The following features are new (or have been significantly updated) since version 1.4:
- Wireshark is now distributed as an installation package rather than a drag-installer on OS X. The installer adds a startup item that should make it easier to capture packets.
- Large file (greater than 2 GB) support has been improved.
- Wireshark and TShark can import text dumps, similar to text2pcap.
- You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
- Wireshark can export SSL session keys via File→Export→SSL Session Keys.
- TShark can show a specific occurrence of a field when using '-T fields'.
- Custom columns can show a specific occurrence of a field.
- You can hide columns in the packet list.
- Wireshark can now export SMB objects.
- dftest and randpkt now have manual pages.
- TShark can now display iSCSI, ICMP and ICMPv6 service response times.
- Dumpcap can now save files with a user-specified group id.
- Syntax checking is done for capture filters.
- You can display the compiled BPF code for capture filters in the Capture Options dialog.
- You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
- Packet length is (finally) a default column.
- TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
- 802.1q VLAN tags are now shown in the Ethernet II protocol tree instead of a separate tree.
- Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
- The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
- The RTP player now shows why media interruptions occur.
- Graphs now save as PNG images by default.
- Wireshark and TShark can now read compressed Windows Sniffer files.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.