FOSS Software

Wireshark 3.6 Network Analyzer Release

Pinterest LinkedIn Tumblr

After a year of development, a new stable branch of the Wireshark 3.6 network analyzer has been released. Recall that initially the project developed under the name Ethereal, but in 2006, due to a conflict with the owner of the Ethereal trademark, the developers were forced to rename the project to Wireshark. The project code is distributed under the GPLv2 license.

Key innovations in Wireshark 3.6.0:

  • Changes have been made to the syntax of traffic filtering rules:
    • Added support for “a ~ = b” or “a any_ne b” syntax to select any value except one.
    • Added support for the “a not in b” syntax, which is similar in action to “not a in b”.
    • Allowed to specify strings by analogy with raw strings in Python, without the need to escape special characters.
    • The “a! = B” expression is now always the same as the “! (A == b)” expression when used with values ​​spanning multiple fields (“ip.addr! = 1.1.1.1” is now the same as the “ip.src! = 1.1. 1.1 and ip.dst! = 1.1.1.1 “).
    • The elements of set-lists should now be separated only by commas, separation by spaces is prohibited (ie the rule ‘http.request.method in {“GET” “HEAD”}’ should be replaced by ‘http.request.method in {“GET” , “HEAD”} ‘.
  • For TCP traffic, the tcp.completeness filter has been added, which allows you to split TCP streams based on the state of the connection’s activity, i.e. you can identify TCP streams for which packets were exchanged to establish, transfer data, or terminate a connection.
  • Added “add_default_value” setting, through which you can specify default values ​​for Protobuf fields that are not serialized or skipped when capturing traffic.
  • Added support for reading files with intercepted traffic in ETW (Event Tracing for Windows) format. Also added a dissector module for DLT_ETW packages.
  • Added “Follow DCCP stream” mode to filter and extract content from DCCP streams.
  • Added support for parsing RTP packets with audio data in OPUS format.
  • Provided the ability to import captured packets from text dumps into libpcap format with setting parsing rules based on regular expressions.
  • The RTP-streams player (Telephony> RTP> RTP Player), which can be used to play VoIP-calls, has been significantly redesigned. Added support for playlists, improved interface responsiveness, provided the ability to mute and change channels, added an option to save the played sounds in the form of multichannel .au or .wav files.
  • Redesigned VoIP-related dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player and SIP Flows), which are no longer modal and can be opened in the background.
  • Added the ability to track SIP calls based on the Call-ID value in the “Follow Stream” dialog. Improved YAML output verbosity.
  • The ability to reassemble fragments of IP packets with different VLAN IDs has been implemented.
  • Added a handler for reassembling USB (USB Link Layer) packets captured using hardware analyzers.
  • Added “–export-tls-session-keys” option to TShark to export TLS session keys.
  • The export dialog in CSV format has been changed in the RTP streams analyzer
  • Formation of packages has begun for macOS-based systems equipped with the Apple M1 ARM-chip. The packages for Apple devices with Intel chips have increased requirements for macOS version (10.13+). Added Portable 64-bit Packages for Windows (PortableApps). Added initial support for building Wireshark for Windows using GCC and MinGW-w64.
  • Added support for decoding and capturing BLF (Informatik Binary Log File) data.
  • Added support for protocols:
    • Bluetooth Link Manager Protocol (BT LMP),
    • Bundle Protocol version 7 (BPv7),
    • Bundle Protocol version 7 Security (BPSec),
    • CBOR Object Signing and Encryption (COSE),
    • E2 Application Protocol (E2AP),
    • Event Tracing for Windows (ETW),
    • EXtreme extra Eth Header (EXEH),
    • High-Performance Connectivity Tracer (HiPerConTracer),
    • ISO 10681,
    • Kerberos SPAKE,
    • Linux psample protocol,
    • Local Interconnect Network (LIN),
    • Microsoft Task Scheduler Service,
    • O-RAN E2AP,
    • O-RAN fronthaul UC-plane (O-RAN),
    • Opus Interactive Audio Codec (OPUS),
    • PDU Transport Protocol, R09.x (R09),
    • RDP Dynamic Channel Protocol (DRDYNVC),
    • RDP Graphic pipeline channel Protocol (EGFX),
    • RDP Multi-transport (RDPMT),
    • Real-Time Publish-Subscribe Virtual Transport (RTPS-VT),
    • Real-Time Publish-Subscribe Wire Protocol (processed) (RTPS-PROC),
    • Shared Memory Communications (SMC),
    • Signal PDU, SparkplugB,
    • State Synchronization Protocol (SSyncP),
    • Tagged Image File Format (TIFF),
    • TP-Link Smart Home Protocol,
    • UAVCAN DSDL,
    • UAVCAN / CAN,
    • UDP Remote Desktop Protocol (RDPUDP),
    • Van Jacobson PPP compression (VJC),
    • World of Warcraft World (WOWW),
    • X2 xIRI payload (xIRI).

Write A Comment