID. • "Follow DCCP stream" feature to filter for and extract the contents of DCCP streams. • Wireshark now supports dissecting the rtp packet with OPUS payload. • Importing captures from text files is now also possible based on regular expressions. By specifying a regex capturing a single packet including capturing groups for relevant fields a textfile can be converted to a libpcap capture file. Supported data encodings are plain-hexadecimal, -octal, -binary and base64. Also the timestamp format now allows the second-fractions to be placed anywhere in the timestamp and it will be stored with nanosecond instead of microsecond precision. • Display filter literal strings can now be specified using raw string syntax, identical to raw strings in the Python programming language. This is useful to avoid the complexity of using two levels of character escapes with regular expressions. • Significant RTP Player redesign and improvements (see Wireshark User Documentation, Playing VoIP Calls and RTP Player Window) • RTP Player can play many streams in row • UI is more responsive • RTP Player maintains playlist, other tools can add/remove streams to it • Every stream can be muted or routed to L/R channel for replay • Save audio is moved from RTP Analysis to RTP Player. RTP Player saves what was played. RTP Player can save in multichannel .au or .wav. • RTP Player added to menu Telephony>RTP>RTP Player VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP Flows) are non-modal, can stay opened on background • Same tools are provided across all dialogs (Prepare Filter, Analyse, RTP Player …) Follow stream is now able to follow SIP calls based on their Call-ID value. Follow stream YAML output format’s has been changed to add timestamps and peers information (for more details see the user’s guide, Following Protocol Streams) IP fragments between public IPv4 addresses are now reassembled even if they have different VLAN IDs. Reassembly of IP fragments where one endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927) IPv4 address continues to take the VLAN ID into account, as those addresses can be reused. To revert to the previous behavior and not reassemble fragments with different VLAN IDs, turn on the "Enable stricter conversation tracking heuristics" top level protocol preference. USB Link Layer reassembly has been added, which allows hardware captures to be analyzed at the same level as software captures. TShark can now export TLS session keys with the --export-tls-session-keys option. Wireshark participated in the Google Season of Docs 2020 and the User’s Guide has been extensively updated. Format of export to CSV in RTP Stream Analysis dialog was slightly changed. First line of export contains names of columns as in other CSV exports. Wireshark now supports the Turkish language. New File Format Decoding Support Vector Informatik Binary Log File (BLF) New Protocol Support Bluetooth Link Manager Protocol (BT LMP), E2 Application Protocol (E2AP), Event Tracing for Windows (ETW), High-Performance Connectivity Tracer (HiPerConTracer), Kerberos SPAKE, Linux psample protocol, Local Interconnect Network (LIN), Microsoft Task Scheduler Service, O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic Channel Protocol (DRDYNVC), Real-Time Publish-Subscribe Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC), Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP), Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, and World of Warcraft World (WOWW) Updated Protocol Support Too many protocols have been updated to list here. New and Updated Capture File Support Vector Informatik Binary Log File (BLF) Getting Wireshark Wireshark source code and installation packages are available from https://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site. File Locations Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About → Folders to find the default locations on your system. Getting Help The User’s Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/ Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site. Bugs and feature requests can be reported on the issue tracker. Frequently Asked Questions A complete FAQ is available on the Wireshark web site. Last updated 2021-08-27 17:26:35 UTC References 1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls .html 2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt pPlayer 3. https://www.wireshark.org/docs/wsug_html_chunked//ChAdvFollowStrea mSection.html 4. https://www.wireshark.org/download.html#thirdparty 5. https://ask.wireshark.org/ 6. https://www.wireshark.org/lists/ 7. https://gitlab.com/wireshark/wireshark/-/issues 8. https://www.wireshark.org/faq.html Digests wireshark-3.5.0.tar.xz: 38289540 bytes SHA256(wireshark-3.5.0.tar.xz)=cb96804f6283980ae1218843bcf0d0866d8952ef215b5f85337fce7c5d6221b3 RIPEMD160(wireshark-3.5.0.tar.xz)=bbbd61d6b960a34161739383f59ba1d382b0b9c5 SHA1(wireshark-3.5.0.tar.xz)=eaaef097d4400110d9c876022814d31f7fb7d393 Wireshark-win32-3.5.0.exe: 60654768 bytes SHA256(Wireshark-win32-3.5.0.exe)=2839b4084e4b52cb4d6209d476028047943d094294bbd09c69bfc5623c372097 RIPEMD160(Wireshark-win32-3.5.0.exe)=bb97db1c72cddb3131a474db31e52b9935810ad6 SHA1(Wireshark-win32-3.5.0.exe)=002bfb18a5ed0273aa9b0a1b97bcaabaf7237402 Wireshark-win64-3.5.0.exe: 76726040 bytes SHA256(Wireshark-win64-3.5.0.exe)=0c7c05ad9a748a6eeddd1065df3398f9764ae921b87a87903895ac02bf4c4a2f RIPEMD160(Wireshark-win64-3.5.0.exe)=5248dcd99afe37c3cd67ff09102af530fffcf38a SHA1(Wireshark-win64-3.5.0.exe)=cfc8c4418265e0e862760a1acdb17997c32f414b Wireshark-win32-3.5.0.msi: 45019136 bytes SHA256(Wireshark-win32-3.5.0.msi)=5c1030fa9ad7c2103b46a33db3c2bae819d327bfa685b12777a1873009e699ac RIPEMD160(Wireshark-win32-3.5.0.msi)=1b8b03cfc3443a99f2eed8f781ec0591f39e1d13 SHA1(Wireshark-win32-3.5.0.msi)=f0b32d500b8802d4c405c7037e211e8e132023e3 Wireshark-win64-3.5.0.msi: 50298880 bytes SHA256(Wireshark-win64-3.5.0.msi)=aadd19d2c0f80308a06c7dc5114315d21a0cc7b57d27f4a5fa26d7e6ba1a540d RIPEMD160(Wireshark-win64-3.5.0.msi)=a2acd4dad3eed0237ac955f5034fcfdb1b0b7934 SHA1(Wireshark-win64-3.5.0.msi)=7b7998165055439c1631ea007c6d031d82ac3886 WiresharkPortable32_3.5.0.paf.exe: 39067352 bytes SHA256(WiresharkPortable32_3.5.0.paf.exe)=a8285154b0b824b615ffbfa32570068a860429690213028b86f79c78519fd538 RIPEMD160(WiresharkPortable32_3.5.0.paf.exe)=e985ddd9d0ae445b4ac9c8a5016aaf394cf3e7e4 SHA1(WiresharkPortable32_3.5.0.paf.exe)=e449df405dade28d334017e6506877fc158b2d0c WiresharkPortable64_3.5.0.paf.exe: 43832496 bytes SHA256(WiresharkPortable64_3.5.0.paf.exe)=ceb6ba8dbcb71aae3daa34b77be338ffc4d068fd05fb03f58afedc206e9a327b RIPEMD160(WiresharkPortable64_3.5.0.paf.exe)=622327eb4a59ea19d9ea6e5f848acec3c76375ad SHA1(WiresharkPortable64_3.5.0.paf.exe)=f5b5dcf7005e4dedcf5da2cde86f627dcc8c4fcc Wireshark 3.5.0 Intel 64.dmg: 136382239 bytes SHA256(Wireshark 3.5.0 Intel 64.dmg)=2375118dfd69fcaec1095560d646cfe801e039f9be16d329b4ec045e6a139ec1 RIPEMD160(Wireshark 3.5.0 Intel 64.dmg)=277142bc46db0b5d8faf6241c839c68b3b9772d9 SHA1(Wireshark 3.5.0 Intel 64.dmg)=8452a6fd6ea42545c352c5540d3bad6085de6361 Wireshark 3.5.0 Arm 64.dmg: 139219717 bytes SHA256(Wireshark 3.5.0 Arm 64.dmg)=12f5008a175deaa2ca6d28834e9085fb88c3b5f60698b454a6e2cac3b8e9e0b6 RIPEMD160(Wireshark 3.5.0 Arm 64.dmg)=00d2ef460c3e72d73b0c78ef2dc0fdd7c088c6f4 SHA1(Wireshark 3.5.0 Arm 64.dmg)=302beabf7da527d79a66a81f9d46a4e13f06db70 You can validate these hashes using the following commands (among others): Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" Other: openssl sha256 wireshark-x.y.z.tar.xz
Description: OpenPGP digital signature
___________________________________________________________________________ Sent via: Wireshark-announce mailing list <firstname.lastname@example.org> Archives: https://www.wireshark.org/lists/wireshark-announce Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-announce mailto:wireshark-announce-requ...@wireshark.org?subject=unsubscribe