2005-07-28 14:29:19 +00:00
|
|
|
<?xml version="1.0"?>
|
2006-03-17 22:59:24 +00:00
|
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
2005-07-28 14:29:19 +00:00
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
|
2005-08-02 06:39:04 +00:00
|
|
|
<!-- $Id$ -->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<!--
|
|
|
|
DOCUMENT SECTION
|
|
|
|
-Use this section to encode all document information
|
|
|
|
-->
|
|
|
|
|
|
|
|
<!--
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark Info
|
2005-07-28 14:29:19 +00:00
|
|
|
-->
|
2006-12-12 22:24:18 +00:00
|
|
|
<!ENTITY WiresharkCurrentVersion "0.99.5">
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
]>
|
|
|
|
|
|
|
|
<article>
|
2006-06-06 13:04:30 +00:00
|
|
|
<title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="WhatIs"><title>What is Wireshark?</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2006-05-22 08:14:01 +00:00
|
|
|
Wireshark is the world's most popular network protocol analyzer. It
|
2005-07-28 14:29:19 +00:00
|
|
|
is used for troubleshooting, analysis, development, and education.
|
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="WhatsNew"><title>What's New</title>
|
2005-10-12 16:17:03 +00:00
|
|
|
<section><title>Bug Fixes</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2005-10-26 14:27:12 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
The following vulnerabilities have been fixed. See the
|
|
|
|
<ulink url="http://www.wireshark.org/security/wnpa-sec-2006-02.html">security advisory</ulink> for details and a workaround.
|
2006-03-17 22:59:24 +00:00
|
|
|
|
2006-05-01 19:21:00 +00:00
|
|
|
<itemizedlist>
|
2006-03-20 20:27:52 +00:00
|
|
|
|
2006-03-22 21:39:32 +00:00
|
|
|
<listitem><para>
|
2006-12-12 22:24:18 +00:00
|
|
|
TCP reassembly could crash.
|
|
|
|
<!-- Fixed in ? -->
|
|
|
|
<!-- Bug IDs: ? -->
|
|
|
|
Versions affected: ?
|
2006-08-24 16:29:49 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
<listitem><para>
|
2006-12-12 22:24:18 +00:00
|
|
|
On some systems, the IEEE 802.11 dissector could crash.
|
|
|
|
<!-- Fixed in 20126 -->
|
2006-10-14 00:31:35 +00:00
|
|
|
<!-- Bug IDs: None -->
|
2006-12-12 22:24:18 +00:00
|
|
|
Versions affected: ?
|
2006-10-14 00:31:35 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</itemizedlist>
|
2006-08-15 20:54:51 +00:00
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
2006-03-07 19:53:57 +00:00
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
<para>
|
|
|
|
|
|
|
|
The following bugs have been fixed:
|
|
|
|
|
|
|
|
<itemizedlist>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
<listitem><para>
|
|
|
|
The file set dialog could grow excessively large.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=331">Bug
|
|
|
|
331</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
2006-10-11 23:53:19 +00:00
|
|
|
<listitem><para>
|
|
|
|
Trying to save flow data may crash Wireshark.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=396">Bug
|
|
|
|
396</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
It may not be possible to re-order coloring rules under Windows.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=699">Bug
|
|
|
|
699</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
<listitem><para>
|
|
|
|
Printing each packet to a new page didn't work under Windows.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=707">Bug
|
|
|
|
707</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
The personal hosts configuration file wasn't being parsed correctly.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=795">Bug
|
|
|
|
795</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
"Save as" to an existing file wasn't allowed.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=927">Bug
|
|
|
|
927</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
The SNMP dissector was not handling 64-bit counters properly.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1047">Bug
|
|
|
|
1047</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
Wireshark and TShark would fail to start under Windows while trying to acquire a crypto context.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1096">Bug
|
|
|
|
1096</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
Invalid characters could show up in PDML output.
|
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1110">Bug
|
|
|
|
1110</ulink>)
|
|
|
|
</para></listitem>
|
|
|
|
|
2006-08-24 16:29:49 +00:00
|
|
|
</itemizedlist>
|
|
|
|
</para>
|
|
|
|
|
2005-10-14 18:50:25 +00:00
|
|
|
</section>
|
2005-09-06 22:07:35 +00:00
|
|
|
|
2005-08-17 22:32:40 +00:00
|
|
|
<section><title>New and Updated Features</title>
|
|
|
|
<para>
|
2005-10-14 16:00:04 +00:00
|
|
|
The following features are new (or have been significantly updated)
|
|
|
|
since the last release:
|
2006-01-27 13:57:18 +00:00
|
|
|
<itemizedlist>
|
2005-08-17 22:32:40 +00:00
|
|
|
|
2006-03-11 18:51:57 +00:00
|
|
|
<listitem><para>
|
2006-08-24 16:29:49 +00:00
|
|
|
<ulink url="http://www.cacetech.com/products/airpcap.htm">AirPcap</ulink>,
|
2006-10-10 21:15:19 +00:00
|
|
|
support (which provides raw mode capture under Windows) has been
|
2006-10-19 00:48:03 +00:00
|
|
|
enhanced to allow capturing on multiple AirPcap adapters
|
|
|
|
simultaneously using the Multi-Channel Aggregator.
|
2006-10-12 07:52:24 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
2006-10-14 00:31:35 +00:00
|
|
|
VoIP call playback has been enhanced. If Wireshark is linked with
|
|
|
|
the PortAudio library, you can play back G.711 conversations. This
|
|
|
|
feature is present in the standard Windows installer.
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
The capture interface dialog display has been enhanced.
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
The "Save" button has been removed from the "Ok" / "Apply" / "Cancel"
|
|
|
|
button group in the following dialogs:
|
|
|
|
<itemizedlist>
|
|
|
|
<listitem><para>Edit/Preferences</para></listitem>
|
|
|
|
<listitem><para>View/Coloring Rules</para></listitem>
|
|
|
|
<listitem><para>Capture/Capture Filters</para></listitem>
|
|
|
|
<listitem><para>Analyze/Display Filters</para></listitem>
|
|
|
|
<listitem><para>"Analyze/Enabled Protocols</para></listitem>
|
|
|
|
</itemizedlist>
|
|
|
|
If you're fond of the "Save" button it can be resurrected in the
|
|
|
|
User Interface preferences.
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
|
|
|
Reading from stdin ("-i -") now works under Windows.
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
2006-10-16 03:46:11 +00:00
|
|
|
Expert analysis has been improved.
|
|
|
|
</para></listitem>
|
|
|
|
|
|
|
|
<listitem><para>
|
2006-10-16 20:42:32 +00:00
|
|
|
Wireshark now supports USB as a media type. If you're running a
|
|
|
|
Linux distribution with version 2.6.11 of the kernel or greater
|
2006-10-17 15:41:08 +00:00
|
|
|
<emphasis>and</emphasis> you have the usbmon module enabled <emphasis>and</emphasis>
|
2006-10-16 20:42:32 +00:00
|
|
|
you have a recent CVS version of libpcap (post-0.9.5) installed
|
|
|
|
you can also do live captures. More details can be found at the
|
|
|
|
<ulink url="http://wiki.wireshark.org/CaptureSetup/USB">USB
|
|
|
|
capture setup</ulink> page on the wiki.
|
2006-08-24 16:29:49 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
2006-10-18 17:55:29 +00:00
|
|
|
<listitem><para>
|
|
|
|
The number of WEP keys that the user can specify in the IEEE 802.11
|
|
|
|
protocol preferences has been increased from 4 to 64.
|
|
|
|
</para></listitem>
|
|
|
|
|
2006-01-27 13:57:18 +00:00
|
|
|
</itemizedlist>
|
2005-08-17 22:32:40 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
2005-10-12 16:17:03 +00:00
|
|
|
|
|
|
|
<section><title>New Protocol Support</title>
|
|
|
|
<para>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
Enea LINX,
|
|
|
|
Ethernet Powerlink (v1 and v2),
|
|
|
|
H.248 Q.1950 Annex A,
|
|
|
|
Linux pktgen,
|
|
|
|
MP2T,
|
|
|
|
NEWMAIL,
|
|
|
|
PNG,
|
|
|
|
SCSI OSD,
|
|
|
|
UDLD,
|
|
|
|
UMTS FP,
|
|
|
|
USB,
|
|
|
|
WLCCP,
|
|
|
|
WZCSVC,
|
2006-08-24 16:29:49 +00:00
|
|
|
|
2005-10-12 16:17:03 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><title>Updated Protocol Support</title> <para>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
3Com NJACK,
|
|
|
|
802.11,
|
|
|
|
ACSE,
|
|
|
|
AH,
|
|
|
|
ALCAP,
|
|
|
|
ANSI MAP,
|
|
|
|
ATM,
|
|
|
|
ASN.1,
|
|
|
|
BACapp,
|
|
|
|
BER,
|
|
|
|
BGP,
|
|
|
|
BSSAP,
|
|
|
|
Camel,
|
|
|
|
Catapult DCT2000,
|
|
|
|
CFlow,
|
|
|
|
CLNP,
|
|
|
|
Common Windows networking,
|
|
|
|
DAP,
|
|
|
|
DCERPC (DCERPC, ATSVC, DFS, EFS, EPM, EVENTLOG, INITSHUTDOWN, MAPI, NT, PIPE, SAMR, SPOOLSS, SRVSVC, SVCCTL, WINREG),
|
|
|
|
DCOM (DCOM, CBA-ACCO, SYSACT),
|
|
|
|
DIAMETER,
|
|
|
|
DISP,
|
|
|
|
DNS,
|
|
|
|
DOP,
|
|
|
|
DSP,
|
|
|
|
ESP,
|
|
|
|
Ethernet,
|
2006-10-16 03:46:11 +00:00
|
|
|
FC,
|
|
|
|
FCP,
|
2006-10-14 00:31:35 +00:00
|
|
|
GSM A,
|
|
|
|
GSM MAP,
|
|
|
|
GSM SMS,
|
|
|
|
GSSAPI,
|
|
|
|
GTP,
|
|
|
|
H.225,
|
|
|
|
H.245,
|
|
|
|
H.248,
|
|
|
|
HTTP,
|
|
|
|
ICQ,
|
|
|
|
IKE,
|
|
|
|
ISAKMP,
|
|
|
|
iSCSI,
|
|
|
|
ISUP,
|
|
|
|
IUUP,
|
|
|
|
Kerberos 4,
|
|
|
|
LAP-D,
|
|
|
|
LDAP,
|
|
|
|
LLC,
|
|
|
|
LogotypeCertExtn,
|
|
|
|
MEGACO,
|
|
|
|
MIME Multipart,
|
|
|
|
MIP6,
|
|
|
|
MMS,
|
|
|
|
MSRP,
|
|
|
|
MTP3,
|
|
|
|
NCP,
|
|
|
|
NDMP,
|
2006-10-16 03:46:11 +00:00
|
|
|
NDPS,
|
2006-10-14 00:31:35 +00:00
|
|
|
NFS,
|
|
|
|
NTP,
|
|
|
|
OSI,
|
|
|
|
PER,
|
|
|
|
PN-MRP,
|
|
|
|
PPP,
|
|
|
|
19154Q.931,
|
|
|
|
RADIUS,
|
|
|
|
Redback,
|
|
|
|
RPC,
|
|
|
|
RTCP,
|
|
|
|
RTP,
|
|
|
|
SCCP,
|
|
|
|
SCSI,
|
|
|
|
SDP,
|
|
|
|
SIP,
|
|
|
|
SMB,
|
|
|
|
SMRSE,
|
|
|
|
SNMP,
|
|
|
|
SSL,
|
|
|
|
STANAG 5066,
|
|
|
|
STP,
|
|
|
|
TCAP,
|
|
|
|
TCP,
|
|
|
|
TFTP,
|
|
|
|
TIPC,
|
|
|
|
UDP,
|
|
|
|
UMA,
|
2006-10-16 03:46:11 +00:00
|
|
|
VLAN,
|
2006-10-14 00:31:35 +00:00
|
|
|
VNC,
|
|
|
|
VRRP,
|
|
|
|
X.509ce
|
|
|
|
X11,
|
|
|
|
YMSG,
|
|
|
|
WTLS,
|
2006-08-24 16:29:49 +00:00
|
|
|
|
|
|
|
|
2005-10-12 16:17:03 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section><title>New and Updated Capture File Support</title>
|
|
|
|
<para>
|
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
Catapult DCT2000, EyeSDN, iSeries
|
2006-10-10 21:15:19 +00:00
|
|
|
|
2006-10-14 00:31:35 +00:00
|
|
|
</para>
|
2005-10-12 16:17:03 +00:00
|
|
|
</section>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="GettingWireshark"><title>Getting Wireshark</title>
|
2006-08-15 20:54:51 +00:00
|
|
|
<para>
|
|
|
|
Wireshark source code and installation packages are available from
|
|
|
|
the <ulink url="http://www.wireshark.org/download.html">download
|
|
|
|
page</ulink> on the main web site.
|
|
|
|
</para>
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<section><title>Vendor-supplied Packages</title>
|
|
|
|
<para>
|
2006-06-06 13:04:30 +00:00
|
|
|
Most Linux and Unix vendors supply their own Wireshark packages.
|
2006-10-10 21:15:19 +00:00
|
|
|
You can usually install or upgrade Wireshark using the package management
|
2005-10-14 16:00:04 +00:00
|
|
|
system specific to that platform. A list of third-party packages
|
2006-10-10 21:15:19 +00:00
|
|
|
can be found on the
|
|
|
|
<ulink url="http://www.wireshark.org/download.html#otherplat">download page</ulink> on the Wireshark web site.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</section>
|
|
|
|
|
2006-03-17 22:59:24 +00:00
|
|
|
<!-- XXX needs to be written
|
2006-06-06 13:04:30 +00:00
|
|
|
<section id="RemovingWireshark"><title>Removing Wireshark</title>
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
|
|
|
</para>
|
|
|
|
</section>
|
2005-09-21 14:20:43 +00:00
|
|
|
-->
|
2005-07-28 14:29:19 +00:00
|
|
|
|
|
|
|
<section id="FileLocations"><title>File Locations</title>
|
|
|
|
<para>
|
2006-06-06 13:04:30 +00:00
|
|
|
Wireshark and TShark look in several different locations for
|
2005-09-06 19:21:48 +00:00
|
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
|
|
These locations vary from platform to platform. You can use
|
|
|
|
About->Folders to find the default locations on your system.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="KnownProblems"><title>Known Problems</title>
|
2006-03-20 20:27:52 +00:00
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
<para>
|
2006-03-20 20:27:52 +00:00
|
|
|
On Windows systems the packet list scroll bar can sometimes disappear
|
|
|
|
or become unusable. Until the problem is fixed you can work around it
|
|
|
|
by resizing the packet list or the main window.
|
2006-05-31 19:12:15 +00:00
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220">Bug
|
2006-08-24 16:29:49 +00:00
|
|
|
220</ulink>)
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
2006-03-20 20:27:52 +00:00
|
|
|
|
|
|
|
<para>
|
2006-03-22 21:39:32 +00:00
|
|
|
The <guibutton>Filter</guibutton> button is nonfunctional in the
|
2006-03-20 20:27:52 +00:00
|
|
|
file dialogs under Windows.
|
2006-08-24 16:29:49 +00:00
|
|
|
(<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942">Bug
|
|
|
|
942</ulink>)
|
2006-03-20 20:27:52 +00:00
|
|
|
</para>
|
|
|
|
|
2005-07-28 14:29:19 +00:00
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="GettingHelp"><title>Getting Help</title>
|
|
|
|
<para>
|
2006-05-31 19:12:15 +00:00
|
|
|
Community support is available on the wireshark-users mailing list.
|
2006-06-06 13:04:30 +00:00
|
|
|
Subscription information and archives for all of Wireshark's mailing
|
2006-05-31 19:12:15 +00:00
|
|
|
lists can be found on <ulink url="http://www.wireshark.org/lists/">the
|
2006-06-06 13:04:30 +00:00
|
|
|
web site</ulink>.
|
2005-09-21 14:20:43 +00:00
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
Commercial support, training, and development services are available
|
2006-06-06 13:04:30 +00:00
|
|
|
from <ulink url="http://www.cacetech.com/">CACE Technologies</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
<section id="FAQ"><title>Frequently Asked Questions</title>
|
|
|
|
<para>
|
2005-09-21 14:20:43 +00:00
|
|
|
A complete FAQ is available on the
|
2006-06-06 13:04:30 +00:00
|
|
|
<ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.
|
2005-07-28 14:29:19 +00:00
|
|
|
</para>
|
|
|
|
</section>
|
|
|
|
|
|
|
|
</article>
|