The major changes since version 1.4.* are:
- Wireshark is now distributed as an installation package rather
than a drag-installer on OS X. The installer adds a startup
item that should make it easier to capture packets.
- Large file (greater than 2 GB) support has been improved.
- Wireshark and TShark can import text dumps, similar to
text2pcap.
- You can now view Wireshark's dissector tables (for example the
TCP port to dissector mappings) from the main window.
- Wireshark can export SSL session keys via File→Export→SSL
Session Keys...
- TShark can show a specific occurrence of a field when using
'-T fields'.
- Custom columns can show a specific occurrence of a field.
- You can hide columns in the packet list.
- Wireshark can now export SMB objects.
- dftest and randpkt now have manual pages.
- TShark can now display iSCSI, ICMP and ICMPv6 service response
times.
- Dumpcap can now save files with a user-specified group id.
- Syntax checking is done for capture filters.
- You can display the compiled BPF code for capture filters in
the Capture Options dialog.
- You can now navigate backwards and forwards through TCP and
UDP sessions using Ctrl+, and Ctrl+. .
- Packet length is (finally) a default column.
- TCP window size is now avaiable both scaled and unscaled. A
TCP window scaling graph is available in the GUI.
- 802.1q VLAN tags are now shown in the Ethernet II protocol
tree instead of a separate tree.
- Various dissectors now display some UTF-16 strings as proper
Unicode including the DCE/RPC and SMB dissectors.
- The RTP player now has an option to show the time of day in
the graph in addition to the seconds since beginning of
capture.
- The RTP player now shows why media interruptions occur.
- Graphs now save as PNG images by default.
- TShark can read and write host name information from and to
pcapng-formatted files. Wireshark can read it. TShark can dump
host name information via
[-z hosts]
.
- TShark's -z option now uses the
[-z <proto>,srt]
syntax instead of
[-z <proto>,rtt]
for all protocols that support service response time
statistics. This matches Wireshark's syntax for this option.
- Wireshark and TShark can now read compressed Windows Sniffer
files.
- New Protocol Support
ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing
Protocol, Broadcast/Multicast Control, Constrained Application
Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol,
Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB),
Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol
(SDP), JSON, LISP Control, LISP Data, LISP, MikroTik MAC-Telnet,
MRP Multiple Mac Registration Protocol (MMRP) Mongo Wire Protocol,
MUX27010, Network Monitor 802.11 radio header, OPC UA
ExtensionObjects, openSAFETY, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD
Framing, RObust Header Compression (ROHC), RSIP, SAMETIME, SCoP,
SGSAP, Tektronix Teklink, USB/AT Commands, uTorrent Transport
Protocol, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)
- New and Updated Capture File Support
Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP
OpenVMS TCPTrace, IPFIX (the file format, not the protocol),
Lucent/Ascend debug, Microsoft Network Monitor, Network
Instruments, TamoSoft CommView
a2cd3dbc0c