Wireshark-dev: [Wireshark-dev] Wireshark 2.2.0rc2 is now available

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Wed, 31 Aug 2016 12:44:19 -0700
I'm proud to announce the release of Wireshark 2.2.0rc2.


   This is the first release candidate for Wireshark 2.2.0.
     __________________________________________________________________

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer. It is
   used for troubleshooting, analysis, development and education.
     __________________________________________________________________

What's New

  Bug Fixes

     * Upgrading to latest version uninstalls Microsoft Visual C++
       redistributable. ([1]Bug 12712)
     * Extcap errors not reported back to UI. ([2]Bug 11892)

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.2.0rc1:

     * "Decode As" supports SSL (TLS) over TCP.

   The following features are new (or have been significantly updated)
   since version 2.1.1:
     * Invalid coloring rules are now disabled instead of discarded. This
       will provide backward compatibility with a coloring rule change in
       Wireshark 2.2.

   The following features are new (or have been significantly updated)
   since version 2.1.0:
     * Added -d option for Decode As support in Wireshark (mimics TShark
       functionality)
     * The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
       TShark can additionally export packets as Elasticsearch-compatible
       JSON.
     * The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
       deprecated.
     * The Conversations and Endpoints dialogs are more responsive when
       viewing large numbers of items.
     * The RTP player now allows up to 30 minutes of silence frames.
     * Packet bytes can now be displayed as EBCDIC.
     * The Qt UI loads captures faster on Windows.
     * proto_tree_add_checksum was added as an API. This attempts to
       standardize how checksums are reported and filtered for within
       *Shark. There are no more individual "good" and "bad" filter
       fields, protocols now have a "checksum.status" field that records
       "Good", "Bad" and "Unverified" (neither good or bad). Color filters
       provided with Wireshark have been adjusted to the new display
       filter names, but custom ones may need to be updated.

   The following features are new (or have been significantly updated)
   since version 2.0.0:
     * The intelligent scroll bar now sits to the left of a normal scroll
       bar and provides a clickable map of nearby packets.
     * You can now switch between between Capture and File Format
       dissection of the current capture file via the View menu in the Qt
       GUI.
     * You can now show selected packet bytes as ASCII, HTML, Image, ISO
       8859-1, Raw, UTF-8, a C array, or YAML.
     * You can now use regular expressions in Find Packet and in the
       advanced preferences.
     * Name resolution for packet capture now supports asynchronous DNS
       lookups only. Therefore the "concurrent DNS resolution" preference
       has been deprecated and is a no-op. To enable DNS name resolution
       some build dependencies must be present (currently c-ares). If that
       is not the case DNS name resolution will be disabled (but other
       name resolution mechanisms, such as host files, are still
       available).
     * The byte under the mouse in the Packet Bytes pane is now
       highlighted.
     * TShark supports exporting PDUs via the -U flag.
     * The Windows and OS X installers now come with the "sshdump" and
       "ciscodump" extcap interfaces.
     * Most dialogs in the Qt UI now save their size and positions.
     * The Follow Stream dialog now supports UTF-16.
     * The Firewall ACL Rules dialog has returned.
     * The Flow (Sequence) Analysis dialog has been improved.
     * We no longer provide packages for 32-bit versions of OS X.
     * The Bluetooth Device details dialog has been added.

  New File Format Decoding Support

   Wireshark is able to display the format of some types of files (rather
   than displaying the contents of those files). This is useful when
   you're curious about, or debugging, a file and its format. To open a
   capture file (such as PCAP) in this mode specify "MIME Files Format" as
   the file's format in the Open File dialog.

  New Protocol Support

   Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
   Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
   Digital Equipment Corporation Local Area Transport, Distributed Object
   Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
   Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
   Kernel Packet Header (IPOS), Extensible Control & Management Protocol
   (eCMP), FLEXRAY Protocol (automotive bus), IEEE 802.1BR E-Tag, Intel
   Omni-Path Architecture, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303
   Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako
   trailers, Network Service Header for Ethernet & GRE, Network-Based IP
   Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open
   Mobile Alliance Lightweight Machine to Machine TLV (LwM2M TLV), Real
   Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), SMB
   Witness Service, STANAG 5602 SIMPLE, Standard Interface for Multiple
   Platform Link Evaluation (SIMPLE), USB3 Vision Protocol (USB machine
   vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol
   Clusters (Closures Lighting General Measurement & Sensing HVAC Security
   & Safety)

  Updated Protocol Support

   Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
   which allows it to be used with "Decode As" over USB, TCP and UDP.

   A preference was added to TCP dissector for handling IPFIX process
   information. It has been disabled by default.

  New and Updated Capture File Support

   Micropross mplog

  New and Updated Capture Interfaces support

   Non-empty section placeholder.

  Major API Changes

   The libwireshark API has undergone some major changes:
     * The address macros (e.g., SET_ADDRESS) have been removed. Use the
       (lower case) functions of the same names instead.
     * "old style" dissector functions (that don't return number of bytes
       used) have been replaced in name with the "new style" dissector
       functions.
     * tvb_get_string and tvb_get_stringz have been replaced with
       tvb_get_string_enc and tvb_get_stringz_enc respectively.
     __________________________________________________________________

Getting Wireshark

   Wireshark source code and installation packages are available from
   [3]https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can be
   found on the [4]download page on the Wireshark web site.
     __________________________________________________________________

File Locations

   Wireshark and TShark look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
   vary from platform to platform. You can use About->Folders to find the
   default locations on your system.
     __________________________________________________________________

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. ([5]Bug 1419)

   The BER dissector might infinitely loop. ([6]Bug 1516)

   Capture filters aren't applied when capturing from named pipes. ([7]Bug
   1814)

   Filtering tshark captures with read filters (-R) no longer works.
   ([8]Bug 2234)

   Application crash when changing real-time option. ([9]Bug 4035)

   Packet list rows are oversized. ([10]Bug 4357)

   Wireshark and TShark will display incorrect delta times in some cases.
   ([11]Bug 4985)

   Wireshark should let you work with multiple capture files. ([12]Bug
   10488)

   Dell Backup and Recovery (DBAR) makes many Windows applications crash,
   including Wireshark. ([13]Bug 12036)
     __________________________________________________________________

Getting Help

   Community support is available on [14]Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and archives for
   all of Wireshark's mailing lists can be found on [15]the web site.

   Official Wireshark training and certification are available from
   [16]Wireshark University.
     __________________________________________________________________

Frequently Asked Questions

   A complete FAQ is available on the [17]Wireshark web site.
     __________________________________________________________________

   Last updated 2016-08-31 19:28:40 UTC

References

   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12712
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11892
   3. https://www.wireshark.org/download.html
   4. https://www.wireshark.org/download.html#thirdparty
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
  12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
  13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12036
  14. https://ask.wireshark.org/
  15. https://www.wireshark.org/lists/
  16. http://www.wiresharktraining.com/
  17. https://www.wireshark.org/faq.html


Digests

wireshark-2.2.0rc2.tar.bz2: 32109255 bytes
SHA256(wireshark-2.2.0rc2.tar.bz2)=a508f23ccab41261a3b3426e642b5a2a9ad83731bedca3a520fe7ea399839bf8
RIPEMD160(wireshark-2.2.0rc2.tar.bz2)=3be9dd4da2927398616791f5ae6538331729b94e
SHA1(wireshark-2.2.0rc2.tar.bz2)=044636ceabb611fb29ad0ed8295073eca8d972bd
MD5(wireshark-2.2.0rc2.tar.bz2)=8ab118868e1da3bb91159c8c026afb8e

Wireshark-win64-2.2.0rc2.exe: 48512248 bytes
SHA256(Wireshark-win64-2.2.0rc2.exe)=0d0b21e9087c102cf98f8399100af115aff17b307a40fda1aa02fac83a42f8f4
RIPEMD160(Wireshark-win64-2.2.0rc2.exe)=40d2c0f68c1950483690084296f7c4073e0a7916
SHA1(Wireshark-win64-2.2.0rc2.exe)=711e83e61b4ae6cfc3abd58132114d6f2a6d4722
MD5(Wireshark-win64-2.2.0rc2.exe)=e18662a49a307b094ad851f21363b76f

Wireshark-win32-2.2.0rc2.exe: 44806336 bytes
SHA256(Wireshark-win32-2.2.0rc2.exe)=884ab19a1432c28b60256e048586f49e1caf20e33c631c6771fab147dbc87273
RIPEMD160(Wireshark-win32-2.2.0rc2.exe)=6193752f6231d801220743af2f8a6ccae7d7a736
SHA1(Wireshark-win32-2.2.0rc2.exe)=a22c0004920f7ec1fbe377c0581c7c64e7e787d7
MD5(Wireshark-win32-2.2.0rc2.exe)=ef4c85650b878a2da2502a4dca93ebcf

WiresharkPortable_2.2.0rc2.paf.exe: 46435360 bytes
SHA256(WiresharkPortable_2.2.0rc2.paf.exe)=ff584b214df9b9d462fbaf67df843c687d4dd093a4760dbbc24f838dd76f321c
RIPEMD160(WiresharkPortable_2.2.0rc2.paf.exe)=5e64e64d8f8b8efcdeec066ebe0e33989a0919bf
SHA1(WiresharkPortable_2.2.0rc2.paf.exe)=8c9c2f4456d10367b4927a6a254e81227099becd
MD5(WiresharkPortable_2.2.0rc2.paf.exe)=c12b791fb82801f0b386effefb254267

Wireshark 2.2.0rc2 Intel 64.dmg: 32685118 bytes
SHA256(Wireshark 2.2.0rc2 Intel
64.dmg)=df87a3dc43f0cab429aeaacacb3251eb608b1267a6927fcbca22c00a99144eba
RIPEMD160(Wireshark 2.2.0rc2 Intel
64.dmg)=19420bbffefcaabbf4db6944d44a62fa383d4da6
SHA1(Wireshark 2.2.0rc2 Intel
64.dmg)=a42131ff56554c78bd23592f73b547dac330c3a3
MD5(Wireshark 2.2.0rc2 Intel 64.dmg)=e9e9213c1745c860e761520ea629bc05

Attachment: signature.asc
Description: OpenPGP digital signature