ProHoster > Blog > internet news > Wireshark 3.6 network analyzer release

Wireshark 3.6 network analyzer release

After a year of development, a new stable branch of the Wireshark 3.6 network analyzer was released. Recall that the project was originally developed under the name Ethereal, but in 2006 due to a conflict with the owner of the Ethereal trademark, the developers were forced to rename the project to Wireshark. The project code is distributed under the GPLv2 license.

Key innovations in Wireshark 3.6.0:

  • Changes have been made to the syntax of traffic filtering rules:
    • Added support for "a ~= b" or "a any_ne b" syntax to select any value but one.
    • Added support for "a not in b" syntax, similar in action to "not a in b".
    • It is allowed to specify strings, similar to raw strings in Python, without the need to escape special characters.
    • "a != b" is now always the same as "!(a == b)" when used with values ​​spanning multiple fields ("ip.addr != 1.1.1.1" is now the same as "ip.src != 1.1.1.1. 1.1.1.1 and ip.dst != XNUMX").
    • Set-list elements should now be separated by commas only, space separation is prohibited (i.e. the rule 'http.request.method in {"GET" "HEAD"}' should be replaced with 'http.request.method in {"GET" , "HEAD"}'.
  • For TCP traffic, the tcp.completeness filter has been added, which allows you to separate TCP streams based on the connection activity state, i.e. you can detect TCP streams for which packets have been exchanged to establish, transmit data, or terminate a connection.
  • Added "add_default_value" setting, through which you can specify the default values ​​of Protobuf fields that are not serialized or skipped when capturing traffic.
  • Added support for reading files with intercepted traffic in the ETW (Event Tracing for Windows) format. Also added a parsing module (dissector) for DLT_ETW packages.
  • Added "Follow DCCP stream" mode to filter and extract content from DCCP streams.
  • Added support for parsing RTP packets with audio data in OPUS format.
  • Added the ability to import captured packets from text dumps into the libpcap format with parsing rules based on regular expressions.
  • The RTP stream player (Telephony > RTP > RTP Player), which can be used to play VoIP calls, has been significantly redesigned. Support for playlists has been added, interface responsiveness has been improved, the ability to mute and change channels has been provided, an option has been added to save played sounds as multi-channel .au or .wav files.
  • Redesigned VoIP related dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player and SIP Flows) which are now non-modal and can be opened in the background.
  • Added the ability to track SIP calls based on the Call-ID value to the Follow Stream dialog. Improved output detail in YAML format.
  • Implemented the ability to reassemble fragments of IP packets with different VLAN IDs.
  • Added a handler for reassembling USB (USB Link Layer) packets captured using hardware analyzers.
  • Added "--export-tls-session-keys" option to TShark to export TLS session keys.
  • Export dialog in CSV format has been changed in the RTP stream analyzer
  • The formation of packages for macOS-based systems equipped with the Apple M1 ARM chip has begun. Packages for Apple devices with Intel chips have increased requirements for macOS (10.13+). Added portable 64-bit packages for Windows (PortableApps). Added initial support for building Wireshark for Windows using GCC and MinGW-w64.
  • Added support for decoding and capturing data in BLF (Informatik Binary Log File) format.
  • Added support for protocols:
    • Bluetooth Link Manager Protocol (BT LMP),
    • Bundle Protocol version 7 (BPv7),
    • Bundle Protocol version 7 Security (BPSec),
    • CBOR Object Signing and Encryption (COSE),
    • E2 Application Protocol (E2AP)
    • Event Tracing for Windows (ETW),
    • Extreme Extra Eth Header (EXEH),
    • High-Performance Connectivity Tracer (HiPerConTracer),
    • ISO 10681,
    • Kerberos SPAKE
    • linux psample protocol,
    • Local Interconnect Network (LIN)
    • Microsoft Task Scheduler Service,
    • O-RAN E2AP,
    • O-RAN fronthaul UC-plane (O-RAN),
    • Opus Interactive Audio Codec (OPUS),
    • Transport Protocol PDU, R09.x (R09),
    • RDP Dynamic Channel Protocol (DRDYNVC),
    • RDP Graphic Pipeline Channel Protocol (EGFX),
    • RDP Multi-transport (RDPMT),
    • Real-Time Publish-Subscribe Virtual Transport (RTPS-VT),
    • Real-Time Publish-Subscribe Wire Protocol (processed) (RTPS-PROC),
    • Shared Memory Communications (SMC),
    • Signal PDU, Spark plug B,
    • State Synchronization Protocol (SSyncP),
    • Tagged Image File Format (TIFF),
    • TP Link Smart Home Protocol,
    • UAVCAN DSDL
    • UAVCAN / CAN,
    • UDP Remote Desktop Protocol (RDPUDP),
    • Van Jacobson PPP compression (VJC),
    • World of Warcraft World (WOW),
    • X2 xIRI payload (xIRI).

Source: opennet.ru

Add a comment