-
반응형Wireshark와 X11
MacOS에서는 Wireshark를 실행시키기 위해서는 X11이 필요했다. X11은 OS X 10.5~ 10.7까지만 사용된 윈도우 시스템이라 기본적으로 설치되어 있지 않다. Wireshark를 사용하기 위해서 X11을 설치를 해야하고 심지어 X11이 동작하는데까지 2-3분이상 기다려야하는 불편함을 겪어야 했다.
Wireshark 2.0< https://www.wireshark.org >
2.0부터는 X11가 아닌 MacOS 어플리케이션으로 직접 실행이 되기 때문에 X11을 별도로 설치하거나 오랜 시간을 기다리지 않아도 된다. 그리고 프로그램을 시작하면 첫 페이지에 인터페이스별 캡쳐되고 있는 현재 상태가 그래프로 표시된다.
아래는 https://www.wireshark.org/news/ 에 적혀있는 릴리즈 노트 정보이다.- 위에서 말했듯이 User interface에 대해서 QT 라이브러리를 사용하도록 재 개발되었다. 변경사항들 중에서 "Qt port:"라고 표시된 내용들이 User interface를 새로 만든 사항들을 의미한다.
- 일본어, 이탈리어,...등의 다양한 언어를 지원하게 되었다. 변경사항 키워드로 translation으로 찾으면 어떤 것을 지원하게 되었는지 알 수 있다.
Wireshark 2.0.0 Released
November 18, 2015
Wireshark 2.0.0 has been released.
Installers for Windows, OS X, and source code are now available.
The following features are new (or have been significantly updated) since version 2.0.0rc3:
- An RTP player crash has been fixed.
- Flow graph issues have been fixed. Bug Bug 11710.
- A Follow Stream dialog crash has been fixed. Bug Bug 11711.
- An extcap crash has been fixed.
- A file merge crash has been fixed. Bug Bug 11718.
- A handle leak crash has been fixed. Bug Bug 11702.
- Several other crashes and usability issues have been fixed.
The following features are new (or have been significantly updated) since version 2.0.0rc2:
The following features are new (or have been significantly updated) since version 2.0.0rc1:
- For new installations on UN*X, the directory for user preferences is
$HOME/.config/wiresharkrather than$HOME/.wireshark. If that directory is absent, preferences will still be found and stored under$HOME/.wireshark. Qt port:
- The SIP Statistics dialog has been added.
- You can now create filter expressions from the display filter toolbar.
- Bugs in the UAT prefererences dialog has been fixed.
- Several dissector and Qt UI crash bugs have been fixed.
- Problems with the Mac OS X application bundle have been fixed.
The following features are new (or have been significantly updated) since version 1.99.9:
Qt port:
- The LTE RLC Graph dialog has been added.
- The LTE MAC Statistics dialog has been added.
- The LTE RLC Statistics dialog has been added.
- The IAX2 Analysis dialog has been added.
- The Conversation Hash Tables dialog has been added.
- The Dissector Tables dialog has been added.
- The Supported Protocols dialog has been added.
- You can now zoom the I/O and TCP Stream graph X and Y axes independently.
- The RTP Player dialog has been added.
- Several memory leaks have been fixed.
The following features are new (or have been significantly updated) since version 1.99.8:
Qt port:
- The MTP3 statistics and summary dialogs have been added.
- The WAP-WSP statistics dialog has been added.
- The UDP multicast statistics dialog has been added.
- The WLAN statistics dialog has been added.
- The display filter macros dialog has been added.
- The capture file properties dialog now includes packet comments.
- Many more statistics dialogs can be opened from the command line via
-z .... - Most dialogs now have a cancellable progress bar.
- Many packet list and packet detail context menus items have been added.
- Lua plugins can be reloaded from the Analyze menu.
- Many bug fixes and improvements.
The following features are new (or have been significantly updated) since version 1.99.7:
Qt port:
- The Enabled Protocols dialog has been added.
- Many statistics dialogs have been added, including Service response time, DHCP/BOOTP, and ANSI.
- The RTP Analysis dialog has been added.
- Lua dialog support has been added.
- You can now manually resolve addresses.
- The Resolved Addresses dialog has been added.
- The packet list scrollbar now has a minimap.
- The capture interfaces dialog has been updated.
- You can now colorize conversations.
- Welcome screen behavior has been improved.
- Plugin support has been improved.
- Many dialogs should now more correctly minimize and maximize.
- The reload button has been added back to the toolbar.
- The "Decode As" dialog no longer saves decoding behavior.
- You can now stop loading large capture files.
- The Bluetooth HCI Summary has been added.
The following features are new (or have been significantly updated) since version 1.99.6:
Qt port:
- The Bluetooth Devices dialog has been added.
- The wireless toolbar has been added.
- Opening files via drag and drop is now supported.
- The Capture Filter and Display Filter dialogs have been added.
- The Display Filter Expression dialog has been added.
- Conversation Filter menu items have been added.
- You can change protocol preferences by right clicking on the packet list and details.
The following features are new (or have been significantly updated) since version 1.99.4 and 1.99.5:
Qt port:
- Capture restarts are now supported.
- Menu items for plugins are now supported.
- Extcap interfaces are now supported.
- The Expert Information dialog has been added.
- Display filter completion is now supported.
- Several interface bugs have been fixed.
- Translations have been updated.
The following features are new (or have been significantly updated) since version 1.99.3:
Qt port:
- Several interface bugs have been fixed.
- Translations have been updated.
The following features are new (or have been significantly updated) since version 1.99.2:
Qt port:
- Several bugs have been fixed.
- You can now open a packet in a new window.
- The Bluetooth ATT Server Attributes dialog has been added.
- The Coloring Rules dialog has been added.
- Many translations have been updated. Chinese, Italian and Polish translations are complete.
- General user interface and usability improvements.
- Automatic scrolling during capture now works.
- The related packet indicator has been updated.
The following features are new (or have been significantly updated) since version 1.99.1:
Qt port:
- The welcome screen layout has been updated.
- The Preferences dialog no longer crashes on Windows.
- The packet list header menu has been added.
- Statistics tree plugins are now supported.
- The window icon is now displayed properly in the Windows taskbar.
- A packet list an byte view selection bug has been fixed (Bug 10896)
- The RTP Streams dialog has been added.
- The Protocol Hierarchy Statistics dialog has been added.
The following features are new (or have been significantly updated) since version 1.99.0:
Qt port:
- You can now show and hide toolbars and major widgets using the View menu.
- You can now set the time display format and precision.
- The byte view widget is much faster, particularly when selecting large reassembled packets.
- The byte view is explorable. Hovering over it highlights the corresponding field and shows a description in the status bar.
- An Italian translation has been added.
- The Summary dialog has been updated and renamed to Capture File Properties.
- The VoIP Calls and SIP Flows dialogs have been added.
The following features are new (or have been significantly updated) since version 1.12.0:
- The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
- TShark now resets its state when changing files in ring-buffer mode.
- Expert Info severities can now be configured.
- Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.
Qt port:
- The Qt UI is now the default (program name is wireshark).
- A Polish translation has been added.
- The Interfaces dialog has been added.
- The interface list is now updated when interfaces appear or disappear.
- The Conversations and Endpoints dialogs have been added.
- A Japanese translation has been added.
- It is now possible to manage remote capture interfaces.
- Windows: taskbar progress support has been added.
- Most toolbar actions are in place and work.
- More command line options are now supported
Simple TIPpcap 파일들을 분석하기 위해서는 프로그램을 여러개 실행해야 하는 경우가 있다. 터미널에서 "wireshark"를 실행해주면 여러개의 프로그램을 실행할 수 있다. nohup 옵션을 주어서 터미널이 닫혔을 경우에도 동작하도록 하자.
nohup wireshark &
반응형
