Wireshark 2.2.0rc1

August 22, 2016

Wireshark 2.2.0rc1 has been released. This is the first release candidate for Wireshark 2.2.0. Installers for Windows, OS X, and source code are now available.

There have been no new or significantly updated features since version 2.1.1.

The following features are new (or have been significantly updated) since version 2.1.0:

  • Added -d option for Decode As support in Wireshark (mimics TShark functionality)
  • The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
  • The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
  • The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
  • The RTP player now allows up to 30 minutes of silence frames.
  • Packet bytes can now be displayed as EBCDIC.
  • The Qt UI loads captures faster on Windows.

The following features are new (or have been significantly updated) since version 2.0.0:

  • You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
  • You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
  • You can now use regular expressions in Find Packet and in the advanced preferences.
  • Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
  • The byte under the mouse in the Packet Bytes pane is now highlighted.
  • TShark supports exporting PDUs via the -U flag.
  • The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
  • Most dialogs in the Qt UI now save their size and positions.
  • The Follow Stream dialog now supports UTF-16.
  • The Firewall ACL Rules dialog has returned.
  • The Flow (Sequence) Analysis dialog has been improved.
Official releases are available right now from the download page.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More