TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags

[wireshark-sm.git] / doc / release-notes.adoc

include::attributes.adoc[]
:stylesheet: ws.css
:linkcss:
:copycss: {css_dir}/{stylesheet}

= Wireshark {wireshark-version} Release Notes
// Asciidoctor Syntax Quick Reference:
// https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/

This is an experimental release intended to test new features for Wireshark 5.0.

== What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer.
It is used for troubleshooting, analysis, development and education.

== What’s New

// Add a summary of **major** changes here.
// Add other changes to "New and Updated Features" below.

Many other improvements have been made.
See the “New and Updated Features” section below for more details.

//=== Bug Fixes

//The following bugs have been fixed:
//* wsbuglink:5000[]
//* wsbuglink:6000[Wireshark bug]
//* cveidlink:2014-2486[]
//* Wireshark grabs your ID at 3 am, goes to Waffle House, and insults people.

=== New and Updated Features

The following features are either new or have been significantly updated since version 4.4.0:

* The Windows installers now ship with Npcap 1.80.
  They previously shipped with Npcap 1.79.

* Source packages are now compressed using zstd.

//* The Windows installers now ship with Qt 6.5.2.
//  They previously shipped with Qt 6.2.3.

* The default format for absolute times when output with -T fields, -T json,
  and the "show" field of -T pdml, or when in custom columns (including CSV
  output of columns) has been changed to ISO 8601. (This was already the case
  for -T ek.) For backwards compatibility, a preference has been added,
  protocols.display_abs_time_ascii. This can be set to continue to format
  times in a manner similar to asctime. (E.g., Dec 18, 2017 05:28:39.071704055 EST.)
  This preference can also be set to never use ascii time and to use ISO 8601 time
  in the protocol tree (Packet Details) as well.

* The TShark `-G` option for generating glossary reports does not need to be the
  first option given on the command line anymore. In addition, the reports now
  are affected by other command line options such as `-o`, `-d`, and
  `--disable-protocol`, in addition to the `-C` option, which was already supported.
  (The `defaultprefs` report remains unaffected by any other options.)
  As a part of this change, `-G` with no argument, which was previously deprecated,
  is no longer supported. Use `tshark -G fields` to produce the same report.
  Also, the syntax for only listing fields with a certain prefix has changed to
  `tshark -G fields,prefix`.

* Wireshark can now decrypt NTP packets using NTS (Network Time Security). To decrypt packets,
  the NTS-KE (Network Time Security Key Establishment Protocol) packets need to be present,
  alongside the TLS client and exporter secrets. Additionally, the parts of a NTP packet which
  can be cryptographically authenticated (from NTP packet header until the end  of the last
  extension field that precedes the NTS Authenticator and Encrypted Extension Fields
  extension field) are checked for validity.

* The TCP Stream Graph axes now use units with SI prefixes. wsbuglink:20197[]

* Custom columns have an option to show the values using the same format as
  in Packet Details.

* Custom column complex expressions (e.g., with arithmetic, filter functions,
  etc.) that return numeric results are sorted numerically instead of
  lexicographically.

* A display filter function `double` is added to allow explicitly converting
  field types like integers and times to doubles. This can be used to perform
  further arithmetic operations on fields of different types, including in
  custom column definitions.

* The minimum width of the I/O Graph dialog window is reduced, so it should
  work better on small resolution desktops, especially in certain languages.
  To enable this, some checkbox controls were moved to the graph right-click
  context menu. wsbuglink:20147[]

* X.509 certificates, used in TLS and elsewhere, can be exported via the
  File->Export Objects menu in Wireshark (under the name "X509AF") and
  `--export-objects` in TShark (with the protocol name `x509af`.)

* Zstandard Content-Encoding is supported in the HTTP and HTTP/2 dissectors.

* Follow Stream is supported for MPEG 2 Transport Stream PIDs, and for
  Packetized Elementary Streams contained within MPEG 2 TS. The latter
  can be used to extract audio or video for playback with other tools.

* DNP 3 (Distributed Network Protocol 3) is now supported in the Conversations
  and Endpoints table dialogs.

* The Lua supplied preloaded libraries `bit` and `rex_pcre2` are loaded in
  a way that adds them to the `package.loaded` table, as though through
  `require`, so that `require("bit")` and `require("rex_pcre2")` statements
  in Lua dissectors, while usually superfluous, behave as expected. wsbuglink:20213[]

// === Removed Features and Support


// === Removed Dissectors


//=== New File Format Decoding Support

//[commaize]
//--
//--

=== New Protocol Support

// Add one protocol per line between the -- delimiters in the format
// “Full protocol name (Abbreviation)”
// git log --oneline --diff-filter=A --stat v4.3.0rc0.. epan/dissectors plugins
[commaize]
--
Lenbrook Service Discovery Protocol (LSDP)
Network Time Security Key Establishment Protocol (NTS-KE)
--

=== Updated Protocol Support

Too many protocol updates have been made to list them all here.

//=== New and Updated Capture File Support

There is no new or updated capture file support in this release.
// Add one file type per line between the -- delimiters.
// [commaize]
// --
// --

// === New and Updated Capture Interfaces support
// [commaize]
// --
// --

//=== New and Updated Codec support

//_Non-empty section placeholder._

// === Major API Changes


== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package management system specific to that platform.
A list of third-party packages can be found on the
https://www.wireshark.org/download.html[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform.
You can use menu:Help[About Wireshark,Folders] or `tshark -G folders` to find the default locations on your system.

== Getting Help

The User’s Guide, manual pages and various other documentation can be found at
https://www.wireshark.org/docs/

Community support is available on
https://ask.wireshark.org/[Wireshark’s Q&A site]
and on the wireshark-users mailing list.
Subscription information and archives for all of Wireshark’s mailing lists can be found on https://lists.wireshark.org/lists/[the mailing list site].

Bugs and feature requests can be reported on
https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker].

You can learn protocol analysis and meet Wireshark’s developers at
https://sharkfest.wireshark.org[SharkFest].

// Official Wireshark training and certification are available from
// https://www.wiresharktraining.com/[Wireshark University].

== How You Can Help

The Wireshark Foundation helps as many people as possible understand their networks as much as possible.
You can find out more and donate at https://wiresharkfoundation.org[wiresharkfoundation.org].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].