[Gerald Combs <gerald@xxxxxxxxxxxxx>]

I'm proud to announce the release of Wireshark 3.6.0rc3.


 This is the third release candidate for Wireshark 3.6.

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many improvements have been made. See the “New and Updated Features”
  section below for more details.

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.6.0rc2:

     • Display filter set elements must now be comma-separated.

   The following features are new (or have been significantly updated)
   since version 3.6.0rc1:

     • The display filter expression “a != b” now has the same meaning
       as “!(a == b)”.

   The following features are new (or have been significantly updated)
   since version 3.5.0:

     • Nothing of note.

   The following features are new (or have been significantly updated)
   since version 3.4.0:

     • The Windows installers now ship with Npcap 1.55.

     • A 64-bit Windows PortableApps package is now available.

     • A macOS Arm 64 (Apple Silicon) package is now available.

     • TCP conversations now support a completeness criteria, which
       facilitates the identification of TCP streams having any of
       opening or closing handshakes, a payload, in any combination. It
       is accessed with the new tcp.completeness filter.

     • Protobuf fields that are not serialized on the wire (missing in
       capture files) can now be displayed with default values by
       setting the new “add_default_value” preference. The default
       values might be explicitly declared in “proto2” files, or false
       for bools, first value for enums, zero for numeric types.

     • Wireshark now supports reading Event Tracing for Windows (ETW). A
       new extcap named ETW reader is created that now can open an etl
       file, convert all events in the file to DLT_ETW packets and write
       to a specified FIFO destination. Also, a new packet_etw dissector
       is created to dissect DLT_ETW packets so Wireshark can display
       the DLT_ETW packet header, its message and packet_etw dissector
       calls packet_mbim sub_dissector if its provider matches the MBIM
       provider GUID.

     • “Follow DCCP stream” feature to filter for and extract the
       contents of DCCP streams.

     • Wireshark now supports dissecting the rtp packet with OPUS
       payload.

     • Importing captures from text files is now also possible based on
       regular expressions. By specifying a regex capturing a single
       packet including capturing groups for relevant fields a textfile
       can be converted to a libpcap capture file. Supported data
       encodings are plain-hexadecimal, -octal, -binary and base64. Also
       the timestamp format now allows the second-fractions to be placed
       anywhere in the timestamp and it will be stored with nanosecond
       instead of microsecond precision.

     • Display filter literal strings can now be specified using raw
       string syntax, identical to raw strings in the Python programming
       language. This is useful to avoid the complexity of using two
       levels of character escapes with regular expressions.

     • Significant RTP Player redesign and improvements (see Wireshark
       User Documentation, Playing VoIP Calls[1] and RTP Player
       Window[2])

        • RTP Player can play many streams in row

        • UI is more responsive

        • RTP Player maintains playlist, other tools can add/remove
       streams to it

        • Every stream can be muted or routed to L/R channel for replay

        • Save audio is moved from RTP Analysis to RTP Player. RTP
       Player saves what was played. RTP Player can save in multichannel
       .au or .wav.

        • RTP Player added to menu Telephony>RTP>RTP Player

     • VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player,
       SIP Flows) are non-modal, can stay opened on background

        • Same tools are provided across all dialogs (Prepare Filter,
       Analyse, RTP Player …​)

     • Follow stream is now able to follow SIP calls based on their
       Call-ID value.

     • Follow stream YAML output format’s has been changed to add
       timestamps and peers information (for more details see the user’s
       guide, Following Protocol Streams[3])

     • IP fragments between public IPv4 addresses are now reassembled
       even if they have different VLAN IDs. Reassembly of IP fragments
       where one endpoint is a private (RFC 1918 section 3) or
       link-local (RFC 3927) IPv4 address continues to take the VLAN ID
       into account, as those addresses can be reused. To revert to the
       previous behavior and not reassemble fragments with different
       VLAN IDs, turn on the “Enable stricter conversation tracking
       heuristics” top level protocol preference.

     • USB Link Layer reassembly has been added, which allows hardware
       captures to be analyzed at the same level as software captures.

     • TShark can now export TLS session keys with the
       --export-tls-session-keys option.

     • Wireshark participated in the Google Season of Docs 2020 and the
       User’s Guide has been extensively updated.

     • Format of export to CSV in RTP Stream Analysis dialog was
       slightly changed. First line of export contains names of columns
       as in other CSV exports.

     • Wireshark now supports the Turkish language.

     • The settings in the “Import from Hex Dump” dialog is now stored
       in a profile import_hexdump.json file.

     • Reload Lua plugins has been improved to properly support
       FileHandler.

     • Display filter syntax:

        • The expression “a != b” now always has the same meaning as
       “!(a == b)”. In particular this means filter expressions with
       multi-value fields like “ip.addr != 1.1.1.1” will work as
       expected (the result is the same as typing “ip.src != 1.1.1.1 and
       ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
       != b) being true.

        • Use the syntax “a ~= b” or “a any_ne b” to recover the
       previous (inconsistent with ==) logic for not equal.

        • Set elements must now be separated using a comma (,). A filter
       such as http.request.method in {"GET" "HEAD"} must be written as
       …​ in {"GET", "HEAD"}. (Whitespace is of course optional.) The
       previous use of whitespace as separator is deprecated and will be
       removed in a future version.

        • Adds support for the syntax "a not in b" as a synonym for "not
       a in b".

     • Corrected calculation of mean jitter in RTP Stream Analysis
       dialog and IAX2 Stram Analysis dialog

     • RTP streams are created based on Skinny protocol messages

     • The VoIP Calls Flow Sequence window shows more information about
       various Skinny messages

     • Initial support for building Wireshark on Windows using GCC and
       MinGW-w64 (see README.msys2).

  New File Format Decoding Support

   Vector Informatik Binary Log File (BLF)

  New Protocol Support

   5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
   LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
   Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
   Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
   extra Eth Header (EXEH), High-Performance Connectivity Tracer
   (HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
   Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
   O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
   Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
   Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
   (EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
   Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
   Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
   Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
   Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
   DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
   PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
   payload (xIRI)

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Vector Informatik Binary Log File (BLF)

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[4] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use Help › About
  Wireshark › Folders or tshark -G folders to find the default locations
  on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q&A site[5] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[6].

  Bugs and feature requests can be reported on the issue tracker[7].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[8].

  Last updated 2021-11-11 20:38:16 UTC

 References

   1. https://www.wireshark.org/docs/wsug_html_chunked/ChTelPlayingCalls
  .html
   2. https://www.wireshark.org/docs/wsug_html_chunked/_rtp.html#ChTelRt
  pPlayer
   3. https://www.wireshark.org/docs/wsug_html_chunked/ChAdvFollowStream
  Section.html
   4. https://www.wireshark.org/download.html
   5. https://ask.wireshark.org/
   6. https://www.wireshark.org/lists/
   7. https://gitlab.com/wireshark/wireshark/-/issues
   8. https://www.wireshark.org/faq.html


Digests

wireshark-3.6.0rc3.tar.xz: 39681768 bytes
SHA256(wireshark-3.6.0rc3.tar.xz)=1ef5ccec05675402d8eff977396316aa5525b995619115c67eed58e9d3c2bca2
RIPEMD160(wireshark-3.6.0rc3.tar.xz)=637d10e58dc56e0d32151286c41de259b9a93d09
SHA1(wireshark-3.6.0rc3.tar.xz)=b14b284b242f4143878f32294c72d25ad9b2612c

Wireshark-win64-3.6.0rc3.exe: 77258104 bytes
SHA256(Wireshark-win64-3.6.0rc3.exe)=4f8ca4a0c21a1946aab588d3ed1b0d14d8757f345e7428511f70d013cf19bf23
RIPEMD160(Wireshark-win64-3.6.0rc3.exe)=46c7c219c5f1c3489ccb5542de8b0801ab3f9830
SHA1(Wireshark-win64-3.6.0rc3.exe)=2da6bd8a48c9eb3dec219ef2b8fea34e9efd3265

Wireshark-win32-3.6.0rc3.exe: 61166336 bytes
SHA256(Wireshark-win32-3.6.0rc3.exe)=b9835c533b62ebbe71df9cc5821bfdabf2a7496388f82723d52720a4af7a6166
RIPEMD160(Wireshark-win32-3.6.0rc3.exe)=4ac575e9ac5b8bf8be8e3acb4907b898ee0cbdd1
SHA1(Wireshark-win32-3.6.0rc3.exe)=e91ea1655361e15f1d196d6c7930c6c8851905e6

Wireshark-win32-3.6.0rc3.msi: 45240320 bytes
SHA256(Wireshark-win32-3.6.0rc3.msi)=6d0a38e59df6bc2bd6c7498ce365bd107fb2d2ae44dc95079a08136e899c7caf
RIPEMD160(Wireshark-win32-3.6.0rc3.msi)=c95603d9a9f04f0d86f08a7489ff025a44bf1ca7
SHA1(Wireshark-win32-3.6.0rc3.msi)=9df8dafae7b5fd335da829a26dd8a933963b86fc

Wireshark-win64-3.6.0rc3.msi: 50577408 bytes
SHA256(Wireshark-win64-3.6.0rc3.msi)=7bef7eaaa31ae289b90435b07ca2aba85cb009c7bf68b40262f5b67881466d23
RIPEMD160(Wireshark-win64-3.6.0rc3.msi)=da469ef325eb90975e2241c4f2a9738d0ac05d15
SHA1(Wireshark-win64-3.6.0rc3.msi)=abe068829d0f0d861f4ce3c99b03118cdd7083ff

WiresharkPortable32_3.6.0rc3.paf.exe: 39311904 bytes
SHA256(WiresharkPortable32_3.6.0rc3.paf.exe)=4ea816468d6939aa9363531428703e5e49400cba35ef26c8252717e1b5963a85
RIPEMD160(WiresharkPortable32_3.6.0rc3.paf.exe)=113b9cd4078438b321e1c6f1476e3e7832053ae1
SHA1(WiresharkPortable32_3.6.0rc3.paf.exe)=48369a95774497620442d6174d20c3a6dbe0dc81

WiresharkPortable64_3.6.0rc3.paf.exe: 44085128 bytes
SHA256(WiresharkPortable64_3.6.0rc3.paf.exe)=4a777b1323b724850d2b52292106c5d5102915594bf710137f8046bfd1b509e4
RIPEMD160(WiresharkPortable64_3.6.0rc3.paf.exe)=388cb731410aa417eaea0918dab3b80594550b08
SHA1(WiresharkPortable64_3.6.0rc3.paf.exe)=255dde8c06261ef4c4941c8020871c98b4cb0b4e

Wireshark 3.6.0rc3 Arm 64.dmg: 139992134 bytes
SHA256(Wireshark 3.6.0rc3 Arm 64.dmg)=94f90a32c183d3e332cff13965cce105c9381ab378e0efd8c01ae179569848f8
RIPEMD160(Wireshark 3.6.0rc3 Arm 64.dmg)=7716354363e61631c6a7a47cfa9d6d7c877f466d
SHA1(Wireshark 3.6.0rc3 Arm 64.dmg)=23c8945202a1b07c4e52df0c58d9237b8af90ee8

Wireshark 3.6.0rc3 Intel 64.dmg: 137167416 bytes
SHA256(Wireshark 3.6.0rc3 Intel 64.dmg)=7060309dda95c2df31249b4a3c46e0debe3469b2595c9e70b934e63c6f0409a4
RIPEMD160(Wireshark 3.6.0rc3 Intel 64.dmg)=d0e82f85f24fe4274305e5f8ff724d63938fc644
SHA1(Wireshark 3.6.0rc3 Intel 64.dmg)=06a8a092ada24314785b74cae478d02e8e6428ce

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature
Description: OpenPGP digital signature