* The following bugs have been fixed:
* Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
* Ring buffers are no longer turned on by default when using multiple capture files.
New and Updated Features
* The following features are new (or have been significantly updated) since version 1.4:
* Wireshark can import text dumps, similar to text2pcap.
* You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
* TShark can show a specific occurrence of a field when using '-T fields'.
* Custom columns can show a specific occurrence of a field.
* You can hide columns in the packet list.
* Wireshark can now export SMB objects.
* dftest and randpkt now have manual pages.
* TShark can now display iSCSI service response times.
* Dumpcap can now save files with a user-specified group id.
* Syntax checking is done for capture filters.
* You can display the compiled BPF code for capture filters in the Capture Options dialog.
* You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
* Packet length is (finally) a default column.
* TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
* 802.1q VLAN tags are now shown by the Ethernet II dissector.
* Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
* The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
* The RTP player now shows why media interruptions occur.
* Graphs now save as PNG images by default.
* TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via
* [-z hosts].
* The tshark -z option now uses the
syntax instead of
* for all protocols that support service response time statistics. This syntax now matches Wireshark's syntax for this option.
* New and Updated Capture File Support
o Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView
* Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
* Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
* Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About