Wireshark-users: [Wireshark-users] Wireshark 3.0.0 is now available

Date Prev · Date Next · Thread Prev · Thread Next
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Thu, 28 Feb 2019 11:46:42 -0800
I'm proud to announce the release of Wireshark 3.0.0.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

  Many user interface improvements have been made. See the “New and
  Updated Features” section below for more details.

  Support for a number of legacy features and libraries has been
  removed. See the “Removed Features and Support” section below for more
  details.

  Bug Fixes

   The following bugs have been fixed:

     • Data following a TCP ZeroWindowProbe is marked as retransmission
       and not passed to subdissectors (Bug 15427[1])

     • Lua Error on startup: init.lua: dofile has been disabled due to
       running Wireshark as superuser (Bug 15489[2]).

   Text and Image columns were handled incorrectly for TDS 7.0 and 7.1.
   (Bug 3098[3])

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[4])

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 3.0.0rc2:

     • No significant changes.

   The following features are new (or have been significantly updated)
   since version 3.0.0rc1:

     • The IP map feature (the “Map” button in the “Endpoints” dialog)
       has been added back in a modernized form (Bug 14693[5]).

     • The macOS package now ships with Qt 5.12.1. Previously it shipped
       with Qt 5.9.7.

     • The macOS package requires version 10.12 or later. If you’re
       running an older version of macOS, please use Wireshark 2.6.

   The following features are new (or have been significantly updated)
   since version 2.9.0:

     • Wireshark now supports the Swedish and Ukrainian languages.

     • Initial support for using PKCS #11 tokens for RSA decryption in
       TLS. This can be configured at Preferences, RSA Keys.

     • The build system now produces reproducible builds (Bug 15163[6]).

     • The Windows installers now ship with Qt 5.12.1. Previously they
       shipped with Qt 5.12.0.

   The following features are new (or have been significantly updated)
   since version 2.6.0:

     • The Windows .exe installers now ship with Npcap[7] instead of
       WinPcap. Besides being actively maintained (by the nmap project),
       Npcap brings support for loopback capture and 802.11 WiFi monitor
       mode capture (if supported by the NIC driver).

     • Conversation timestamps are supported for UDP/UDP-Lite protocols

     • TShark now supports the -G elastic-mapping option which generates
       an ElasticSearch mapping file.

     • The “Capture Information” dialog has been added back (Bug
       12004[8]).

     • The Ethernet and IEEE 802.11 dissectors no longer validate the
       frame check sequence (checksum) by default.

     • The TCP dissector gained a new “Reassemble out-of-order segments”
       preference to fix dissection and decryption issues in case TCP
       segments are received out-of-order. See the User’s Guide, chapter
       TCP Reassembly for details.

     • Decryption support for the new WireGuard dissector (Bug 15011[9],
       requires Libgcrypt 1.8).

     • The BOOTP dissector has been renamed to DHCP. With the exception
       of “bootp.dhcp”, the old “bootp.*” display filter fields are
       still supported but may be removed in a future release.

     • The SSL dissector has been renamed to TLS. As with BOOTP the old
       “ssl.*” display filter fields are supported but may be removed in
       a future release.

     • Coloring rules, IO graphs, Filter Buttons and protocol preference
       tables can now be copied from other profiles using a button in
       the corresponding configuration dialogs.

     • APT-X has been renamed to aptX.

     • When importing from hex dump, it’s now possible to add an
       ExportPDU header with a payload name. This calls the specific
       dissector directly without lower protocols.

     • The sshdump and ciscodump extcap interfaces can now use a proxy
       for the SSH connection.

     • Dumpcap now supports the -a packets:NUM and -b packets:NUM
       options.

     • Wireshark now includes a “No Reassembly” configuration profile.

     • Wireshark now supports the Russian language.

     • The build system now supports AppImage packages.

     • The Windows installers now ship with Qt 5.12.0. Previously they
       shipped with Qt 5.9.7.

     • Support for DTLS and TLS decryption using pcapng files that embed
       a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
       15252[10]).

     • The editcap utility gained a new --inject-secrets option to
       inject an existing TLS Key Log file into a pcapng file.

     • A new dfilter function string() has been added. It allows the
       conversion of non-string fields to strings so string functions
       (as contains and matches) can be used on them.

     • The Bash test suite has been replaced by one based on Python
       unittest/pytest.

     • The custom window title can now show file path of the capture
       file and it has a conditional separator.

  Removed Features and Support

     • The legacy (GTK+) user interface has been removed and is no
       longer supported.

     • The portaudio library is no longer needed due to the removal of
       GTK+.

     • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.

     • Wireshark requires GLib 2.32 or later.

     • Wireshark requires GnuTLS 3.2 or later as optional dependency.

     • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
       unsupported.

     • Building Wireshark requires CMake. Autotools is no longer
       supported.

     • TShark’s -z compare option was removed.

     • Building with Cygwin is no longer supported on Windows.

  New File Format Decoding Support

   Ruby Marshal format

  New Protocol Support

   Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
   BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
   over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
   Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
   RTP), Exablaze trailers, General Circuit Services Notification
   Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
   Emberplus Data format, Great Britain Companion Specification (GBCS)
   used in the Smart Metering Equipment Technical Specifications
   (SMETS), GSM-R (User-to-User Information Element usage),
   HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
   ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
   ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
   Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
   Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
   PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
   Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
   Spirent Test Center Signature decoding for Ethernet and FibreChannel
   (STCSIG, disabled by default), Sybase-specific portions of TDS,
   systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
   Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
   Retrieval Protocol

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
   and Unigraf DPA-400 DisplayPort AUX channel monitor

  New and Updated Capture Interfaces support

   dpauxmon, an external capture interface (extcap) that captures
   DisplayPort AUX channel data from linux kernel drivers.

   sdjournal, an extcap that captures systemd journal entries.

  Major API Changes

     • Lua: the various logging functions (debug, info, message, warn
       and critical) have been removed. Use the print function instead
       for debugging purposes.

     • Lua: on Windows, file-related functions such as dofile now assume
       UTF-8 paths instead of the local code page. This is consistent
       with Linux and macOS and improves compatibility on non-English
       systems. (Bug 15118[11])

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html[12].

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[13] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use About→Folders to
  find the default locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/[14]

  Community support is available on Wireshark’s Q&A site[15] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the web site[16].

  Bugs and feature requests can be reported on the bug tracker[17].

  Official Wireshark training and certification are available from
  Wireshark University[18].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[19].

  Last updated 2019-02-28 17:56:47 UTC

 References

   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15427
   2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15489
   3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3098
   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14693
   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15163
   7. https://nmap.org/npcap/
   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12004
   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15011
  10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15252
  11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15118
  12. https://www.wireshark.org/download.html
  13. https://www.wireshark.org/download.html#thirdparty
  14. https://www.wireshark.org/docs/
  15. https://ask.wireshark.org/
  16. https://www.wireshark.org/lists/
  17. https://bugs.wireshark.org/
  18. http://www.wiresharktraining.com/
  19. https://www.wireshark.org/faq.html


Digests

wireshark-3.0.0.tar.xz: 30953760 bytes
SHA256(wireshark-3.0.0.tar.xz)=bc4f30f5b2e94f3a696fef9de44673cdf402db90aac5299966da647f708f009e
RIPEMD160(wireshark-3.0.0.tar.xz)=9211657dc9d58eae871547d90021c376bb52f761
SHA1(wireshark-3.0.0.tar.xz)=c254d850c81d85964aa23d60bb6fdb1373032490

Wireshark-win64-3.0.0.exe: 59480000 bytes
SHA256(Wireshark-win64-3.0.0.exe)=b5d30a9c0b2835a41e8132b1d9246a01ad6f1461a4de14fa3ccbdf4919c70eac
RIPEMD160(Wireshark-win64-3.0.0.exe)=fc02e84b6f663849dff60c0193e5d92e3f6e68ea
SHA1(Wireshark-win64-3.0.0.exe)=f6c1cf74f0d1731ebda5a37aa1d4aeb2bde47130

Wireshark-win32-3.0.0.exe: 54214200 bytes
SHA256(Wireshark-win32-3.0.0.exe)=ca59a35866b5837578070ae064bb099d7a50b81be6b86884679aa86ef08ea89f
RIPEMD160(Wireshark-win32-3.0.0.exe)=bc3581a64f65e7608686e0b1b7b34765b03f9fa9
SHA1(Wireshark-win32-3.0.0.exe)=394b5df8254cb65df28aaf0f8dd7e35e3aa38eba

Wireshark-win64-3.0.0.msi: 47312896 bytes
SHA256(Wireshark-win64-3.0.0.msi)=c8592db98b073ad475a792a9c673dd83753c0a7c877dddf609f94e29c4f9c5d5
RIPEMD160(Wireshark-win64-3.0.0.msi)=2b6ae77450a2c508300859aff1aef864ebcc8e25
SHA1(Wireshark-win64-3.0.0.msi)=e34fdd40338cf6ea19263a6380e46029a0128b7a

Wireshark-win32-3.0.0.msi: 42098688 bytes
SHA256(Wireshark-win32-3.0.0.msi)=c68a6d38da8198a591f339caaf56ffe9602dfe62b0de672e4ae2f665181efce4
RIPEMD160(Wireshark-win32-3.0.0.msi)=ec4f51e87955e763b5f958bcaf675845e87d5962
SHA1(Wireshark-win32-3.0.0.msi)=3efdd648b4f8a9ef9aaad693d748c8b40e04528c

WiresharkPortable_3.0.0.paf.exe: 35918120 bytes
SHA256(WiresharkPortable_3.0.0.paf.exe)=77e3e34fc8c48dc3d2f8211fd20b451e7f40eb80cf569537bb89ca35ff952f5f
RIPEMD160(WiresharkPortable_3.0.0.paf.exe)=4332548a5f9691fa398738b701b64b0527a913f0
SHA1(WiresharkPortable_3.0.0.paf.exe)=a1389cd9a496e7d74f620ea2753c1ef31ed64366

Wireshark 3.0.0 Intel 64.dmg: 86771944 bytes
SHA256(Wireshark 3.0.0 Intel
64.dmg)=4f7667b4ed52997726e1c25277b11582440ef46498f0680928780b9fe0535881
RIPEMD160(Wireshark 3.0.0 Intel
64.dmg)=cd151425d57b859866f2fa28cd287332c144f795
SHA1(Wireshark 3.0.0 Intel 64.dmg)=4d9a7d7dc72cafc50f0393bdbff535fcd5f3c33e

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: signature.asc
Description: OpenPGP digital signature