Wireshark-dev: [Wireshark-dev] Wireshark 3.5.0 is now available

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Fri, 27 Aug 2021 14:35:55 -0700
I'm proud to announce the release of Wireshark 3.5.0.


 This is an experimental release intended to test new features for
 Wireshark 3.6.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.4.0:

     • The Windows installers now ship with Npcap 1.50.

     • A 64-bit Windows PortableApps package is now available.

     • A macOS Arm 64 (Apple Silicon) package is now available.

     • TCP conversations now support a completeness criteria, which
       facilitates the identification of TCP streams having any of
       opening or closing handshakes, a payload, in any combination. It
       is accessed with the new tcp.completeness filter.

     • Protobuf fields that are not serialized on the wire (missing in
       capture files) can now be displayed with default values by
       setting the new 'add_default_value' preference. The default
       values might be explicitly declared in 'proto2' files, or false
       for bools, first value for enums, zero for numeric types.

     • Wireshark now supports reading Event Tracing for Windows (ETW). A
       new extcap named ETW reader is created that now can open an etl
       file, convert all events in the file to DLT_ETW packets and write
       to a specified FIFO destination. Also, a new packet_etw dissector
       is created to dissect DLT_ETW packets so Wireshark can display
       the DLT_ETW packet header, its message and packet_etw dissector
       calls packet_mbim sub_dissector if its provider matches the MBIM
       provider GUID.

     • "Follow DCCP stream" feature to filter for and extract the
       contents of DCCP streams.

     • Wireshark now supports dissecting the rtp packet with OPUS
       payload.

     • Importing captures from text files is now also possible based on
       regular expressions. By specifying a regex capturing a single
       packet including capturing groups for relevant fields a textfile
       can be converted to a libpcap capture file. Supported data
       encodings are plain-hexadecimal, -octal, -binary and base64. Also
       the timestamp format now allows the second-fractions to be placed
       anywhere in the timestamp and it will be stored with nanosecond
       instead of microsecond precision.

     • Display filter literal strings can now be specified using raw
       string syntax, identical to raw strings in the Python programming
       language. This is useful to avoid the complexity of using two
       levels of character escapes with regular expressions.

     • Significant RTP Player redesign and improvements (see Wireshark
       User Documentation, Playing VoIP Calls[1] and RTP Player
       Window[2])

     • RTP Player can play many streams in row

     • UI is more responsive

     • RTP Player maintains playlist, other tools can add/remove streams
       to it

     • Every stream can be muted or routed to L/R channel for replay

     • Save audio is moved from RTP Analysis to RTP Player. RTP Player
       saves what was played. RTP Player can save in multichannel .au or
       .wav.

     • RTP Player added to menu Telephony>RTP>RTP Player

   VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP
   Flows) are non-modal, can stay opened on background

     • Same tools are provided across all dialogs (Prepare Filter,
       Analyse, RTP Player …​)

   Follow stream is now able to follow SIP calls based on their Call-ID
   value.

   Follow stream YAML output format’s has been changed to add timestamps
   and peers information (for more details see the user’s guide,
   Following Protocol Streams[3])

   IP fragments between public IPv4 addresses are now reassembled even
   if they have different VLAN IDs. Reassembly of IP fragments where one
   endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927)
   IPv4 address continues to take the VLAN ID into account, as those
   addresses can be reused. To revert to the previous behavior and not
   reassemble fragments with different VLAN IDs, turn on the "Enable
   stricter conversation tracking heuristics" top level protocol
   preference.

   USB Link Layer reassembly has been added, which allows hardware
   captures to be analyzed at the same level as software captures.

   TShark can now export TLS session keys with the
   --export-tls-session-keys option.

   Wireshark participated in the Google Season of Docs 2020 and the
   User’s Guide has been extensively updated.

   Format of export to CSV in RTP Stream Analysis dialog was slightly
   changed. First line of export contains names of columns as in other
   CSV exports.

   Wireshark now supports the Turkish language.

  New File Format Decoding Support

   Vector Informatik Binary Log File (BLF)

  New Protocol Support

   Bluetooth Link Manager Protocol (BT LMP), E2 Application Protocol
   (E2AP), Event Tracing for Windows (ETW), High-Performance
   Connectivity Tracer (HiPerConTracer), Kerberos SPAKE, Linux psample
   protocol, Local Interconnect Network (LIN), Microsoft Task Scheduler
   Service, O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus
   Interactive Audio Codec (OPUS), PDU Transport Protocol, R09.x (R09),
   RDP Dynamic Channel Protocol (DRDYNVC), Real-Time Publish-Subscribe
   Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
   Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
   Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
   Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, and
   World of Warcraft World (WOWW)

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Vector Informatik Binary Log File (BLF)

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[4] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About → Folders
  to find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q&A site[5] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[6].

  Bugs and feature requests can be reported on the issue tracker[7].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[8].

  Last updated 2021-08-27 17:26:35 UTC

 References

   1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
  .html
   2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
  pPlayer
   3. https://www.wireshark.org/docs/wsug_html_chunked//ChAdvFollowStrea
  mSection.html
   4. https://www.wireshark.org/download.html#thirdparty
   5. https://ask.wireshark.org/
   6. https://www.wireshark.org/lists/
   7. https://gitlab.com/wireshark/wireshark/-/issues
   8. https://www.wireshark.org/faq.html


Digests

wireshark-3.5.0.tar.xz: 38289540 bytes
SHA256(wireshark-3.5.0.tar.xz)=cb96804f6283980ae1218843bcf0d0866d8952ef215b5f85337fce7c5d6221b3
RIPEMD160(wireshark-3.5.0.tar.xz)=bbbd61d6b960a34161739383f59ba1d382b0b9c5
SHA1(wireshark-3.5.0.tar.xz)=eaaef097d4400110d9c876022814d31f7fb7d393

Wireshark-win32-3.5.0.exe: 60654768 bytes
SHA256(Wireshark-win32-3.5.0.exe)=2839b4084e4b52cb4d6209d476028047943d094294bbd09c69bfc5623c372097
RIPEMD160(Wireshark-win32-3.5.0.exe)=bb97db1c72cddb3131a474db31e52b9935810ad6
SHA1(Wireshark-win32-3.5.0.exe)=002bfb18a5ed0273aa9b0a1b97bcaabaf7237402

Wireshark-win64-3.5.0.exe: 76726040 bytes
SHA256(Wireshark-win64-3.5.0.exe)=0c7c05ad9a748a6eeddd1065df3398f9764ae921b87a87903895ac02bf4c4a2f
RIPEMD160(Wireshark-win64-3.5.0.exe)=5248dcd99afe37c3cd67ff09102af530fffcf38a
SHA1(Wireshark-win64-3.5.0.exe)=cfc8c4418265e0e862760a1acdb17997c32f414b

Wireshark-win32-3.5.0.msi: 45019136 bytes
SHA256(Wireshark-win32-3.5.0.msi)=5c1030fa9ad7c2103b46a33db3c2bae819d327bfa685b12777a1873009e699ac
RIPEMD160(Wireshark-win32-3.5.0.msi)=1b8b03cfc3443a99f2eed8f781ec0591f39e1d13
SHA1(Wireshark-win32-3.5.0.msi)=f0b32d500b8802d4c405c7037e211e8e132023e3

Wireshark-win64-3.5.0.msi: 50298880 bytes
SHA256(Wireshark-win64-3.5.0.msi)=aadd19d2c0f80308a06c7dc5114315d21a0cc7b57d27f4a5fa26d7e6ba1a540d
RIPEMD160(Wireshark-win64-3.5.0.msi)=a2acd4dad3eed0237ac955f5034fcfdb1b0b7934
SHA1(Wireshark-win64-3.5.0.msi)=7b7998165055439c1631ea007c6d031d82ac3886

WiresharkPortable32_3.5.0.paf.exe: 39067352 bytes
SHA256(WiresharkPortable32_3.5.0.paf.exe)=a8285154b0b824b615ffbfa32570068a860429690213028b86f79c78519fd538
RIPEMD160(WiresharkPortable32_3.5.0.paf.exe)=e985ddd9d0ae445b4ac9c8a5016aaf394cf3e7e4
SHA1(WiresharkPortable32_3.5.0.paf.exe)=e449df405dade28d334017e6506877fc158b2d0c

WiresharkPortable64_3.5.0.paf.exe: 43832496 bytes
SHA256(WiresharkPortable64_3.5.0.paf.exe)=ceb6ba8dbcb71aae3daa34b77be338ffc4d068fd05fb03f58afedc206e9a327b
RIPEMD160(WiresharkPortable64_3.5.0.paf.exe)=622327eb4a59ea19d9ea6e5f848acec3c76375ad
SHA1(WiresharkPortable64_3.5.0.paf.exe)=f5b5dcf7005e4dedcf5da2cde86f627dcc8c4fcc

Wireshark 3.5.0 Intel 64.dmg: 136382239 bytes
SHA256(Wireshark 3.5.0 Intel 64.dmg)=2375118dfd69fcaec1095560d646cfe801e039f9be16d329b4ec045e6a139ec1
RIPEMD160(Wireshark 3.5.0 Intel 64.dmg)=277142bc46db0b5d8faf6241c839c68b3b9772d9
SHA1(Wireshark 3.5.0 Intel 64.dmg)=8452a6fd6ea42545c352c5540d3bad6085de6361

Wireshark 3.5.0 Arm 64.dmg: 139219717 bytes
SHA256(Wireshark 3.5.0 Arm 64.dmg)=12f5008a175deaa2ca6d28834e9085fb88c3b5f60698b454a6e2cac3b8e9e0b6
RIPEMD160(Wireshark 3.5.0 Arm 64.dmg)=00d2ef460c3e72d73b0c78ef2dc0fdd7c088c6f4
SHA1(Wireshark 3.5.0 Arm 64.dmg)=302beabf7da527d79a66a81f9d46a4e13f06db70

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature
Description: OpenPGP digital signature