2007-02-01 18:35:14 +00:00
|
|
|
Wireshark 0.99.5 Release Notes
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
------------------------------------------------------------------
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What is Wireshark?
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer.
|
|
|
|
It is used for troubleshooting, analysis, development, and
|
|
|
|
education.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
What's New
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Bug Fixes
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
The following vulnerabilities have been fixed. See the [1]security
|
|
|
|
advisory for details and a workaround.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o The TCP dissector could hang or crash while reassembling HTTP
|
2007-02-01 18:35:14 +00:00
|
|
|
packets. (Bug [2]1200)
|
|
|
|
|
|
|
|
Versions affected: 0.99.2 to 0.99.4
|
|
|
|
|
|
|
|
[3]CVE-2007-0459
|
|
|
|
|
|
|
|
o The HTTP dissector could crash.
|
|
|
|
|
|
|
|
Versions affected: 0.99.3 to 0.99.4
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
[4]CVE-2007-0458
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o On some systems, the IEEE 802.11 dissector could crash.
|
2007-02-01 18:35:14 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
Versions affected: 0.10.14 to 0.99.4
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
[5]CVE-2007-0457
|
|
|
|
|
|
|
|
o On some systems, the LLT dissector could crash.
|
|
|
|
|
|
|
|
Versions affected: 0.99.3 to 0.99.4
|
|
|
|
|
|
|
|
[6]CVE-2007-0456
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
The following bugs have been fixed:
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o On Windows systems the packet list scroll bar could sometimes
|
2007-02-01 18:35:14 +00:00
|
|
|
disappear or become unusable. ([7]Bug 220)
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o The end of HTTP chunked encoding wasn't being displayed.
|
2007-02-01 18:35:14 +00:00
|
|
|
([8]Bug 646)
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o The Follow TCP Stream window could omit characters. ([9]Bug
|
2007-01-24 19:27:49 +00:00
|
|
|
1043)
|
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o Opening a flow graph could crash Wireshark. ([10]Bug 1117)
|
2007-01-24 19:27:49 +00:00
|
|
|
|
|
|
|
o Follow TCP Stream would sometimes get the direction wrong.
|
2007-02-01 18:35:14 +00:00
|
|
|
([11]Bug 1138)
|
2007-01-24 19:27:49 +00:00
|
|
|
|
|
|
|
o The foreground text in the coloring rules editor was always
|
2007-02-01 18:35:14 +00:00
|
|
|
black.. ([12]Bug 1164)
|
2007-01-24 19:27:49 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o The CSV export format was incorrect. ([13]Bug 1173)
|
2007-01-24 19:27:49 +00:00
|
|
|
|
|
|
|
o On some Windows systems Wireshark could take a long time to
|
|
|
|
start up.
|
|
|
|
|
|
|
|
o Malformed UDLD packets could cause an exception.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o The ISUP statistics report could overflow a buffer and crash
|
|
|
|
when displaying IPv6 addresses.
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
New and Updated Features
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
The following features are new (or have been significantly
|
|
|
|
updated) since the last release:
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o We are now offering Wireshark as a [14]U3 package for Windows.
|
|
|
|
U3 packages are suitable for using on USB drives and CD-ROMs.
|
|
|
|
It's still experimental, but you're welcome to try it out and
|
2007-01-24 19:27:49 +00:00
|
|
|
report any problems or successes.
|
|
|
|
|
|
|
|
o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
|
|
|
|
TDS / MS SQL dissector now de-obfuscates passwords.
|
|
|
|
|
|
|
|
o 64-bit file handling has been improved.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o The Find function now selects the corresponding packet detail
|
|
|
|
item. Find functionality has been added to the TCP and SSL
|
|
|
|
stream dialogs.
|
2006-08-24 16:29:49 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
o Main window keyboard navigation has been improved.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o Windows file dialogs now show the "places" bar (Desktop, My
|
|
|
|
Documents, My Computer, My Network Places, etc). File dialogs
|
|
|
|
now default to "My Documents" in accordance with Microsoft's
|
|
|
|
HIG.
|
2007-01-24 19:27:49 +00:00
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
o [15]AirPcap support (which provides raw mode capture under
|
2007-01-24 19:27:49 +00:00
|
|
|
Windows) has been enhanced to allow capturing on multiple
|
|
|
|
AirPcap adapters simultaneously.
|
|
|
|
|
|
|
|
o You can no longer install Wireshark on Windows 95, 98, or ME.
|
|
|
|
(OK, so it's not a feature per se, but it's an important
|
2007-02-01 18:35:14 +00:00
|
|
|
change). The last version known to work on these systems is
|
|
|
|
[16]Ethereal 0.99.0.
|
2007-01-24 19:27:49 +00:00
|
|
|
|
|
|
|
o ASN.1 BER-encoded files can now be dissected according to a
|
|
|
|
user-specified syntax.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
New Protocol Support
|
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
|
|
|
|
v2
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Updated Protocol Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
|
|
|
|
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
|
|
|
|
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
|
|
|
|
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
|
|
|
|
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
|
|
|
|
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
|
|
|
|
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
|
|
|
|
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
|
|
|
|
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
|
|
|
|
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
|
|
|
|
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
|
|
|
|
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
New and Updated Capture File Support
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2007-01-24 19:27:49 +00:00
|
|
|
Catapult DCT2000, Netttl, Windows Sniffer / NetXray
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Getting Wireshark
|
2005-12-28 16:19:31 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Wireshark source code and installation packages are available from
|
2007-02-01 18:35:14 +00:00
|
|
|
the [17]download page on the main web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
Vendor-supplied Packages
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages.
|
2007-01-24 19:27:49 +00:00
|
|
|
You can usually install or upgrade Wireshark using the package
|
|
|
|
management system specific to that platform. A list of third-party
|
2007-02-01 18:35:14 +00:00
|
|
|
packages can be found on the [18]download page on the Wireshark
|
2007-01-24 19:27:49 +00:00
|
|
|
web site.
|
2005-12-28 16:19:31 +00:00
|
|
|
|
|
|
|
File Locations
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Wireshark and TShark look in several different locations for
|
2005-12-28 16:19:31 +00:00
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
These locations vary from platform to platform. You can use
|
|
|
|
About->Folders to find the default locations on your system.
|
|
|
|
|
|
|
|
Known Problems
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
The Filter button is nonfunctional in the file dialogs under
|
2007-02-01 18:35:14 +00:00
|
|
|
Windows. ([19]Bug 942)
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Getting Help
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Community support is available on the wireshark-users mailing
|
|
|
|
list. Subscription information and archives for all of Wireshark's
|
2007-02-01 18:35:14 +00:00
|
|
|
mailing lists can be found on [20]the web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
Commercial support, training, and development services are
|
2007-02-01 18:35:14 +00:00
|
|
|
available from [21]CACE Technologies.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
Frequently Asked Questions
|
|
|
|
|
2007-02-01 18:35:14 +00:00
|
|
|
A complete FAQ is available on the [22]Wireshark web site.
|
2005-10-14 21:39:33 +00:00
|
|
|
|
|
|
|
References
|
|
|
|
|
|
|
|
Visible links
|
2007-01-24 19:27:49 +00:00
|
|
|
1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
|
2007-02-01 18:35:14 +00:00
|
|
|
2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200
|
|
|
|
3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
|
|
|
|
4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
|
|
|
|
5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
|
|
|
|
6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
|
|
|
|
7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
|
|
|
|
8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
|
|
|
|
9. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
|
|
|
|
10. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
|
|
|
|
11. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
|
|
|
|
12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
|
|
|
|
13. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
|
|
|
|
14. http://www.u3.com/
|
|
|
|
15. http://www.cacetech.com/products/airpcap.htm
|
2007-02-01 20:31:59 +00:00
|
|
|
16. http://www.ethereal.com/
|
2007-02-01 18:35:14 +00:00
|
|
|
17. http://www.wireshark.org/download.html
|
|
|
|
18. http://www.wireshark.org/download.html#otherplat
|
|
|
|
19. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
|
|
|
|
20. http://www.wireshark.org/lists/
|
|
|
|
21. http://www.cacetech.com/
|
|
|
|
22. http://www.wireshark.org/faq.html
|