What’s New$$$The following changes have been made since version 0.10.0:$$$$$$The Stratoshark Windows installer now includes a DLL that was required by the cloudtrail and gcpaudit plugins.$$$$$$The following issues have been fixed: * Wireshark appears in German where Systemlanguage is Dutch. Issue 20347. * If you double-click an interface in the welcome screen interface list; and have typed nothing in the capture filter box; the system reports an invalid capture filter. Issue 21303. * Qt: Appearance mode is stored per-profile while theme name is global — theme flips on profile switch. Issue 21311. * Qt: Recent filters arrow button gives no hover/pressed feedback. Issue 21322. * Qt: Hidden interfaces (Welcome page right-click) not persisted across profile switch or restart. Issue 21325. * Qt: Preferences dialog left category tree cannot be resized (labels truncated; only horizontal scrollbar) Issue 21327. * Stratoshark: no-libpcap compilation broken (actionCaptureRestart) — fix from 554baf6294 never applied. Issue 21328. * Qt: Make theme preview resemble a real Wireshark window (mini packet-list mockup) Issue 21329. * stratoshark -D lists a bunch of network capture devices. Issue 21332.

What’s New$$$The following changes have been made since version 0.9.2:$$$$$$The Windows installers now ship with Qt 6.8.3. They previously shipped with Qt 6.8.1.$$$$$$Stratoshark now ships with “strato”; a command line tool similar to tshark.$$$$$$The Windows and macOS packages now ship with the gcpaudit and k8saudit plugins.$$$$$$The Falco Events dissector now adds IP geolocation fields alongside IPv4 and IPv6 address fields.$$$$$$The following changes have been made since version 0.9.1:$$$$$$A new “Plots” dialog has been added; which provides scatter plots in contrast to the “I/O Graphs” dialog; which provides histograms. The Plots dialog window supports multiple plots; markers; and automatic scrolling.$$$$$$The Falco Bridge dissector has been renamed to Falco Events. Filter fields now have a falcoevents protocol prefix; but a falcobridge protocol alias has been added for backward compatibility.$$$$$$Stratoshark can now show field offsets for supported plugins.$$$$$$Cloudtrail log messages can now be viewed as formatted JSON data.$$$$$$The system call dissector now has a falcoevents.fd.stream field; which provides a unique number for each file descriptor. The Follow File Descriptor Stream feature now uses this field to track streams. $$$$$$We now ship universal macOS installers instead of separate packages for Arm64 and Intel. $$$$$$The following changes have been made since version 0.9.0:$$$$$$The application icons have been updated.$$$$$$Bug Fixes$$$The following bugs have been fixed since version 0.9.2:$$$$$$.scap file extension wrongly associated with Wireshark. $$$$$$sshdig should have a snaplen option.$$$$$$The following bugs have been fixed since version 0.9.1:$$$$$$Stratoshark help message has Wiresharkisms in it. $$$$$$Stratoshark and editcap could write incorrect block types. Merge request 19238.$$$$$$Stratoshark says I can’t capture on local interfaces. $$$$$$Stratoshark: Crash While Sorting on evt.buflen column. $$$$$$The following bugs have been fixed since version 0.9.0:$$$$$$Falco Bridge: Empty frame.protocols field.$$$$$$Sysdig event and Falco bridge dissection mismatch due to unsupported pcapng block types. $$$$$$New and Updated Features$$$Stratoshark can capture system calls locally on Linux and a variety of log sources on Windows; macOS; and Linux.

What’s New$$$The following changes have been made since version 0.9.2:$$$$$$The Windows installers now ship with Qt 6.8.3. They previously shipped with Qt 6.8.1.$$$$$$Stratoshark now ships with “strato”; a command line tool similar to tshark.$$$$$$The Windows and macOS packages now ship with the gcpaudit and k8saudit plugins.$$$$$$The Falco Events dissector now adds IP geolocation fields alongside IPv4 and IPv6 address fields.$$$$$$The following changes have been made since version 0.9.1:$$$$$$A new “Plots” dialog has been added; which provides scatter plots in contrast to the “I/O Graphs” dialog; which provides histograms. The Plots dialog window supports multiple plots; markers; and automatic scrolling.$$$$$$The Falco Bridge dissector has been renamed to Falco Events. Filter fields now have a falcoevents protocol prefix; but a falcobridge protocol alias has been added for backward compatibility.$$$$$$Stratoshark can now show field offsets for supported plugins.$$$$$$Cloudtrail log messages can now be viewed as formatted JSON data.$$$$$$The system call dissector now has a falcoevents.fd.stream field; which provides a unique number for each file descriptor. The Follow File Descriptor Stream feature now uses this field to track streams. $$$$$$We now ship universal macOS installers instead of separate packages for Arm64 and Intel. $$$$$$The following changes have been made since version 0.9.0:$$$$$$The application icons have been updated.$$$$$$Bug Fixes$$$The following bugs have been fixed since version 0.9.2:$$$$$$.scap file extension wrongly associated with Wireshark. $$$$$$sshdig should have a snaplen option.$$$$$$The following bugs have been fixed since version 0.9.1:$$$$$$Stratoshark help message has Wiresharkisms in it. $$$$$$Stratoshark and editcap could write incorrect block types. Merge request 19238.$$$$$$Stratoshark says I can’t capture on local interfaces. $$$$$$Stratoshark: Crash While Sorting on evt.buflen column. $$$$$$The following bugs have been fixed since version 0.9.0:$$$$$$Falco Bridge: Empty frame.protocols field.$$$$$$Sysdig event and Falco bridge dissection mismatch due to unsupported pcapng block types. $$$$$$New and Updated Features$$$Stratoshark can capture system calls locally on Linux and a variety of log sources on Windows; macOS; and Linux.