Wireshark-announce: [Wireshark-announce] Wireshark 3.6.0rc2 is now available
From: Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>
Date: Wed, 27 Oct 2021 15:10:20 -0700
I'm proud to announce the release of Wireshark 3.6.0rc2.
This is the first release candidate for Wireshark 3.6.
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
Many improvements have been made. See the “New and Updated Features”
section below for more details.
New and Updated Features
The following features are new (or have been significantly updated)
since version 3.6.0rc1:
• The display filter expression “a != b” now has the same meaning
as “!(a == b)”.
The following features are new (or have been significantly updated)
since version 3.5.0:
• Nothing of note.
The following features are new (or have been significantly updated)
since version 3.4.0:
• The Windows installers now ship with Npcap 1.55.
• A 64-bit Windows PortableApps package is now available.
• A macOS Arm 64 (Apple Silicon) package is now available.
• TCP conversations now support a completeness criteria, which
facilitates the identification of TCP streams having any of
opening or closing handshakes, a payload, in any combination. It
is accessed with the new tcp.completeness filter.
• Protobuf fields that are not serialized on the wire (missing in
capture files) can now be displayed with default values by
setting the new “add_default_value” preference. The default
values might be explicitly declared in “proto2” files, or false
for bools, first value for enums, zero for numeric types.
• Wireshark now supports reading Event Tracing for Windows (ETW). A
new extcap named ETW reader is created that now can open an etl
file, convert all events in the file to DLT_ETW packets and write
to a specified FIFO destination. Also, a new packet_etw dissector
is created to dissect DLT_ETW packets so Wireshark can display
the DLT_ETW packet header, its message and packet_etw dissector
calls packet_mbim sub_dissector if its provider matches the MBIM
provider GUID.
• “Follow DCCP stream” feature to filter for and extract the
contents of DCCP streams.
• Wireshark now supports dissecting the rtp packet with OPUS
payload.
• Importing captures from text files is now also possible based on
regular expressions. By specifying a regex capturing a single
packet including capturing groups for relevant fields a textfile
can be converted to a libpcap capture file. Supported data
encodings are plain-hexadecimal, -octal, -binary and base64. Also
the timestamp format now allows the second-fractions to be placed
anywhere in the timestamp and it will be stored with nanosecond
instead of microsecond precision.
• Display filter literal strings can now be specified using raw
string syntax, identical to raw strings in the Python programming
language. This is useful to avoid the complexity of using two
levels of character escapes with regular expressions.
• Significant RTP Player redesign and improvements (see Wireshark
User Documentation, Playing VoIP Calls[1] and RTP Player
Window[2])
• RTP Player can play many streams in row
• UI is more responsive
• RTP Player maintains playlist, other tools can add/remove
streams to it
• Every stream can be muted or routed to L/R channel for replay
• Save audio is moved from RTP Analysis to RTP Player. RTP
Player saves what was played. RTP Player can save in multichannel
.au or .wav.
• RTP Player added to menu Telephony>RTP>RTP Player
• VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player,
SIP Flows) are non-modal, can stay opened on background
• Same tools are provided across all dialogs (Prepare Filter,
Analyse, RTP Player …)
• Follow stream is now able to follow SIP calls based on their
Call-ID value.
• Follow stream YAML output format’s has been changed to add
timestamps and peers information (for more details see the user’s
guide, Following Protocol Streams[3])
• IP fragments between public IPv4 addresses are now reassembled
even if they have different VLAN IDs. Reassembly of IP fragments
where one endpoint is a private (RFC 1918 section 3) or
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
into account, as those addresses can be reused. To revert to the
previous behavior and not reassemble fragments with different
VLAN IDs, turn on the “Enable stricter conversation tracking
heuristics” top level protocol preference.
• USB Link Layer reassembly has been added, which allows hardware
captures to be analyzed at the same level as software captures.
• TShark can now export TLS session keys with the
--export-tls-session-keys option.
• Wireshark participated in the Google Season of Docs 2020 and the
User’s Guide has been extensively updated.
• Format of export to CSV in RTP Stream Analysis dialog was
slightly changed. First line of export contains names of columns
as in other CSV exports.
• Wireshark now supports the Turkish language.
• The settings in the “Import from Hex Dump” dialog is now stored
in a profile import_hexdump.json file.
• Reload Lua plugins has been improved to properly support
FileHandler.
• Display filter syntax:
• The expression “a != b” now always has the same meaning as
“!(a == b)”. In particular this means filter expressions with
multi-value fields like “ip.addr != 1.1.1.1” will work as
expected (the result is the same as typing “ip.src != 1.1.1.1 and
ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
!= b) being true.
• Use the syntax “a ~= b” or “a any_ne b” to recover the
previous (inconsistent with ==) logic for not equal.
• Corrected calculation of mean jitter in RTP Stream Analysis
dialog and IAX2 Stram Analysis dialog
• RTP streams are created based on Skinny protocol messages
• The VoIP Calls Flow Sequence window shows more information about
various Skinny messages
New File Format Decoding Support
Vector Informatik Binary Log File (BLF)
New Protocol Support
5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
extra Eth Header (EXEH), High-Performance Connectivity Tracer
(HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
(EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
payload (xIRI)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Vector Informatik Binary Log File (BLF)
Getting Wireshark
Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[4] on the Wireshark web site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use Help › About
Wireshark › Folders or tshark -G folders to find the default locations
on your system.
Getting Help
The User’s Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/
Community support is available on Wireshark’s Q&A site[5] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark’s mailing lists can be found on the web site[6].
Bugs and feature requests can be reported on the issue tracker[7].
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site[8].
Last updated 2021-10-27 21:59:11 UTC
References
1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
.html
2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
pPlayer
3. https://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowStream
Section.html
4. https://www.wireshark.org/download.html
5. https://ask.wireshark.org/
6. https://www.wireshark.org/lists/
7. https://gitlab.com/wireshark/wireshark/-/issues
8. https://www.wireshark.org/faq.html
Digests
wireshark-3.6.0rc2.tar.xz: 39666664 bytes
SHA256(wireshark-3.6.0rc2.tar.xz)=aa42b951bfeb3ddcfca9caf9ef67fdff75a39e0e19b2fb2b88a516f8f40df1b9
RIPEMD160(wireshark-3.6.0rc2.tar.xz)=e9075864bb0fb15e1660998f5d0ea857d8d89aa6
SHA1(wireshark-3.6.0rc2.tar.xz)=1490c1e5dad43bde9660841c2553258391b8058a
Wireshark-win32-3.6.0rc2.exe: 61154864 bytes
SHA256(Wireshark-win32-3.6.0rc2.exe)=cbb9de8ce95556dd53b81ee07affccf2199e933ca17cdcaf50c1be829fec122a
RIPEMD160(Wireshark-win32-3.6.0rc2.exe)=edba7cc5f81b1617a16cbee009a43c14b4b81d0b
SHA1(Wireshark-win32-3.6.0rc2.exe)=a52509dcbf0218be5286d3f266cdf48777e90194
Wireshark-win64-3.6.0rc2.exe: 77237888 bytes
SHA256(Wireshark-win64-3.6.0rc2.exe)=93e9f0f7d4e972ea7670e4bf0162acd33eec3cc166dd902cc5ce4f10420a6336
RIPEMD160(Wireshark-win64-3.6.0rc2.exe)=f9bca19f91dba01c12f01908ac08347a5a857a29
SHA1(Wireshark-win64-3.6.0rc2.exe)=212fac2fd559f08a1cd85615b233dc44e70f6f22
Wireshark-win64-3.6.0rc2.msi: 50737152 bytes
SHA256(Wireshark-win64-3.6.0rc2.msi)=2a82468fa5e06d28690253b01b5ecc07f9a36443843b553fb01f56ed8da00447
RIPEMD160(Wireshark-win64-3.6.0rc2.msi)=adf6c3b72fb125311bccd04a991c5bf9fc4b837e
SHA1(Wireshark-win64-3.6.0rc2.msi)=4f1753fdb5994b16eaf6bd708ff2543d6fbac2c3
Wireshark-win32-3.6.0rc2.msi: 45252608 bytes
SHA256(Wireshark-win32-3.6.0rc2.msi)=ef56b8988e778e7a0b2719fb5c71742addaaca957128662d97df29ecac131862
RIPEMD160(Wireshark-win32-3.6.0rc2.msi)=488607a953e93363456de9b726d1acb049109f33
SHA1(Wireshark-win32-3.6.0rc2.msi)=5f3742ba7da5721fb1374f004b98e83a36c09b38
WiresharkPortable64_3.6.0rc2.paf.exe: 44070032 bytes
SHA256(WiresharkPortable64_3.6.0rc2.paf.exe)=e960e0269a7655607298b5acda3d0310d14aa528e63908e6abce99985b256f76
RIPEMD160(WiresharkPortable64_3.6.0rc2.paf.exe)=caeb252832fa0b1284454d30f852c8b0d1ce8ca2
SHA1(WiresharkPortable64_3.6.0rc2.paf.exe)=0b87281560126b7241210fbe7acc0e9b8b2249d2
WiresharkPortable32_3.6.0rc2.paf.exe: 39296016 bytes
SHA256(WiresharkPortable32_3.6.0rc2.paf.exe)=bc8ba153acc6546f175259129cc6c6384b91e16e08d7a2dc73f91f2634965e31
RIPEMD160(WiresharkPortable32_3.6.0rc2.paf.exe)=0a570dd5065f62d863b572f2083f6abccbf35715
SHA1(WiresharkPortable32_3.6.0rc2.paf.exe)=e363bee3b2b3f71c2e3b08dfa6dcf2acdac11ad7
Wireshark 3.6.0rc2 Arm 64.dmg: 139699400 bytes
SHA256(Wireshark 3.6.0rc2 Arm 64.dmg)=7c8e3814cd7fe196ef487269ba6d36a336b1118339c104021c3ed5220774513f
RIPEMD160(Wireshark 3.6.0rc2 Arm 64.dmg)=e28beb9f848ecbeb0f1d5d82ac32cc240ab3f65c
SHA1(Wireshark 3.6.0rc2 Arm 64.dmg)=afe38f3ad7d6a650fda2770cb64669d219a552d5
Wireshark 3.6.0rc2 Intel 64.dmg: 137143285 bytes
SHA256(Wireshark 3.6.0rc2 Intel 64.dmg)=3660c9df492c2908fb5164d24b1ac673508484a85b5532a20c34a6ff6ba28b98
RIPEMD160(Wireshark 3.6.0rc2 Intel 64.dmg)=8a2e880ef561bcf70a09d0dc638c473864f29881
SHA1(Wireshark 3.6.0rc2 Intel 64.dmg)=3c4cae3ed9197535ce6755f9a640b452318bae2c
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
- Prev by Date: [Wireshark-announce] Wireshark 3.6.0rc1 is now available
- Previous by thread: [Wireshark-announce] Wireshark 3.6.0rc1 is now available
- Index(es):