Wireshark 1.12.0 and 1.10.9 Released

July 31, 2014

Wireshark 1.12.0 has been released. Installers for Windows, OS X, and source code are now available.

New and Updated Features

The following features are new or have been significantly updated since version 1.10:

  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The "Number" column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
  • The Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, changing a lot of filter names.

Additionally the Windows installers have an extra component: a preview of the upcoming user interface for Wireshark 2.0.

The following features are new (or have been significantly updated) since version 1.11.3:

  • Transport name resolution is now disabled by default.
  • Support has been added for all versions of the DCBx protocol.
  • Cleanup of LLDP code, all dissected fields are now navigable.

The following features are new (or have been significantly updated) since version 1.11.2:

  • Qt port:

    • The About dialog has been added
    • The Capture Interfaces dialog has been added.
    • The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
    • The Export PDU dialog has been added.
    • Several SCTP dialogs have been added.
    • The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
    • The I/O Graph dialog has been added.
    • French translation has updated.

The following features are new (or have been significantly updated) since version 1.11.1:

  • Mac OS X packaging has been improved.

The following features are new (or have been significantly updated) since version 1.11.0:

  • Dissector output may be encoded as UTF-8. This includes TShark output.
  • Qt port:

    • The Follow Stream dialog now supports packet and TCP stream selection.
    • A Flow Graph (sequence diagram) dialog has been added.
    • The main window now respects geometry preferences.

Official releases are available right now from the download page.

In 1.10.9

Multiple vulnerabilities have been fixed. See the release notes for details.

Many other bugs have been fixed.

For a complete list of changes, please refer to the 1.10.9 release notes.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More