Network protocol analyzer Wireshark 2.0 released

Wireshark, the most popular network protocol analyzer, has reached version 2.0. It features a completely new user interface which should provide a smoother, faster user experience.

Here’s an in-depth video introduction to Wireshark 2.0



The libwireshark API has undergone some major changes:

  • The emem framework (including all ep_ and se_ memory allocation routines) has been completely removed in favour of wmem which is now fully mature.
  • The (long-since-broken) Python bindings support has been removed. If you want to write dissectors in something other than C, use Lua.
  • Plugins can now create GUI menu items.
  • Heuristic dissectors can now be globally enabled/disabled so heur_dissector_add() has a few more parameters to make that possible
  • proto_tree_add_text has been removed.
  • tvb_length() has been removed in favor of tvb_reported_length() and tvb_captured_length().
  • The API for ONC RPC-based dissectors has changed significantly: the procedure dissectors no longer take an offset, void-argument procedures now need to be declared with a function (use dissect_rpc_void()), and rpc_init_prog() now handles procedure registration too (it takes additional arguments to handle this; rpc_init_proc_table() was removed).

The following features are new (or have been significantly updated) since version 2.0.0rc3:

  • An RTP player crash has been fixed.
  • Flow graph issues have been fixed.
  • A Follow Stream dialog crash has been fixed.
  • An extcap crash has been fixed.
  • A file merge crash has been fixed.
  • A handle leak crash has been fixed.
  • Several other crashes and usability issues have been fixed.