Cool New Stuff
Categories:
Announcement
Hello everybody, we’ve got a handful of miscellaneous announcements for you today. They all just happened to occur within a handful of days, so it made more sense to lump them all into one post.
Development version 1.99.1 was released, another milestone on the road to 2.0 and our shiny new Qt interface. You can read the full announcement with release notes here, and download it from the “Development Release” section of here! Tweet tweet! That’s right, we have an official twitter handle now for announcements and the like. It is shared by several of the core developers, but mostly run by our fearless leader Gerald. Follow us @WiresharkNews to find out more! Thanks to the hard work of our Debian maintainer Bálint, we now have an Ubuntu PPA (Personal Package Archive) containing the latest stable Wireshark releases pre-built for all the supported Ubuntu releases. If you’ve ever wanted the latest and greatest Wireshark on an older version of Ubuntu, now’s your chance, so get it here. Last but not least (although this one’s older – it actually launched way back in June), our repository now has an official github mirror.
Wireshark 1.12 Officially Released!
Categories:
Announcement
We are proud to announce the release of Wireshark 1.12.0! This is a fairly significant release for us, as we expect it to be the very last release using the GTK toolkit in the default interface (see this post for our plans to replace it).
Wireshark 1.12 contains a substantial number of fixes and new features, representing just over a year of development effort. Check out the release notes for full information on what’s new and improved, and download it now!
If you have any issues with the new version, please file a report in our bug tracker.
Comments 🔗Comment by L.Grove on 2014-08-05 10:37:44 +0000 🔗Version 1.12 does not capture IEC61850 MMS massage any more. The MMS will be shown in T.125. This is not right.
Comment by Evan Huus on 2014-08-05 12:14:43 +0000 🔗@L.Grove this is not the best place for bug reports: please file an issue in Bugzilla (https://bugs.wireshark.org/bugzilla/)
Comment by L.Grove on 2014-08-07 08:49:35 +0000 🔗@Evan Huus, thanks, I didn’t know there is bugzilla
Comment by Andy Konecny on 2014-08-09 18:50:36 +0000 🔗The install faults on one bit, that it uninstalls the previous version, and only then tells me there may be issues running it on XP and it recommends the version it just uninstalled.
To Infinity and Beyond! Capturing Forever with Tshark
Categories:
Announcement
Over the last couple of years that I’ve been involved with Wireshark, one issue has reared its head a significant number of times in a surprisingly varied number of ways. These range from “Capturing with tshark uses more and more memory!” to “I set tshark to capture in the background, and it keeps crashing!” to “How do I set up tshark to capture forever?”
Historically we’ve had no good answer to these complaints – Wireshark and tshark both only do what is called stateful dissection. This means that they store what they’ve seen in memory and use that information to provide additional details about future packets, for example by matching requests with responses. While this provides substantial benefits — reassembly of protocols over TCP being probably the most obvious — it means that as the amount of traffic increases, so does the amount of memory needed to store all of that state. It also means that there’s no way for tshark to run forever unless you’ve got infinite memory (what’s your secret!?) or no traffic at all.
All of that has just changed.