Wireshark 2.2.0 released with lots of new features and major API changes

Wireshark 2.2.0 recently released, is now able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you’re curious about, or debugging, a file and its format.


Wireshark 2.2.0 Changelog

  • “Decode As” supports SSL (TLS) over TCP.
  • Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.
  • Added -d option for Decode As support in Wireshark (mimics TShark functionality)
  • The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
  • The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
  • The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
  • The RTP player now allows up to 30 minutes of silence frames.
  • Packet bytes can now be displayed as EBCDIC.
  • The Qt UI loads captures faster on Windows.

See release notes for complete changes

How to Install Wireshark 2.2.0 on Ubuntu 16.04 (Yakkety Yak), 16.04 (Xenial Xerus), Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04(Vivid Vervet), Ubuntu 14.04 (Trusty Tahr)

  • Edit the file “sources.list” and un comment any line that has # sign under deb-src > Exit and save changes
sudo nano /etc/apt/sources.list
  • Update and run the following commands to install all dependencies
sudo apt-get update

sudo apt-get build-dep wireshark
  • Download and compile as follows
wget https://1.na.dl.wireshark.org/src/wireshark-2.2.0.tar.bz2

tar -xvf wireshark-2.2.0.tar.bz2

cd wireshark*



sudo make install

sudo ldconfig

comments powered by Disqus