December 12, 2018

The Windows .exe installers now ship with Npcap instead of WinPcap.

Conversation timestamps are supported for UDP/UDP-Lite protocols

TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.

The “Capture Information” dialog has been added back (Bug 12004).

The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.

The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.

Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).

The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.

The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.

Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.

APT-X has been renamed to aptX.

When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.

The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.

Dumpcap now supports the -a packets:NUM and -b packets:NUM options.

Wireshark now includes a “No Reassembly” configuration profile.

Wireshark now supports the Russian language.

The build system now supports AppImage packages.

The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.