Wireshark Changelog

What's new in Wireshark 3.4.6

Jun 3, 2021

Bug Fixes:
The following bugs have been fixed:
Macro filters can’t handle escaped characters Issue 17160[1].
Display filter crashes Wireshark Issue 17316[2].
IEEE-1588 Signalling Unicast TLV incorrectly reported as being malformed Issue 17355[3].
Updated Protocol Support:
DNP, ProtoBuf, PTP, and TACACS
New and Updated Capture File Support:
Ascend, ERF, K12, NetScaler, and pcapng

New in Wireshark 3.2.1 (Jan 16, 2020)

New in Wireshark 3.2.0 (Dec 18, 2019)

What’s New:
This is the last release branch with official support for Windows 7 and Windows Server 2008 R2.
Many improvements have been made. See the “New and Updated Features” section below for more details.
New and Updated Features:
The macOS installer now ships with Qt 5.12.6. It previously shipped with Qt 5.12.5.
Automatic updates are supported on macOS.
You can now select multiple packets in the packet list at the same time
They can be exported as Text by “Ctrl+C” or “Cmd+C” and the corresponding menu in “Edit › Copy › As …”
They can be marked/unmarked or ignored/unignored at the same time
They can be exported and printed using the corresponding menu entries “File › Export Specified Packets”, “File › Export Packet Dissections” and “File › Print”
You can now follow HTTP/2 and QUIC streams.
You can once again mark and unmark packets using the middle mouse button. This feature went missing around 2009 or so.
The Windows packages are now built using Microsoft Visual Studio 2019.
IOGraph automatically adds a graph for the selected display filter if no previous graph exists
Action buttons for the display filter bar may be aligned left via the context menu
The "Expression…" toolbar entry has been moved to "Analyze › Display filter Expression …" as well as to the context menu of the display filter toolbar
Allow extcaps to be loaded from the personal configuration directory
The Wireshark 3.1.0 Windows installers ship with Qt 5.12.6. Previous installers shipped with Qt 5.12.4.
You can drag and drop a field to a column header to create a column for that field, or to the display filter input to create a display filter. If a display filter is applied, the new filter can be added using the same rules as “Apply Filter”
You can drag and drop a column entry to the display filter to create a filter for it.
You can import profiles from a .zip archive or an existing directory.
Dark mode support on macOS and dark theme support on other platforms has been improved.
Brotli decompression support in HTTP/HTTP2 (requires the brotli library).
The build system now checks for a SpeexDSP system library installation. The bundled Speex resampler code is still provided as a fallback.
WireGuard decryption can now be enabled through keys embedded in a pcapng in addition to the existing key log preference (Bug 15571).
A new tap for extracting credentials from the capture file has been added. It can be accessed through the -z credentials option in tshark or from the “Tools › Credentials” menu in Wireshark.
Editcap can now split files on floating point intervals.
Windows .msi packages are now signed using SHA-2. .exe installers are still dual-signed using SHA-1 and SHA-2.
The “Enabled Protocols” Dialog now only enables, disables and inverts protocols based on the set filter selection. The protocol type (standard or heuristic) may also be choosen as a filter value.
Save RTP stream to .au supports any codec with 8000 Hz rate supported by Wireshark (shown in RTP player). If save of audio is not possible (unsupported codec or rate), silence of same length is saved and warning is shown.
The “Analyze › Apply as Filter” and “Analyze › Prepare a Filter” packet list and detail popup menus now show a preview of their respective filters.
Protobuf files (*.proto) can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC).
HTTP2 support streaming mode reassembly. To use this feature, subdissectors can register itself to "streaming_content_type" dissector table and return pinfo→desegment_len and pinfo→desegment_offset to tell HTTP2 when to start and how many additional bytes requires when next called.
The message of stream gRPC method can now be parsed with supporting of HTTP2 streaming mode reassembly feature.
The Wireshark 3.1.0 Windows installers ship with Qt 5.12.4. Previous installers shipped with Qt 5.12.1.
New Protocol Support:
3GPP BICC MST (BICC-MST), 3GPP log packet (LOG3GPP), 3GPP/GSM Cell Broadcast Service Protocol (cbsp), Asynchronous Management Protocol (AMP), Bluetooth Mesh Beacon, Bluetooth Mesh PB-ADV, Bluetooth Mesh Provisioning PDU, Bluetooth Mesh Proxy, CableLabs Layer-3 Protocol IEEE EtherType 0xb4e3 (CL3), DCOM IProvideClassInfo, DCOM ITypeInfo, Diagnostic Log and Trace (DLT), Distributed Replicated Block Device (DRBD), Dual Channel Wi-Fi (CL3DCW), EBHSCR Protocol (EBHSCR), EERO Protocol (EERO), evolved Common Public Radio Interface (eCPRI), File Server Remote VSS Protocol (FSRVP), FTDI FT USB Bridging Devices (FTDI FT), Graylog Extended Log Format over UDP (GELF), GSM/3GPP CBSP (Cell Broadcast Service Protocol), ITS message - CAMv1, ITS message - DENMv1, Linux net_dm (network drop monitor) protocol, MIDI System Exclusive DigiTech (SYSEX DigiTech), Network Controller Sideband Interface (NCSI), NR Positioning Protocol A (NRPPa) TS 38.455, NVM Express over Fabrics for TCP (nvme-tcp), OsmoTRX Protocol (GSM Transceiver control and data), Scalable service-Oriented MiddlewarE over IP (SOME/IP), USB 2.0 Link Layer (USBLL), and Wi-Fi Neighbour Awareness Networking (NAN)
New and Updated Capture File Support:
3gpp phone, Android Logcat Text, Ascend, Busmaster log file, Candump, Endace ERF, NetScaler, pcapng, and Savvius *Peek

New in Wireshark 3.0.7 (Dec 5, 2019)

New in Wireshark 3.0.6 (Oct 28, 2019)

New in Wireshark 3.0.5 (Sep 27, 2019)

New in Wireshark 3.0.4 (Sep 13, 2019)

New in Wireshark 3.0.3 (Jul 23, 2019)

New in Wireshark 3.0.2 (May 23, 2019)

What’s New"
The Windows installers now ship with Qt 5.12.3. They previously shipped with Qt 5.12.1.
The Windows installers now ship with Npcap 0.995. They previously shipped with Npcap 0.992.
The macOS packages are now notarized.
Bug Fixes:
The following vulnerabilities have been fixed:
wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
The following bugs have been fixed:
Add (IETF) QUIC Dissector. Bug 13881.
Wireshark Hangs on startup initializing external capture plugins. Bug 14657.
[oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree — possible infinite loop. Bug 14978.
Wireshark can call extcap with empty multicheck argument. Bug 15065.
CMPv2 KUR message disection gives unexpected value for serialNumber under OldCertId fields. Bug 15154.
"(Git Rev Unknown from unknown)" in version string for official tarball. Bug 15544.
External extcap does not get all arguments sometimes. Bug 15586.
Help file doesn’t display for extcap interfaces. Bug 15592.
Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug 15604.
Building only libraries on windows fails due to CLEAN_C_FILES empty. Bug 15662.
Statistics→Conversations→TCP→Follow Stream - incorrect behavior. Bug 15672.
Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field). Bug 15687.
ws_pipe: leaks pipe handles on errors. Bug 15689.
Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706.
ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie. Bug 15709.
extcap: non-boolean call arguments can be appended without value on selector Reload. Bug 15725.
Incorrectly interpreted format of MQTT PUBLISH payload data. Bug 15738.
print.c: Memory leak in ek_check_protocolfilter. Bug 15758.
IETF QUIC dissector incorrectly parses retry packet. Bug 15764.
Bacnet(app): fix wrong value for id 183 (logging-device → logging-object). Bug 15767.
The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine. Bug 15772.
tshark -G folders leaves mmdbresolve process behind. Bug 15777.
Dissector bug, protocol TLS - failed assertion "data". Bug 15780.
WSMP : header_opt_ind field is not correctly set. Bug 15786.
Updated Protocol Support:
BACapp, DDP, EPL, Frame, IEEE 802.11, IS-IS CLV, ISAKMP, K12, KNXIP, MQTT, PNIO, QUIC, RTCP XR RR, SCTP, SMB2, TDS, TLS, WSMP, and ZEBRA

New in Wireshark 3.0.1 (Apr 8, 2019)

What’s New:
The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.
Bug Fixes:
The following vulnerabilities have been fixed:
wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.
The following bugs have been fixed:
[oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439.
Duplicated TCP SEQ field in ICMP packets. Bug 15533.
Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542.
Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.
GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.
%T not supported for timestamps. Bug 15565.
LWM2M: resource with rn badly shown. Bug 15572.
When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578.
Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.
Windows console log output delay. Bug 15605.
Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.
NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.
randpkt -r causes segfault when count > 1. Bug 15627.
Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628.
Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.
BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.
Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.
Typo: broli → brotli. Bug 15647.
Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648.
Windows CHM (help file) title displays quoted HTML characters. Bug 15656.
Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667.
Updated Protocol Support:
BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE 802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog, TCP, TLS, and TSDNS
New and Updated Capture File Support:
NetScaler and pcap

New in Wireshark 3.0 (Mar 4, 2019)

Bug Fixes:
Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427)
Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
New and Updated Features:
The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.
Wireshark now supports the Swedish and Ukrainian languages.
Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
The build system now produces reproducible builds (Bug 15163).
The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.
The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver).
Conversation timestamps are supported for UDP/UDP-Lite protocols
TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
The “Capture Information” dialog has been added back (Bug 12004).
The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
APT-X has been renamed to aptX.
When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
Wireshark now includes a “No Reassembly” configuration profile.
Wireshark now supports the Russian language.
The build system now supports AppImage packages.
The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
The Bash test suite has been replaced by one based on Python unittest/pytest.
The custom window title can now show file path of the capture file and it has a conditional separator.
Removed Features and Support:
The legacy (GTK+) user interface has been removed and is no longer supported.
The portaudio library is no longer needed due to the removal of GTK+.
Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
Wireshark requires GLib 2.32 or later.
Wireshark requires GnuTLS 3.2 or later as optional dependency.
Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported.
Building Wireshark requires CMake. Autotools is no longer supported.
TShark’s -z compare option was removed.
Building with Cygwin is no longer supported on Windows.
New File Format Decoding Support:
Ruby Marshal format
New Protocol Support:
Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP), BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services Notification Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo Emberplus Data format, Great Britain Companion Specification (GBCS) used in the Smart Metering Equipment Technical Specifications (SMETS), GSM-R (User-to-User Information Element usage), HI3CCLinkData, Intelligent Transport Systems (ITS) application level, ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol, PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable Transport Protocol (SRT), Spirent Test Center Signature decoding for Ethernet and FibreChannel (STCSIG, disabled by default), Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information Retrieval Protocol
Updated Protocol Support:
Too many protocols have been updated to list here.
New and Updated Capture File Support:
RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export, and Unigraf DPA-400 DisplayPort AUX channel monitor
New and Updated Capture Interfaces support:
dpauxmon, an external capture interface (extcap) that captures DisplayPort AUX channel data from linux kernel drivers.
sdjournal, an extcap that captures systemd journal entries.
Major API Changes:
Lua: the various logging functions (debug, info, message, warn and critical) have been removed. Use the print function instead for debugging purposes.
Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118)

New in Wireshark 2.6.7 (Feb 28, 2019)

Bug Fixes:
The following vulnerabilities have been fixed:
wnpa-sec-2019-06 ASN.1 BER and related dissectors crash. Bug 15447. CVE-2019-9209.
wnpa-sec-2019-07 TCAP dissector crash. Bug 15464. CVE-2019-9208.
wnpa-sec-2019-08 RPCAP dissector crash. Bug 15536.
The following bugs have been fixed:
Alignment Lost after Editing Column. Bug 14177.
Crash on applying display filters or coloring rules on capture files containing non-UTF-8 data. Bug 14905.
tshark outputs debug information. Bug 15341.
Feature request - HTTP, add the field "request URI" to response. Bug 15344.
randpkt should be distributed with the Windows installer. Bug 15395.
Memory leak with "-T ek" output format option. Bug 15406.
Display error in negative response time stats (gint displayed as unsigned). Bug 15416.
_epl_xdd_init not found. Bug 15419.
Decoding of MEGACO/H.248 request shows the Remote descriptor as "Local descriptor". Bug 15430.
Repeated NFS in Protocol Display field. Bug 15443.
RBM file dissector adds too many items to the tree, resulting in aborting the program. Bug 15448.
Wireshark heap out-of-bounds read in infer_pkt_encap. Bug 15463.
Column width and hidden issues when switching profiles. Bug 15466.
GTPv1-C SGSN Context Response / Forward Relocation Request decode GGSN address IPV6 issue. Bug 15485.
Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser. Bug 15489.
DICOM ASSOCIATE Accept: Protocol Version. Bug 15495.
Multiple out-of-bounds reads in NetScaler trace handling (wiretap/netscaler.c). Bug 15497.
Wrong endianess when dissecting the "chain offset" in SMB2 protocol header. Bug 15524.
Memory leak in mate_grammar.lemon’s recolonize function. Bug 15525.
Updated Protocol Support:
ASN.1 BER, BSSAP, BT Mesh, DICOM, DNP3, EPL, ETSI CAT, GTP, HTTP, IEEE 802.15.4, ISAKMP, MEGACO, MPLS Echo, RPC, RPCAP, SMB2, and TCAP
New and Updated Capture File Support:
IxVeriWave, NetScaler, and Sniffer
Major API Changes:
Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118)

New in Wireshark 2.6.6 (Jan 9, 2019)

New in Wireshark 2.6.5 (Nov 29, 2018)

What’s New:
The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.
Bug Fixes:
The following vulnerabilities have been fixed:
wnpa-sec-2018-51 The Wireshark dissection engine could crash. Bug 14466. CVE-2018-19625.
wnpa-sec-2018-52 The DCOM dissector could crash. Bug 15130. CVE-2018-19626.
wnpa-sec-2018-53 The LBMPDM dissector could crash. Bug 15132. CVE-2018-19623.
wnpa-sec-2018-54 The MMSE dissector could go into an infinite loop. Bug 15250. CVE-2018-19622.
wnpa-sec-2018-55 The IxVeriWave file parser could crash. Bug 15279. CVE-2018-19627.
wnpa-sec-2018-56 The PVFS dissector could crash. Bug 15280. CVE-2018-19624.
wnpa-sec-2018-57 The ZigBee ZCL dissector could crash. Bug 15281. CVE-2018-19628.
The following bugs have been fixed:
VoIP Calls dialog doesn’t include RTP stream when preparing a filter. Bug 13440.
Wireshark installs on macOS with permissions for /Library/Application Support/Wireshark that are too restrictive. Bug 14335.
Closing Enabled Protocols dialog crashes wireshark. Bug 14349.
Unable to Export Objects → HTTP after sorting columns. Bug 14545.
DNS Response to NS query shows as malformed packet. Bug 14574.
Encrypted Alerts corresponds to a wrong selection in the packet bytes pane. Bug 14712.
Wireshark crashes/asserts with Qt 5.11.1 and assert/debugsymbols enabled. Bug 15014.
ESP will not decode since 2.6.2 - works fine in 2.4.6 or 2.4.8. Bug 15056.
text2pcap generates malformed packets when TCP, UDP or SCTP headers are added together with IPv6 header. Bug 15194.
Wireshark tries to decode EAP-SIM Pseudonym Identity. Bug 15196.
Infinite read loop when extcap exits with error and error message. Bug 15205.
MATE unable to extract fields for PDU. Bug 15208.
Malformed Packet: SV. Bug 15224.
OPC UA Max nesting depth exceeded for valid packet. Bug 15226.
TShark 2.6 does not print GeoIP information. Bug 15230.
ISUP (ANSI) packets malformed in WS versions later than 2.4.8. Bug 15236.
Handover candidate enquire message not decoded. Bug 15237.
TShark piping output in a cmd or PowerShell prompt stops working when GeoIP is enabled. Bug 15248.
ICMPv6 with routing header incorrectly placed. Bug 15270.
IEEE 802.11 Vendor Specific fixed fields display as malformed packets. Bug 15273.
text2pcap -4 and -6 option should require -i as well. Bug 15275.
text2pcap direction sensitivity does not affect dummy ethernet addresses. Bug 15287.
MLE security suite display incorrect. Bug 15288.
Message for incorrect IPv4 option lengths is incorrect. Bug 15290.
TACACS+ dissector does not properly reassemble large accounting messages. Bug 15293.
NLRI of S-PMSI A-D BGP route not being displayed. Bug 15307.
Updated Protocol Support:
BGP, DCERPC, DCOM, DNS, EAP, ESP, GSM A BSSMAP, IEEE 802.11, IEEE 802.11 Radiotap, IPv4, IPv6, ISUP, LBMPDM, LISP, MLE, MMSE, OpcUa, PVFS, SLL, SSL/TLS, SV, TACACS+, TCAP, Wi-SUN, XRA, and ZigBee ZCL
New and Updated Capture File Support:
3GPP TS 32.423 Trace and IxVeriWave
New and Updated Capture Interfaces support:
sshdump

New in Wireshark 2.6.4 (Oct 12, 2018)

New in Wireshark 2.6.3 (Aug 30, 2018)

New in Wireshark 2.6.0 (Apr 25, 2018)

Wireshark 2.6 is the last release that will support the legacy (GTK+) user interface. It will not be supported or available in Wireshark 3.0.
Bug Fixes:
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
New and Updated Features:
HTTP Request sequences are now supported.
Wireshark now supports MaxMind DB files. Support for GeoIP and GeoLite Legacy databases has been removed.
The Windows packages are now built using Microsoft Visual Studio 2017.
The IP map feature (the “Map” button in the “Endpoints” dialog) has been removed.
Display filter buttons can now be edited, disabled, and removed via a context menu directly from the toolbar
Drag & Drop filter fields to the display filter toolbar or edit to create a button on the fly or apply the filter as a display filter.
Application startup time has been reduced.
Some keyboard shortcut mix-ups have been resolved by assigning new shortcuts to Edit → Copy methods.
TShark now supports color using the --color option.
The "matches" display filter operator is now case-insensitive.
Display expression (button) preferences have been converted to a UAT. This puts the display expressions in their own file. Wireshark still supports preference files that contain the old preferences, but new preference files will be written without the old fields.
SMI private enterprise numbers are now read from the “enterprises.tsv” configuration file.
The QUIC dissector has been renamed to Google QUIC (quic → gquic).
The selected packet number can now be shown in the Status Bar by enabling Preferences → Appearance → Layout → Show selected packet number.
File load time in the Status Bar is now disabled by default and can be enabled in Preferences → Appearance → Layout → Show file load time.
Support for the G.729A codec in the RTP Player is now added via the bcg729 library.
Support for hardware-timestamping of packets has been added.
Improved NetMon .cap support with comments, event tracing, network filter, network info types and some Message Analyzer exported types.
The personal plugins folder on Linux/Unix is now ~/.local/lib/wireshark/plugins.
TShark can print flow graphs using -z flow…
Capinfos now prints SHA256 hashes in addition to RIPEMD160 and SHA1. MD5 output has been removed.
The packet editor has been removed. (This was a GTK+ only experimental feature.)
Support BBC micro:bit Bluetooth profile
The Linux and UNIX installation step for Wireshark will now install headers required to build plugins. A pkg-config file is provided to help with this (see “doc/plugins.example” for details). Note you must still rebuild all plugins between minor releases (X.Y).
The Windows installers and packages now ship with Qt 5.9.4.
The generic data dissector can now uncompress zlib compressed data.
DNS Stats now supports service level statistics.
DNS filters for retransmissions and unsolicited responses have been added.
The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero window advertisements.
The membership operator now supports ranges, allowing display filters such as tcp.port in {4430..4434} to be expressed. See the User’s Guide, chapter Building display filter expressions for details.
New Protocol Support:
ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling), AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet switch management frames), CAN-ETH, CVS password server, Excentis DOCSIS31 XRA header, F1 Application Protocol, F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol (UDP), Network Functional Application Platform Interface (NFAPI) Protocol, New Radio Radio Link Control protocol, New Radio Radio Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer Protocol, Object Security for Constrained RESTful Environments (OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN Protocol
Updated Protocol Support:
Too many protocols have been updated to list here.
New and Updated Capture File Support:
Microsoft Network Monitor
New and Updated Capture Interfaces support:
LoRaTap

New in Wireshark 2.4.4 (Jan 12, 2018)

New in Wireshark 2.4.3 (Dec 27, 2017)

Bug Fixes:
wnpa-sec-2017-47
The IWARP_MPA dissector could crash. (Bug 14236)
wnpa-sec-2017-48
The NetBIOS dissector could crash. (Bug 14249)
wnpa-sec-2017-49
The CIP Safety dissector could crash. (Bug 14250)
"tshark -G ?" doesn’t provide expected help. (Bug 13984)
File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
packet-q931.c:1306: bad compare ?. (Bug 14116)
SSL Dissection bug. (Bug 14117)
Wireshark crashes when exporting various files to .csv, txt and other ‘non-capture file’ formats. (Bug 14128)
RLC reassembly doesn’t work for RLC over UDP heuristic dissector. (Bug 14129)
HTTP Object export fails with long extension (possibly query string). (Bug 14130)
3GPP Civic Address not displayed in Packet Details. (Bug 14131)
Wireshark prefers packet.dll in System32\Npcap over the one in System32. (Bug 14134)
PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
Visual Studio Community Edition 2015 lacks tools named in developer guide. (Bug 14147)
TCP: Malformed data with Riverbed Probe option. (Bug 14150)
Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
Right click on SMB2 Message ID and then Apply as Column causes Runtime Error. (Bug 14169)
Return [Enter] should apply change (Column title - Button Label toolbars). (Bug 14191)
Wireshark crashes if "rip.display_routing_domain" is set to TRUE in preferences file. (Bug 14197)
Entry point inflatePrime not found for androiddump.exe and randpktdump.exe. (Bug 14207)
BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly. (Bug 14241)
Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication). (Bug 14243)
Frame direction isn’t always set if it comes from the pcapng record header rather than the packet pseudo-header. (Bug 14245)
Updated Protocol Support:
3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA, KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP, SSL/TLS, TCP, and TRANSUM

New in Wireshark 2.4.1 (Sep 4, 2017)

The following bugs have been fixed:
wnpa-sec-2017-38
MSDP dissector infinite loop (Bug 13933)
wnpa-sec-2017-39
Profinet I/O buffer overrun (Bug 13847)
wnpa-sec-2017-40
Modbus dissector crash (Bug 13925)
wnpa-sec-2017-41
IrCOMM dissector buffer overrun (Bug 13929)
Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242). (Bug 11630)
Confusing "Apply a display filter " keyboard shortcut. (Bug 12450)
Wireshark crashes at startup if it needs to display a dialog early in the startup process. (Bug 13275)
RADIUS dictionary: BEGIN-VENDOR does not support format=Extended-Vendor-Specific-*. (Bug 13745)
Dumpcap on big-endian machines writes out corrupt, unreadable Enhanced Packet Blocks. (Bug 13802)
Interface Toolbar support for Windows. (Bug 13833)
Wireshark should behave better on high resolution displays on Windows. (Bug 13877)
Udpdump.pod missing from build. (Bug 13903)
RTP Player Format Error. (Bug 13906)
VNC Protocol disector : Framebuffer Updates. (Bug 13910)
DNS LOC RRs with out-of-range longitude or latitude aren’t shown as errors. (Bug 13914)
DIS Dissector Entity Appearance Record displayed in wrong location. (Bug 13917)
Win64 CMake bug - (CYGWIN_INSTALL_PATH redefinition) causing missing packages when using CMake 3.9.0. (Bug 13922)
APL records parsed incorrectly for IPv4 prefixes. (Bug 13923)
File→Merge dialog doesn’t show all options. Resizing doesn’t help. (Bug 13924)
TCAP SRT Analysis incorrectly matched TCAP begins and ends. (Bug 13926)
Error in MKA Distributed SAK parameter set dissection. (Bug 13927)
E.212: Check length before trying 3-digits MNC. (Bug 13935)
mpeg_descriptor: AC3 System A: Respect descriptor length. (Bug 13939)
Crash in Wireshark using Dumper:dump() from Lua. (Bug 13944)
MRCPv2 not decoded correctly. (Bug 13952)
UDP Checksum verification not working for 0x0000 checksum. (Bug 13955)
OSPF v3 LSA Type not well parsed. (Bug 13979)
GTPv2 - decoding issue for Packet Flow ID (type 123). (Bug 13987)
TRANSUM fails to calculate RTE figures for DCE-RPC where request Packet Type is zero. (Bug 13988)
BTLE Hop and SCA fields incorrectly dissected in BLE CONNECT_REQ. (Bug 13990)
[oss-fuzz] BGP memleak: ASAN: 276 byte(s) leaked in 5 allocation(s). (Bug 13995)
Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
GTP: gtp.ext_comm_flags_II_pmtsmi bit not decoded correctly. (Bug 14001)
InfiniBand: sIP and dIP inside IP CM Private Data are decoded in the wrong order. (Bug 14002)
802.11 wlan.ft.subelem.r0kh_id should be sequence of bytes. (Bug 14004)
USB capture: Unrecognized libpcap format or not libpcap data. (Bug 14006)
SQ Header Pointer in NVMoF response capsule is decoded with the wrong endian. (Bug 14008)
Updated Protocol Support:
BGP, BT LE, DIS, DNS, E.212, EPL, GTP, GTPv2, IEEE 802.11, InfiniBand, IPv4, IrCOMM, MKA, Modbus, MPEG Descriptor, MRCPv2, MSDP, MTP2, Nordic BLE, NVMe, OSPF, pcapng MIME, PMIPv6, Profinet I/O, RADIUS, SML, TCAP, TRANSUM, UA3G, UDP, VNC, and ZigBee

New in Wireshark 2.2.8 (Jul 19, 2017)

Bug Fixes:
The following vulnerabilities have been fixed:
WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410
openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411
AMQP dissector crash. (Bug 13780) CVE-2017-11408
MQ dissector crash. (Bug 13792) CVE-2017-11407
DOCSIS infinite loop. (Bug 13797) CVE-2017-11406
The following bugs have been fixed:
Y.1711 dissector reverses defect type order. (Bug 8292)
Packet list keeps scrolling back to selected packet while names are being resolved. (Bug 12074)
[REGRESSION] Export Objects do not show files from a SMB2 capture. (Bug 13214)
LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values. (Bug 13481)
Hexpane showing in proportional font again. (Bug 13638)
Regression in SCCP fragments handling. (Bug 13651)
TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (Bug 13739)
Dissector for WSMP (IEEE 1609.3) not current. (Bug 13766)
RANAP: possible issue in the heuristic code. (Bug 13770)
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. (Bug 13783)
RANAP: false positives on heuristic algorithm. (Bug 13791)
Automatic name resolution not saved to PCAP-NG NRB. (Bug 13798)
DAAP dissector dissect_daap_one_tag recursion stack exhausted. (Bug 13799)
Malformed DCERPC PNIO packet decode, exception handler invalid poionter reference. (Bug 13811)
It seems SPVID was decoded from wrong field. (Bug 13821)
README.dissectors: Add notes about predefined string structures not available to plugin authors. (Bug 13828)
Statistics→Packet Lengths doesn’t display details for 5120 or greater. (Bug 13844)
cmake/modules/FindZLIB.cmake doesn’t find inflatePrime. (Bug 13850)
BGP: incorrect decoding COMMUNITIES whose length is larger than 255. (Bug 13872)
Updated Protocol Support:
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF, PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC, WBXML, WSMP, and Y.1711
New and Updated Capture File Support:
pcap pcap-ng

New in Wireshark 2.2.6 (Apr 13, 2017)

T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
Added IEEE 802.15.4-2003 AES-CCM security modes (packet-ieee802154). (Bug 4912)
Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
IEEE 802.15.4: an area of Payload IEs is dissected twice. (Bug 13068)
Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
Crash on exit due to an invalid frame data sequence state. (Bug 13433)
Access Violation using Lua dissector. (Bug 13457)
Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
VOIP RTP stream Find Reverse button doesn’t work. (Bug 13462)
Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
Wrong BGP capability dissect. (Bug 13521)
Endpoint statistics column labels seem incorrect. (Bug 13526)
Strange automatic jump in packet details for a certain DNS response packet. (Bug 13533)
When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
IO Graph selects wrong packet or displays "Packet number x isn’t displayed". (Bug 13537)
tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
SSL: Handshake type in Info column not always separated by comma. (Bug 13539)
libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
libfuzzer: MIH dissector bug. (Bug 13547)
libfuzzer: DNS dissector bug. (Bug 13548)
libfuzzer: WLCCP dissector bug. (Bug 13549)
libfuzzer: TAPA dissector bug. (Bug 13553)
libfuzzer: lapsat dissector bug. (Bug 13554)
libfuzzer: wassp dissector bug. (Bug 13555)
Illegal reassembly of GSM SMS packets. (Bug 13572)
SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
NBAP malformed packet for short Binding ID. (Bug 13577)
libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)
RTPproxy dissector adds multi lines to info column. (Bug 13582)
Updated Protocol Support:
ASTERIX, BGP, BSSGP, BT AVRCP, BT HCI_CMD, BT HFP, BT PBAP, DNS, DOF, EAPOL-MKA, GIOP, GSM SMS, HTTP, ICMP, IEEE 802.11, IEEE 802.15.4, IMAP, ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, NBIFOM, PacketBB, PEEKREMOTE, RPCoRDMA, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, SSL, T.30, TAPA, UA3G, WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
New and Updated Capture File Support:
NetScaler, and pcapng

New in Wireshark 2.2.5 (Mar 6, 2017)

New in Wireshark 2.2.4 (Jan 24, 2017)

Bug Fixes:
The following vulnerabilities have been fixed:
The ASTERIX dissector could go into an infinite loop. (Bug 13344)
The DHCPv6 dissector could go into a large loop. (Bug 13345)
The following bugs have been fixed:
TCP reassembly: tcp.reassembled_in is not set in first packet. (Bug 3264)
Duplicated Interfaces instances while refreshing. (Bug 11553)
Time zone name needs to be converted to UTF-8 on Windows. (Bug 11785)
Crash on fast local interface changes. (Bug 12263)
Please align columns in tshark’s output. (Bug 12502)
Display data rate fields for VHT rates invalid with BCC modulation. (Bug 12859)
plugin_if_get_ws_info causes Access Violation if called during rescan. (Bug 12973)
SMTP BDAT dissector not reverting to command-code after DATA. (Bug 13030)
Wireshark fails to recognize V6 DBS Etherwatch capture files. (Bug 13093)
Runtime Error when try to merge .pcap files (Wireshark crashes). (Bug 13175)
PPP BCP BPDU size reports not header size, but all data underneath and its header size in UI. (Bug 13188)
In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. (Bug 13233)
Uninitialized memcmp on data in daintree-sna.c. (Bug 13246)
Crash when dissect WDBRPC Version 2 protocol with Dissect unknown program numbers enabled. (Bug 13266)
Contents/Resources/bin directory isn’t in the app bundle after installation. (Bug 13270)
Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB Transportation Protocol). (Bug 13274)
Can’t decode packets captured with OpenBSD enc(4) encapsulating. (Bug 13279)
UDLD flags are at other end of octet. (Bug 13280)
MS-WSP dissector no longer works since commit 8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. (Bug 13299)
TBCD string decoded wrongly in MAP ATI message. (Bug 13316)
Filter Documentation: The tilde (~) operator is not documented. (Bug 13320)
VoIP Flow Sequence Causes Application Crash. (Bug 13329)
Updated Protocol Support:
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP, PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support:
Daintree SNA, and DBS Etherwatch

New in Wireshark 2.2.3 (Dec 15, 2016)

New in Wireshark 2.2.2 (Nov 17, 2016)

Bug Fixes
The following vulnerabilities have been fixed:
Profinet I/O long loop. (Bug 12851)
AllJoyn crash. (Bug 12953)
OpenFlow crash. (Bug 13071)
DCERPC crash. (Bug 13072)
DTN infinite loop. (Bug 13097)
The Windows PortableApps packages were susceptible to a DLL hijacking flaw.
The following bugs have been fixed:
TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN true. (Bug 12579)
SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0. (Bug 12632)
Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
dmg for OS X does not install man pages. (Bug 12746)
Fails to compile against Heimdal 1.5.3. (Bug 12831)
TCP: Next sequence number off by one when sending payload in SYN packet (e.g. TFO). (Bug 12838)
Follow TCP Stream shows duplicate stream data. (Bug 12855)
Dissection engine falsely asserts that EIGRP packet’s checksum is incorrect. (Bug 12982)
IEEE 802.15.4 frames erroneously handed over to ZigBee dissector. (Bug 12984)
Capture Filter Bookmark Inactive in Capture Options page. (Bug 12986)
CLNP dissector does not parse ER NPDU properly. (Bug 12993)
SNMP trap bindings for NON scalar OIDs. (Bug 13013)
BGP LS Link Protection Type TLV (1093) decoding. (Bug 13021)
Application crash sorting column for tcp.window_size_scalefactor up and down. (Bug 13023)
ZigBee Green Power add key during execution. (Bug 13031)
Malformed AMPQ packets for session.expected and session.confirmed fields. (Bug 13037)
Wireshark 2.2.1 crashes when attempting to merge pcap files. (Bug 13060)
[IS-637A] SMS - Teleservice layer parameter -→ IA5 encoded text is not correctly displayed. (Bug 13065)
Failure to dissect USB Audio feature unit descriptors missing the iFeature field. (Bug 13085)
MSISDN not populated/decoded in JSON GTP-C decoding. (Bug 13086)
E212: 3 digits MNC are identified as 2 digits long if they end with a 0. (Bug 13092)
Exception with last unknown Cisco AVP available in a SCCRQ message. (Bug 13103)
TShark stalls on FreeBSD if androiddump is present. (Bug 13104)
Dissector skips DICOM command. (Bug 13110)
UUID (FT_GUID) filtering isn’t working. (Bug 13121)
Manufacturer name resolution fail. (Bug 13126)
packet-sdp.c allocates transport_info→encoding_name from wrong memory pool. (Bug 13127)
Payload type name for dynamic payload is wrong for reverse RTP channels. (Bug 13132)
Updated Protocol Support:
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN, E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583, Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP, Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee

New in Wireshark 2.2.1 (Oct 5, 2016)

New in Wireshark 2.2.0 (Sep 7, 2016)

Bug Fixes:
Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
Extcap errors not reported back to UI. (Bug 11892)
The following features are new (or have been significantly updated) since version 2.2.0rc1:
"Decode As" supports SSL (TLS) over TCP.
The following features are new (or have been significantly updated) since version 2.1.1:
Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.
The following features are new (or have been significantly updated) since version 2.1.0:
Added -d option for Decode As support in Wireshark (mimics TShark functionality)
The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
The RTP player now allows up to 30 minutes of silence frames.
Packet bytes can now be displayed as EBCDIC.
The Qt UI loads captures faster on Windows.
proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.
The following features are new (or have been significantly updated) since version 2.0.0:
The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
You can now use regular expressions in Find Packet and in the advanced preferences.
Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
The byte under the mouse in the Packet Bytes pane is now highlighted.
TShark supports exporting PDUs via the -U flag.
The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
Most dialogs in the Qt UI now save their size and positions.
The Follow Stream dialog now supports UTF-16.
The Firewall ACL Rules dialog has returned.
The Flow (Sequence) Analysis dialog has been improved.
We no longer provide packages for 32-bit versions of OS X.
The Bluetooth Device details dialog has been added.
New File Format Decoding Support:
Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you’re curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file’s format in the Open File dialog.
New Protocol Support:
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag, Digital Equipment Corporation Local Area Transport, Distributed Object Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol (automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network Service Header for Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service, STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters (Closures Lighting General Measurement & Sensing HVAC Security & Safety)
Updated Protocol Support:
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), which allows it to be used with "Decode As" over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default.
New and Updated Capture File Support:
Micropross mplog
Major API Changes:
The libwireshark API has undergone some major changes:
The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead.
"old style" dissector functions (that don’t return number of bytes used) have been replaced in name with the "new style" dissector functions.
tvb_get_string and tvb_get_stringz have been replaced with tvb_get_string_enc and tvb_get_stringz_enc respectively.

New in Wireshark 2.0.5 (Jul 27, 2016)

New in Wireshark 2.0.4 (Jun 8, 2016)

Saving pcap capture file with ERF encapsulation creates an invalid pcap file. (Bug 3606)
Questionable calling of Ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
Wireshark 1.12.0 does not dissect HTTP correctly. (Bug 10335)
Don’t copy details of hidden columns. (Bug 11788)
RTP audio player crashes. (Bug 12166)
Crash when saving RTP audio Telephony→RTP→RTP Streams→Analyze→Save→Audio. (Bug 12211)
Edit - preferences - add column field not showing dropdown for choices. (Bug 12321)
Using _ws.expert in a filter can cause a crash. (Bug 12335)
Crash in SCCP dissector UAT (Qt UI only). (Bug 12364)
J1939 frame without data = malformed packet ? (Bug 12366)
The stream number in tshark’s "-z follow,tcp," option is 0-origin rather than 1-origin. (Bug 12383)
IP Header Length display filter should show calculated value. (Bug 12387)
Multiple file radio buttons should be check boxes. (Bug 12388)
Wrong check for getaddrinfo and gethostbyname on Solaris 11. (Bug 12391)
ICMPv6 dissector doesn’t respect actual packet length. (Bug 12400)
Format DIS header timestamp mm:ss.nnnnnn. (Bug 12402)
RTP Stream Analysis can no longer be sorted in 2.0.3. (Bug 12405)
RTP Stream Analysis fails to complete in 2.0.3 when packets are sliced. (Bug 12406)
Network-Layer Name Resolution uses first 32-bits of IPv6 DNS address as IPv4 address in some circumstances. (Bug 12412)
BACnet decoder incorrectly flags a valid APDU as a "Malformed Packet". (Bug 12422)
Valid ISUP messages marked with warnings. (Bug 12423)
Profile command line switch "-C" not working in Qt interface. (Bug 12425)
MRCPv2: info column not showing info correctly. (Bug 12426)
Diameter: Experimental result code 5142. (Bug 12428)
Tshark crashes when analyzing RTP due to pointer being freed not allocated. (Bug 12430)
NFS: missing information in getattr for supported exclusive create attributes. (Bug 12435)
Ethernet type field with a value of 9100 is shown as "Unknown". (Bug 12441)
Documentation does not include support for Windows Server 2012 R2. (Bug 12455)
Column preferences ruined too easily. (Bug 12465)
SMB Open andX extended response decoded incorrectly. (Bug 12472)
SMB NtCreate andX with extended response sometimes incorrect. (Bug 12473)
Viewing NFSv3 Data, checking SRTs doesn’t work. (Bug 12478)
Make wireshark with Qt enabled buildable on ARM. (Bug 12483)

New in Wireshark 2.0.3 (Apr 23, 2016)

The following vulnerabilities have been fixed:
The NCP dissector could crash. (Bug 11591)
TShark could crash due to a packet reassembly bug. (Bug 11799)
The IEEE 802.11 dissector could crash. (Bug 11824, Bug 12187)
The PKTC dissector could crash. (Bug 12206)
The PKTC dissector could crash. (Bug 12242)
The IAX2 dissector could go into an infinite loop. (Bug 12260)
Wireshark and TShark could exhaust the stack. (Bug 12268)
The GSM CBCH dissector could crash. (Bug 12278)
MS-WSP dissector crash. (Bug 12341)
The following bugs have been fixed:
Protocol Hierarchy Statistics shows LDAP lines recursively. (Bug 1734)
UTF-8 replacement characters in FT_STRINGs are escaped for presentation. (Bug 10681)
DTLS : reassembly error, protocol DTLS: New fragment overlaps old data. (Bug 11477)
Packet byte pane in Qt version of packet window isn’t being displayed. (Bug 11760)
"wireshark -i usbmon2 -k" results in "No interfaces selected" when restarting a capture. (Bug 11939)
Crash when changing the "which packets to print" radio button in the Print dialog. (Bug 12040)
Selecting packets causes memory leak. (Bug 12044)
Client Hello not dissected when failed SSL handshake fully captured. (Bug 12132)
TCP graphs - wrong stream graphed if stream index > 99. (Bug 12163)
Typo in packet-gsm_a_dtap.c. (Bug 12186)
Lua dot file error. (Bug 12196)
"All Files" does not allow selecting files without period. (Bug 12203)
wlan, wlan_mgt, Length error shown for IE BSS AC Access Delay/WAPI Parameter Set (68). (Bug 12223)
Qt GUI very slow when expanding packet details with a lot of items. (Bug 12228)
Comparing a boolean field against 1 always succeeds on big-endian machines. (Bug 12236)
FIN flag not always correctly passed to subdissectors. (Bug 12238)
Interpretation of BGP NLRI for default route cause malformed packet. (Bug 12240)
Capture Interfaces dialog crashes after clicking the bookmark menu. (Bug 12241)
Wireshark crashes right after a capture filter is selected. (Bug 12245)
GSM GMM Identity Response dissection error. (Bug 12246)
Crash reloading "dissector.lua" from the Wireshark website. (Bug 12251)
VoIP calls does not show IAX2 calls. (Bug 12254)
Wireshark CPU usage has dramatically increased. (Bug 12258)
RPC/NFS incorrectly decodes as ACAP. (Bug 12265)
Wireshark mistakenly flags CF-End packets as being Malformed. (Bug 12266)
ASTERIX Category 48 Reserved Expansion Field. (Bug 12267)
It is not possible to enter characters requiring "Alt Gr" in the display filter box such as "[" on a Swedish keyboard. (Bug 12270)
tshark crashes when trying to export to pdml. (Bug 12276)
Build fails on Centos 6.5 with gtk2 in ui/gtk/rtp_player.c rtp_channel_info_r has no no member start_time. (Bug 12277)
TCP Dissector - spurious retransmissions not always recognized. (Bug 12282)
PRA Identifier of the IE PRA Action should use 3 octets (6 to 8) and not 2 in GTPv2. (Bug 12284)
Dissector bug, failed assertion, proto_desegment pinfo→can_desegment. (Bug 12285)
Colorize with filter, new coloring rule, is labeled as new conversation rule. (Bug 12289)
Qt Multicast Stream Dialog error in input field Burst alarm threshold and Buffer alarm. (Bug 12309)
6LoWPAN reassembly incorrect if extension header padding was elided. (Bug 12310)
USBPcap prevents keyboard from working. (Bug 12316)
Crash when reloading Lua script when Field is gone. (Bug 12328)
Wrong display of USSD strings in the GSM 7-bit alphabet for non-ASCII characters in Wireshark 2.0.x. (Bug 12337)
Malformed Packet: RTP. (Bug 12339)
Incorrect error on MPA pdu length on iWARP packets. (Bug 12348)
Endpoints window doesn’t show name resolution. (Bug 12353)
Windows installers and PortableApps® packages are dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
Updated Protocol Support:
6LoWPAN, ACAP, Asterix, BGP, DMP, DNS, DTLS, EAP, FMTP, GPRS LLC, GSM A, GSM A GM, GSM CBCH, GSM MAP, GTPv2, HTTP, IAX2, IEEE 802.11, iWARP MPA, MS-WSP, MySQL, NCP, NFS, PKTC, QUIC, R3, RTP, SMB, SPRT, TCP, ZEP, ZigBee, ZigBee NWK, ZigBee ZCL SE, and ZVT
New and Updated Capture File Support:
and Gammu DCT3

New in Wireshark 2.0.2 (Feb 27, 2016)

The following vulnerabilities have been fixed:
wnpa-sec-2016-01 DLL hijacking vulnerability. CVE-2016-2521
wnpa-sec-2016-02 ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522
wnpa-sec-2016-03 DNP dissector infinite loop. (Bug 11938) CVE-2016-2523
wnpa-sec-2016-04 X.509AF dissector crash. (Bug 12002) CVE-2016-2524
wnpa-sec-2016-05 HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525
wnpa-sec-2016-06 HiQnet dissector crash. (Bug 11983) CVE-2016-2526
wnpa-sec-2016-07 3GPP TS 32.423 Trace file parser crash. (Bug 11982) CVE-2016-2527
wnpa-sec-2016-08 LBMC dissector crash. (Bug 11984) CVE-2016-2528
wnpa-sec-2016-09 iSeries file parser crash. (Bug 11985) CVE-2016-2529
wnpa-sec-2016-10 RSL dissector crash. (Bug 11829) CVE-2016-2530 CVE-2016-2531
wnpa-sec-2016-11 LLRP dissector crash. (Bug 12048) CVE-2016-2532
wnpa-sec-2016-12 Ixia IxVeriWave file parser crash. (Bug 11795)
wnpa-sec-2016-13 IEEE 802.11 dissector crash. (Bug 11818)
wnpa-sec-2016-14 GSM A-bis OML dissector crash. (Bug 11825)
wnpa-sec-2016-15 ASN.1 BER dissector crash. (Bug 12106)
wnpa-sec-2016-16 SPICE dissector large loop. (Bug 12151)
wnpa-sec-2016-17 NFS dissector crash.
wnpa-sec-2016-18 ASN.1 BER dissector crash. (Bug 11822)
The following bugs have been fixed:
HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP streams" option is enabled. (Bug 9848)
Questionable calling of ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
[Qt & Legacy & probably TShark too] Delta Time Conversation column is empty. (Bug 11559)
extcap: abort when validating capture filter for DLT 147. (Bug 11656)
Missing columns in Qt Flow Graph. (Bug 11710)
Interface list doesn’t show well when the list is very long. (Bug 11733)
Unable to use saved Capture Filters in Qt UI. (Bug 11836)
extcap: Capture interface options snaplen, buffer and promiscuous not being used. (Bug 11865)
Improper RPC reassembly (Bug 11913)
GTPv1 Dual Stack with one static and one Dynamic IP. (Bug 11945)
Wireshark 2.0.1 MPLS dissector not decoding payload when control word is present in pseudowire. (Bug 11949)
"…using this filter" turns white (not green or red). Plus dropdown arrow does nothing. (Bug 11950)
EIGRP field eigrp.ipv4.destination does not show the correct destination. (Bug 11953)
tshark -z conv,type[,filter] swapped frame / byte values from / to columns. (Bug 11959)
The field name nstrace.tcpdbg.tcpack should be nstrace.tcpdbg.tcprtt. (Bug 11964)
6LoWPAN IPHC traffic class not decompressed correctly. (Bug 11971)
Crash with snooping NFS file handles. (Bug 11972)
802.11 dissector fails to decrypt some broadcast messages. (Bug 11973)
Wireshark hangs when adding a new profile. (Bug 11979)
Issues when closing the application with a running capture without packets. (Bug 11981)
New Qt UI lacks ability to step through multiple TCP streams with Analyze > Follow > TCP Stream. (Bug 11987)
GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded. (Bug 11989)
Wireshark 2.0.1 crash on start. (Bug 11992)
Wi-Fi 4-way handshake 4/4 is displayed as 2/4. (Bug 11994)
ACN: acn.dmx.data has incorrect type. (Bug 11999)
editcap packet comment won’t add multiple comments. (Bug 12007)
DICOM Sequences no longer able to be expanded. (Bug 12011)
Wrong TCP stream when port numbers are reused. (Bug 12022)
SSL decryption fails in presence of a Client certificate. (Bug 12042)
LUA: TVBs backing a data source is freed too early. (Bug 12050)
PIM: pim.group filter have the same name for IPv4 and IPv6. (Bug 12061)
Failed to parse M3AP IE (TNL information). (Bug 12070)
Wrong interpretation of Instance ID value in OSPFv3 packet. (Bug 12072)
MP2T Dissector does parse RTP properly in 2.0.1. (Bug 12099)
editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (Bug 12116)
Guard Interval is not consistent between Radiotap & wlan_radio. (Bug 12123)
Calling dumpcap -i- results in access violation. (Bug 12143)
Qt: Friendly Name and Interface Name columns should not be editable. (Bug 12146)
PPTP GRE call ID not always decoded. (Bug 12149)
Interface list does not show device description anymore. (Bug 12156)
Find Packet does not highlight the matching tree item or packet bytes. (Bug 12157)
"total block length … is too large" error when opening pcapng file with multiple SHB sections. (Bug 12167)
http.request.full_uri is malformed if an HTTP Proxy is used. (Bug 12176)
SNMP dissector fails at msgSecurityParameters with long length encoding. (Bug 12181)
Windows installers and PortableApps packages are now dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
Updated Protocol Support:
6LoWPAN
ACN
ASN.1 BER
BATADV
DICOM
DNP3
DOCSIS INT-RNG-REQ
E100
EIGRP
GSM A DTAP
GSM SMS
GTP
HiQnet
HTTP
HTTP/2
IEEE 802.11
IKEv2
InfiniBand
IPv4
IPv6
LBMC
LLRP
M3AP
MAC LTE
MP2T
MPLS
NFS
NS Trace
OSPF
PIM
PPTP
RLC LTE
RoHC
RPC
RSL
SNMP
SPICE
SSL
TCP
TRILL
VXLAN
WaveAgent
X.509AF

New in Wireshark 2.0.1 (Dec 30, 2015)

Zooming out (Ctrl+-) too far crashes Wireshark. (Bug 8854)
IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
About → Plugins should be a scrollable. (Bug 11427)
Profile change leaves prior profile residue. (Bug 11493)
Wireshark crashes when using the VoIP player. (Bug 11596)
Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242). (Bug 11630)
Not possible to stop a capture with invalid filter. (Bug 11667)
"No interface selected" when having a valid capture filter. (Bug 11671)
Malformed packet with IPv6 mobility header. (Bug 11728)
Wireshark crashes dissecting Profinet NRT (DCE-RPC) packet. (Bug 11730)
All fields in the packet detail pane of a "new packet" window are expanded by default. (Bug 11731)
Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding. (Bug 11736)
Display filters arranges columns incorrectly. (Bug 11737)
Scrolling and navigating using the trackpad on Mac OS X could be much better. (Bug 11738)
Lua Proto() does not validate arguments. (Bug 11739)
Pointers to deallocated memory when redissecting. (Bug 11740)
Suggestion for re-phrasing the TCP Window Full message. (Bug 11741)
Can’t parse MPEG-2 Transport Streams generated by the Logik L26DIGB21 TV. (Bug 11749)
Qt UI on Windows crashes when changing to next capture file. (Bug 11756)
First displayed frame not updated when changing profile. (Bug 11757)
LDAP decode shows invalid number of results for searchResEntry packets. (Bug 11761)
Crash when escape to Follow TCP → Save. (Bug 11763)
USBPcap prevents mouse and keyboard from working. (Bug 11766)
Y-axis in RTP graph is in microseconds. (Bug 11784)
"Delta time displayed" column in Wireshark doesn’t work well, but Wireshark-gtk does. (Bug 11786)
UDP 12001 SNA Data no longer shown in EBCDIC. (Bug 11787)
Wireshark Portable is not starting (no messages at all). (Bug 11800)
IPv6 RPL Routing Header with length of 8 bytes still reads an address. (Bug 11803)
g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2. (Bug 11809)
Calling plugin_if_goto_frame when there is no file loaded causes a Protection Exception. (Bug 11810)
Qt UI SIGSEGV before main() in initializer for colors_. (Bug 11833)
Unable to add a directory to "GeoIP Database Paths". (Bug 11842)
C++ Run time error when filtering on Expert limit to display filter. (Bug 11848)
Widening the window doesn’t correctly widen the rightmost column. (Bug 11849)
SSL V2 Client Hello no longer dissected in Wireshark 2.0. (Bug 11851)
PacketBB (RFC5444) dissector displays IPv4 addresses incorrectly. (Bug 11852)
SMTP over port 587 shows identical content for fields "Username" and "Password" when not decoding base-64-encoded authentication information. (Bug 11853)
Converting of EUI64 address to string does not take offset into account. (Bug 11856)
CIP segment dissection causes PDML assertion/failure. (Bug 11863)
In Import from Hex Dump, an attempt to enter the timestamp format manually crashes the application. (Bug 11873)
Follow Stream directional selector not readable. (Bug 11887)
Coloring rule custom colors not saved. (Bug 11888)
Total number of streams not correct in Follow TCP Stream dialog. (Bug 11889)
Command line switch -Y for display filter does not work. (Bug 11891)
Creating Debian package doesn’t work. (Bug 11893)
Visual C++ Runtime Library Error "The application has requested the Runtime to terminate it in an unusual way." when you do not wait until Conversations is completely updated before applying "Limit to display filter". (Bug 11900)
dpkg-buildpackage relocation R_X86_64_PC32 against symbol. (Bug 11901)
Bits view in Packet Bytes pane is not persistent. (Bug 11903)
ICMP Timestamp days, hours, minutes, seconds is incorrect. (Bug 11910)
MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong. (Bug 11921)

New in Wireshark 2.0.0 (Nov 19, 2015)

New in Wireshark 1.12.8 (Oct 14, 2015)

New in Wireshark 1.12.7 (Aug 14, 2015)

The following vulnerabilities have been fixed.
wnpa-sec-2015-21 Protocol tree crash. (Bug 11309)
wnpa-sec-2015-22 Memory manager crash. (Bug 11373)
wnpa-sec-2015-23 Dissector table crash. (Bug 11381)
wnpa-sec-2015-24 ZigBee crash. (Bug 11389)
wnpa-sec-2015-25 GSM RLC/MAC infinite loop. (Bug 11358)
wnpa-sec-2015-26 WaveAgent crash. (Bug 11358)
wnpa-sec-2015-27 OpenFlow infinite loop. (Bug 11358)
wnpa-sec-2015-28 Ptvcursor crash. (Bug 11358)
wnpa-sec-2015-29 WCCP crash. (Bug 11358)
The following bugs have been fixed:
DCE RPC "Decode As" capability is missing. (Bug 10368)
Mergecap turns nanosecond-resolution time stamps into microsecond-resolution time stamps. (Bug 11202)
The Aruba ERM Type 1 Dissector inconsistent with Type 0 and Type 3. (Bug 11204)
Parse CFM Type Test signal (TST) without CRC. (Bug 11286)
Tshark: output format of rpc.xid changed from Hex to Integer. (Bug 11292)
Not stop -a filecount . (Bug 11305)
lldp.ieee.802_3.mdi_power_class display is wrong. (Bug 11330)
Powerlink (EPL) SDO packages interpreted as frame dublication. (Bug 11341)
Mysql dissector adds packet content to INFO column without scrubbing it. (Bug 11344)
PIM null-register according to rfc4601 is incorrectly parsed. (Bug 11354)
Wireshark Lua dissectors: both expand together. (Bug 11356)
Link-type not retrieved for rpcap interfaces configured with authentication. (Bug 11366)
SSL Decryption (RSA private key with p smaller than q) failing on the Windows 7 buildbot. (Bug 11372)
[gtpv2]PCSCF ip in the Protocol configuration of update bearer request is not getting populated. (Bug 11378)
wpan.src64 (and dst64) filter always gives "is not a valid EUI64 Address" error. (Bug 11380)
Websphere MQ Work Information Header incorrectly showing "Reserved". (Bug 11384)
DUP ACK Counter resetting after Window Update. (Bug 11397)
CSV values missing when using tshark -2 option. (Bug 11401)
Ethernet PAUSE frames are decoded incorrectly as PFC. (Bug 11403)
SOCKS decoder giving strange values for seemingly normal SOCKS connection. (Bug 11417)
802.11ad decoding error. (Bug 11419)
Updated Protocol Support:
Aruba ERM, CFM, EPL, GSM A-bis OML, GSM MAP, GSM RLC/MAC, GTPv2, IEEE 802.11, LLDP, LTE RRC, MAC Control, MQ, MySQL, OpcUa, OpenFlow, Radiotap, SCCP, SOCKS, TCP, WaveAgent, WCCP, and ZigBee

New in Wireshark 1.12.6 (Jun 18, 2015)

New in Wireshark 1.12.5 (May 13, 2015)

The following vulnerabilities have been fixed:
The LBMR dissector could go into an infinite loop. (Bug 11036) CVE-2015-3808 CVE-2015-3809
The WebSocket dissector could recurse excessively. (Bug 10989) CVE-2015-3810
The WCP dissector could crash while decompressing data. (Bug 10978) CVE-2015-3811
The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812
The packet reassembly code could leak memory. (Bug 11129) CVE-2015-3813
The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110) CVE-2015-3814
The Android Logcat file parser could crash. Discovered by Hanno Böck. (Bug 11188) CVE-2015-3815
The following bugs have been fixed:
Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)
EAPOL 4-way handshake information wrong. (Bug 10557)
RPC NULL calls incorrectly flagged as malformed. (Bug 10646)
Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)
Buffer overrun in encryption code. (Bug 10849)
Crash when use Telephony / Voip calls. (Bug 10885)
ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)
ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)
Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)
Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)
Possible infinite loop DoS in ForCES dissector. (Bug 11037)
"Decode As…" crashes when a packet dialog is open. (Bug 11043)
Interface Identifier incorrectly represented by Wireshark. (Bug 11053)
"Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)
Annoying popup when trying to capture on bonds. (Bug 11058)
Request-response cross-reference in USB URB packets incorrect. (Bug 11072)
Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)
CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)
Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)
Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)
Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)
Updated Protocol Support:
AllJoyn, ASN.1 PER, ATM, CANopen, Diameter, ForCES, GSM RLC/MAC, GSMTAP, ICMP, IEC-60870-5-104, IEEE 802.11, IMF, IP, LBMC, LBMR, LDAP, LPP, MBIM, MEGACO, MP2T, PKCS-1, PPP IPv6CP, RPC, SPNEGO, SRVLOC, SSL, T.38, TCP, USB, WCP, WebSocket, X11, and ZigBee ZCL
New and Updated Capture File Support:
and Android Logcat Savvius OmniPeek Visual Networks

New in Wireshark 1.12.4 (Mar 6, 2015)

The following vulnerabilities have been fixed:
wnpa-sec-2015-06 - The ATN-CPDLC dissector could crash. (Bug 9952) CVE-2015-2187
wnpa-sec-2015-07 - The WCP dissector could crash. (Bug 10844) CVE-2015-2188
wnpa-sec-2015-08 - The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
wnpa-sec-2015-09 - The LLDP dissector could crash. (Bug 10983) CVE-2015-2190
wnpa-sec-2015-10 - The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023) CVE-2015-2191
wnpa-sec-2015-11 - The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11024) CVE-2015-2192
The following bugs have been fixed:
RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630)
"Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849)
IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006)
DNS NXT RR is parsed incorrectly. (Bug 10615)
IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
HTTP chunked response includes data beyond the chunked response. (Bug 10707)
DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)
Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837)
Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)
X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)
Malformed Packet on rsync-version with length 2. (Bug 10863)
ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872)
BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873)
Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877)
"ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879)
Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)
MEGACO wrong decoding on media port. (Bug 10898)
Wrong media format. (Bug 10899)
BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)
DNS LOC Precision missing units. (Bug 10940)
Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)
Display Filter Macro unable to edit. (Bug 10957)
IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)
SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964)
Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)
NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998)
Updated Protocol Support:
ACN, ANSI IS-637-A, AppleMIDI, ATN-CPDLC, BGP, BSSGP, CMIP, DHCP, DHCPv6, DIS, DLM3, DMP, DNS, Extreme Networks, ForCES, FTAM, GMHDR, GSM A BSSMAP, GSM A-bis OML, GSM MAP, GSM RLC MAC, GTP, H.248, H.264, HTTP, IEEE 802.11, IPv6, IS-IS, ISMACryp, J1939, Juniper Jmirror, KDP, L2CAP, LDAP, LLDP, MGCP, MIP6, NBNS, NET/ROM, Netflow, Novell PKIS, PANA, PPPoE, RSL, RSYNC, RTMPT, RTP, SCSI OSD, SDP, SMB Pipe, SMPP, SYNCHROPHASOR, TETRA, TiVoConnect, TNEF, USB HID, V.52, VSS-Monitoring, X.509AF, Zebra, and ZigBee
New and Updated Capture File Support:
NetScaler, PacketLogger, and Pcapng

New in Wireshark 1.99.2 (Feb 5, 2015)

New in Wireshark 1.12.3 (Jan 8, 2015)

Bug Fixes:
wnpa-sec-2015-01 - The WCCP dissector could crash. (Bug 10720, Bug 10806) CVE-2015-0559, CVE-2015-0560
wnpa-sec-2015-02 - The LPP dissector could crash. (Bug 10773) CVE-2015-0561
wnpa-sec-2015-03 - The DEC DNA Routing Protocol dissector could crash. (Bug 10724) CVE-2015-0562
wnpa-sec-2015-04 - The SMTP dissector could crash. (Bug 10823) CVE-2015-0563
wnpa-sec-2015-05 - Wireshark could crash while decypting TLS/SSL sessions. Discovered by Noam Rathaus. CVE-2015-0564
The following bugs have been fixed:
WebSocket dissector: empty payload causes DISSECTOR_ASSERT_NOT_REACHED. (Bug 9332)
Wireshark crashes if Lua heuristic dissector returns true. (Bug 10233)
Display MEP ID in decimal in OAM Y.1731 Synthetic Loss Message and Reply PDU. (Bug 10500)
TCP Window Size incorrectly reported in Packet List. (Bug 10514)
Status bar "creeps" to the left a few pixels every time Wireshark is opened. (Bug 10518)
E-LMI Message type. (Bug 10531)
SMTP decoder can dump binary data to terminal in TShark. (Bug 10536)
PTPoE dissector gets confused by packets that include an FCS. (Bug 10611)
IPv6 Vendor Specific Mobility Option includes the next mobility option type. (Bug 10618)
Save PCAP to PCAPng with commentary fails. (Bug 10656)
Display filter "frame contains bytes [2342]" causes a crash. (Bug 10690)
Multipath TCP: checksum displayed when it’s not there. (Bug 10692)
LTE APN-AMBR is decoded incorrectly. (Bug 10699)
DNS NAPTR RR Replacement Length is incorrect. (Bug 10700)
IPv6 Experimental mobility header data is interpreted as options. (Bug 10703)
Dissector bug, protocol SPDY: tvbuff.c:610: failed assertion "tvb && tvb→initialized". (Bug 10704)
BGP: Incorrect decoding AS numbers when mixed AS size. (Bug 10742)
BGP update community - incorrect decoding. (Bug 10746)
Setting a 6LoWPAN context generates a Wireshark crash. (Bug 10747)
FC is not dissected (protocol UNKNOWN). (Bug 10751)
Crash when displaying several times INFO column. (Bug 10755)
Decoding of longitude value in LCSAP (3GPP TS 29.171) is incorrect. (Bug 10767)
Crash when enabling FCoIB manual settings without filling address field. (Bug 10796)
RSVP RECORD_ROUTE IPv4 Subobject Flags field incorrect decoding. (Bug 10799)
Wireshark Lua engine can’t access protocol field type. (Bug 10801)
Field Analysis of OpenFlow v1.4 OFPT_SET_ASYNC. (Bug 10808)
Lua: getting fieldinfo.value for FT_NONE causes assert. (Bug 10815)
Updated Protocol Support:
6LoWPAN, ADwin, AllJoyn, Art-Net, Asterix, BGP, Bitcoin, Bluetooth OBEX, Bluetooth SDP, CFM, CIP, DCERPC PN-IO, DCERPC SPOOLSS, DEC DNA, DECT, DHCPv6, DNS, DTN, E-LMI, ENIP, Ethernet, Extreme, FCoIB, Fibre Channel, GED125, GTP, H.248, H.264, HiSLIP, IDRP, IEEE 802.11, IEEE P1722.1, Infiniband, IrDA, iSCSI, ISUP, LBMR, LCSAP, LPP, MAC LTE, MAUSB, MBIM, MIM, MIP, MIPv6, MP2T, MPEG-1, NAS EPS, NAT-PMP, NCP, NXP PN532, OpcUa, OpenFlow, PTP, RDM, RPKI-RTR, RSVP, RTnet, RTSP, SCTP, SMPP, SMTP, SPDY, Spice, TCP, WCCP, Wi-Fi P2P, and WiMAX
New and Updated Capture File Support:
K12

New in Wireshark 1.12.2 (Nov 13, 2014)

Bug Fixes:
The following vulnerabilities have been fixed. wnpa-sec-2014-20
SigComp UDVM buffer overflow. (Bug 10662) CVE-2014-8710 wnpa-sec-2014-21
AMQP crash. (Bug 10582) CVE-2014-8711 wnpa-sec-2014-22
NCP crashes. (Bug 10552, Bug 10628) CVE-2014-8712 CVE-2014-8713 wnpa-sec-2014-23
TN5250 infinite loops. (Bug 10596) CVE-2014-8714
The following bugs have been fixed:
Wireshark determine packets of MMS protocol as a packets of T.125 protocol. (Bug 10350)
6LoWPAN Mesh headers not treated as encapsulating address. (Bug 10462)
UCP dissector bug of operation 31 - PID 0639 not recognized. (Bug 10463)
iSCSI dissector rejects PDUs with "expected data transfer length" > 16M. (Bug 10469)
GTPv2: trigging_tree under Trace information has wrong length. (Bug 10470)
openflow_v1 OFPT_FEATURES_REPLY parsed incorrectly. (Bug 10493)
Capture files from a remote virtual interface on MacOS X 10.9.5 aren’t dissected correctly. (Bug 10502)
Problem specifying protocol name for filtering. (Bug 10509)
LLDP TIA Network Policy Unknown Policy Flag Decode is not correct. (Bug 10512)
Decryption of DCERPC with Kerberos encryption fails. (Bug 10538)
Dissection of DECRPC NT sid28 shouldn’t show expert info if tree is null. (Bug 10542)
Attempt to render an SMS-DELIVER-REPORT instead of an SMS-DELIVER. (Bug 10547)
IPv6 Calipso option length is not used properly. (Bug 10561)
The SPDY dissector couldn’t dissecting packet correctly. (Bug 10566)
IPv6 QuickStart option Nonce is read incorrectly. (Bug 10575)
IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field. (Bug 10576)
IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data. (Bug 10577)
IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data. (Bug 10578)
Wrong offset for hf_mq_id_icf1 in packet-mq.c. (Bug 10597)
Malformed PTPoE announce packet. (Bug 10611)
IPv6 Permanent Home Keygen Token mobility option includes too many bytes for the token field. (Bug 10619)
IPv6 Redirect Mobility Option K and N bits are parsed incorrectly. (Bug 10622)
IPv6 Care Of Test mobility option includes too many bytes for the Keygen Token field. (Bug 10624)
IPv6 MESG-ID mobility option is parsed incorrectly. (Bug 10625)
IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
IPv6 DNS-UPDATE-TYPE mobility option includes too many bytes for the MD identity field. (Bug 10629)
IPv6 Local Mobility Anchor Address mobility option’s code and reserved fields are parsed as 2 bytes instead of 1. (Bug 10630)
WCCP v.2.01 extended assignment data element parsed wrong. (Bug 10641)
DNS ISDN RR Sub Address field is read one byte early. (Bug 10650)
TShark crashes when running with PDML on a specific packet. (Bug 10651)
DNS A6 Address Suffix field is parsed incorrectly. (Bug 10652)
DNS response time: calculation incorrect. (Bug 10657)
SMPP does not display properly the hour field in the Submit_sm Validity Period field. (Bug 10672)
DNS Name Length for Zone RR on root is 6 and Label Count is 1. (Bug 10674)
DNS WKS RR Protocol field is read as 4 bytes instead of 1. (Bug 10675)
IPv6 Mobility Option Context Request reads an extra request. (Bug 10676)
The Windows installers no longer include previews of Wireshark 2. If you want to try the new user interface, please download a development (1.99) installer.
Updated Protocol Support:
6LoWPAN, AMQP, ANSI IS-637-A, Bluetooth HCI, CoAP, DCERPC (all), DCERPC NT, DNS, GSM MAP, GTPv2, H.223, HPSW, HTTP2, IEEE 802.11, IPv6, iSCSI, Kerberos, LBT-RM, LLDP, MIH, Mobile IPv6, MQ, NCP, OpcUa, OpenFlow, PKTAP, PTPoE, SigComp, SMB2, SMPP, SPDY, Stanag 4607, T.125, UCP, USB CCID, and WCCP
New and Updated Capture File Support:
Catapult DCT2000, HP-UX nettl, Ixia IxVeriWave, pcap, pcap-ng, RADCOM, and Sniffer (DOS)

New in Wireshark 1.12.1 (Sep 17, 2014)

The following vulnerabilities have been fixed:
wnpa-sec-2014-13
MEGACO dissector infinite loop. (Bug 10333) CVE-2014-6423
wnpa-sec-2014-14
Netflow dissector crash. (Bug 10370) CVE-2014-6424
wnpa-sec-2014-15
CUPS dissector crash. (Bug 10353) CVE-2014-6425
wnpa-sec-2014-16
HIP dissector infinite loop. CVE-2014-6426
wnpa-sec-2014-17
RTSP dissector crash. (Bug 10381) CVE-2014-6427
wnpa-sec-2014-18
SES dissector crash. (Bug 10454) CVE-2014-6428
wnpa-sec-2014-19
Sniffer file parser crash. (Bug 10461) CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
The following bugs have been fixed:
Wireshark can crash during remote capture (rpcap) configuration. (Bug 3554, Bug 6922, ws-buglink:7021)
802.11 capture does not decrypt/decode DHCP response. (Bug 8734)
Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or s. (Bug 10213)
No progress line in "VOIP RTP Player". (Bug 10307)
MIPv6 Service Selection Identifier parse error. (Bug 10323)
Probably wrong length check in proto_item_set_end. (Bug 10329)
802.11 BA sequence number decode is broken. (Bug 10334)
wmem_alloc_array() "succeeds" (and clobbers memory) when requested to allocate 0xaaaaaaaa items of size 12. (Bug 10343)
Different dissection results for same file. (Bug 10348)
Mergecap wildcard breaks in version 1.12.0. (Bug 10354)
Diameter TCP reassemble. (Bug 10362)
TRILL NLPID 0xc0 unknown to Wireshark. (Bug 10382)
BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly. (Bug 10384)
Ethernet OAM (CFM) frames including TLV’s are wrongly decoded as malformed. (Bug 10385)
BGP4: Wireshark skipped some potion of AS_PATH. (Bug 10399)
MAC address name resolution is broken. (Bug 10344)
Wrong decoding of RPKI RTR End of Data PDU. (Bug 10411)
SSL/TLS dissector incorrectly interprets length for status_request_v2 hello extension. (Bug 10416)
Misparsed NTP control assignments with empty values. (Bug 10417)
6LoWPAN multicast address decompression problems. (Bug 10426)
Netflow v9 flowset not decoded if options template has zero-length scope section. (Bug 10432)
GUI Hangs when Selecting Path to GeoIP Files. (Bug 10434)
AX.25 dissector prints unprintable characters. (Bug 10439)
6LoWPAN context handling not working. (Bug 10443)
SIP: When export to a CSV, Info is changed to differ. (Bug 10453)
Typo in packet-netflow.c. (Bug 10458)
Incorrect MPEG-TS decoding (OPCR field). (Bug 10446)
Updated Protocol Support:
6LoWPAN, A21, ACR122, Art-Net, AX.25, BGP, BTLE, CAPWAP, DIAMETER, DICOM, DVB-CI, Ethernet OAM, HIP, HiSLIP, HTTP2, IEEE 802.11, MAUSB, MEGACO, MIPv6, MP2T, Netflow, NTP, openSAFETY, OSI, RDM, RPKI RTR, RTSP, SES, SIP, TLS, and Token Ring MAC
New and Updated Capture File Support:
DOS Sniffer, and NetScaler

New in Wireshark 1.12.0 (Aug 1, 2014)

Bug Fixes:
"On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, Bug 9390)
"Follow TCP Stream" shows only the first HTTP request and response. (Bug 9044)
Files with pcap-ng Simple Packet Blocks can’t be read. (Bug 9200)
MPLS-over-PPP isn’t recognized. (Bug 9492)
New and Updated Features:
The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
Expert information is now filterable when the new API is in use.
The "Number" column shows related packets and protocol conversation spans (Qt only).
When manipulating packets with editcap using the -C and/or -s options, it is now possible to also adjust the original frame length using the -L option.
You can now pass the -C option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
"malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
The Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, changing a lot of filter names.
Additionally the Windows installers have an extra component: a preview of the upcoming user interface for Wireshark 2.0.
Transport name resolution is now disabled by default.
Support has been added for all versions of the DCBx protocol.
Cleanup of LLDP code, all dissected fields are now navigable.
Qt port:
The About dialog has been added
The Capture Interfaces dialog has been added.
The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
The Export PDU dialog has been added.
Several SCTP dialogs have been added.
The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
The I/O Graph dialog has been added.
French translation has updated.
Mac OS X packaging has been improved.
Dissector output may be encoded as UTF-8. This includes TShark output.
Qt port:
The Follow Stream dialog now supports packet and TCP stream selection.
A Flow Graph (sequence diagram) dialog has been added.
The main window now respects geometry preferences.
Removed Dissectors:
The ASN1 plugin has been removed as it’s deemed obsolete.
The GNM dissector has been removed as it was never used.
The Kerberos hand made dissector has been replaced by one generated from ASN1 code.
Platform Support:
Support for Windows XP has been deprecated. We will make an effort to support it for as long as possible but our ability to do so depends on upstream packages and other factors beyond our control.
U3 packages are no longer supported or provided.
This is the last major release that will support 32-bit versions of Mac OS X.
New Protocol Support:
29West, 802.1AE Secure tag, A21, ACR122, ADB Client-Server, AllJoyn, Apple PKTAP, Aruba Instant AP, ASTERIX, ATN, Bencode, Bluetooth 3DS, Bluetooth HSP, Bluetooth Linux Monitor Transport, Bluetooth Low Energy, Bluetooth Low Energy RF Info, CARP, CFDP, Cisco MetaData, DCE/RPC MDSSVC, DeviceNet, ELF file format, Ethernet Local Management Interface (E-LMI), Ethernet Passive Optical Network (EPON), EXPORTED PDU, FINGER, HDMI, High-Speed LAN Instrument Protocol (HiSLIP), HTTP2, IDRP, IEEE 1722a, ILP, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, Kafka, Kyoto Tycoon, Landis & Gyr Telegyr 8979, LBM, LBMC, LBMPDM, LBMPDM-TCP, LBMR, LBT-RM, LBT-RU, LBT-TCP, Lightweight Mesh (v1.1.1), Link16, Linux netlink, Linux netlink netfilter, Linux netlink sock diag, Linux rtnetlink (route netlink), Logcat, MBIM, Media Agnostic USB (MA USB), MiNT, MP4 / ISOBMFF file format, MQ Telemetry Transport Protocol, MS NLB (Rewrite), Novell PKIS certificate extensions, NXP PN532 HCI, Open Sound Control, OpenFlow, Pathport, PDC, Picture Transfer Protocol Over IP, PKTAP, Private Data Channel, QUIC (Quick UDP Internet Connections), SAE J1939, SEL RTAC (Real Time Automation Controller) EIA-232 Serial-Line Dissection, Sippy RTPproxy, SMB-Direct, SPDY, STANAG 4607, STANAG 5066 DTS, STANAG 5066 SIS, Tinkerforge, Ubertooth, UDT, URL Encoded Form Data, USB Communications and CDC Control, USB Device Firmware Upgrade, VP8, WHOIS, Wi-Fi Display, and ZigBee Green Power profile
Updated Protocol Support
New and Updated Capture File Support:
Netscaler 2.6, STANAG 4607, and STANAG 5066 Data Transfer Sublayer
Major API Changes
The libwireshark API has undergone some major changes:
A more flexible, modular memory manager (wmem) has been added. It was available experimentally in 1.10 but is now mature and has mostly replaced the old emem API (which is deprecated).
A new API for expert information has been added, replacing the old one.
The tvbuff API has been cleaned up: tvb_length has been renamed to tvb_captured_length for clarity, and tvb_get_string and tvb_get_stringz have been deprecated in favour of tvb_get_string_enc and tvb_get_stringz_enc.
dissector_try_heuristic() signature has been changed to return heur_dtbl_entry_t to make it possible to save it and use it in subsequent calls to avoid the overhead of going trough the heuristics list.

New in Wireshark 1.10.8 (Jun 13, 2014)

New in Wireshark 1.10.7 (Apr 23, 2014)

New in Wireshark 1.10.6 (Mar 8, 2014)

Bug Fixes:
The following vulnerabilities have been fixed:
wnpa-sec-2014-01. The NFS dissector could crash. Discovered by Moshe Kaplan. (Bug 9672). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2281
wnpa-sec-2014-02. The M3UA dissector could crash. Discovered by Laurent Butti. (Bug 9699). Versions affected: 1.10.0 to 1.10.5 - CVE-2014-2282
wnpa-sec-2014-03. The RLC dissector could crash. (Bug 9730). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2283
wnpa-sec-2014-04. The MPEG file parser could overflow a buffer. Discovered by Wesley Neelen. (Bug 9843). Versions affected: 1.10.0 to 1.10.5, 1.8.0 to 1.8.12 - CVE-2014-2299
The following bugs have been fixed:
Customized OUI is not recognized correctly during dissection. (Bug 9122)
Properly decode CAPWAP Data Keep-Alives. (Bug 9165)
Build failure with GTK 3.10 - GTK developers have gone insane. (Bug 9340)
SIGSEGV/SIGABRT during free of TvbRange using a chained dissector in lua. (Bug 9483)
MPLS dissector no longer registers itself in "ppp.protocol" table. (Bug 9492)
Tshark doesn’t display the longer data fields (mbtcp). (Bug 9572)
DMX-CHAN disector does not clear strbuf between rows. (Bug 9598)
Dissector bug, protocol SDP: proto.c:4214: failed assertion "length >= 0". (Bug 9633)
False error: capture file appears to be damaged or corrupt. (Bug 9634)
SMPP field source_telematics_id field length different from spec. (Bug 9649)
Lua: bitop library is missing in Lua 5.2. (Bug 9720)
GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct. (Bug 9722)
Lua: ProtoField.new() is buggy. (Bug 9725)
Lua: ProtoField.bool() VALUESTRING argument is not optional but was supposed to be. (Bug 9728)
Problem with CAPWAP Wireshark Dissector. (Bug 9752)
nas-eps dissector: CS Service notification dissection stops after Paging identity IE. (Bug 9789)
New and Updated Features:
IPv4 checksum verfification is now disabled by default.
Updated Protocol Support:
AppleTalk, CAPWAP, DMX-CHAN, DSI, DVB-CI, ESS, GTPv1, IEEE 802a, M3UA, Modbus/TCP, NAS-EPS, NFS, OpenSafety, SDP, and SMPP
New and Updated Capture File Support:
libpcap, MPEG, and pcap-ng

New in Wireshark 1.10.5 (Dec 20, 2013)

New in Wireshark 1.10.4 (Dec 18, 2013)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2013-66
The SIP dissector could go into an infinite loop. Discovered by Alain Botti. (Bug 9388)
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7112
wnpa-sec-2013-67
The BSSGP dissector could crash. Discovered by Laurent Butti. (Bug 9488)
Versions affected: 1.10.0 to 1.10.3
CVE-2013-7113
wnpa-sec-2013-68
The NTLMSSP v2 dissector could crash. Discovered by Garming Sam.
Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11
CVE-2013-7114
The following bugs have been fixed:
"On-the-wire" packet lengths are limited to 65535 bytes. (Bug 8808, ws-buglink:9390)
Tx MCS set is not interpreted properly in WLAN beacon frame. (Bug 8894)
VoIP Graph Analysis window - some calls are black. (Bug 8966)
Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031)
epan/follow.c - Incorrect "bytes missing in capture file" in "check_fragments" due to an unsigned int wraparound?. (Bug 9112)
gsm_map doesn’t decode MAPv3 reportSM-DeliveryStatus result. (Bug 9382)
Incorrect NFSv4 FATTR4_SECURITY_LABEL value. (Bug 9383)
Timestamp decoded for Gigamon trailer is not padded correctly. (Bug 9433)
SEL Fast Message Bug-fix for Signed 16-bit Integer Fast Meter Messages. (Bug 9435)
DNP3 Bug Fix for Analog Data Sign Bit Handling. (Bug 9442)
GSM SMS User Data header fill bits are wrong when using a 7 bits ASCII / IA5 encoding. (Bug 9478)
WCDMA RLC dissector cannot assemble PDUs with SNs skipped and wrap-arounded. (Bug 9505)
DTLS: fix buffer overflow in mac check. (Bug 9512)
[PATCH] Correct data length in SCSI_DATA_IN packets (within iSCSI). (Bug 9521)
GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (Bug 9550)
Fix "decode as …" for packet-time.c. (Bug 9563)
New and Updated Features:
There are no new features in this release.
New Protocol Support:
There are no new protocols in this release.
Updated Protocol Support:
ANSI IS-637-A, BSSGP, DNP3, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, IEEE 802.11, iSCSI, NFSv4, NTLMSSP v2, RLC, SEL FM, SIP, and Time
New and Updated Capture File Support:
and Pcap-ng.

New in Wireshark 1.11.2 (Nov 20, 2013)

New in Wireshark 1.10.3 (Nov 1, 2013)

The following vulnerabilities have been fixed:
The IEEE 802.15.4 dissector could crash. (Bug 9139)
The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9168)
The SIP dissector could crash. (Bug 9228)
The OpenWire dissector could go into a large loop. Discovered by Murali. (Bug 9248)
The TCP dissector could crash. (Bug 9263)
The following bugs have been fixed:
new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (Bug 5349)
TLS decryption fails with XMPP start_tls. (Bug 8871)
Wrong Interpretation of GTS starting slot. (Bug 8946)
"Follow TCP Stream" shows only the first HTTP req+res. (Bug 9044)
The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
Crash then try to delete the same entry (length range) twice. (Bug 9129)
Crash if wrong "packet lengths range" entered. (Bug 9130)
Bssgp ⇒ SGSN-INVOKE-TRACE use the wrong function… (Bug 9157)
Minor correction to dissection of DLR frames in Ethernet/IP dissector. (Bug 9186)
WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (Bug 9199)
Files with pcap-ng Simple Packet Blocks can’t be read. (Bug 9200)
Bug in RTP dissector if RTP extension is present. (Bug 9204)
Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (Bug 9206)
"make debian-package" fails, missing wsicon32.xpm. (Bug 9209)
Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
Ring buffer crash when tshark gets too far behind dumpcap. (Bug 9258)
PTP Dissector Wrongfully Reports Malformed Packet. (Bug 9262)
Wireshark lua dissector unable to load for media_type=application/octet-stream. (Bug 9296)
Wireshark crash when dissecting packet with NTLMSSP. (Bug 9299)
Padding in uint64 field in DCERPC protocol wrongly reported. (Bug 9300)
DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (Bug 9301)
Multiple PDUs in the same DCERPC packet are not correctly decrypted. (Bug 9302)
The tshark summary line doesn’t display the frame number or displays it sporadically. (Bug 9317)
Bluetooth: SDP improvements and minor fixes. (Bug 9327)
Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (Bug 9360)
Updated Protocol Support:
3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP

New in Wireshark 1.10.2 (Sep 11, 2013)

The following vulnerabilities have been fixed:
wnpa-sec-2013-54
The Bluetooth HCI ACL dissector could crash. Discovered by Laurent Butti. (Bug 8827)
Versions affected: 1.10.0 to 1.10.1
wnpa-sec-2013-55
The NBAP dissector could crash. Discovered by Laurent Butti. (Bug 9005)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
wnpa-sec-2013-56
The ASSA R3 dissector could go into an infinite loop. Discovered by Ben Schmidt. (Bug 9020)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
wnpa-sec-2013-57
The RTPS dissector could overflow a buffer. Discovered by Ben Schmidt. (Bug 9019)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
wnpa-sec-2013-58
The MQ dissector could crash. (Bug 9079)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
wnpa-sec-2013-59
The LDAP dissector could crash. Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
wnpa-sec-2013-60
The Netmon file parser could crash. Discovered by G. Geshev. (Bug 8742)
Versions affected: 1.10.0 to 1.10.1, 1.8.0 to 1.8.9
The following bugs have been fixed:
Lua ByteArray:append() causes wireshark crash. (Bug 4461)
Lua script can not get "data-text-lines" protocol data. (Bug 5200)
Lua: Trying to use Field.new("tcp.segments") to get reassembled TCP data is failed. (Bug 5201)
"Edit Interface Settings": "Capture Filter" combo box is not populated across Wireshark sessions. (Bug 7278)
PER normally small non-negative whole number decoding is wrong when >= 64. (Bug 8841)
Strange behavior of tree expand/collapse in packet details. (Bug 8908)
Incorrect parsing of IPFIX *IpTotalLength elements. (Bug 8918)
IO graph/advanced, max/min/summ error on frames with multiple Diameter messages. (Bug 8980)
pod2man error on reordercap.pod. (Bug 8982)
SGI Nsym disambiguation is unconditionally displayed when dissecting VHT. (Bug 8989)
The Wireshark icon doesn’t show up in OS X 10.5. (Bug 8993)
Build fails if system Python is version 3+. (Bug 8995)
SCSI dissector does not parse PERSISTENT RESERVE commands correctly. (Bug 9012)
SDP messages throws an assert. (Bug 9022)
Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (Bug 9031)
PN_MRP LinkUp Message is shown as LinkDown in info. (Bug 9035)
Dissector for EtherCAT: ADS highlighting in the Packet Bytes Pane is incorrect. (Bug 9036)
802.11 HT Extended Capabilities B10 decode incorrect. (Bug 9038)
Wrong dissection of MSTI Root Identifiers for all MSTIs. (Bug 9088)
Weird malformed HTTP error. (Bug 9101)
Warning for attempting to install 64-bit Wireshark on a 32-bit machine has an embedded "\n". (Bug 9103)
Wireshark crashes when using "Export Specified Packets" > "Displayed". (Bug 9106)
Updated Protocol Support:
ASN.1 PER, ASSA R3, Bluetooth HCI ACL, EtherCAT AMS, GTPv2, HTTP, IEEE 802.11, IPFIX, ISDN SUP, LDAP, MQ, NBAP, Novell SSS, PROFINET MRP, Radiotap, ROHC, RTPS, SCSI, SIP, and STP
New and Updated Capture File Support:
and Microsoft Network Monitor, pcap-ng.

New in Wireshark 1.10.1 (Jul 27, 2013)

Bugs fixed:
Mark retransmitted SYN and FIN packets as retransmissions.
Wireshark hides under Taskbar. (Bug 3034)
IEEE 802.15.4 frame check sequence in "Chipcon mode" not displayed correctly. (Bug 4507)
Mask in Lua ProtoField.uint32() does not work as expected. (Bug 5734)
Crash when applying filter with Voip calls. (Bug 6090)
Delta time regressions to tshark introduced with SVN 45071. (Bug 8160)
Add MAC-DATA support to TETRA dissector and other minor improvements. (Bug 8708)
Crash analyzing VoIP Calls (T38). (Bug 8736)
Wireshark writes empty NRB FQDN which makes trace unloadable. (Bug 8763)
Quick launch icon is absent, so it shows up as a generic icon. (Bug 8773)
Wrong encoding for 2 pod files, UTF-8 characters in another. (Bug 8774)
SCSI (SPC) sense key specific information field must not include SKSV. (Bug 8782)
Wireshark crashes when closing Flow Graph with Graph Analysis opened. (Bug 8793)
Wrong size of LLRP ProtocolID Parameter in Accessspec Parameter. (Bug 8809)
Detection of IPv6 works only on Solaris 8. (Bug 8813)
ip.opt.type triggers for TCP NOP option. (Bug 8823)
DCOM-SYSACT dissector crash. (Bug 8828)
Incorrect decoding of MPLS Echo Request with BGP FEC. (Bug 8835)
Buggy IEC104 dissector caused by commit r48958. (Bug 8849)
ansi_637_tele dissector displays MSB as MBS for Call-Back Number. (Bug 8851)
LISP Map-Notify flags I and R shown incorrectly. (Bug 8852)
ONTAP_V4 fhandle decoding leads to dissector bug. (Bug 8853)
Dropped bytes in imap dissector. (Bug 8857)
Kismet drone/server dissector improvements. (Bug 8864)
TShark iostat_draw sizeof mismatch. (Bug 8888)
SCTP bytes graph crash. (Bug 8889)
Patch to Wireshark/tshark usage info and man pages to document all timestamp (-t) options. (Bug 8906)
Strange behavior of tree expand/collapse in packet details. (Bug 8908)
Graph Filter field limited to 256 characters. (Bug 8909)
Filter doesn’t support cflow ASN larger than 65535. (Bug 8959)
Wireshark crashes when switching from a v1.11.0 profile to a v1.4.6 prof and then to a v1.5.1 prof. (Bug 8884)
SIP stats shows incorrect values for Max/Ave setup times. (Bug 8897)
NFSv4 delegation not reported correctly. (Bug 8920)
Issue with Capture Options Adapter List. (Bug 8932)
RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility option IPv4 DHCP Support Mode Option malformed packet. (Bug 8957)
RFC 3775 - Mobility Support in IPv6 - Mobility option PadN incorrectly highlights + 2 bytes. (Bug 8958)
All mongodb query show as [Malformed Packet: MONGO]. (Bug 8960)
Updated Protocol Support:
ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB, DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP, DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE 802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,, Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1, PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI, SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
New and Updated Capture File Support:
and Microsoft Network Monitor, pcap-ng.

New in Wireshark 1.10.0 (Jun 6, 2013)

Bug Fixes:
Redirecting the standard output didn’t redirect the output the of -D or -L flags. This fix means that the output of those flags now goes to the standard output, not the standard error, as it did in previous releases. Bug 8609
New and Updated Features:
Wireshark on 32- and 64-bit Windows supports automatic updates.
The packet bytes view is faster.
You can now display a list of resolved host names in "hosts" format within Wireshark.
The wireless toolbar has been updated.
Wireshark on Linux does a better job of detecting interface addition and removal.
It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
USB type and product name support has been improved.
All Bluetooth profiles and protocols are now supported.
Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
Capinfos now prints human-readable statistics with SI suffixes by default.
It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
Wireshark can be compiled using GTK+ 3.
The Wireshark application icon, capture toolbar icons, and other icons have been updated.
Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
New Protocol Support:
Amateur Radio AX.25, Amateur Radio BPQ, Amateur Radio NET/ROM, America Online (AOL), AR Drone, Automatic Position Reporting System (APRS), AX.25 KISS, AX.25 no Layer 3, Bitcoin Protocol, Bluetooth Attribute Protocol, Bluetooth AVCTP Protocol, Bluetooth AVDTP Protocol, Bluetooth AVRCP Profile, Bluetooth BNEP Protocol, Bluetooth HCI USB Transport, Bluetooth HCRP Profile, Bluetooth HID Profile, Bluetooth MCAP Protocol, Bluetooth SAP Profile, Bluetooth SBC Codec, Bluetooth Security Manager Protocol, Cisco GED-125 Protocol, Clique Reliable Multicast Protocol (CliqueRM), D-Bus, Digital Transmission Content Protection over IP, DVB-S2 Baseband, FlexNet, Forwarding and Control Element Separation Protocol (ForCES), Foundry Discovery Protocol (FDP), Gearman Protocol, GEO-Mobile Radio (1) RACH, HoneyPot Feeds Protocol (HPFEEDS), LTE Positioning Protocol Extensions (LLPe), Media Resource Control Protocol Version 2 (MRCPv2), Media-Independent Handover (MIH), MIDI System Exclusive (SYSEX), Mojito DHT, MPLS-TP Fault-Management, MPLS-TP Lock-Instruct, NASDAQ’s OUCH 4.x, NASDAQ’s SoupBinTCP, OpenVPN Protocol, Pseudo-Wire OAM, RPKI-Router Protocol, SEL Fast Message, Simple Packet Relay Transport (SPRT), Skype, Smart Message Language (SML), SPNEGO Extended Negotiation Security Mechanism (NEGOEX), UHD/USRP, USB Audio, USB Video, v.150.1 State Signaling Event (SSE), VITA 49 Radio Transport, VNTAG, WebRTC Datachannel Protocol (RTCDC), and WiMAX OFDMA PHY SAP
2.4. Updated Protocol Support
New and Updated Capture File Support:
AIX iptrace, CAM Inspector, Catapult DCT2000, Citrix NetScaler, DBS Etherwatch (VMS), Endace ERF, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, NA Sniffer (DOS), Netscreen, Network Instruments Observer, pcap, pcap-ng, Symbian OS btsnoop, TamoSoft CommView, and Tektronix K12xx

New in Wireshark 1.8.7 (May 18, 2013)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2013-23
The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
Versions affected: 1.8.0 to 1.8.6.
CVE-2013-2486
CVE-2013-2487
wnpa-sec-2013-24
The GTPv2 dissector could crash. (Bug 8493)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-25
The ASN.1 BER dissector could crash. (Bug 8599)
Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
wnpa-sec-2013-26
The PPP CCP dissector could crash. (Bug 8638)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-27
The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-28
The MPEG DSM-CC dissector could crash. (Bug 8481)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-29
The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-30
The MySQL dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8458)
Versions affected: 1.8.0 to 1.8.6.
wnpa-sec-2013-31
The ETCH dissector could go into a large loop. Discovered by Moshe Kaplan. (Bug 8464)
Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
The Windows installer and uninstaller does a better job of detecting running executables.
Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
A console window is never opened. (Bug 7755)
GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
Fix include and libs search path when cross compiling. (Bug 7926)
PER dissector crash. (Bug 8197)
pcap-ng: name resolution block is not written to file on save. (Bug 8317)
Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
Decoding of GSM MAP E164 Digits. (Bug 8450)
Silent installer and uninstaller not silent. (Bug 8451)
Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
IRC message with multiple params causes malformed packet exception. (Bug 8548)
Part of Ping Reply Message in ICMPv6 Reply Message is marked as "Malformed Packet". (Bug 8554)
MP2T wiretap heuristic overriding ERF. (Bug 8556)
Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
"ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be "ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
wireshark crashes while displaying I/O Graph. (Bug 8583)
GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
DTLS 1.2 uses wrong PRF. (Bug 8608)
RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
Universal port not accepted in RSA Keys List window. (Bug 8618)
Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
Bad tcp checksum not detected. (Bug 8629)
AMR Frame Type uses wrong Value String. (Bug 8681)
New and Updated Features:
There are no new features in this release.
New Protocol Support:
There are no new protocols in this release.
Updated Protocol Support:
AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
New and Updated Capture File Support:
Endace ERF, NetScreen snoop.

New in Wireshark 1.8.6 (Mar 7, 2013)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2013-10
The TCP dissector could crash. (Bug 8274)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2475
wnpa-sec-2013-11
The HART/IP dissectory could go into an infinite loop. (Bug 8360)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2476
wnpa-sec-2013-12
The CSN.1 dissector could crash. Discovered by Laurent Butti. (Bug 8383)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2477
wnpa-sec-2013-13
The MS-MMS dissector could crash. Discovered by Laurent Butti. (Bug 8382)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2478
wnpa-sec-2013-14
The MPLS Echo dissector could go into an infinite loop. Discovered by Laurent Butti. (Bug 8039)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2479
wnpa-sec-2013-15
The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (Bug 8332)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2480
wnpa-sec-2013-16
The Mount dissector could crash. Discovered by Alyssa Milburn. (Bug 8335)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2481
wnpa-sec-2013-17
The AMPQ dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8337)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2482
wnpa-sec-2013-18
The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (Bug 8340)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2483
wnpa-sec-2013-19
The CIMD dissector could crash. Discovered by Moshe Kaplan. (Bug 8346)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2484
wnpa-sec-2013-20
The FCSP dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8359)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2485
wnpa-sec-2013-21
The RELOAD dissector could go into an infinite loop. Discovered by Even Jensen. (Bug 8364)
Versions affected: 1.8.0 to 1.8.5.
CVE-2013-2486
CVE-2013-2487
wnpa-sec-2013-22
The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8380)
Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13.
CVE-2013-2488
The following bugs have been fixed:
Lua pinfo.cols.protocol not holding value in postdissector. (Bug 6020)
data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434)
HTTP application/json-rpc should be decoded/shown as application/json. (Bug 7939)
Maximum value of 802.11-2012 Duration field should be 32767. (Bug 8056)
Voice RTP player crash if player is closed while playing. (Bug 8065)
Display Filter Macros crash. (Bug 8073)
RRC RadioBearerSetup message decoding issue. (Bug 8290)
R-click filters add ! in front of field when choosing "apply as filter>selected". (Bug 8297)
BACnet - Loop Object - Setpoint-Reference property does not decode correctly. (Bug 8306)
WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number. (Bug 8320)
Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames. (Bug 8325)
Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC. (Bug 8330)
[BACnet] UCS-2 strings longer than 127 characters do not decode correctly. (Bug 8331)
Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug 8345)
Decoding of GSM MAP SMS Diagnostics. (Bug 8378)
Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP). (Bug 8407)
Netflow dissector flowDurationMicroseconds nanosecond conversion wrong. (Bug 8410)
BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432)
Updated Protocol Support:
ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP

New in Wireshark 1.8.5 (Jan 30, 2013)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2013-01
Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-02
The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-03
The DTN dissector could crash. (Bug 7945)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-04
The MS-MMC dissector (and possibly others) could crash. (Bug 8112)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-05
The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-06
The ROHC dissector could crash. (Bug 7679)
Versions affected: 1.8.0 to 1.8.4.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-07
The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-08
The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197)
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
wnpa-sec-2013-09
The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar.
Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
GENERIC-MAP-NOMATCH
The following bugs have been fixed:
SNMPv3 Engine ID registration. (Bug 2426)
Wrong decoding of gtp.target identification. (Bug 3974)
Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
Wireshark crashes when starting due to out-of-date plugin left behind from earlier installation. (Bug 7401)
Failed to dissect TLS handshake packets. (Bug 7435)
ISUP dissector problem with empty Generic Number. (Bug 7632)
Illegal character is used in temporary capture file name. (Bug 7877)
Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
Timestamp info is not saved correctly when writing DOS Sniffer files. (Bug 7998)
1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
Core dumped when the file is closed. (Bug 8022)
LPP is misspelled in APDU parameter in e-CIDMeasurementInitiation request for LPPA message. (Bug 8023)
Wrong packet bytes are selected for ISUP CUG binary code. (Bug 8035)
Decodes FCoE Group Multicast MAC address as Broadcom MAC address. (Bug 8046)
The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages. (Bug 8075)
Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
Some Information Elements in GTPv2 are not dissected correctly. (Bug 8079)
Wrong bytes highlighted with "Find Packet...". (Bug 8085)
3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
Wireshark does not show "Start and End Time" information for Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag in Common Flags IE. (Bug 8193)
Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC & ECI. (Bug 8208)
Version Number in EtherIP dissector. (Bug 8211)
Warn Dissector bug, protocol JXTA. (Bug 8212)
Electromagnetic Emission Parser parses field Event Id as Entity Id. (Bug 8227)
New and Updated Features:
There are no new features in this release.
New Protocol Support:
There are no new protocols in this release.
Updated Protocol Support:
ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1, DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP, Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow, IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS, NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
New and Updated Capture File Support
About→Folders to find the default locations on your system.

New in Wireshark 1.8.4 (Nov 29, 2012)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2012-30
Wireshark could leak potentially sensitive host name resolution information when working with multiple pcap-ng files. Discovered by Laura Chappell.
Versions affected: 1.8.0 to 1.8.3.
wnpa-sec-2012-31
The USB dissector could go into an infinite loop. (Bug 7787)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
wnpa-sec-2012-32
The sFlow dissector could go into an infinite loop. (Bug 7789)
Versions affected: 1.8.0 to 1.8.3.
wnpa-sec-2012-33
The SCTP dissector could go into an infinite loop. (Bug 7802)
Versions affected: 1.8.0 to 1.8.3.
wnpa-sec-2012-34
The EIGRP dissector could go into an infinite loop. (Bug 7800)
Versions affected: 1.8.0 to 1.8.3.
wnpa-sec-2012-35
The ISAKMP dissector could crash. (Bug 7855)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
wnpa-sec-2012-36
The iSCSI dissector could go into an infinite loop. (Bug 7858)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
wnpa-sec-2012-37
The WTP dissector could go into an infinite loop. (Bug 7869)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
wnpa-sec-2012-38
The RTCP dissector could go into an infinite loop. (Bug 7879)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
wnpa-sec-2012-39
The 3GPP2 A11 dissector could go into an infinite loop. (Bug 7801)
Versions affected: 1.8.0 to 1.8.3.
wnpa-sec-2012-40
The ICMPv6 dissector could go into an infinite loop. (Bug 7844)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
The following bugs have been fixed:
Menu and Title bars inaccessible using GTK2 (non-legacy) with two monitors. (Bug 553)
802.11 Probe Response fails to parse. (Bug 1284)
Tshark - decimal symbol. (Bug 2880)
Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
SSL decryption not work even with example capture file and key. (Bug 6869)
Info line is incorrect on SIP message containing another SIP message in body. (Bug 7780)
OOPS: dissector table "sctp.ppi" doesn't exist Protocol being registered is "Datagram Transport Layer Security". (Bug 7784)
Dissection of IEEE 802.11 Channel Switch Announcement element fails. (Bug 7797)
Invalid memory accesses when loading RADIUS captures. (Bug 7803)
ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
We don't handle pcap-ng files with IDBs that come after packet blocks. (Bug 7851)
'*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA dialog does not work. (Bug 7866)
nas_eps dissector does not decode some esm message. (Bug 7912)
WLAN decryption status not updated after updating WEP/WPA keys. (Bug 7921)
IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
Print GNUTLS error message if PEM import fails. (Bug 7948)
GSM classmark3 8-PSK decode error. (Bug 7964)
Parsing the Server Name Indication extension in SSL/TLS traffic reads some fields incorrectly. (Bug 7967)
Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
Misspelling (typo) in IPv6 display filter field name. (Bug 8006)
Two BSSGP dissector bugs. (Bug 8008)
Core dump during SCTP association analysis. (Bug 8011)
New and Updated Features:
There are no new features in this release.
New Protocol Support:
There are no new protocols in this release.
Updated Protocol Support:
3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE 802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism, RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
New and Updated Capture File Support

New in Wireshark 1.8.3 (Oct 3, 2012)

Bug Fixes:
The following vulnerabilities have been fixed.
wnpa-sec-2012-26
The HSRP dissector could go into an infinite loop. (Bug 7581)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5237
wnpa-sec-2012-27
The PPP dissector could abort. (Bug 7316, bug 7668)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5238
wnpa-sec-2012-28
Martin Wilck discovered an infinite loop in the DRDA dissector. (Bug 7666)
Versions affected: 1.6.0 to 1.6.10, 1.8.0 to 1.8.2.
CVE-2012-5239
wnpa-sec-2012-29
Laurent Butti discovered a buffer overflow in the LDP dissector. (Bug 7567)
Versions affected: 1.8.0 to 1.8.2.
CVE-2012-5240
The following bugs have been fixed:
The HTTP dissector does not reassemble headers when the first TCP segment does not contain a full header line.
HDCP2 uses the wrong protocol id.
Several I/O graph problems have been fixed.
No markers show up when maps are displayed. (Bug 5016)
Assertion when using tshark/wireshark on large captures. (Bug 5699)
Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume level" reply packet is not displayed correctly due alignment issue. (Bug 5778)
64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit Windows. (Bug 5979)
Truncated/partial JPEG files are not dissected. (Bug 6230)
Support for MPLS Packet Loss and Delay Measurement, RFC 6374. (Bug 6881)
Memory leak in voip_calls.c. (Bug 7320)
When listing protocols available for "Decode As", plugins are sorted after built-ins. (Bug 7348)
Hidden columns should not be printed when printing packet summary line. (Bug 7356)
Size wrong in "File Set List" for just-finished captures. (Bug 7370)
Error: no dependency information found for debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used by debian/wireshark/usr/bin/wireshark). (Bug 7408)
Parse and properly display LTE RADIUS AVP 3GPP-User-Location-Info. (Bug 7474)
[PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
BACnet GetEnrollmentSummary-ACK does not decode correctly. (Bug 7556)
epan/dissectors/packet-per.c dissect_per_constrained_integer_64b fails for 64 bits. (Bug 7624)
New SCTP PPID 48. (Bug 7635)
dissector of Qos attribute "Reliability Class" in GMM/SM message. (Bug 7670)
Performance regression in tshark -z io,stat. (Bug 7674)
Incorrect io-stat table format when unsupported "-t" operand is specified and when using AVG of relative_time fields. (Bug 7685)
IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
Homeplug AV dissectors does not properly dissect short frames. (Bug 7707)
mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not dissected properly in ContextResponse message in Gtpv2. (Bug 7718)
This trace causes Wireshark to crash when VoIP Calls selected. (Bug 7724)
Some diameter Gx enumerations are missing values or value is incorrect. (Bug 7727)
Wireshark 1.8.2 is only displaying 2 filters from the drop-down menu even when preferences are set to higher integer. (Bug 7731)
BGP bad decoding for Graceful Restart Capability with only helper support & for Enhanced Route Refresh Capability. (Bug 7734)
Dissection error of D-RELEASE and D-CONNECT in TETRA dissector. (Bug 7736)
DND can cause Wireshark to crash. (Bug 7744)
SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
Updated Protocol Support:
ASN.1 PER, BACnet, BGP, DIAMETER, DRDA, DVB CI, DVB, GSM Management, GTP, GTPv2, HDCP2, HomePlug AV, ICMP, ICMPv6, IEEE 802.11, IEEE 802a, Interlink, JPEG, LDP, LPP, MPEG, MPLS, PCAP, PPP, RANAP, RRC, RRLP, SCCP, SCSI, SCTP, SDP, SMB, TETRA
New and Updated Capture File Support
File Locations:
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Known Problems:
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

New in Wireshark 1.6.5 (Jan 11, 2012)

New in Wireshark 1.6.4 (Nov 19, 2011)

New in Wireshark 1.4.7 (Jun 1, 2011)

New in Wireshark 1.4.6 (Apr 20, 2011)

New in Wireshark 1.5.0 (Jan 26, 2011)

New and Updated Features:
Wireshark can import text dumps
similar to text2pcap.
You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
TShark can show a specific occurrence of a field when using '-T fields'.
Custom columns can show a specific occurrence of a field.
You can hide columns in the packet list.
Wireshark can now export SMB objects.
dftest and randpkt now have manual pages.
TShark can now display iSCSI service response times.
Dumpcap can now save files with a user-specified group id.
Syntax checking is done for capture filters.
You can display the compiled BPF code for capture filters in the Capture Options dialog.
You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+
and Ctrl+. .
Packet length is (finally) a default column.
TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
802.1q VLAN tags are now shown by the Ethernet II dissector.
Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
The RTP player now shows why media interruptions occur.
Graphs now save as PNG images by default.
New Protocol Support:
ADwin
ADwin-Config
Apache Etch
Aruba PAPI
Constrained Application Protocol (COAP)
Digium TDMoE
Ether-S-I/O
FastCGI
Fibre Channel over InfiniBand (FCoIB)
Gopher
Gigamon GMHDR
IDMP
Infiniband Socket Direct Protocol (SDP)
JSON
LISP Data
MikroTik MAC-Telnet
Mongo Wire Protocol
Network Monitor 802.11 radio header
OPC UA ExtensionObjects
PPI-GEOLOCATION-GPS
ReLOAD
ReLOAD Framing
SAMETIME
SCoP
SGSAP
Tektronix Teklink
WAI authentication
Wi-Fi P2P (Wi-Fi Direct)
New and Updated Capture File Support:
Apple PacketLogger
Catapult DCT2000
Daintree SNA
Endace ERF
HP OpenVMS TCPTrace
IPFIX (the file format
not the protocol)
Lucent/Ascend debug
Microsoft Network Monitor
Network Instruments
TamoSoft CommView

Wireshark Changelog

What's new in Wireshark 3.4.6

New in Wireshark 3.2.1 (Jan 16, 2020)

New in Wireshark 3.2.0 (Dec 18, 2019)

New in Wireshark 3.0.7 (Dec 5, 2019)

New in Wireshark 3.0.6 (Oct 28, 2019)

New in Wireshark 3.0.5 (Sep 27, 2019)

New in Wireshark 3.0.4 (Sep 13, 2019)

New in Wireshark 3.0.3 (Jul 23, 2019)

New in Wireshark 3.0.2 (May 23, 2019)

New in Wireshark 3.0.1 (Apr 8, 2019)

New in Wireshark 3.0 (Mar 4, 2019)

New in Wireshark 2.6.7 (Feb 28, 2019)

New in Wireshark 2.6.6 (Jan 9, 2019)

New in Wireshark 2.6.5 (Nov 29, 2018)

New in Wireshark 2.6.4 (Oct 12, 2018)

New in Wireshark 2.6.3 (Aug 30, 2018)

New in Wireshark 2.6.0 (Apr 25, 2018)

New in Wireshark 2.4.4 (Jan 12, 2018)

New in Wireshark 2.4.3 (Dec 27, 2017)

New in Wireshark 2.4.1 (Sep 4, 2017)

New in Wireshark 2.2.8 (Jul 19, 2017)

New in Wireshark 2.2.6 (Apr 13, 2017)

New in Wireshark 2.2.5 (Mar 6, 2017)

New in Wireshark 2.2.4 (Jan 24, 2017)

New in Wireshark 2.2.3 (Dec 15, 2016)

New in Wireshark 2.2.2 (Nov 17, 2016)

New in Wireshark 2.2.1 (Oct 5, 2016)

New in Wireshark 2.2.0 (Sep 7, 2016)

New in Wireshark 2.0.5 (Jul 27, 2016)

New in Wireshark 2.0.4 (Jun 8, 2016)

New in Wireshark 2.0.3 (Apr 23, 2016)

New in Wireshark 2.0.2 (Feb 27, 2016)

New in Wireshark 2.0.1 (Dec 30, 2015)

New in Wireshark 2.0.0 (Nov 19, 2015)

New in Wireshark 1.12.8 (Oct 14, 2015)

New in Wireshark 1.12.7 (Aug 14, 2015)

New in Wireshark 1.12.6 (Jun 18, 2015)

New in Wireshark 1.12.5 (May 13, 2015)

New in Wireshark 1.12.4 (Mar 6, 2015)

New in Wireshark 1.99.2 (Feb 5, 2015)

New in Wireshark 1.12.3 (Jan 8, 2015)

New in Wireshark 1.12.2 (Nov 13, 2014)

New in Wireshark 1.12.1 (Sep 17, 2014)

New in Wireshark 1.12.0 (Aug 1, 2014)

New in Wireshark 1.10.8 (Jun 13, 2014)

New in Wireshark 1.10.7 (Apr 23, 2014)

New in Wireshark 1.10.6 (Mar 8, 2014)

New in Wireshark 1.10.5 (Dec 20, 2013)

New in Wireshark 1.10.4 (Dec 18, 2013)

New in Wireshark 1.11.2 (Nov 20, 2013)

New in Wireshark 1.10.3 (Nov 1, 2013)

New in Wireshark 1.10.2 (Sep 11, 2013)

New in Wireshark 1.10.1 (Jul 27, 2013)

New in Wireshark 1.10.0 (Jun 6, 2013)

New in Wireshark 1.8.7 (May 18, 2013)

New in Wireshark 1.8.6 (Mar 7, 2013)

New in Wireshark 1.8.5 (Jan 30, 2013)

New in Wireshark 1.8.4 (Nov 29, 2012)

New in Wireshark 1.8.3 (Oct 3, 2012)

New in Wireshark 1.6.5 (Jan 11, 2012)

New in Wireshark 1.6.4 (Nov 19, 2011)

New in Wireshark 1.4.7 (Jun 1, 2011)

New in Wireshark 1.4.6 (Apr 20, 2011)

New in Wireshark 1.4.6 (Apr 20, 2011)

New in Wireshark 1.5.0 (Jan 26, 2011)

New in Wireshark 1.4.2 (Nov 22, 2010)

New in Wireshark 1.2.7 (Apr 1, 2010)

New in Wireshark 1.0.8 (May 22, 2009)

New in Wireshark 1.0.7 (Apr 9, 2009)

New in Wireshark 1.1.3 (Mar 24, 2009)

New in Wireshark 1.1.2 (Jan 16, 2009)

New in Wireshark 1.0.5 (Dec 10, 2008)

New in Wireshark 1.0.4 (Oct 21, 2008)

New in Wireshark 1.1.1 (Oct 11, 2008)

New in Wireshark 1.1.0 (Sep 15, 2008)