- Update from ver4sion 4.4.9 to 4.6.0
- Update of rootfile
- Changelog
4.6.0
New and Updated Features
The following features are new (or have been significantly updated)
since
version 4.6.0rc1:
Wireshark can dissect process information, packet metadata,
flow IDs,
drop information, and other information provided by tcpdump on
macOS.
The following features are either new or have been significantly
updated
since version 4.4.0:
The Windows installers now ship with Npcap 1.83. They previously
shipped with Npcap 1.79.
The Windows and macOS installers now ship with Qt 6.9.3. They
previously shipped with Qt 6.5.3.
We now ship universal macOS installers instead of separate
packages
for Arm64 and Intel. Issue 17294
WinPcap is no longer supported. On Windows, use Npcap instead,
uninstalling WinPcap if necessary. The final release of
WinPcap was
version 4.1.3 in 2013. It only supports up to Windows 8, which
is no
longer supported by Microsoft or Wireshark.
A new “Plots” dialog has been added, which provides scatter
plots in
contrast to the “I/O Graphs” dialog, which provides
histograms. The
Plots dialog window supports multiple plots, markers, and
automatic
scrolling.
Live captures can be compressed while writing. (Previously
there was
support for compressing when performing multiple file capture,
at
file rotation time.) The --compress option in TShark works on
live
captures as well. Issue 9311
Absolute time fields, regardless of field display in the Packet
Details, are always written in ISO 8601 format in UTC with -T
json.
This was already the case for -T ek since version 4.2.0. JSON
is
primarily a data interchange format read by software, so a
standard
format is desirable.
When absolute times field are output with -T fields, the "show"
field
of -T pdml, or in custom columns (including CSV output of
columns),
the formatting similar to asctime (e.g., Dec 18, 2017
05:28:39.071704055 EST) has been deprecated in favor of ISO
8601. For
backwards compatibility, a preference has been added,
protocols.display_abs_time_ascii, which can be set to continue
to
format times as before. This preference can also be set to
never use
ASCII time and to use ISO 8601 time formatting in the protocol
tree
(Packet Details) as well. It is possible that a future release
will
remove the ascitime style formatting entirely.
UTC frame time column formats (including "Time (format as
specified)"
when a UTC time display format is selected) have a "Z" suffix
per
ISO 8601. Local time formats remain unqualified (including if
the
local time zone is UTC.) Custom columns displaying
FT_ABSOLUTE_TIME
already had time zone indication.
The TShark -G option for generating glossary reports does not
need to
be the first option given on the command line anymore. In
addition,
the reports now are affected by other command line options
such as
-o, -d, and --disable-protocol, in addition to the -C option,
which
was already supported. (The defaultprefs report remains
unaffected by
any other options.) As a part of this change, -G with no
argument,
which was previously deprecated, is no longer supported. Use
tshark -G fields to produce the same report. Also, the syntax
for
only listing fields with a certain prefix has changed to
tshark -G
fields,prefix.
The underlying type of EUI-64 fields has been switched to bytes
when
packet matching, similar to most other address formats. This
means
that EUI-64 addresses can be sliced and compared to other bytes
types, e.g. the filter wpan.src64[:3] == eth.src[:3]. Fields
can
still be specified using 64-bit unsigned integer literals,
though
arithmetic with other integers is no longer supported.
Wireshark can now decrypt NTP packets using NTS (Network Time
Security).
To decrypt packets, the NTS-KE (Network Time Security Key
Establishment Protocol) packets need to be present, alongside
the TLS
client and exporter secrets. Additionally, the parts of a NTP
packet
which can be cryptographically authenticated (from NTP packet
header
until the end of the last extension field that precedes the NTS
Authenticator and Encrypted Extension Fields extension field)
are
checked for validity.
Wireshark’s ability to decrypt MACsec packets has been expanded
to
either use the SAK unwrapped by the MKA dissector, or the PSK
configured in the MACsec dissector. To enable the MKA
dissector to
unwrap the SAK, the CAK for the applicable CKN can be entered
in the
extended CKN/CAK Info UAT in the MKA dissector preferences. The
ability of the MACsec dissector to decrypt packets using a PSK
has
been extended to a list of PSKs, which can entered through a
new UAT.
The TCP Stream Graph axes now use units with SI prefixes. Issue
20197
Custom columns have an option to show the values using the same
format
as in Packet Details.
Custom column complex expressions (e.g., with arithmetic, filter
functions, etc.) that return numeric results are sorted
numerically
instead of lexicographically.
Display filter functions float and double are added to allow
explicitly converting field types like integers and times to
single
and double precision floats. They can be used to perform
further
arithmetic operations on fields of different types, including
in
custom column definitions.
The minimum width of the I/O Graph dialog window has been
reduced, so
it should work better on small resolution desktops, especially
in
certain languages. To enable this, some checkbox controls were
moved
to the graph right-click context menu. Issue 20147
X.509 certificates, used in TLS and elsewhere, can be exported
via the
File › Export Objects menu in Wireshark (under the name
"X509AF")
and --export-objects in TShark (with the protocol name x509af.)
Zstandard Content-Encoding is supported in the HTTP and HTTP/2
dissectors.
Follow Stream is supported for MPEG 2 Transport Stream PIDs,
and for
Packetized Elementary Streams contained within MPEG 2 TS. The
latter
can be used to extract audio or video for playback with other
tools.
DNP 3 (Distributed Network Protocol 3) is now supported in the
Conversations and Endpoints table dialogs.
The Lua supplied preloaded libraries bit and rex_pcre2 are
loaded in a
way that adds them to the package.loaded table, as though
through
require, so that require("bit") and require("rex_pcre2")
statements
in Lua dissectors, while usually superfluous, behave as
expected.
Issue 20213
The packet list (Wireshark) and event list (Stratoshark) no
longer
support rows with multiple lines. Issue 14424
The ethers file can also contain EUI-64 to name mappings. Issue
15487
Wireshark’s "Import from Hex Dump" feature and text2pcap now
support
byte groups with 2 to 4 bytes (with an option for
little-endian byte
order), and support hexadecimal offsets with a 0x or 0X prefix
(as
produced by tcpdump -x, among others). Issue 16193
Frame timestamps can be added as preamble to hex dumps in
Wireshark
from the "Print" and "Export Packet Dissection" dialogs, and in
TShark with the --hexdump time option. Issue 17132
Lua now has a Conversation object, which exposes conversations
and
conversation data to Lua. Issue 15396
An Edit › Copy › as HTML menu item has been added, along with
associated context menu items and a keyboard shortcut. It
provides an
option (via knobs in preferences) to copy plain text with
aligned
columns along with an ability to select a copy format to be
used when
copied via keyboard shortcut.
The "no duplicate keys" version of JSON output that tshark has
supported since 2.6.0 is available through the GUI Export
Dissections
Dialog. Note that this format does not necessarily preserve the
ordering of all children in a tree, if sibling with identical
keys
are not consecutive.
The GUI Export Dissections Dialog can output raw hex bytes of
the
frame data for each field with or without exporting the field
values,
the same formats as the "-T json -x" and "-T jsonraw" output
modes,
respectively, of TShark.
The Conversations and Endpoints dialogs have an option to
display byte
counts and bit rates in exact counts instead of human-readable
numbers with SI units. The default setting when opening a
dialog is
controlled by a Statistics preference,
"conv.machine_readable". The
same preference controls whether precise byte counts are used
in the
TShark "-z conv" and "-z endpoints" taps.
The output format for some TShark statistics taps (those
selected with
"-z <tap>,tree", which use the stats_tree system) can be
controlled
via a preference "-o statistics.output_format".
The color scheme can be set to Light or Dark mode independently
of the
current OS default on Windows and macOS, if Wireshark is built
with
Qt 6.8 or later as the official installers are. Issue 19328
libxml2 is now a required dependency. Note that Wireshark will
not
build with libxml2 2.15.0, but other versions should work.
The View menu has an option to Redissect Packets manually,
which can
be useful when address resolution or decryption secrets have
changed.
HTTP2 tracking of 3GPP session over 5G Service Based Interfaces
is now
optional available. When enabled "Associate IMSI" will be add
on
HTTP2 streams which has been found belong to a session.
Building the documentation on Windows no longer requires Java.
On Linux, capture filters that use BPF extensions like
"inbound",
"outbound", and "ifindex" can be used for capturing (and
compiled by
the Compiled Filter dialog). Instead of always being rejected
by the
syntax checker, they will be marked as unknown.
Removed Features and Support
Wireshark no longer supports AirPcap and WinPcap.
Wireshark no longer supports libnl versions 1 or 2.
The ENABLE_STATIC CMake option has been deprecated in favor of
BUILD_SHARED_LIBS
New File Format Decoding Support
Resource Interchange File Format (RIFF) and TTL File Format
New Protocol Support
Asymmetric Key Packages (AKP), Binary HTTP, BIST TotalView-ITCH
protocol (BIST-ITCH), BIST TotalView-OUCH protocol (BIST-OUCH),
Bluetooth Android HCI (HCI ANDROID), Bluetooth Intel HCI (HCI
INTEL),
BPSec COSE Context, BPSec Default SC, Commsignia Capture
Protocol
(C2P), DECT NR+ (DECT-2020 New Radio), DLMS/COSEM, Ephemeral
Diffie-Hellman Over COSE, Identifier-Locator Network Protocol
(ILNP),
LDA Neo Device trailer (LDA_NEO_TRAILER), Lenbrook Service
Discovery
Protocol (LSDP), LLC V1, Navitrol messaging, Network Time
Security
Key Establishment Protocol (NTS-KE), Ouster VLP-16, Private
Line
Emulation (PLE), RC V3, RCG, Roughtime, SBAS L5 Navigation
Message,
SGP.22 GSMA Remote SIM Provisioning (SGP.22), SGP.32 GSMA
Remote SIM
Provisioning (SGP.32), SICK CoLA Ascii and CoLA Binary
protocols,
Silabs Debug Channel, Universal Measurement and Calibration
Protocol
(XCP), USB Picture Transfer Protocol (USB-PTP), VLP-16 Data and
Position messaging, and vSomeIP Internal Protocol (vSomeIP)
Updated Protocol Support
Too many protocol updates have been made to list them all here.
New and Updated Capture File Support
BLF is now improved (including writing to BLF)
New and Updated Capture Interfaces support
On Windows, etwdump’s user-friendliness has been greatly
improved
thanks to various extcap changes. It should also now display
the raw
bytes of unknown events.
Major API Changes
The Lua API now supports Libgcrypt symmetric cipher functions.
Signed-off-by: Adolf Belka <[email protected]>
---
config/rootfiles/packages/tshark | 85 ++++++++++++++++++--------------
lfs/tshark | 6 +--
2 files changed, 50 insertions(+), 41 deletions(-)
diff --git a/config/rootfiles/packages/tshark b/config/rootfiles/packages/tshark
index 1778ebb0b..db7399cb8 100644
--- a/config/rootfiles/packages/tshark
+++ b/config/rootfiles/packages/tshark
@@ -2,7 +2,6 @@
#usr/bin/captype
usr/bin/dumpcap
#usr/bin/editcap
-#usr/bin/idl2wrs
#usr/bin/mergecap
#usr/bin/randpkt
#usr/bin/rawshark
@@ -11,48 +10,51 @@ usr/bin/dumpcap
#usr/bin/text2pcap
usr/bin/tshark
#usr/lib/libwireshark.so
-usr/lib/libwireshark.so.18
-usr/lib/libwireshark.so.18.0.9
+usr/lib/libwireshark.so.19
+usr/lib/libwireshark.so.19.0.0
#usr/lib/libwiretap.so
-usr/lib/libwiretap.so.15
-usr/lib/libwiretap.so.15.0.9
+usr/lib/libwiretap.so.16
+usr/lib/libwiretap.so.16.0.0
#usr/lib/libwsutil.so
-usr/lib/libwsutil.so.16
-usr/lib/libwsutil.so.16.0.0
+usr/lib/libwsutil.so.17
+usr/lib/libwsutil.so.17.0.0
#usr/lib/wireshark
-#usr/lib/wireshark/extcap
-usr/lib/wireshark/extcap/androiddump
-usr/lib/wireshark/extcap/ciscodump
-usr/lib/wireshark/extcap/dpauxmon
-usr/lib/wireshark/extcap/randpktdump
-usr/lib/wireshark/extcap/sshdump
-usr/lib/wireshark/extcap/udpdump
-usr/lib/wireshark/extcap/wifidump
#usr/lib/wireshark/plugins
-usr/lib/wireshark/plugins/4.4
-usr/lib/wireshark/plugins/4.4/codecs
-usr/lib/wireshark/plugins/4.4/codecs/g711.so
-usr/lib/wireshark/plugins/4.4/codecs/l16mono.so
-usr/lib/wireshark/plugins/4.4/codecs/opus_dec.so
-usr/lib/wireshark/plugins/4.4/epan
-usr/lib/wireshark/plugins/4.4/epan/ethercat.so
-usr/lib/wireshark/plugins/4.4/epan/gryphon.so
-usr/lib/wireshark/plugins/4.4/epan/ipaddr.so
-usr/lib/wireshark/plugins/4.4/epan/irda.so
-usr/lib/wireshark/plugins/4.4/epan/mate.so
-usr/lib/wireshark/plugins/4.4/epan/opcua.so
-usr/lib/wireshark/plugins/4.4/epan/profinet.so
-usr/lib/wireshark/plugins/4.4/epan/stats_tree.so
-usr/lib/wireshark/plugins/4.4/epan/transum.so
-usr/lib/wireshark/plugins/4.4/epan/unistim.so
-usr/lib/wireshark/plugins/4.4/epan/wimax.so
-usr/lib/wireshark/plugins/4.4/epan/wimaxasncp.so
-usr/lib/wireshark/plugins/4.4/epan/wimaxmacphy.so
-usr/lib/wireshark/plugins/4.4/wiretap
-usr/lib/wireshark/plugins/4.4/wiretap/usbdump.so
+usr/lib/wireshark/plugins/4.6
+usr/lib/wireshark/plugins/4.6/codecs
+usr/lib/wireshark/plugins/4.6/codecs/g711.so
+usr/lib/wireshark/plugins/4.6/codecs/l16mono.so
+usr/lib/wireshark/plugins/4.6/codecs/opus_dec.so
+usr/lib/wireshark/plugins/4.6/epan
+usr/lib/wireshark/plugins/4.6/epan/ethercat.so
+usr/lib/wireshark/plugins/4.6/epan/gryphon.so
+usr/lib/wireshark/plugins/4.6/epan/ipaddr.so
+usr/lib/wireshark/plugins/4.6/epan/irda.so
+usr/lib/wireshark/plugins/4.6/epan/mate.so
+usr/lib/wireshark/plugins/4.6/epan/opcua.so
+usr/lib/wireshark/plugins/4.6/epan/profinet.so
+usr/lib/wireshark/plugins/4.6/epan/stats_tree.so
+usr/lib/wireshark/plugins/4.6/epan/transum.so
+usr/lib/wireshark/plugins/4.6/epan/unistim.so
+usr/lib/wireshark/plugins/4.6/epan/wimax.so
+usr/lib/wireshark/plugins/4.6/epan/wimaxasncp.so
+usr/lib/wireshark/plugins/4.6/epan/wimaxmacphy.so
+usr/lib/wireshark/plugins/4.6/wiretap
+usr/lib/wireshark/plugins/4.6/wiretap/usbdump.so
+usr/libexec/wireshark
+usr/libexec/wireshark/extcap
+usr/libexec/wireshark/extcap/androiddump
+usr/libexec/wireshark/extcap/ciscodump
+usr/libexec/wireshark/extcap/dpauxmon
+usr/libexec/wireshark/extcap/randpktdump
+usr/libexec/wireshark/extcap/sshdump
+usr/libexec/wireshark/extcap/udpdump
+usr/libexec/wireshark/extcap/wifidump
#usr/share/doc/wireshark
#usr/share/doc/wireshark/COPYING
#usr/share/doc/wireshark/README.xml-output
+#usr/share/doc/wireshark/Stratoshark Release Notes.html
+#usr/share/doc/wireshark/Wireshark Release Notes.html
#usr/share/doc/wireshark/androiddump.html
#usr/share/doc/wireshark/capinfos.html
#usr/share/doc/wireshark/captype.html
@@ -68,9 +70,11 @@ usr/lib/wireshark/plugins/4.4/wiretap/usbdump.so
#usr/share/doc/wireshark/randpkt.html
#usr/share/doc/wireshark/randpktdump.html
#usr/share/doc/wireshark/rawshark.html
-#usr/share/doc/wireshark/release-notes.html
#usr/share/doc/wireshark/reordercap.html
+#usr/share/doc/wireshark/sshdig.html
#usr/share/doc/wireshark/sshdump.html
+#usr/share/doc/wireshark/strato.html
+#usr/share/doc/wireshark/stratoshark.html
#usr/share/doc/wireshark/text2pcap.html
#usr/share/doc/wireshark/tshark.html
#usr/share/doc/wireshark/udpdump.html
@@ -92,7 +96,10 @@ usr/lib/wireshark/plugins/4.4/wiretap/usbdump.so
#usr/share/man/man1/randpktdump.1
#usr/share/man/man1/rawshark.1
#usr/share/man/man1/reordercap.1
+#usr/share/man/man1/sshdig.1
#usr/share/man/man1/sshdump.1
+#usr/share/man/man1/strato.1
+#usr/share/man/man1/stratoshark.1
#usr/share/man/man1/text2pcap.1
#usr/share/man/man1/tshark.1
#usr/share/man/man1/udpdump.1
@@ -108,7 +115,6 @@ usr/share/wireshark/dfilters
usr/share/wireshark/diameter/AlcatelLucent.xml
usr/share/wireshark/diameter/Cisco.xml
usr/share/wireshark/diameter/CiscoSystems.xml
-usr/share/wireshark/diameter/Custom.xml
usr/share/wireshark/diameter/Ericsson.xml
usr/share/wireshark/diameter/HP.xml
usr/share/wireshark/diameter/Huawei.xml
@@ -129,6 +135,7 @@ usr/share/wireshark/diameter/VerizonWireless.xml
usr/share/wireshark/diameter/Vodafone.xml
usr/share/wireshark/diameter/chargecontrol.xml
usr/share/wireshark/diameter/dictionary.dtd
+usr/share/wireshark/diameter/dictionary.ent
usr/share/wireshark/diameter/dictionary.xml
usr/share/wireshark/diameter/eap.xml
usr/share/wireshark/diameter/etsie2e4.xml
@@ -193,6 +200,7 @@ usr/share/wireshark/radius/dictionary.arista
usr/share/wireshark/radius/dictionary.aruba
usr/share/wireshark/radius/dictionary.ascend
usr/share/wireshark/radius/dictionary.ascend.illegal
+usr/share/wireshark/radius/dictionary.ascend.illegal.extended
usr/share/wireshark/radius/dictionary.asn
usr/share/wireshark/radius/dictionary.audiocodes
usr/share/wireshark/radius/dictionary.avaya
@@ -270,6 +278,7 @@ usr/share/wireshark/radius/dictionary.iea
usr/share/wireshark/radius/dictionary.infinera
usr/share/wireshark/radius/dictionary.infoblox
usr/share/wireshark/radius/dictionary.infonet
+usr/share/wireshark/radius/dictionary.ingate
usr/share/wireshark/radius/dictionary.ipunplugged
usr/share/wireshark/radius/dictionary.issanni
usr/share/wireshark/radius/dictionary.itk
diff --git a/lfs/tshark b/lfs/tshark
index 6f88045c6..5760f94eb 100644
--- a/lfs/tshark
+++ b/lfs/tshark
@@ -26,7 +26,7 @@ include Config
SUMMARY = A Network Traffic Analyser
-VER = 4.4.9
+VER = 4.6.0
THISAPP = wireshark-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tshark
DEPS = c-ares
-PAK_VER = 27
+PAK_VER = 28
SERVICES =
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 =
e3a9b959087f720d6ea76205d5a3fc69227a484998ce964ce3c0ecfd0dfb974b7035f7f026830e08c5bed38051a3c977717d3dffcdc2169d5bcaf6022f19e9de
+$(DL_FILE)_BLAKE2 =
df4245158422dae95bb6a68d8093cf5d1456290f25a8b8f664e6f9bf7f70661fc881e100c48c616ca077621dbb0ff55a5b14c1e385e8b6d52a7dc2d7fd1acd0a
install : $(TARGET)
--
2.51.0
