[Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>]

I'm proud to announce the release of Wireshark 3.6.0rc1.


 This is the first release candidate for Wireshark 3.6.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.4.0:

     • The Windows installers now ship with Npcap 1.55.

     • A 64-bit Windows PortableApps package is now available.

     • A macOS Arm 64 (Apple Silicon) package is now available.

     • TCP conversations now support a completeness criteria, which
       facilitates the identification of TCP streams having any of
       opening or closing handshakes, a payload, in any combination. It
       is accessed with the new tcp.completeness filter.

     • Protobuf fields that are not serialized on the wire (missing in
       capture files) can now be displayed with default values by
       setting the new 'add_default_value' preference. The default
       values might be explicitly declared in 'proto2' files, or false
       for bools, first value for enums, zero for numeric types.

     • Wireshark now supports reading Event Tracing for Windows (ETW). A
       new extcap named ETW reader is created that now can open an etl
       file, convert all events in the file to DLT_ETW packets and write
       to a specified FIFO destination. Also, a new packet_etw dissector
       is created to dissect DLT_ETW packets so Wireshark can display
       the DLT_ETW packet header, its message and packet_etw dissector
       calls packet_mbim sub_dissector if its provider matches the MBIM
       provider GUID.

     • "Follow DCCP stream" feature to filter for and extract the
       contents of DCCP streams.

     • Wireshark now supports dissecting the rtp packet with OPUS
       payload.

     • Importing captures from text files is now also possible based on
       regular expressions. By specifying a regex capturing a single
       packet including capturing groups for relevant fields a textfile
       can be converted to a libpcap capture file. Supported data
       encodings are plain-hexadecimal, -octal, -binary and base64. Also
       the timestamp format now allows the second-fractions to be placed
       anywhere in the timestamp and it will be stored with nanosecond
       instead of microsecond precision.

     • Display filter literal strings can now be specified using raw
       string syntax, identical to raw strings in the Python programming
       language. This is useful to avoid the complexity of using two
       levels of character escapes with regular expressions.

     • Significant RTP Player redesign and improvements (see Wireshark
       User Documentation, Playing VoIP Calls[1] and RTP Player
       Window[2])

        • RTP Player can play many streams in row

        • UI is more responsive

        • RTP Player maintains playlist, other tools can add/remove
       streams to it

        • Every stream can be muted or routed to L/R channel for replay

        • Save audio is moved from RTP Analysis to RTP Player. RTP
       Player saves what was played. RTP Player can save in multichannel
       .au or .wav.

        • RTP Player added to menu Telephony>RTP>RTP Player

     • VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player,
       SIP Flows) are non-modal, can stay opened on background

        • Same tools are provided across all dialogs (Prepare Filter,
       Analyse, RTP Player …​)

     • Follow stream is now able to follow SIP calls based on their
       Call-ID value.

     • Follow stream YAML output format’s has been changed to add
       timestamps and peers information (for more details see the user’s
       guide, Following Protocol Streams[3])

     • IP fragments between public IPv4 addresses are now reassembled
       even if they have different VLAN IDs. Reassembly of IP fragments
       where one endpoint is a private (RFC 1918 section 3) or
       link-local (RFC 3927) IPv4 address continues to take the VLAN ID
       into account, as those addresses can be reused. To revert to the
       previous behavior and not reassemble fragments with different
       VLAN IDs, turn on the "Enable stricter conversation tracking
       heuristics" top level protocol preference.

     • USB Link Layer reassembly has been added, which allows hardware
       captures to be analyzed at the same level as software captures.

     • TShark can now export TLS session keys with the
       --export-tls-session-keys option.

     • Wireshark participated in the Google Season of Docs 2020 and the
       User’s Guide has been extensively updated.

     • Format of export to CSV in RTP Stream Analysis dialog was
       slightly changed. First line of export contains names of columns
       as in other CSV exports.

     • Wireshark now supports the Turkish language.

     • The settings in the 'Import from Hex Dump' dialog is now stored
       in a profile import_hexdump.json file.

     • Reload Lua plugins has been improved to properly support
       FileHandler.

  New File Format Decoding Support

   Vector Informatik Binary Log File (BLF)

  New Protocol Support

   5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
   LMP), CBOR Object Signing and Encryption (COSE), E2 Application
   Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme extra Eth
   Header (EXEH), High-Performance Connectivity Tracer (HiPerConTracer),
   ISO 10681, Kerberos SPAKE, Linux psample protocol, Local Interconnect
   Network (LIN), Microsoft Task Scheduler Service, O-RAN E2AP, O-RAN
   fronthaul UC-plane (O-RAN), Opus Interactive Audio Codec (OPUS), PDU
   Transport Protocol, R09.x (R09), RDP Dynamic Channel Protocol
   (DRDYNVC), RDP Graphic pipeline channel Protocol (EGFX), RDP
   Multi-transport (RDPMT), Real-Time Publish-Subscribe Virtual
   Transport (RTPS-VT), Real-Time Publish-Subscribe Wire Protocol
   (processed) (RTPS-PROC), Shared Memory Communications (SMC), Signal
   PDU, SparkplugB, State Synchronization Protocol (SSyncP), Tagged
   Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN DSDL,
   UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson PPP
   compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
   payload (xIRI)

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Vector Informatik Binary Log File (BLF)

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[4] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q&A site[5] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[6].

  Bugs and feature requests can be reported on the issue tracker[7].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[8].

  Last updated 2021-10-13 18:08:42 UTC

 References

   1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
  .html
   2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
  pPlayer
   3. https://www.wireshark.org/docs/wsug_html_chunked//ChAdvFollowStrea
  mSection.html
   4. https://www.wireshark.org/download.html#thirdparty
   5. https://ask.wireshark.org/
   6. https://www.wireshark.org/lists/
   7. https://gitlab.com/wireshark/wireshark/-/issues
   8. https://www.wireshark.org/faq.html


Digests

wireshark-3.6.0rc1.tar.xz: 39626564 bytes
SHA256(wireshark-3.6.0rc1.tar.xz)=e35f8597a4a8f0e4b787af3a0c13f9d0933b84da4dde27684b617922e27d57e5
RIPEMD160(wireshark-3.6.0rc1.tar.xz)=50fce5243243984406792c5b5d66766fa22de5e4
SHA1(wireshark-3.6.0rc1.tar.xz)=331309adf9b35d79ca57d7238cddc0d3ec7df26e

Wireshark-win64-3.6.0rc1.exe: 77229624 bytes
SHA256(Wireshark-win64-3.6.0rc1.exe)=1fb2f89950b49b015dbc6e60ad637c4536a87bdf2e738d9201418ee6ef454f22
RIPEMD160(Wireshark-win64-3.6.0rc1.exe)=ea46a9fbadfd588684ead88095ff503ec83ee86b
SHA1(Wireshark-win64-3.6.0rc1.exe)=1b973bd667a04c2fc4eba7ca4458da49fcccb556

Wireshark-win32-3.6.0rc1.exe: 61142464 bytes
SHA256(Wireshark-win32-3.6.0rc1.exe)=6c159305a509792911e947d3e78c614929750922ce3bcba3bdf9cc03ba4320ee
RIPEMD160(Wireshark-win32-3.6.0rc1.exe)=fcace613c232413063e7502db66004cd7a038a07
SHA1(Wireshark-win32-3.6.0rc1.exe)=a4e108f1dd8740f8dbcf8bd2507256a5f0035542

Wireshark-win64-3.6.0rc1.msi: 50536448 bytes
SHA256(Wireshark-win64-3.6.0rc1.msi)=3b1347567b3c7a9ddef842d848da5779100e7399b5a2e81f09988cc08f6c2a85
RIPEMD160(Wireshark-win64-3.6.0rc1.msi)=7974262a3f6249cadf4c381fb4b6c8e1e5f50f61
SHA1(Wireshark-win64-3.6.0rc1.msi)=b6fdf07a23913e2f5856ec94ecd432c251ed49a3

Wireshark-win32-3.6.0rc1.msi: 45215744 bytes
SHA256(Wireshark-win32-3.6.0rc1.msi)=6ccca37ec338dbdb1fdda24a70d897af5c9987c4ba936339d7cf893a9fde3837
RIPEMD160(Wireshark-win32-3.6.0rc1.msi)=f732beb0338f8cebf81c97b593baf7ae1021b613
SHA1(Wireshark-win32-3.6.0rc1.msi)=d6cd987f7a56d6f9ec82e58b073a6bfeb6656bdc

WiresharkPortable32_3.6.0rc1.paf.exe: 39277616 bytes
SHA256(WiresharkPortable32_3.6.0rc1.paf.exe)=5d0ae2e828f10793c463eca4a708f6e37e04ff3fa382d251caeac88b43cc5b92
RIPEMD160(WiresharkPortable32_3.6.0rc1.paf.exe)=b7dee80234f08daf986011b93311b466805a3e09
SHA1(WiresharkPortable32_3.6.0rc1.paf.exe)=73d76f7621497a3cbe35b5200aa2252207b54e3f

WiresharkPortable64_3.6.0rc1.paf.exe: 44056576 bytes
SHA256(WiresharkPortable64_3.6.0rc1.paf.exe)=b2333eee661fe53c7064768f6fb7faa0a771d582d497610ea7aa7ea015fc1410
RIPEMD160(WiresharkPortable64_3.6.0rc1.paf.exe)=d86404593ca8c036a381d7170408ede0787b3fe6
SHA1(WiresharkPortable64_3.6.0rc1.paf.exe)=6e67a0986bf8b263f8f06234980a337b0f89effd

Wireshark 3.6.0rc1 Arm 64.dmg: 139743455 bytes
SHA256(Wireshark 3.6.0rc1 Arm 64.dmg)=9ffeff6e82756fa94dca791503ba56ee620d1a7863f595ed5ad73df25e225bff
RIPEMD160(Wireshark 3.6.0rc1 Arm 64.dmg)=00a0c745c4623733b12899aab258ebc0250d4d56
SHA1(Wireshark 3.6.0rc1 Arm 64.dmg)=f7595695fe0e4d0bc2fc8a7f4295e4cdf6d2d7e3

Wireshark 3.6.0rc1 Intel 64.dmg: 136994608 bytes
SHA256(Wireshark 3.6.0rc1 Intel 64.dmg)=1aed2bcdc5448fdbac8dfc2d9d5e59e44d7c9f82fc95118ad19dff10e1545cf4
RIPEMD160(Wireshark 3.6.0rc1 Intel 64.dmg)=07ef89c8341687e3141c2f033770f54d011704df
SHA1(Wireshark 3.6.0rc1 Intel 64.dmg)=c04ab0759bfbff697bfeec9f3f3035170a59c80f

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature
Description: OpenPGP digital signature