[Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>]

I'm proud to announce the release of Wireshark 3.1.1.


 This is an experimental release intended to test new features for
 Wireshark 3.2.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.1.0:

     • Automatic updates are supported on macOS.

     • You can now select multiple packets in the packet list at the
       same time

     • They can be exported as Text by “Ctrl+C” or “Cmd+C” and the
       corresponding menu in “Edit › Copy › As …​”

     • They can be marked/unmarked or ignored/unignored at the same time

     • They can be exported and printed using the corresponding menu
       entries “File › Export Specified Packets”, “File › Export Packet
       Dissections” and “File › Print”

   You can now follow HTTP/2 and QUIC streams.

   You can once again mark and unmark packets using the middle mouse
   button. This feature went missing around 2009 or so.

   The Windows packages are now built using Microsoft Visual Studio
   2019.

   IOGraph automatically adds a graph for the selected display filter if
   no previous graph exists

   Action buttons for the display filter bar may be aligned left via the
   context menu

   Allow extcaps to be loaded from the personal configuration directory

   The Windows installers now ship with Qt 5.12.6. They previously
   shipped with Qt 5.12.4.

   The following features are new (or have been significantly updated)
   since version 3.0.0:

     • You can drag and drop a field to a column header to create a
       column for that field, or to the display filter input to create a
       display filter. If a display filter is applied, the new filter
       can be added using the same rules as “Apply Filter”

     • You can drag and drop a column entry to the display filter to
       create a filter for it.

     • You can import profiles from a .zip archive or an existing
       directory.

     • Dark mode support on macOS and dark theme support on other
       platforms has been improved.

     • Brotli decompression support in HTTP/HTTP2 (requires the brotli
       library).

     • The build system now checks for a SpeexDSP system library
       installation. The bundled Speex resampler code is still provided
       as a fallback.

     • WireGuard decryption can now be enabled through keys embedded in
       a pcapng in addition to the existing key log preference (Bug
       15571[1]).

     • A new tap for extracting credentials from the capture file has
       been added. It can be accessed through the -z credentials option
       in tshark or from the “Tools › Credentials” menu in Wireshark.

     • Editcap can now split files on floating point intervals.

     • Windows .msi packages are now signed using SHA-2[2]. .exe
       installers are still dual-signed using SHA-1 and SHA-2.

     • The “Enabled Protocols” Dialog now only enables, disables and
       inverts protocols based on the set filter selection. The protocol
       type (standard or heuristic) may also be choosen as a filter
       value.

     • The “Analyze › Apply as Filter” and “Analyze › Prepare a Filter”
       packet list and detail popup menus now show a preview of their
       respective filters.

     • Protobuf files (*.proto) can now be configured to enable more
       precise parsing of serialized Protobuf data (such as gRPC).

     • HTTP2 support streaming mode reassembly. To use this feature,
       subdissectors can register itself to "streaming_content_type"
       dissector table and return pinfo→desegment_len and
       pinfo→desegment_offset to tell HTTP2 when to start and how many
       additional bytes requires when next called.

     • The message of stream gRPC method can now be parsed with
       supporting of HTTP2 streaming mode reassembly feature.

     • The Windows installers now ship with Qt 5.12.4. They previously
       shipped with Qt 5.12.1.

  New Protocol Support

   3GPP BICC MST (BICC-MST), 3GPP log packet (LOG3GPP), 3GPP/GSM Cell
   Broadcast Service Protocol (cbsp), Bluetooth Mesh Beacon, Bluetooth
   Mesh PB-ADV, Bluetooth Mesh Provisioning PDU, Bluetooth Mesh Proxy,
   CableLabs Layer-3 Protocol IEEE EtherType 0xb4e3 (CL3), DCOM
   IProvideClassInfo, DCOM ITypeInfo, Diagnostic Log and Trace (DLT),
   Distributed Replicated Block Device (DRBD), Dual Channel Wi-Fi
   (CL3DCW), EBHSCR Protocol (EBHSCR), EERO Protocol (EERO), evolved
   Common Public Radio Interface (eCPRI), File Server Remote VSS
   Protocol (FSRVP), FTDI FT USB Bridging Devices (FTDI FT), Graylog
   Extended Log Format over UDP (GELF), GSM/3GPP CBSP (Cell Broadcast
   Service Protocol), Linux net_dm (network drop monitor) protocol, MIDI
   System Exclusive DigiTech (SYSEX DigiTech), Network Controller
   Sideband Interface (NCSI), NR Positioning Protocol A (NRPPa) TS
   38.455, NVM Express over Fabrics for TCP (nvme-tcp), OsmoTRX Protocol
   (GSM Transceiver control and data), and Scalable service-Oriented
   MiddlewarE over IP (SOME/IP)

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   3gpp phone, Android Logcat Text, Ascend, Candump, Endace ERF,
   NetScaler, pcapng, and Savvius *Peek

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html[3].

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[4] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About→Folders to
  find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/[5]

  Community support is available on Wireshark’s Q&A site[6] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[7].

  Bugs and feature requests can be reported on the bug tracker[8].

  Official Wireshark training and certification are available from
  Wireshark University[9].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[10].

  Last updated 2019-11-18 19:03:32 UTC

 References

   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15571
   2. https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-s
  igning-support-requirement-for-windows-and-wsus
   3. https://www.wireshark.org/download.html
   4. https://www.wireshark.org/download.html#thirdparty
   5. https://www.wireshark.org/docs/
   6. https://ask.wireshark.org/
   7. https://www.wireshark.org/lists/
   8. https://bugs.wireshark.org/
   9. https://www.wiresharktraining.com/
  10. https://www.wireshark.org/faq.html


Digests

wireshark-3.1.1.tar.xz: 31499140 bytes
SHA256(wireshark-3.1.1.tar.xz)=53854030880b09d14d2d40445bf4942ae5d550eed86549b24f2c0ae205e42f4c
RIPEMD160(wireshark-3.1.1.tar.xz)=f7ad2a8809cfc01dda567f9e7340a7eb30bb8e1b
SHA1(wireshark-3.1.1.tar.xz)=006a3409c999c20b4fa0cc1408cca78c0c1933b0

Wireshark-win64-3.1.1.exe: 69043528 bytes
SHA256(Wireshark-win64-3.1.1.exe)=a1cd4f38503c562a59e10787118e9783197bcac223c29fae7239545a12f25a1f
RIPEMD160(Wireshark-win64-3.1.1.exe)=cf8c368e01a2399d12e3c4c26e5f990564cbf692
SHA1(Wireshark-win64-3.1.1.exe)=8a5bbcd634b47543f5c1063997484ef7cc23dad7

Wireshark-win32-3.1.1.exe: 63818928 bytes
SHA256(Wireshark-win32-3.1.1.exe)=bd11c4bb1886d0e1cf8ff8fbeb2b92a91ccff9017aa0b99d2c1bd08ad8904d43
RIPEMD160(Wireshark-win32-3.1.1.exe)=9a93d3688618f4e3353cffd7173192f641514ee5
SHA1(Wireshark-win32-3.1.1.exe)=c99ba601101e2317d86c30a58d22953b81431bc2

Wireshark-win32-3.1.1.msi: 42897408 bytes
SHA256(Wireshark-win32-3.1.1.msi)=2dd4c41e83784952cd2c173af0e7d93266bc8c91407bc031073d263970c72994
RIPEMD160(Wireshark-win32-3.1.1.msi)=c6dc32068c8f82cec195bf96a0d6b4a27607d197
SHA1(Wireshark-win32-3.1.1.msi)=ea8f1e3afa6f42e9937b49427d2638157ed4c30c

Wireshark-win64-3.1.1.msi: 48218112 bytes
SHA256(Wireshark-win64-3.1.1.msi)=7f0cc6f39b4660a6ccaf882260506af8e42b3ba172ca561fdcb4ff032fe5ba85
RIPEMD160(Wireshark-win64-3.1.1.msi)=825de6593a92d26a0ff9f9fc2d0128230705e951
SHA1(Wireshark-win64-3.1.1.msi)=d8b89955c774e0c3f8b44a5501e73f723ae32292

WiresharkPortable_3.1.1.paf.exe: 36519576 bytes
SHA256(WiresharkPortable_3.1.1.paf.exe)=aac12422eed20e142c5f8e4b4c8b1f8f7bae0d80465dcd8bff198ba0010b593b
RIPEMD160(WiresharkPortable_3.1.1.paf.exe)=0768976a34537575ab9900fd9a7ace767acb1d6b
SHA1(WiresharkPortable_3.1.1.paf.exe)=8d9042d3580ff3b2a5bf0049c83520246555de8a

Wireshark 3.1.1 Intel 64.dmg: 96332282 bytes
SHA256(Wireshark 3.1.1 Intel
64.dmg)=6e319b729405b72583e976ee87db6a92a785ce1144dd5581ba9df8d01ab3ac98
RIPEMD160(Wireshark 3.1.1 Intel
64.dmg)=6e1dc8f16c18a3b334bc117a0c234750e3989bd8
SHA1(Wireshark 3.1.1 Intel 64.dmg)=789e4e8dd081f96f5b67c3e65d8dc29a267162fe

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: signature.asc
Description: OpenPGP digital signature