6075ec39fb
svn path=/trunk/; revision=18207
1913 lines
54 KiB
Text
1913 lines
54 KiB
Text
$Id$
|
|
|
|
== December 27, 2005
|
|
|
|
Ethereal 0.10.14 has been released.
|
|
|
|
Bug Fixes
|
|
|
|
Three security vulnerabilities have been fixed since the previous
|
|
release. See the [1]application advisory for more details.
|
|
|
|
o The IRC dissector could go into an infinite loop. Versions
|
|
affected: 0.10.13.
|
|
|
|
o The GTP dissector could go into an infinite loop. Versions
|
|
affected: 0.9.1 to 0.10.13.
|
|
|
|
o iDefense found a buffer overflow in the OSPF dissector.
|
|
Versions affected: 0.8.20 to 0.10.13.
|
|
|
|
New and Updated Features
|
|
|
|
The following features are new (or have been significantly
|
|
updated) since the last release:
|
|
|
|
o The Windows installer now ships with GTK+ 2.6 instead of GTK+
|
|
2.4. This should fix several long-standing bugs.
|
|
|
|
o If you're loading a saved capture file and press "Cancel",
|
|
Ethereal will now display the packets read up to that point.
|
|
In previous versions, Ethereal would abort the attempt
|
|
completely and clear the packet list.
|
|
|
|
This means that if you're loding a huge capture file, you can
|
|
stop loading in the middle and still be able to analyze part
|
|
of the file.
|
|
|
|
o The maximum number of files allowed in a ring buffer has been
|
|
increased from 1024 to 10,000.
|
|
|
|
o OID to name resolution has been improved.
|
|
|
|
o TCP graphs now handle upper and lower bounds better.
|
|
|
|
New Protocol Support
|
|
|
|
3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB,
|
|
NBAP, NCP SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC,
|
|
UDP-Lite, X.501
|
|
|
|
Updated Protocol Support
|
|
|
|
ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL,
|
|
CMP, CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN,
|
|
NT, WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric,
|
|
FC-DNS, FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235,
|
|
H.245, H.248, H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6,
|
|
IRC, ISIS LSP, ISUP, IUUP, Juniper, LLDP, M3UA, MIP, MIPv6,
|
|
Modbus/TCP, MTP3, NCP, NDPS, NDS, NEMO, NMAS, NTLMSSP, OSPF, PER,
|
|
PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931, RADIUS, RANAP, RDT, RLOGIN,
|
|
RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP, SCTP, SES, SIP, SMB,
|
|
SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication, X.411, X.420,
|
|
X.509
|
|
|
|
New and Updated Capture File Support
|
|
|
|
DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces,
|
|
Tektronix K12
|
|
|
|
Getting Ethereal
|
|
|
|
Microsoft Windows
|
|
|
|
Download ethereal-setup-0.10.14.exe from the [2]Windows download
|
|
area on the main web site. Double-click the installer executable.
|
|
|
|
Sun Solaris
|
|
|
|
Download the appropriate package from the [3]Solaris download area
|
|
on the main web site. Uncompress the package using bzip2, and
|
|
install it using pkgadd.
|
|
|
|
Source Code
|
|
|
|
Download ethereal-0.10.14.tar.gz from the [4]main download area on
|
|
the web site. Extract the package using tar and gzip. Run
|
|
"configure ; make ; make install".
|
|
|
|
Vendor-supplied Packages
|
|
|
|
Most Linux and Unix vendors supply their own Ethereal packages.
|
|
You can install or upgrade Ethereal using the package management
|
|
system specific to that platform. A list of third-party packages
|
|
can be found on the [5]download page on the Wireshark web site.
|
|
|
|
File Locations
|
|
|
|
Ethereal and Tethereal look in several different locations for
|
|
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
|
|
These locations vary from platform to platform. You can use
|
|
About->Folders to find the default locations on your system.
|
|
|
|
Known Problems
|
|
|
|
On Windows systems the packet list scroll bar can sometimes
|
|
disappear or become unusable. Until the problem is fixed you can
|
|
work around it by resizing the packet list or the main window.
|
|
([6]Bug #220)
|
|
|
|
Getting Help
|
|
|
|
Community support is available on the ethereal-users mailing list.
|
|
Subscription information and archives for all of Ethereal's
|
|
mailing lists can be found on [7]the web site. There is also an
|
|
[8]IRC channel dedicated to Ethereal.
|
|
|
|
Commercial support, training, and development services are
|
|
available from [9]Ethereal Software.
|
|
|
|
Frequently Asked Questions
|
|
|
|
A complete FAQ is available on the [10]Ethereal web site.
|
|
|
|
References
|
|
|
|
Visible links
|
|
1. http://www.ethereal.com/appnotes/enpa-sa-00022.html
|
|
2. http://www.ethereal.com/docs/distribution/win32/
|
|
3. http://www.ethereal.com/docs/distribution/solaris/
|
|
4. http://www.ethereal.com/docs/distribution/
|
|
5. http://www.ethereal.com/download.html#otherplat
|
|
6. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
|
|
7. http://www.ethereal.com/lists/
|
|
8. irc://irc.freenode.net/ethereal
|
|
9. http://www.etherealsoft.com/
|
|
10. http://www.ethereal.com/faq.html
|
|
|
|
== October 17, 2005
|
|
|
|
Ethereal 0.10.13 has been released.
|
|
|
|
Bug Fixes
|
|
|
|
Several security vulnerabilities have been fixed since the previous
|
|
release. See the [1]application advisory for more details.
|
|
|
|
o The ISAKMP dissector could exhaust system memory. Versions affected:
|
|
0.10.11 to 0.10.12.
|
|
|
|
o The FC-FCS dissector could exhaust system memory. Versions affected:
|
|
0.9.0 to 0.10.12.
|
|
|
|
o The RSVP dissector could exhaust system memory. Versions affected:
|
|
0.9.4 to 0.10.12.
|
|
|
|
o The ISIS LSP dissector could exhaust system memory. Versions affected:
|
|
0.8.18 to 0.10.12.
|
|
|
|
o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
|
|
|
|
o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
|
|
to 0.10.12.
|
|
|
|
o The BER dissector was susceptible to an infinite loop. Versions
|
|
affected: 0.10.3 to 0.10.12.
|
|
|
|
o The SCSI dissector could dereference a null pointer and crash.
|
|
Versions affected: 0.10.3 to 0.10.12.
|
|
|
|
o If the "Dissect unknown RPC program numbers" option was enabled, the
|
|
ONC RPC dissector might be able to exhaust system memory. This option
|
|
is disabled by default. Versions affected: 0.7.7 to 0.10.12.
|
|
|
|
o The sFlow dissector could dereference a null pointer and crash.
|
|
Versions affected: 0.9.14 to 0.10.12.
|
|
|
|
o The RTnet dissector could dereference a null pointer and crash.
|
|
Versions affected: 0.10.8 to 0.10.12.
|
|
|
|
o The SigComp UDVM could go into an infinite loop or crash. Versions
|
|
affected: 0.10.12.
|
|
|
|
o If SMB transaction payload reassembly is enabled the SMB dissector
|
|
could crash. This preference is disabled by default. Versions
|
|
affected: 0.9.7 to 0.10.12.
|
|
|
|
o The X11 dissector could attempt to divide by zero. Versions affected:
|
|
0.10.1 to 0.10.12.
|
|
|
|
o The AgentX dissector could overflow a buffer. Versions affected:
|
|
0.10.10 to 0.10.12.
|
|
|
|
o The WSP dissector could free an invalid pointer. Versions affected:
|
|
0.10.1 to 0.10.12.
|
|
|
|
o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
|
|
affected: 0.10.0 to 0.10.12.
|
|
|
|
When trying to save a flow graph, Ethereal could crash.
|
|
|
|
When viewing protocol hierarchy statistics, Ethereal and Tethereal could
|
|
crash.
|
|
|
|
The PCRE library that ships with the Windows installer has been upgraded
|
|
from version 4.4 to 6.3 in response to a [2]security vulnerability.
|
|
|
|
New and Updated Features
|
|
|
|
The following features are new (or have been significantly updated) since
|
|
the last release:
|
|
|
|
o The timestamp display precision of the Packet List can be adjusted
|
|
now. The precision will be automatically adjusted depending on the
|
|
file format loaded, e.g. libpcap typically uses microsecond resolution
|
|
displayed like "0.000000". In addition you can adjust the precision
|
|
manually through the View/Time Display Format menu items.
|
|
|
|
o The WinPcap version 3.1 installer was released since the last Ethereal
|
|
release. The version included in the Wireshark Windows installer has
|
|
been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap
|
|
separately or install a different version you can download it from:
|
|
[3]the WinPcap web site.
|
|
|
|
o The behavior of the display filter "ip.checksum_bad" has changed.
|
|
Instead of merely checking for its presence you must now make sure it
|
|
is set, e.g. instead of using "ip.checksum_bad" you must now use
|
|
"ip.checksum_bad == 1".
|
|
|
|
o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
|
|
It is very similar to the common libpcap file format but is capable of
|
|
keeping nanosecond resolution timestamps. This format is currently
|
|
supported only by Wireshark.
|
|
|
|
o Ethereal's memory managment has been greatly improved.
|
|
|
|
o Ethereal can now save gzip-compressed capture files.
|
|
|
|
New Protocol Support
|
|
|
|
CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS
|
|
Replication, X.411, X.420
|
|
|
|
Updated Protocol Support
|
|
|
|
802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13,
|
|
ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP,
|
|
AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP,
|
|
BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS,
|
|
DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR,
|
|
SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT,
|
|
FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP,
|
|
H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2,
|
|
IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC,
|
|
IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12,
|
|
Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO,
|
|
MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS,
|
|
OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP,
|
|
RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow,
|
|
SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN,
|
|
T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25,
|
|
X.509, XML, YMSG
|
|
|
|
New and Updated Capture File Support
|
|
|
|
5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows
|
|
Sniffer, Tektronix K12
|
|
|
|
Getting Ethereal
|
|
|
|
Microsoft Windows
|
|
|
|
Download ethereal-setup-0.10.13.exe from the [4]Windows download area on
|
|
the main web site. Double-click the installer executable.
|
|
|
|
Sun Solaris
|
|
|
|
Download the appropriate package from the [5]Solaris download area on the
|
|
main web site. Uncompress the package using bzip2, and install it using
|
|
pkgadd.
|
|
|
|
Source Code
|
|
|
|
Download ethereal-0.10.13.tar.gz from the [6]main download area on the web
|
|
site. Extract the package using tar and gzip. Run "configure ; make ; make
|
|
install".
|
|
|
|
Vendor-supplied Packages
|
|
|
|
Most Linux and Unix vendors supply their own Ethereal packages. You can
|
|
install or upgrade Ethereal using the package management system specific
|
|
to that platform. A list of third-party packages can be found on the
|
|
[7]download page on the Wireshark web site.
|
|
|
|
File Locations
|
|
|
|
Ethereal and Tethereal look in several different locations for preference
|
|
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
|
|
from platform to platform. You can use About->Folders to find the default
|
|
locations on your system.
|
|
|
|
Known Problems
|
|
|
|
On Windows systems the packet list scroll bar can sometimes disappear or
|
|
become unusable. Until the problem is fixed you can work around it by
|
|
resizing the packet list or the main window. ([8]Bug #220)
|
|
|
|
Getting Help
|
|
|
|
Community support is available on the ethereal-users mailing list.
|
|
Subscription information and archives for all of Ethereal's mailing lists
|
|
can be found on [9]the web site. There is also an [10]IRC channel
|
|
dedicated to Ethereal.
|
|
|
|
Commercial support, training, and development services are available from
|
|
[11]Ethereal Software.
|
|
|
|
Frequently Asked Questions
|
|
|
|
A complete FAQ is available on the [12]Ethereal web site.
|
|
|
|
References
|
|
|
|
Visible links
|
|
1. http://www.ethereal.com/appnotes/enpa-sa-00021.html
|
|
2. http://www.securityfocus.com/bid/14620
|
|
3. http://www.winpcap.org/
|
|
4. http://www.ethereal.com/docs/distribution/win32/
|
|
5. http://www.ethereal.com/docs/distribution/solaris/
|
|
6. http://www.ethereal.com/docs/distribution/
|
|
7. http://www.ethereal.com/download.html#otherplat
|
|
8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
|
|
9. http://www.ethereal.com/lists/
|
|
10. irc://irc.freenode.net/ethereal
|
|
11. http://www.etherealsoft.com/
|
|
12. http://www.ethereal.com/faq.html
|
|
|
|
== July 26, 2005
|
|
|
|
Ethereal 0.10.12 has been released.
|
|
|
|
Our testing program has turned up several more security issues:
|
|
|
|
The LDAP dissector could free static memory and crash.
|
|
Versions affected: 0.8.5 to 0.10.11
|
|
|
|
The AgentX dissector could crash.
|
|
Versions affected: 0.10.10 to 0.10.11
|
|
|
|
The 802.3 dissector could go into an infinite loop.
|
|
Versions affected: 0.8.16 to 0.10.11
|
|
|
|
The PER dissector could abort.
|
|
Versions affected: 0.10.5 to 0.10.11
|
|
|
|
The DHCP dissector could go into an infinite loop.
|
|
Versions affected: 0.10.7 to 0.10.11
|
|
|
|
The BER dissector could abort or loop infinitely.
|
|
Version affected: 0.10.11
|
|
|
|
The MEGACO dissector could go into an infinite loop.
|
|
Versions affected: 0.9.14 to 0.10.11
|
|
|
|
The GIOP dissector could dereference a null pointer.
|
|
Versions affected: 0.8.20 to 0.10.11
|
|
|
|
The SMB dissector was susceptible to a buffer overflow.
|
|
Versions affected: 0.9.12 to 0.10.11
|
|
|
|
The WBXML could dereference a null pointer.
|
|
Versions affected: 0.10.1 to 0.10.11
|
|
|
|
The H1 dissector could go into an infinite loop.
|
|
Versions affected: 0.8.15 to 0.10.11
|
|
|
|
The DOCSIS dissector could cause a crash.
|
|
Versions affected: 0.9.13 to 0.10.11
|
|
|
|
The SMPP dissector could go into an infinite loop.
|
|
Versions affected: 0.10.1 to 0.10.11
|
|
|
|
SCTP graphs could crash.
|
|
Version affected: 0.10.11
|
|
|
|
The HTTP dissector could crash.
|
|
Versions affected: 0.10.4 to 0.10.11
|
|
|
|
The SMB dissector could go into a large loop.
|
|
Versions affected: 0.9.0 to 0.10.11
|
|
|
|
The DCERPC dissector could crash.
|
|
Versions affected: 0.9.16 to 0.10.11.
|
|
|
|
Several dissectors could crash while reassembling packets.
|
|
Versions affected: 0.9.0 to 0.10.11
|
|
|
|
|
|
Steve Grubb at Red Hat found the following issues:
|
|
|
|
The CAMEL dissector could dereference a null pointer.
|
|
Version affected: 0.10.11
|
|
|
|
The DHCP dissector could crash.
|
|
Versions affected: 0.10.4 to 0.10.11
|
|
|
|
The CAMEL dissector could crash.
|
|
Versions affected: 0.10.10 to 0.10.11
|
|
|
|
The PER dissector could crash.
|
|
Versions affected: 0.10.10 to 0.10.11
|
|
|
|
The RADIUS dissector could crash.
|
|
Versions affected: 0.9.4 to 0.10.11
|
|
|
|
The Telnet dissector could crash.
|
|
Versions affected: 0.9.10 to 0.10.11
|
|
|
|
The IS-IS LSP dissector could crash.
|
|
Versions affected: 0.8.19 to 0.10.11
|
|
|
|
The NCP dissector could crash.
|
|
Versions affected: 0.9.15 to 0.10.11
|
|
|
|
|
|
iDEFENSE found the following issues:
|
|
|
|
Several dissectors were susceptible to a format string overflow.
|
|
Versions affected: 0.9.4 to 0.10.11
|
|
|
|
|
|
Ethereal uses the zlib compression library. Security vulnerabilities
|
|
have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
|
|
now ships with zlib 1.2.3, which fixes these vulnerabilities.
|
|
|
|
|
|
Please see the following advisory for more information:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00020.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
The Windows installer now includes the WinPcap 3.1 beta 4 installer.
|
|
You don't have to download and install it separately.
|
|
|
|
RADIUS dictionaries are now included.
|
|
|
|
A lot of documentation was updated
|
|
|
|
Some command line parameters have changed, see the Wireshark / Tethereal
|
|
manual pages
|
|
|
|
A "File/File Set" submenu was added to better handle multiple files
|
|
(such as ring buffers).
|
|
|
|
Flow graphs can now be created for any protocol.
|
|
|
|
Memory management has been greatly improved.
|
|
|
|
JXTA has been added to the conversations menu.
|
|
|
|
When compiled with MIT/Heimdal Kerberos AND if keytab files are
|
|
provided, Ethereal can now decrypt and dissect both SecureLDAP and
|
|
encrypted DCE/RPC.
|
|
|
|
TCP Sequence graphs should now work for all captures and all
|
|
encapsulation types.
|
|
|
|
|
|
New protocol support
|
|
|
|
ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
|
|
DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
|
|
Synergy, TANGO, WLAN Certificate Extensions
|
|
|
|
|
|
Updated protocol support
|
|
|
|
802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
|
|
Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
|
|
DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
|
|
GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
|
|
H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
|
|
IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
|
|
LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
|
|
PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
|
|
SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
|
|
Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
HP Nettl, Tektronix K12
|
|
|
|
|
|
== May 4, 2005
|
|
|
|
Ethereal 0.10.11 has been released.
|
|
|
|
An aggressive testing program as well as independent discovery has turned
|
|
up a multitude of security issues:
|
|
|
|
The ANSI A dissector was susceptible to format string vulnerabilities.
|
|
Discovered by Bryan Fulton.
|
|
Versions affected: 0.9.15 to 0.10.10
|
|
|
|
The GSM MAP dissector could crash.
|
|
Versions affected: 0.10.0 to 0.10.10
|
|
|
|
The AIM dissector could cause a crash.
|
|
Versions affected: 0.9.14 to 0.10.10
|
|
|
|
The DISTCC dissector was susceptible to a buffer overflow.
|
|
Discovered by Ilja van Sprundel
|
|
Versions affected: 0.9.13 to 0.10.10
|
|
|
|
The FCELS dissector was susceptible to a buffer overflow.
|
|
Discovered by Neil Kettle
|
|
Versions affected: 0.9.9 to 0.10.10
|
|
|
|
The SIP dissector was susceptible to a buffer overflow.
|
|
Discovered by Ejovi Nuwere.
|
|
Versions affected: 0.10.0 to 0.10.10
|
|
|
|
The KINK dissector was susceptible to a null pointer exception,
|
|
endless looping, and other problems.
|
|
Versions affected: 0.10.10
|
|
|
|
The LMP dissector was susceptible to an endless loop.
|
|
Versions affected: 0.9.4 to 0.10.10
|
|
|
|
The Telnet dissector could abort.
|
|
Versions affected: 0.9.10 to 0.10.10
|
|
|
|
The TZSP dissector could cause a segmentation fault.
|
|
Versions affected: 0.10.10 to 0.10.10
|
|
|
|
The WSP dissector was susceptible to a null pointer exception and
|
|
assertions.
|
|
Versions affected: 0.10.0 to 0.10.10
|
|
|
|
The 802.3 Slow protocols dissector could throw an assertion.
|
|
Versions affected: 0.10.10
|
|
|
|
The BER dissector could throw assertions.
|
|
Versions affected: 0.10.2 to 0.10.10
|
|
|
|
The SMB Mailslot dissector was susceptible to a null pointer exception
|
|
and could throw assertions.
|
|
Versions affected: 0.9.0 to 0.10.10
|
|
|
|
The H.245 dissector was susceptible to a null pointer exception.
|
|
Versions affected: 0.10.10
|
|
|
|
The Bittorrent dissector could cause a segmentation fault.
|
|
Versions affected: 0.10.8 to 0.10.10
|
|
|
|
The SMB dissector could cause a segmentation fault and throw assertions.
|
|
Versions affected: 0.9.0 to 0.10.10
|
|
|
|
The Fibre Channel dissector could cause a crash.
|
|
Versions affected: 0.9.9 to 0.10.10
|
|
|
|
The DICOM dissector could attempt to allocate large amounts of memory.
|
|
Versions affected: 0.10.4 to 0.10.10
|
|
|
|
The MGCP dissector was susceptible to a null pointer exception, could
|
|
loop indefinitely, and segfault.
|
|
Versions affected: 0.8.14 to 0.10.10
|
|
|
|
The RSVP dissector could loop indefinitely.
|
|
Versions affected: 0.9.8 to 0.10.10
|
|
|
|
The DHCP dissector was susceptible to format string vulnerabilities, and
|
|
could abort.
|
|
Versions affected: 0.10.7 to 0.10.10
|
|
|
|
The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
|
|
Versions affected: 0.9.8 to 0.10.10
|
|
|
|
The EIGRP dissector could loop indefinitely.
|
|
Versions affected: 0.8.18 to 0.10.10
|
|
|
|
The ISIS dissector could overflow a buffer.
|
|
Versions affected: 0.8.18 to 0.10.10
|
|
|
|
The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
|
|
and X.509 dissectors could overflow buffers.
|
|
Versions affected: 0.10.4 to 0.10.10
|
|
|
|
The NDPS dissector could exhaust system memory or cause an assertion,
|
|
or crash.
|
|
Versions affected: 0.9.12 to 0.10.10
|
|
|
|
The Q.931 dissector could try to free a null pointer and overflow
|
|
a buffer.
|
|
Versions affected: 0.10.10
|
|
|
|
The IAX2 dissector could throw an assertion.
|
|
Versions affected: 0.10.1 to 0.10.10
|
|
|
|
The ICEP dissector could try to free the same memory twice.
|
|
Versions affected: 0.10.7 to 0.10.10
|
|
|
|
The MEGACO dissector was susceptible to an infinite loop and a buffer
|
|
overflow.
|
|
Versions affected: 0.9.14 to 0.10.10
|
|
|
|
The DLSw dissector was susceptible to an infinite loop.
|
|
Versions affected: 0.9.1 to 0.10.10
|
|
|
|
The RPC dissector was susceptible to a null pointer exception.
|
|
Versions affected: 0.9.2 to 0.10.10
|
|
|
|
The NCP dissector could overflow a buffer or loop for a large amount
|
|
of time.
|
|
Versions affected: 0.10.5 to 0.10.10
|
|
|
|
The RADIUS dissector could throw an assertion.
|
|
Versions affected: 0.10.3 to 0.10.10
|
|
|
|
The GSM dissector could access an invalid pointer.
|
|
Versions affected: 0.10.10
|
|
|
|
The SMB PIPE dissector could throw an assertion.
|
|
Versions affected: 0.9.0 to 0.10.10
|
|
|
|
The L2TP dissector was susceptible to an infinite loop.
|
|
Versions affected: 0.10.9 to 0.10.10
|
|
|
|
The SMB NETLOGON dissector could dereference a null pointer.
|
|
Versions affected: 0.9.12 to 0.10.10
|
|
|
|
The MRDISC dissector could throw an assertion.
|
|
Versions affected: 0.8.19 to 0.10.10
|
|
|
|
The ISUP dissector could overflow a buffer or cause a segmentation fault.
|
|
Versions affected: 0.8.19 to 0.10.10
|
|
|
|
The LDAP dissector could crash.
|
|
Versions affected: 0.10.1 to 0.10.10
|
|
|
|
The TCAP dissector could overflow a buffer or throw an assertion.
|
|
Versions affected: 0.10.8 to 0.10.10
|
|
|
|
The NTLMSSP dissector could crash.
|
|
Versions affected: 0.9.7 to 0.10.10
|
|
|
|
|
|
Additionally, a number of dissectors could throw an assertion when
|
|
passing an invalid protocol tree item length.
|
|
Versions affected: 0.10.8 to 0.10.10
|
|
|
|
|
|
Please see the following advisory for more information:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00019.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
|
|
|
|
New protocol support
|
|
|
|
|
|
|
|
Updated protocol support
|
|
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
|
|
|
|
|
|
== March 11, 2005
|
|
|
|
Ethereal 0.10.10 has been released.
|
|
|
|
This release fixes three security and stability-related issues:
|
|
|
|
Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
|
|
(CAN-2005-0704)
|
|
|
|
The GPRS-LLC dissector could crash if the "ignore cipher bit" option
|
|
was enabled. (CAN-2005-0705)
|
|
|
|
Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
|
|
This flaw was later reported by Leon Juranic. (CAN-2005-0699)
|
|
|
|
Leon Juranic discovered a buffer overflow in the IAPP dissector.
|
|
|
|
A bug in the JXTA dissector could make Ethereal crash.
|
|
|
|
A bug in the sFlow dissector could make Ethereal crash.
|
|
|
|
|
|
Please see the following advisory for more information:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00018.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
Tree view item context menus now let you browse to the display filter
|
|
reference and wiki pages for a particular protocol.
|
|
|
|
Online help has been expanded.
|
|
|
|
VoIP call analysis (including nifty connection diagrams) has been
|
|
added.
|
|
|
|
GSS-API decryption has been greatly enhanced.
|
|
|
|
|
|
New protocol support
|
|
|
|
AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
|
|
Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
|
|
|
|
|
|
Updated protocol support
|
|
|
|
3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
|
|
DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
|
|
GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
|
|
IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
|
|
JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
|
|
PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
|
|
SPNEGO, SSL, STUN, TCAP, TCP, TZSP
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
|
|
|
|
|
|
== January 19, 2005
|
|
|
|
Ethereal 0.10.9 has been released.
|
|
|
|
This release fixes the following security-related issues:
|
|
|
|
The COPS dissector could go into an infinite loop. (CAN-2005-0006)
|
|
|
|
The DLSw dissector could cause an assertion, making Ethereal exit
|
|
prematurely. (CAN-2005-0007)
|
|
|
|
The DNP dissector could cause memory corruption. (CAN-2005-0008)
|
|
|
|
The Gnutella dissector could cause an assertion, making Ethereal
|
|
exit prematurely. (CAN-2005-0009)
|
|
|
|
The MMSE dissector could free static memory. (CAN-2005-0010)
|
|
|
|
The X11 protocol dissector is vulnerable to a string buffer overflow.
|
|
(CAN-2005-0084)
|
|
|
|
Please see the following advisory for more information:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00017.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
Ethereal will now detect and flag weak 802.11 WEP IVs.
|
|
|
|
Windows Sniffer timestamp handling has been greatly improved.
|
|
|
|
A bug which made Ethereal crash at startup on Windows 98 and Windows
|
|
ME systems has been fixed.
|
|
|
|
Ethereal and Tethereal now support a personal "hosts" file.
|
|
|
|
Invalid field length handling has been greatly improved.
|
|
|
|
The capture progress window title now shows the interface name.
|
|
|
|
|
|
New protocol support
|
|
|
|
ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
|
|
|
|
Updated protocol support
|
|
|
|
AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
|
|
DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
|
|
FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
|
|
HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
|
|
L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
|
|
NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
|
|
RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
|
|
SSL/TLS, T.38, TACACS, TCAP, TCP, X11
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
Windows Sniffer
|
|
|
|
== December 15, 2004
|
|
|
|
Ethereal 0.10.8 has been released.
|
|
|
|
This release fixes the following security-related issues:
|
|
|
|
Matthew Bing discovered a bug in DICOM dissection that could make
|
|
Ethereal crash. (CAN-2004-1139)
|
|
|
|
An invalid RTP timestamp could make Ethereal hang and create a large
|
|
temporary file, possibly filling available disk space. (CAN-2004-1140)
|
|
|
|
The HTTP dissector could access previously-freed memory, causing a
|
|
crash. (CAN-2004-1141)
|
|
|
|
Brian Caswell discovered that an improperly formatted SMB packet could
|
|
make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
|
|
|
|
Please see the following advisory for more information:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00016.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
Ethereal now has a packet history, similar to most web browsers.
|
|
|
|
Ethereal now supports custom window titles.
|
|
|
|
Minor performance enhancements have been added.
|
|
|
|
RTP analysis has been enhanced.
|
|
|
|
Host name resolution has been improved.
|
|
|
|
Ethereal can now track TCP PDU times. See
|
|
http://wiki.ethereal.com/TcpPduTime for more details.
|
|
|
|
Ethereal now ships with netscreen2dump.py, a utility which converts
|
|
netscreen packet-trace hex dumps to hex dumps that can be read by
|
|
text2pcap.
|
|
|
|
|
|
New protocol support
|
|
|
|
AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
|
|
and Session Management, GSM MAP, Extended Security Services, Logotype
|
|
Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
|
|
Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
|
|
DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
|
|
|
|
|
|
Updated protocol support
|
|
|
|
3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
|
|
CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
|
|
ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
|
|
GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
|
|
ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
|
|
PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
|
|
RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
|
|
SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
|
|
X.509af, X.509ce, X.509if, X.509sat,
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
pppdump
|
|
|
|
|
|
== October 20, 2004
|
|
|
|
Ethereal 0.10.7 has been released.
|
|
|
|
The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
|
|
libraries which fix several known bugs. Unfortunately, a few known
|
|
GLib/GTK+ bugs remain.
|
|
|
|
In order to avoid a naming conflict with the tcpreplay project, the
|
|
"capinfo" utility has been renamed to "capinfos".
|
|
|
|
|
|
New and updated features
|
|
|
|
Search wrapping is now a configurable option.
|
|
|
|
A lot of material has been added to the Developer's Guide. The User's Guide
|
|
has been updated as well.
|
|
|
|
The "Decode As..." dialog now supports DCERPC and SCTP.
|
|
|
|
The "Help" menu now includes a link to the wiki.
|
|
|
|
H.323 call analysis is now supported.
|
|
|
|
|
|
New protocol support
|
|
|
|
Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
|
|
Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
|
|
extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
|
|
|
|
|
|
Updated protocol support
|
|
|
|
AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
|
|
DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
|
|
EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
|
|
ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
|
|
MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
|
|
RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
|
|
SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
HP-UX nettl, NG Sniffer
|
|
|
|
|
|
== August 12, 2004
|
|
|
|
Ethereal 0.10.6 has been released.
|
|
|
|
This release fixes a preferences bug present in Wireshark which displayed
|
|
|
|
(ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
|
|
(gtk_window_resize): assertion `height > 0' failed
|
|
|
|
at program startup. A workaround for 0.10.5 is described in
|
|
|
|
http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
|
|
|
|
A new command-line utility called "capinfo" has been added to the
|
|
distribution which prints statistics about capture files.
|
|
|
|
You can now copy conversation and endpoint data to other applications as
|
|
CSV data.
|
|
|
|
|
|
New and updated features
|
|
|
|
X.509 support has been added.
|
|
|
|
Crash bugs have been fixed in the RTP and NCP dissectors.
|
|
|
|
PostScript(r) output has been improved.
|
|
|
|
A bug that prevented mergecap from creating a new output file has been
|
|
fixed.
|
|
|
|
Conversation and endpoint performance has been enhanced. General packet
|
|
display performance has been enhanced.
|
|
|
|
The conversation and host list tools have been renamed to be less
|
|
confusing.
|
|
|
|
You can now copy conversation and host list data as CSV data.
|
|
|
|
RTP analysis can now dynamically determine the proper clock rate.
|
|
|
|
|
|
New protocol support
|
|
|
|
AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
|
|
X.509AF, X.509CE, X.509IF, X.509SAT
|
|
|
|
|
|
Updated protocol support
|
|
|
|
802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
|
|
ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
|
|
MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
|
|
SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
LANalyzer
|
|
|
|
|
|
== July 7, 2004
|
|
|
|
Ethereal 0.10.5 has been released.
|
|
|
|
|
|
This release fixes bugs in iSNS, SMB, and SNMP, as described in the
|
|
following advisory:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00015.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
Ethereal can now merge multiple files (you don't have to resort to
|
|
mergecap on the command line).
|
|
|
|
A preview pane has been added to the file dialog.
|
|
|
|
The capture progress dialog can now be disabled.
|
|
|
|
The about dialog has received further improvements.
|
|
|
|
The behavior of Ethereal's dialog windows has been normalized somewhat.
|
|
|
|
The Windows installer can now associate standard file extensions
|
|
with Ethereal.
|
|
|
|
Ethereal can be configured not to bug you about unsaved captures.
|
|
|
|
Ethereal can open help documentation using the default web browser.
|
|
|
|
|
|
New protocol support
|
|
|
|
DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
|
|
|
|
|
|
Updated protocol support
|
|
|
|
AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
|
|
NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
|
|
H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
|
|
M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
|
|
RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
|
|
VRRP, WBXML (User-Agent Profile), WSP, X11
|
|
|
|
|
|
New and updated capture file support
|
|
|
|
Radcom
|
|
|
|
|
|
== May 13, 2004
|
|
|
|
Ethereal 0.10.4 has been released.
|
|
|
|
This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
|
|
the following advisory:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00014.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
|
|
selection dialog.
|
|
|
|
Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
|
|
|
|
PostScript(R) output has been improved.
|
|
|
|
The screen layout of the main window can be changed by Preferences now.
|
|
|
|
Many other parts of the user interface have received improvements.
|
|
|
|
Compressed and chunked transfer-coded HTTP bodies are now decoded.
|
|
|
|
A new generic media dissector more cleanly handles HTTP and WSP
|
|
Content-Type information.
|
|
|
|
|
|
New protocol support
|
|
|
|
ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
|
|
IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
|
|
|
|
|
|
Updated protocol support
|
|
|
|
3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
|
|
DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
|
|
FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
|
|
ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
|
|
RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
|
|
Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
|
|
|
|
|
|
Capture file support
|
|
|
|
EyeSDN, nettl
|
|
|
|
|
|
== March 25, 2004
|
|
|
|
Ethereal 0.10.3 has been released.
|
|
|
|
This release fixes several security bugs described in the following
|
|
advisory:
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00013.html
|
|
|
|
Everyone is encouraged to upgrade.
|
|
|
|
|
|
New and updated features
|
|
|
|
Display filters now support the bitwise and (&) operator.
|
|
|
|
Protocol hierarchy statistics now have bandwidth columns.
|
|
|
|
The capture dialog has a new layout.
|
|
|
|
|
|
New protocol support
|
|
|
|
3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
|
|
MQ, Presentation, SLSK,
|
|
|
|
|
|
Updated protocol support
|
|
|
|
802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
|
|
BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
|
|
RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
|
|
FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
|
|
Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
|
|
PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
|
|
SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
|
|
|
|
|
|
Capture file support
|
|
|
|
EyeSDN, libpcap (tcpdump)
|
|
|
|
|
|
== February 23, 2004
|
|
|
|
Ethereal 0.10.2 has been released.
|
|
|
|
This release fixes two major bugs in 0.10.1:
|
|
|
|
Under Windows, the error
|
|
|
|
** WARNING **: error opening
|
|
/usr/local/share/ethereal/asn1/default.tt, No such file or
|
|
directory
|
|
|
|
would be printed at startup.
|
|
|
|
The 0.10.1 source release was missing several files required for
|
|
compiling.
|
|
|
|
|
|
New and updated features
|
|
|
|
The user interface has received further updates. The Statistics
|
|
menu
|
|
layout has been improved, as well as the capture options dialog
|
|
layout.
|
|
|
|
|
|
New protocol support
|
|
|
|
Cisco Cast Client Control Protocol
|
|
|
|
|
|
Updated protocol support
|
|
|
|
AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
|
|
HTTP,
|
|
IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
|
|
TCAP, TDS
|
|
|
|
|
|
== February 18, 2004
|
|
|
|
Ethereal 0.10.1 has been released.
|
|
|
|
|
|
New and updated features
|
|
|
|
The Windows installer now lets you choose between the traditional
|
|
GTK+
|
|
version 1 interface and a new GTK+ 2 interface.
|
|
|
|
Several updates were made to Ethereal's user interface. The "File"
|
|
menu
|
|
now has a "most recently used" list. The help menu was greatly
|
|
expanded.
|
|
|
|
The "matches" operator now handles more data types. For example,
|
|
you can
|
|
now use
|
|
|
|
smtp matches joespammer@example.com
|
|
|
|
as a display filter.
|
|
|
|
I/O statistics now support 1ms resolution.
|
|
|
|
Bug fixes
|
|
|
|
A column resorting crash on the Windows platform was fixed.
|
|
|
|
New protocol support
|
|
|
|
EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
|
|
|
|
Updated protocol support
|
|
|
|
ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
|
|
CLNP,
|
|
COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
|
|
TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
|
|
FC-IP,
|
|
FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
|
|
se),
|
|
GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
|
|
IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
|
|
Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
|
|
IPv6,
|
|
MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
|
|
RADIUS,
|
|
RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
|
|
SNMP,
|
|
SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
|
|
Teredo,
|
|
Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
|
|
|
|
|
|
Updated capture file support
|
|
|
|
DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
|
|
Snoop
|
|
|
|
|
|
== December 12, 2003
|
|
|
|
Ethereal 0.10.0 has been released.
|
|
|
|
This release fixes issues in the SMB and Q.931 dissectors that could
|
|
make Ethereal and Tethereal crash. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00012.html
|
|
|
|
for more details.
|
|
|
|
New and updated features
|
|
|
|
Many performance improvements have been made to the code. Most
|
|
users
|
|
should see a 2x to 3x performance increase when loading and working
|
|
with
|
|
capture files.
|
|
|
|
A "matches" display filter operator has been added. It is similar
|
|
to
|
|
the "contains" operator, but supports Perl-compatible regular
|
|
expressions.
|
|
|
|
Tethereal can now dump packet data in XML (PDML) format.
|
|
|
|
The main application menus have been rearranged and the help windows
|
|
have been revamped, along with a host of other UI enhancements.
|
|
|
|
The capture progress window now features bar graphs.
|
|
|
|
The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
|
|
Windows
|
|
installer have been updated.
|
|
|
|
New protocol support
|
|
|
|
BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
|
|
RS_PROP_ACCT}
|
|
IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
|
|
|
|
Updated protocol support
|
|
|
|
ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
|
|
{DCOM,
|
|
EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
|
|
DTAP,
|
|
ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
|
|
MAP,
|
|
H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
|
|
LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
|
|
RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
|
|
SRVLOC,
|
|
SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
|
|
|
|
|
|
Updated capture file support
|
|
|
|
AiroPeek v9 (2.x) support was added. Network Instruments Observer
|
|
and
|
|
Snoop support was updated.
|
|
|
|
|
|
== November 2, 2003
|
|
|
|
Ethereal 0.9.16 has been released.
|
|
|
|
This release fixes potential security issues with the GTP, ISAKMP,
|
|
MEGACO, and SOCKS dissectors. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00011.html
|
|
|
|
for more details.
|
|
|
|
New and updated features
|
|
|
|
Ethereal has leapt forward into the 90's and added a toolbar.
|
|
|
|
Ethereal and Tethereal can now force the data link type of captured
|
|
frames.
|
|
|
|
RTP analysis has been enhanced.
|
|
|
|
Individual frames can now be marked as time references
|
|
|
|
Service response time and general I/O statistics have been enhanced.
|
|
I/O
|
|
statistics can now calculate client load (experimental).
|
|
|
|
New protocol support
|
|
|
|
ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
|
|
INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
|
|
GSM
|
|
SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
|
|
(OTA), T.38, TCAP, TPCP
|
|
|
|
Updated protocol support
|
|
|
|
AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
|
|
DCE/RPC
|
|
DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
|
|
DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
|
|
Relay,
|
|
FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
|
|
ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
|
|
NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
|
|
RIP,
|
|
RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
|
|
SONMP,
|
|
SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
|
|
X.25, Yahoo! Messenger
|
|
|
|
|
|
Updated capture file support
|
|
|
|
Linux Bluez Bluetooth hcidump support has been added.
|
|
|
|
Endace ERF and Network Instruments Observer, and NetXRay support has
|
|
been enhanced.
|
|
|
|
|
|
== September 9, 2003
|
|
|
|
Ethereal 0.9.15 has been released.
|
|
|
|
New and updated features
|
|
|
|
Many often-requested features have been added with this release. If
|
|
you're running an older version of Ethereal you may want to have a
|
|
look.
|
|
|
|
Conversation List (aka "top talker") support has been added to
|
|
Ethereal
|
|
and Tethereal. Protocol statistics in general have been updated.
|
|
|
|
Searching capture files has been improved even more -- a new
|
|
"contains"
|
|
display filter operator that searches for strings in PDUs has been
|
|
added. The Find dialog now supports case-insensitive searches, hex
|
|
data
|
|
searches, and more.
|
|
|
|
An H.225 dissector has been added. It can automatically recognize
|
|
RTP
|
|
and RTCP conversations.
|
|
|
|
A preference file has been added for disabled protocols.
|
|
|
|
Color filters may now be imported and exported from within Wireshark.
|
|
|
|
A new column type has been added for cumulative bytes.
|
|
|
|
|
|
New protocols
|
|
|
|
GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
|
|
|
|
|
|
Updated protocols
|
|
|
|
ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
|
|
Ethernet,
|
|
FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
|
|
M3UA,
|
|
MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
|
|
SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
|
|
WSP,
|
|
|
|
|
|
Updated capture file support
|
|
|
|
Support for Accellent 5Views and Endace ERF capture files was added.
|
|
CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
|
|
|
|
|
|
== July 23, 2003
|
|
|
|
Ethereal 0.9.14 has been released.
|
|
|
|
New and updated features
|
|
|
|
The ringbuffer code has been (nearly) completely rewritten. It now
|
|
supports an unlimited number of files.
|
|
|
|
Ethereal now supports searching for arbitrary text and binary data
|
|
in
|
|
frames.
|
|
|
|
Service response time statistics have been enhanced.
|
|
|
|
Tethereal, the text-mode version of Ethereal, can now be compiled
|
|
without capture support.
|
|
|
|
|
|
New and updated features
|
|
|
|
Echo, eDonkey, Jabber, MS Messenger, sFlow
|
|
|
|
|
|
Updated protocols
|
|
|
|
AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
|
|
H.245,
|
|
IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
|
|
NDS,
|
|
NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
|
|
SNA,
|
|
SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
|
|
WTP,
|
|
X11, Zebra
|
|
|
|
|
|
Updated capture file support
|
|
|
|
LANalyzer, NetXRay
|
|
|
|
|
|
== June 11, 2003
|
|
|
|
Ethereal 0.9.13 has been released.
|
|
|
|
This release fixes a large number of security issues discovered by
|
|
Timo
|
|
Sirainen and others. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00010.html
|
|
|
|
for more details.
|
|
|
|
New and updated features
|
|
|
|
Ethereal now supports a system-wide color filter file.
|
|
|
|
Support for the GNU ADNS library has been added. ADNS allows
|
|
asynchronous DNS lookups.
|
|
|
|
"Decode As..." functionality has been added to Tethereal via the "-
|
|
d"
|
|
flag.
|
|
|
|
The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
|
|
now
|
|
shown in the protocol tree.
|
|
|
|
New protocols
|
|
|
|
distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
|
|
|
|
Updated protocols
|
|
|
|
802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
|
|
FDDI,
|
|
GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
|
|
NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
|
|
SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
|
|
WSP,
|
|
WTP
|
|
|
|
Updated capture file support
|
|
|
|
HP-UX nettl, VMS UCX$TRACE
|
|
|
|
|
|
== May 1, 2003
|
|
|
|
Ethereal 0.9.12 has been released.
|
|
|
|
This release fixes several off-by-one and integer overflow errors
|
|
discovered by Timo Sirainen. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00009.html
|
|
|
|
for more details.
|
|
|
|
New and updated features
|
|
|
|
TCP sequence number analysis received a few improvements.
|
|
|
|
General packet reassembly has been improved.
|
|
|
|
The "Follow TCP Stream" window now allows you to filter out the
|
|
current
|
|
stream.
|
|
|
|
The Vines code received significant updates.
|
|
|
|
Several enhancements were made to the text2pcap utility.
|
|
|
|
New protocols
|
|
|
|
ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
|
|
|
|
Updated protocols
|
|
|
|
802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
|
|
EAP,
|
|
IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
|
|
M2UA,
|
|
M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
|
|
PGM,
|
|
Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
|
|
SUA,
|
|
TCP, Telnet, Vines, WBXML, WSP, WTP
|
|
|
|
Updated capture file support
|
|
|
|
Netxray
|
|
|
|
|
|
== March 10, 2003
|
|
|
|
Ethereal 0.9.11 has been released.
|
|
|
|
The Ethereal 0.9.10 release was packaged improperly. This release
|
|
fixes
|
|
the packaging, and adds minor updates and fixes for the following
|
|
protocols:
|
|
|
|
AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
|
|
|
|
IA64 support has been improved.
|
|
|
|
|
|
== March 7, 2003
|
|
|
|
Ethereal 0.9.10 has been released.
|
|
|
|
This release fixes a security hole discovered by Georgi Guninski in
|
|
the
|
|
SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
|
|
All users of previous versions are encouraged to upgrade. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00008.html
|
|
|
|
for more details.
|
|
|
|
|
|
New and Updated Features
|
|
|
|
Many small updates were made to the user interface.
|
|
|
|
The "Help" menu now includes the FAQ.
|
|
|
|
The TCP dissector was enhanced. Many more fields are filterable.
|
|
|
|
Tethereal received more IO stats: TCP and UDP top talkers.
|
|
|
|
Packet reassembly has been improved.
|
|
|
|
The "Follow TCP Stream" feature can now export C byte arrays.
|
|
|
|
RTP streams can now be saved to a file.
|
|
|
|
|
|
Bug Fixes
|
|
|
|
A missing comma in a string array could cause Ethereal to crash when
|
|
opening the preferences dialog.
|
|
|
|
|
|
New Protocols
|
|
|
|
MSN Messenger, Rsync, SSH, Yahoo! Messenger
|
|
|
|
|
|
Updated Protocols
|
|
|
|
AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
|
|
DCCP,
|
|
DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
|
|
extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
|
|
LSA,
|
|
M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
|
|
OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
|
|
SNMP,
|
|
SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
|
|
Wellfleet BofL X.25, X11
|
|
|
|
|
|
Updated Capture File Support
|
|
|
|
NetXRay, NGSniffer, Snoop
|
|
|
|
|
|
== January 23, 2003
|
|
|
|
Ethereal 0.9.9 has been released.
|
|
|
|
Please note the next release will NOT be 1.0. There are still more
|
|
features to be added before a 1.0 release will be ready.
|
|
|
|
|
|
New and Updated Features
|
|
|
|
Plugin search behavior was improved under Unix, allowing more than
|
|
one
|
|
version of Ethereal to be installed at one time.
|
|
|
|
The statistics graphs have been enhanced. More statistics have been
|
|
added:
|
|
|
|
Round-trip-time statistics are now computed for SMB traffic.
|
|
|
|
NCP Call and Reply times are now tracked.
|
|
|
|
Top talker statistics for Ethernet, IP and Token Ring are now
|
|
available (tethereal only).
|
|
|
|
Color allocation and handling was improved.
|
|
|
|
The RADIUS dissector can now decrypt user passwords.
|
|
|
|
Tethereal now supports reading from a pipe under Unix.
|
|
|
|
The ATM code received major improvements.
|
|
|
|
The DOS Sniffer code also received major improvements.
|
|
|
|
For those that compile Ethereal from source, some fixes and updates
|
|
have been made to the configuration and build environment.
|
|
|
|
|
|
Bug Fixes
|
|
|
|
The capture progress window now shows the correct number of elapsed
|
|
minutes.
|
|
|
|
A potential infinite loop in the TCP graphing code has been fixed.
|
|
|
|
|
|
New Protocols
|
|
|
|
MDSHDR, MEGACO, MySQL, SDLC, X.29
|
|
|
|
|
|
Updated Protocols
|
|
|
|
802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
|
|
DCE
|
|
RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
|
|
L2TP,
|
|
LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
|
|
RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
|
|
SRVSVC,
|
|
SUA, TNS, Token Ring, Wellfleet HDLC, X.25
|
|
|
|
|
|
Updated Capture File Support
|
|
|
|
Firewall-1, Netmon, NetXRay, Radcom, Sniffer
|
|
|
|
|
|
== December 7, 2002
|
|
|
|
Ethereal 0.9.8 has been released.
|
|
|
|
Serious problems with the BGP, LMP, PPP, and TDS dissectors have
|
|
been
|
|
discovered. See
|
|
|
|
http://www.ethereal.com/appnotes/enpa-sa-00007.html
|
|
|
|
for more details.
|
|
|
|
|
|
New and Updated Features
|
|
|
|
The TAP subsystem received major updates. Tethereal can display
|
|
more statistics, and several graphs have been added to Ethereal.
|
|
|
|
A protocol hierarchy statistics tap was added to tethereal. This
|
|
code
|
|
may be used to replace the hierarchy statistics code in Wireshark.
|
|
|
|
More updates have been added to TCP analysis.
|
|
|
|
After a long hiatus, the Windows installer once again includes SNMP
|
|
support.
|
|
|
|
The total running time of the capture is now displayed in the
|
|
capture
|
|
progress dialog box. The capture progress dialog also shows ARP
|
|
packets.
|
|
|
|
The look of the plugins dialog was revamped.
|
|
|
|
|
|
Bug Fixes and Updates
|
|
|
|
A bug which caused Ethereal under Windows to crash when "Update list
|
|
of
|
|
packets in real time" was enabled has been fixed.
|
|
|
|
The stability of the text2pcap utility has been improved.
|
|
|
|
In tethereal, the packet count is properly displayed when you ^C out
|
|
of a
|
|
capture.
|
|
|
|
|
|
New Protocols
|
|
|
|
ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
|
|
MDNS,
|
|
PCLI, RPL
|
|
|
|
|
|
Updated Protocols
|
|
|
|
AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
|
|
DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
|
|
iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
|
|
NTLMSSP,
|
|
OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
|
|
Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
|
|
WEP,
|
|
YPSERV
|
|
|
|
|
|
Updated Capture File Support
|
|
|
|
AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
|
|
|
|
|
|
== September 28, 2002
|
|
|
|
Ethereal 0.9.7 has been released.
|
|
|
|
New Features
|
|
|
|
In order to improve the out-of-box responsiveness of Ethereal and
|
|
Tethereal, network name resolution has been disabled by default.
|
|
|
|
TCP analysis (a feature added in the 0.9.6 release) was improved.
|
|
|
|
The NCP code base received quite a few updates.
|
|
|
|
Initial support for version 2 of the GTK+ library was added.
|
|
|
|
RPC staticstics (which use the new Tap API) were added.
|
|
|
|
Due to added and updated support for the NTLM, SNEGO, and GSS-API
|
|
protocols, Ethereal can now dissect most of the security blobs for
|
|
Windows 2000 authentication.
|
|
|
|
The Ethernet "manuf" file now handles addresses specified with a
|
|
mask, and contains many well-known addresses.
|
|
|
|
|
|
New Protocols
|
|
|
|
802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
|
|
Juniper),
|
|
SCCP-Management, SPNEGO
|
|
|
|
The following DCE/RPC protocols were also added:
|
|
|
|
AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
|
|
DNSSERVER,
|
|
DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
|
|
REP_PROC,
|
|
ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
|
|
RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
|
|
|
|
|
|
Updated Protocols
|
|
|
|
AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
|
|
DCE/RPC
|
|
NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
|
|
IS,
|
|
Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
|
|
OSI
|
|
Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
|
|
WSP,
|
|
|
|
|
|
== August 20, 2002
|
|
|
|
Ethereal 0.9.6 has been released.
|
|
|
|
Bugs Fixed
|
|
|
|
A buffer overflow in the ISIS dissector has been fixed. More
|
|
information can be found at
|
|
http://www.ethereal.com/appnotes/enpa-sa-00006.html.
|
|
|
|
A bad TCP header could cause problems for the "Follow TCP Stream"
|
|
feature.
|
|
|
|
Setting "column.format" from the command line no longer crashes
|
|
Ethereal and Tethereal.
|
|
|
|
Problems with capture files being overwritten (e.g. if you try to
|
|
save over
|
|
the current capture file) have been fixed.
|
|
|
|
An SMB conversation handling bug has been fixed.
|
|
|
|
Thanks to Valgrind, several memory leaks have been fixed.
|
|
|
|
Some problems with printing under Windows have been fixed.
|
|
|
|
|
|
New Features
|
|
|
|
TCP sequence number analysis has been added.
|
|
|
|
The DCE RPC NETLOGON dissector has received a major overhaul.
|
|
|
|
Data types throughout the code have been cleaned up.
|
|
|
|
|
|
New Protocols
|
|
|
|
CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
|
|
|
|
|
|
Updated Protocols
|
|
|
|
802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
|
|
DCERPC
|
|
REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
|
|
L2TP,
|
|
LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
|
|
PPP,
|
|
Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
|
|
SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
|
|
|
|
|
|
Capture File Updates
|
|
|
|
CheckPoint Firewall-1 monitor file support and CoSine debug file
|
|
support
|
|
were added. Support for pppdump and Netmon files was updated.
|
|
|
|
|
|
== June 28, 2002
|
|
|
|
Ethereal 0.9.5 has been released. This version fixes several potential
|
|
security problems revealed since the release of 0.9.4. See the
|
|
security
|
|
advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
|
|
more details.
|
|
|
|
|
|
New Features:
|
|
|
|
The ability to read packet data from a pipe was enhanced. Printing
|
|
under Windows now works.
|
|
|
|
|
|
New Protocols
|
|
|
|
802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
|
|
|
|
|
|
Updated Protocols
|
|
|
|
ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
|
|
MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
|
|
SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
|
|
WCP, WEP, WSP, WTP
|
|
|
|
|
|
Capture File Updates
|
|
|
|
Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
|
|
NetXRay, and libpcap code all received updates.
|
|
|
|
|