Wireshark (64-bit) 歷史版本列表
Ethereal 網絡協議分析儀已經改名為 Wireshark 64 位。名字可能是新的,但軟件是一樣的。 Wireshark 的強大功能使其成為全球網絡故障排除,協議開發和教育的首選工具.Wireshark 是由全球網絡專家撰寫的,是開源功能的一個例子。 Wireshark 64 位被世界各地的網絡專業人士用於分析,故障排除,軟件和協議開發和教育。該程序具有協議分析儀所期望的所有標準功能,以及其... Wireshark (64-bit) 軟體介紹更新時間:2024-02-15
更新細節:
What's new in this version:
Fixed:
- Capture start fails when file set enabled and file extension not supplied if directory contains a period
- Cannot drag and move custom filter buttons in toolbar
- Not equal won’t work when used with wlan.addr
- sshdump fails to connect with private key (ssh-rsa)
- ChmodBPF installation fails on macOS Sonoma 14.1.2
- Windows installers should check for Windows 8.1
- Fuzz job crash output: fuzz-2024-01-05-7725.pcap
- Fuzz job crash output: fuzz-2024-01-06-7734.pcap
- Incorrect recursion depth assert failure when dissecting a legitimate GOOSE message
- OPC UA - large read request is reported as malformed in 4.2.1 but not in 4.0.12
- TFTP dissector bug type listed as netscii instead of netascii doesn’t show all TFTP packets including TFTP blocks
- SMB1 replies from LAN Drive app only show up as NBSS Continuation Message
- ciscodump - older SSH key exchange algorithms not supported
- Problem decoding LAPB/X.25/FTAM after adding X.75 decoding
- Wireshark Filter not working
- CFLOW: failure to decode 0 length data fields of IPFIX variable length data types
- Copy …as Printable Text Feature Missing in 4.1/4.2
- Export Objects - HTTP is missing some HTTP/2 files in a two-pass analysis
- ASAM-CMP Plugin: Malformed message, length mismatch if vendor defined data of status messages has odd length
- OSS-Fuzz 66561: wireshark:fuzzshark_ip_proto-udp: Null-dereference READ in wmem_map_lookup
更新時間:2024-01-05
更新細節:
What's new in this version:
Fixed:
- This release fixes a software update issue on Windows which causes Wireshark to hang if you are upgrading from version 4.2.0 or 4.2.1. If you are experiencing this issue you will need to download and install Wireshark 4.2.2 or later.
- sharkd is not installed by the Windows installer
- Fuzz job crash output: fuzz-2024-01-01-7740.pcap
- Can’t open a snoop file from the Open dialog box unless I select All files as the file type
- Add s4607 dissector to decode as
- Updater for 4.2.1 hangs
更新時間:2024-01-04
更新細節:
What's new in this version:
Fixed:
The following bugs have been fixed:
- Capture filters not saved to recently used list
- CFM dissector does not handle Sender ID TLV correctly when Chassis ID Length is zero
- OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in dissect_zcl_read_attr_struct
- Overriding capture options set by preference by command line arguments (like -S) doesn’t work
- Segfault when enabling monitor mode on wireless card that falsely claims to support it
- Documented format of temporary file name is out of date in the Wireshark User’s Guide
- Selection highlight lost when interface list is sorted
- HTTP3 malformed packets
- Capture filter compilation fails with obscure error message
- XML: Parsing encoding attribute failed when standalone attribute exists
- Display filter expressions where the protocol name starts with digit and contains a hyphen are rejected
- diameter.3GPP-* display filters not working after upgrade to version 4.2.0
- GigE-vision: Control Protocol shows unknown as value for ASCII character set
- The HTTP/3 Request Header URI is not correct
- QUIC/TLS not extracting h3 from ALPN in a capture
- Documentation on system requirements should be updated
- 4.2.0: init.lua in subdirectories not loaded anymore
- Malformed SIP/SDP messages: components are not decoded properly
- heuristic_protos do not reset on profile swap
- Wireshark 4.2 crashes on Apply As Column
- NFLOG timestamp is incorrect
- Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph
- Fixed parsing display filter expressions containing literal OID values, e.g. snmp.name == 1.3.6.1.2.1.1.3.0
更新時間:2023-11-17
更新細節:
What's new in this version:
- This is the first major Wireshark release under the Wireshark Foundation, a nonprofit which hosts Wireshark and promotes protocol analysis education. The foundation depends on your contributions in order to do its work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org.
- Wireshark supports dark mode on Windows
- A Windows installer for Arm64 has been added
- Packet list sorting has been improved
- Wireshark and TShark are now better about generating valid UTF-8 output
- A new display filter feature for filtering raw bytes has been added
- Display filter autocomplete is smarter about not suggesting invalid syntax
- Tools › MAC Address Blocks can lookup a MAC address in the IEEE OUI registry
- The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.
- The installation target no longer installs development headers by default
- The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs)
- Wireshark can be compiled on Windows using MSYS2. Check the Developer’s guide for instructions
- Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions
- Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value
- Windows installer file names now have the format Wireshark-<version>-<architecture>.exe.
- Wireshark now supports the Korean language
- Many other improvements have been made. See the “New and Updated Features” section below for more details.
Fixed:
The following bugs have been fixed:
- Issue 18413 - RTP player do not play audio frequently on Windows builds with Qt6
- Issue 18510 - Playback marker does not move after resume with Qt6
Display filter syntax-related changes:
- It is now possible to filter on raw packet data for any field by using the syntax @some.field == <bytes…>. This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to look at the field’s raw data.
- Negation (unary minus) now works with any display filter arithmetic expression.
- Using the slice operator with strings produces a string. Previously it would produce a byte array. This is useful to index/slice UTF-8 multibyte strings. String byte slices can still be obtained using the "@" (raw operator) prefix.
- Arithmetic expressions are allowed as set elements.
- Absolute date and time values can be written as Unix time.
- The limitation where a minus sign needed to be preceded by a space character has been removed.
- Added XOR logical operator.
- Fixed the implementation of all … in membership operator (#19188).
- When parsing absolute time values the display filter engine has learned to understand timezones as specified in strptime(3), including some common North American designations. Arbitrary timezone names are not supported however. Previously only ISO8601 offsets and the "UTC" designation was understood.
- Writing value strings without double quotes is deprecated and will generate a warning. Value strings are integer or boolean values that can be represented using a user-friendly textual format, such as "Set"/"Unset" instead of numerical values like 1 and 0. It is now a requirement that value strings need to be written enclosed in double-quotes.
- The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0.
- Running the test suite requires the pytest Python module. The emulation layer that allowed running tests without pytest installed has been removed.
- When saving files or exporting packets after changing their time with the "Time Shift" dialog, the shifted time is written to the new file.
- TLS secrets used in decrypting packets can be embedded (or discarded) from the capture file via the GUI, similar to the options --inject-secrets and --discard-all-secrets in editcap.
- The text of any configured column (displayed or hidden) can be filtered anywhere that filters are used - in display filters, filters in taps, coloring rules, Wireshark read filters, and the -Y, -R, and -e options to TShark, the "Apply as Filter" GUI option, etc.
- The filter field names are prefixed by "_ws.col", followed by a lowercase version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info" or "_ws.col.protocol"
- Using the column names as a filter is slower than other filter types because the columns must be constructed, so when the same filtering can be achieved via other fields, prefer that.
- The external name resolution text files "manuf", "enterprises" and "services" have been removed and replaced with static binary data. You can dump the respective internal data using tshark -G manuf|enterprises|services.
- The "manuf" file is now also read from the personal configuration folder, and is profile-based.
- The Lua console dialogs under the Tools menu were refactored and redesigned. It now consists of a single dialog window for input and output.
- Wireshark now shows byte units in the statistics in the user-selected language (uses the system default language by default).
- Packet list sorting has been improved:
- When sorting packet list with a filter applied, only the visible packets are sorted, which greatly increases sorting speed.
- The cache size for column text is limited to a default of 10000 rows, which limits the maximum memory usage. The maximum value can be changed in Preferences→Appearance→Layout
- Due to the above, columns that require packet dissection can only be sorted if the number of visible rows is less than the cache size. If there are more rows visible, a warning will appear. Columns that do not require packet dissection (those that calculated directly from the capture file frame headers, such as packet number, time, and frame length) can be sorted with any number of visible rows.
- Sorting can be interrupted.
- When changing the dissector via the "Decode As" table for values that have default dissectors registered, selecting "(none)" will select no dissection (while still allowing heuristic dissectors to attempt to dissect.) The previous behavior was to reset the dissector to the default. To facilitate resetting the dissector, the default dissector is now sorted at the top of the list of possible dissector options.
- The personal extcap plugin folder location on Unix has been changed to follow existing conventions for architecture-dependent files. The extcap personal folder is now $HOME/.local/lib/wireshark/extcap. Previously it was $XDG_CONFIG_HOME/wireshark/extcap.
- The "init.lua" file is now loaded from any of the Lua plugin directories. Previously it was loaded from the personal configuration directory. (For backward-compatibility this is still allowed; note that deprecated features may be removed in a future release).
- Installation of development headers must be done explicitly using the CMake command cmake --install <builddir> --component Development
- The Windows build has a new SpeexDSP external dependency. The speex code that was previously bundled has been removed.
- New --print-timers option added to TShark
Removed Features and Support:
- With the addition of the universal and consistent filtering support for column text, the previous support in the -e option to TShark for displaying column text via the column title has been removed in general. Those field names cannot be used elsewhere (as they may not be legal filter names) and create confusion if more than one column has the same title or if a column is renamed. Prefer the column format instead, e.g. "_ws.col.info" for "_ws.col.Info". However, for backwards compatibility with existing tools and scripts, the titles of the default columns can continue to be used with tshark -e (but not elsewhere.)
- The bundled script "dtd_gen.lua" that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under "Contrib".
- The Wi-Fi NAN dissector filter name has been changed from 'nan' to 'wifi_nan'
New File Format Decoding Support:
- RTPDump
New Protocol Support:
- Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol, FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2, IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol - Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB), Non-volatile Memory Express - Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS), SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP), UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), and Zigbee TLV
- Updated Protocol Support:
- JSON: The dissector now has a preference to enable/disable "unescaping" of string values. By default it is off. Previously it was always on.
- JSON: The dissector now supports "Display JSON in raw form".
- IPv6: The dissector has a new preference to show some semantic details about addresses (default off).
- IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.
- XML: The dissector now supports display character according to the "encoding" attribute of the XML declaration, and has a new preference to set default character encoding for some XML document without "encoding" attribute.
- SIP: The dissector now has a new preference to set default charset for displaying the body of SIP messages in raw text view.
- HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register itself in "streaming_content_type" subdissector table for enabling streaming reassembly mode while transferring in chunked encoding. This feature ensures the server stream messages of GRPC-Web over HTTP/1.1 can be dissected even if the last chunk is absent.
- The media type dissector table now properly treats media types and subtypes as case-insensitive automatically, per RFC 6838. Media types no longer need to be lower cased before registering or looking up in the table.
- CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection of additional PDU types and TLVs as well as deeper dissection of existing PDUs and TLVs.
- Too many other protocol updates have been made to list them all here
New and Updated Codec support:
- Adaptive Multi-Rate (AMR), if compiled with opencore-amr
Major API Changes:
- Lua function "package.prepend_path" has been removed. If you need it please consider adding your own package.path customization code or installing your dependencies in Wireshark’s default paths.
- The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to reassemble the streaming data of a high level protocol that is not on top of TCP.
- Some of the API now uses C99 types instead of GLib types
更新時間:2023-10-05
更新細節:
What's new in this version:
- We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release
- If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you might have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” in order to reset the ChmodBPF Launch Daemon
- Bug Fixes
The following bugs have been fixed:
- Error loading g729.so plugin with Wireshark 4.0.9 and 3.6.17 on macOS
更新時間:2023-08-24
更新細節:
What's new in this version:
New:
- We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release
- If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you might have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” in order to reset the ChmodBPF Launch Daemon
The following vulnerabilities have been fixed:
- wnpa-sec-2023-23 CBOR dissector crash
- wnpa-sec-2023-24 BT SDP dissector infinite loop
- wnpa-sec-2023-25 BT SDP dissector memory leak
- wnpa-sec-2023-26 CP2179 dissector crash
Fixed:
- TShark cannot capture to pipe on Windows correctly
- Wireshark wrongly blames group membership when pcap capabilities are removed
- Packet bytes window broken layout
- RTP Player only shows waveform until sequence rollover
- Valid Ethernet CFM DMM packets are shown as malformed
- Crash on DICOM Export Objects window close
- The QUIC dissector is reporting the quic_transport_parameters max_ack_delay with the title "GREASE"
- Preferences: Folder name editing behaves weirdly, cursor jumps
- DHCPFO: Expert info list does not show all expert infos
- Websocket packets not decoded and displayed for Field type=Custom and Field name websocket.payload.text
- Cannot read pcapng file captured on OpenBSD and read on FreeBSD
- UI: While capturing the Wireshark icon changes from green to blue when new file is created
- Conversation: heap-use-after-free after wmem_leave_file_scope
- IP Packets with DSCP 44 does not indicate "Voice-Admit"
- NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list
- UI: Auto scroll button in the toolbar is turned on when manually scrolling to the end of packet list
更新時間:2023-07-13
更新細節:
What's new in this version:
- We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release
- If you’re running Wireshark on macOS and upgraded to macOS 13 from an earlier version, you might have to open and run the “Uninstall ChmodBPF” package, then open and run “Install ChmodBPF” in order to reset the ChmodBPF Launch Daemon
Fixed:
The following vulnerabilities have been fixed:
- wnpa-sec-2023-21 Kafka dissector crash
- wnpa-sec-2023-22 iSCSI dissector crash
- The following bugs have been fixed:
- Crash when (re)loading a capture file after renaming a dfilter macro
- Moving a column deselects selected packet and moves to beginning of packet list
- If you set the default interface in the preferences, it doesn’t work with TShark
- Severe performance issues in Follow → Save As raw workflow
- TShark doesn’t support the tab character as an aggregator character in -T fields Issue 18002.
- On Windows clicking on a link in the 'Software Update' window launches, now unsupported, MS Internet Explorer
- Wireshark 4.x.x on Win10-x64 crashes after saving a file with a name already in use
- NAS-5GS Operator-defined Access Category: Multiple Criteria values not displayed in dissected packet display
- Server Hello Packet Invisible - during 802.1x Authentication- from Wireshark App Version 4.0.3 (v4.0.3-0-gc552f74cdc23) & above
- TShark reassembled data is incomplete/truncated
- CQL protocol parsing issues with Result frames from open source Cassandra
- TLS 1.3 second Key Update doesn’t work
- HTTP2 dissector reports an assertion error on large data frames
- epan: Single letter hostnames aren’t displayed correctly
- BLF: CAN-FD-Message format is missing a field
- BLF: last parameter of LIN-Message is not mandatory (BUGFIX) Issue 19147.
- PPP IPv6CP: Incorrect payload length warning
- INSTALL file needs to be updated for Debian
- Some RTP streams make Wireshark crash when trying to play stream
- Wrong ordering in OpenFlow 1.0 Datapath unique ID
- Incorrect mask in RTCP slice picture ID
- Dissection error in AMQP 1.0
更新時間:2023-05-25
更新細節:
What's new in this version:
Fixed:
- Candump log file parser crash
- BLF file parser crash
- GDSDB dissector infinite loop
- NetScaler file parser crash
- VMS TCPIPtrace file parser crash
- BLF file parser crash
- RTPS dissector crash
- IEEE C37.118 Synchrophasor dissector crash
- XRA dissector infinite loop
- Conversations list has incorrect unit (bytes) in bit speed columns in the 3.7 development versions
- The media_type table should treat media types, e.g. application/3gppHal+json, as case-insensitive
- NNTP dissector bug
- Incorrect padding in BFCP decoder
- SPNEGO dissector bug
- SRT values are incorrect when applying a time shift
- Add warning that capturing is not supported in Wireshark installed from flatpak
- Opening Wireshark with -z io,stat option
- batadv dissector bug
- radiotap-gen build fails if pcap is not found
- [UDS] When filtering the uds.wdbi.data_identifier or uds.iocbi.data_identifier field is interpreted as 1 byte whereas it consists of 2 bytes
- Wireshark can’t save this capture in that format
- MSMMS parsing buffer overflow
- USB HID parser shows wrong label for usages Rx/Vx/Vbrx of usage page Generic Desktop Control
- "Follow → QUIC Stream" mixes data between streams
更新時間:2023-05-25
更新細節:
What's new in this version:
Feature:
- Encoder optimizations for AMD GPUs
- Added support for displays greater than 4K
Updated:
- Added missing translations for some languages
- Added confirmation for Sign Out
- Pressure sensitivity improvements for stylus input
Fixed:
- issue where running the application as Administrator would not allow a user to log in
- issue with Duet not logging in if the application wasn’t already running
- issue where the application would stop responding during Air connections for some users
- issue where wired connections may get stuck on “Launching Duet” when previous session was mirrored
更新時間:2023-04-13
更新細節:
What's new in this version:
Fixed:
- wnpa-sec-2023-09 RPCoRDMA dissector crash
- wnpa-sec-2023-10 LISP dissector large loop
- wnpa-sec-2023-11 GQUIC dissector crash
- Wireshark ITS Dissector RTCMEM wrong protocol version selector 2 - should use 118862
- Wireshark treats the letter E in SSRC as an exponential representation of a number18879
- VNC RRE Parser skips over data
- sshdump coredump when --remote-interface is left empty
- Fuzz job crash output: fuzz-2023-03-17-7298.pcap
- Fuzz job crash output: fuzz-2023-03-27-7564.pcap
- RFC8925 support (dhcp option 108)
- DIS dissector shows an incorrect state in the packet list info column
- RTP analysis shows incorrect timestamp error when timestamp is rolled over
- Asterisk (*) key crash on Endpoint/Conversation dialog
- The RTP player waveform now synchronizes better with audio.