[Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>]

I'm proud to announce the release of Wireshark 2.9.0.


 This is an experimental release intended to test new features for
 Wireshark 3.0.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many user interface improvements have been made. See the “New and
  Updated Features” section below for more details.

  Bug Fixes

   The following bugs have been fixed:

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.6.0:

     • The Windows .exe installers now ship with Npcap instead of
       WinPcap.

     • Conversation timestamps are supported for UDP/UDP-Lite protocols

     • TShark now supports the -G elastic-mapping option which generates
       an ElasticSearch mapping file.

     • The “Capture Information” dialog has been added back (Bug
       12004[2]).

     • The Ethernet and IEEE 802.11 dissectors no longer validate the
       frame check sequence (checksum) by default.

     • The TCP dissector gained a new “Reassemble out-of-order segments”
       preference to fix dissection and decryption issues in case TCP
       segments are received out-of-order. See the User’s Guide, chapter
       TCP Reassembly for details.

     • Decryption support for the new WireGuard dissector (Bug 15011[3],
       requires Libgcrypt 1.8).

     • The BOOTP dissector has been renamed to DHCP. With the exception
       of “bootp.dhcp”, the old “bootp.*” display filter fields are
       still supported but may be removed in a future release.

     • The SSL dissector has been renamed to TLS. As with BOOTP the old
       “ssl.*” display filter fields are supported but may be removed in
       a future release.

     • Coloring rules, IO graphs, Filter Buttons and protocol preference
       tables can now be copied from other profiles using a button in
       the corresponding configuration dialogs.

     • APT-X has been renamed to aptX.

     • When importing from hex dump, it’s now possible to add an
       ExportPDU header with a payload name. This calls the specific
       dissector directly without lower protocols.

     • The sshdump and ciscodump extcap interfaces can now use a proxy
       for the SSH connection.

     • Dumpcap now supports the -a packets:NUM and -b packets:NUM
       options.

     • Wireshark now includes a “No Reassembly” configuration profile.

     • Wireshark now supports the Russian language.

     • The build system now supports AppImage packages.

     • The Windows installers now ship with Qt 5.12.0. Previously they
       shipped with Qt 5.9.7.

  Removed Features and Support

     • The legacy (GTK+) user interface has been removed and is no
       longer supported.

     • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.

     • Wireshark requires GLib 2.32 or later.

     • Building Wireshark requires CMake. Autotools is no longer
       supported.

     • TShark’s -z compare option was removed.

  New File Format Decoding Support

   Ruby Marshal format

  New Protocol Support

   Apple Wireless Direct Link (AWDL), BLIP Couchbase Mobile (BLIP), CDMA
   2000, Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb),
   DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers,
   General Circuit Services Notification Application Protocol (GCSNA),
   GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
   Element usage), HI3CCLinkData, ISO 13400-2 Diagnostic communication
   over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules
   (OER), Local Number Portability Database Query Protocol (ANSI),
   MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update
   Protocol (GSUP), PKCS#10 (RFC2986 Certification Request Syntax),
   PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable
   Transport Protocol (SRT), Spirent Test Center Signature decoding for
   Ethernet and FibreChannel (STCSIG, disabled by default),
   Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3
   DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, and XnAP
   (5G)

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
   and Unigraf DPA-400 DisplayPort AUX channel monitor

  New and Updated Capture Interfaces support

   dpauxmon, an external capture interface (extcap) that captures
   DisplayPort AUX channel data from linux kernel drivers.

   sdjournal, an extcap that captures systemd journal entries.

  Major API Changes

     • Lua: the various logging functions (debug, info, message, warn
       and critical) have been removed. Use the print function instead
       for debugging purposes.

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html[4].

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[5] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About→Folders to
  find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/[6]

  Community support is available on Wireshark’s Q&A site[7] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[8].

  Bugs and feature requests can be reported on the bug tracker[9].

  Official Wireshark training and certification are available from
  Wireshark University[10].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[11].

  Last updated 2018-12-12 23:05:55 UTC

 References

   1. 1
   2. 2
   3. 3
   4. 4
   5. 5
   6. 6
   7. 7
   8. 8
   9. 9
  10. 10
  11. 11


Digests

wireshark-2.9.0.tar.xz: 29438416 bytes
SHA256(wireshark-2.9.0.tar.xz)=5153d459b4598dc84836086ff3906bdf1ea4f0cfd9c25e015dfc23bfa4abc0b9
RIPEMD160(wireshark-2.9.0.tar.xz)=dedf3e96a5d2761b296d6ecca605fd905fb3e8f3
SHA1(wireshark-2.9.0.tar.xz)=1f09456e245520867aadcf71a44f867aeea342f1

Wireshark-win64-2.9.0.exe: 57572488 bytes
SHA256(Wireshark-win64-2.9.0.exe)=b4fd5672ec0c83c611d5b6be48fe6e2a9e2b165b0b93ecdd2785af0863fb47d9
RIPEMD160(Wireshark-win64-2.9.0.exe)=34a7e6938161085f003531b354065d55bdca01ee
SHA1(Wireshark-win64-2.9.0.exe)=22dbec605920556a2270a898cc28e16e10f43926

Wireshark-win32-2.9.0.exe: 52338360 bytes
SHA256(Wireshark-win32-2.9.0.exe)=380dab41de197cdfd53127b3095062d94e43b8473df866a15b633aaaec251394
RIPEMD160(Wireshark-win32-2.9.0.exe)=45d05b522761ed3afc47f595c0f153993e370314
SHA1(Wireshark-win32-2.9.0.exe)=51411738c830b0749657e84b52a56085f5be3de2

Wireshark-win64-2.9.0.msi: 46362624 bytes
SHA256(Wireshark-win64-2.9.0.msi)=1a912dfe2a195213e120b9a0352a2cc447ac7a4179ce7424ae7ef865893d6c46
RIPEMD160(Wireshark-win64-2.9.0.msi)=48ea03c228f15d5c53778c236b51f9a9c1d242bc
SHA1(Wireshark-win64-2.9.0.msi)=fd22de2a0192d7e3923b56171d9bbf8aeefbd58b

Wireshark-win32-2.9.0.msi: 41279488 bytes
SHA256(Wireshark-win32-2.9.0.msi)=dd9a9541a3a0cbde66bbdba80ed828e4f7bc54371275e6d81c6402d546e140ee
RIPEMD160(Wireshark-win32-2.9.0.msi)=653f13b5a08fb0059b671a23a3375ad9fbd03c3f
SHA1(Wireshark-win32-2.9.0.msi)=7f4a628abb7743fa82eac82bbc3fdd4292d1e060

WiresharkPortable_2.9.0.paf.exe: 35237664 bytes
SHA256(WiresharkPortable_2.9.0.paf.exe)=d5681828357aec6d46b739ecb5221a5e01ccdcce592d46e2f17c75f63f8c9174
RIPEMD160(WiresharkPortable_2.9.0.paf.exe)=0fb4cf792589b717039ae417a0e1194d8c1ca4b9
SHA1(WiresharkPortable_2.9.0.paf.exe)=5daef4e322ccd74d02bb4502919e2b77282fdd26

Wireshark 2.9.0 Intel 64.dmg: 177641795 bytes
SHA256(Wireshark 2.9.0 Intel
64.dmg)=34bb5eb91a6bd1026a52ed59ab7ec26c24400f3c5cb012797ee501b24690000f
RIPEMD160(Wireshark 2.9.0 Intel
64.dmg)=7dba71db8b1c744eea1350c7b63374f76da9c8c5
SHA1(Wireshark 2.9.0 Intel 64.dmg)=2abe373f2bdbdf17869589ed2dcab5140e8c3635

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: signature.asc
Description: OpenPGP digital signature