Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Release Notes

2. What’s New
2.1. Bug Fixes

    Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
    Extcap errors not reported back to UI. (Bug 11892)

2.2. New and Updated Features

The following features are new (or have been significantly updated) since version 2.2.0rc2:

    No major changes since 2.2.0rc2.

The following features are new (or have been significantly updated) since version 2.2.0rc1:

"Decode As" supports SSL (TLS) over TCP.

The following features are new (or have been significantly updated) since version 2.1.1:

    Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.

The following features are new (or have been significantly updated) since version 2.1.0:

    Added -d option for Decode As support in Wireshark (mimics TShark functionality)
    The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
    The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
    The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
    The RTP player now allows up to 30 minutes of silence frames.
    Packet bytes can now be displayed as EBCDIC.
    The Qt UI loads captures faster on Windows.
    proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within *Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.

The following features are new (or have been significantly updated) since version 2.0.0:

    The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
    You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
    You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
    You can now use regular expressions in Find Packet and in the advanced preferences.
    Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
    The byte under the mouse in the Packet Bytes pane is now highlighted.
    TShark supports exporting PDUs via the -U flag.
    The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
    Most dialogs in the Qt UI now save their size and positions.
    The Follow Stream dialog now supports UTF-16.
    The Firewall ACL Rules dialog has returned.
    The Flow (Sequence) Analysis dialog has been improved.
    We no longer provide packages for 32-bit versions of OS X.
    The Bluetooth Device details dialog has been added.

2.3. New File Format Decoding Support

Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you’re curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file’s format in the Open File dialog.

2.4. New Protocol Support

Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag, Digital Equipment Corporation Local Area Transport, Distributed Object Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol (automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network Service Header for Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service, STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters (Closures Lighting General Measurement & Sensing HVAC Security & Safety)
2.5. Updated Protocol Support

Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), which allows it to be used with "Decode As" over USB, TCP and UDP.

A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default.
2.6. New and Updated Capture File Support

Micropross mplog
2.7. New and Updated Capture Interfaces support

Non-empty section placeholder.

2.8. Major API Changes

The libwireshark API has undergone some major changes:

    The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead.
    "old style" dissector functions (that don’t return number of bytes used) have been replaced in name with the "new style" dissector functions.
    tvb_get_string and tvb_get_stringz have been replaced with tvb_get_string_enc and tvb_get_stringz_enc respectively.

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Release Notes

What’s New

    Invalid coloring rules are now disabled instead of discarded. This will provide forward compatibility with a coloring rule change in Wireshark 2.2.

2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-50

    QNX6 QNET dissector crash. (Bug 11850)

    wnpa-sec-2016-51

    H.225 dissector crash. (Bug 12700)

    wnpa-sec-2016-52

    Catapult DCT2000 dissector crash. (Bug 12750)

    wnpa-sec-2016-53

    UMTS FP dissector crash. (Bug 12751)

    wnpa-sec-2016-54

    Catapult DCT2000 dissector crash. (Bug 12752)

    wnpa-sec-2016-55

    IPMI trace dissector crash. (Bug 12782)

The following bugs have been fixed:

    Apply display filter when changing configuration profiles. (Bug 6130)
    Unrecognized text: CDATA in XML not parsed correctly. (Bug 11755)
    asn2wrs.py "Unexpected token" error. (Bug 12621)
    PMKID is incorrectly decoded under RSN Vendor specific IE in EAPOL packet 1. (Bug 12675)
    CIP dissector fails tvb initialization assertion. (Bug 12676)
    GTP: Decoding of NSAPI is broken in version 2.0.5. (Bug 12686)
    Small bug in Modbus (mbtcp.c/h) dissector exception information. (Bug 12693)
    Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
    ZGP encrypted differencce between packet details and bytes. (Bug 12728)
    Crash in ISAKMP dissector after modifying UAT with IKEv2 keys. (Bug 12748)
    Incorrect parsing of NLMv4 FREE_ALL request. (Bug 12764)
    Malformed Packet: CDP (forced entry aging). (Bug 12767)
    tshark -z io,stat does not count frame not correctly when applying an interval of 0. (Bug 12778)
    MODE SENSE 10 : Mode parameter header 10 : block descriptor length needs to be 2 bytes not 1 byte. (Bug 12780)
    Organization Specific Slow Protocol dissection errors when retrieving OUI. (Bug 12801)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

ASN.1 BER, CAN, CDP, CIP, DCT2000, GTP, IEEE 802.11, IPMI, ISAKMP, L&G 8979, Modbus, NAS EPS, NLM, OCFS2, OSSP, QNX6 QNET, S1AP, SCSI, SEL Protocol, SSL/TLS, UMTS FP, XML, XMPP, and ZBEE NWK GP
2.6. New and Updated Capture File Support

Libpcap
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (Bug 9914)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

    Invalid coloring rules are now disabled instead of discarded. This will provide forward compatibility with a coloring rule change in Wireshark 2.2.

2.1. Bug Fixes

The following bugs have been fixed:

    Capture File Properties under Statistics Grayed Out after Stopping a Capture. (Bug 12071)
    Qt: Hidden columns displayed during live capture. (Bug 12377)
    Bad description for NBSS error code 0x81. (Bug 12835)
    Export packet dissections Option disabled after capturing traffic. (Bug 12898)
    TLS padding extension dissector length parsing bug. (Bug 12922)
    Diameter dictionary bugs. (Bug 12927)
    Multiple PortableApps instances can once again be run at the same time.

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

6LowPAN, DCOM IRemUnknown, Diameter, NBT, NCP, NetFlow, and SSL / TLS
2.6. New and Updated Capture File Support

2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (Bug 9914)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

    The Windows installers now ship with Qt 5.6. Previously they shipped with Qt 5.3.

2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-56

    The Bluetooth L2CAP dissector could crash. (Bug 12825)

    wnpa-sec-2016-57

    The NCP dissector could crash. (Bug 12945)

The following bugs have been fixed:

    Flow Graph colored data arrows. (Bug 12065)
    Capture File Properties under Statistics Grayed Out after Stopping a Capture. (Bug 12071)
    Qt: Hidden columns displayed during live capture. (Bug 12377)
    Unable to save changes to coloring rules. (Bug 12814)
    Bad description for NBSS error code 0x81. (Bug 12835)
    Live capture from USBPcap fails immediately. (Bug 12846)
    Cannot decrypt EAP-TTLS traffic (not recognized as conversation). (Bug 12879)
    Export packet dissections Option disabled after capturing traffic. (Bug 12898)
    Failure to open file named with Chinese or other multibyte characters. (Bug 12900)
    k12 text file format causes errors. (Bug 12903)
    File | File Set | List Files dialog is blank. (Bug 12904)
    Decoding/Display of an INAP CONNECT message goes wrong for the Destination Routing Address part. (Bug 12911)
    TLS padding extension dissector length parsing bug. (Bug 12922)
    Diameter dictionary bugs. (Bug 12927)
    File open from menu bar with filter in place causes Wireshark to crash. (Bug 12929)
    Unable to capture USBPcap trace using tshark with extcap built. (Bug 12949)
    P1 dissector fails a TVB assertion. (Bug 12976)
    Multiple PortableApps instances can once again be run at the same time.

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP, NBT, NCP, NetFlow, SSL / TLS, and U3V
2.6. New and Updated Capture File Support

Ascend, and K12
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

BUG FIXES:
The following vulnerabilities have been fixed:
Profinet I/O long loop. (Bug 12851)
AllJoyn crash. (Bug 12953)
OpenFlow crash. (Bug 13071)
DCERPC crash. (Bug 13072)
DTN infinite loop. (Bug 13097)
The Windows PortableApps packages were susceptible to a DLL hijacking flaw.
The following bugs have been fixed:
TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN true. (Bug 12579)
SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0. (Bug 12632)
Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
dmg for OS X does not install man pages. (Bug 12746)
Fails to compile against Heimdal 1.5.3. (Bug 12831)
TCP: Next sequence number off by one when sending payload in SYN packet (e.g. TFO). (Bug 12838)
Follow TCP Stream shows duplicate stream data. (Bug 12855)
Dissection engine falsely asserts that EIGRP packet’s checksum is incorrect. (Bug 12982)
IEEE 802.15.4 frames erroneously handed over to ZigBee dissector. (Bug 12984)
Capture Filter Bookmark Inactive in Capture Options page. (Bug 12986)
CLNP dissector does not parse ER NPDU properly. (Bug 12993)
SNMP trap bindings for NON scalar OIDs. (Bug 13013)
BGP LS Link Protection Type TLV (1093) decoding. (Bug 13021)
Application crash sorting column for tcp.window_size_scalefactor up and down. (Bug 13023)
ZigBee Green Power add key during execution. (Bug 13031)
Malformed AMPQ packets for session.expected and session.confirmed fields. (Bug 13037)
Wireshark 2.2.1 crashes when attempting to merge pcap files. (Bug 13060)
[IS-637A] SMS - Teleservice layer parameter -→ IA5 encoded text is not correctly displayed. (Bug 13065)
Failure to dissect USB Audio feature unit descriptors missing the iFeature field. (Bug 13085)
MSISDN not populated/decoded in JSON GTP-C decoding. (Bug 13086)
E212: 3 digits MNC are identified as 2 digits long if they end with a 0. (Bug 13092)
Exception with last unknown Cisco AVP available in a SCCRQ message. (Bug 13103)
TShark stalls on FreeBSD if androiddump is present. (Bug 13104)
Dissector skips DICOM command. (Bug 13110)
UUID (FT_GUID) filtering isn’t working. (Bug 13121)
Manufacturer name resolution fail. (Bug 13126)
packet-sdp.c allocates transport_info→encoding_name from wrong memory pool. (Bug 13127)
Payload type name for dynamic payload is wrong for reverse RTP channels. (Bug 13132)
UPDATED PROTOCOL SUPPORT:
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN, E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583, Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP, Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee

[close]

http://www.wireshark.org/

[SiLæncer]

Release Notes

What’s New

    Invalid coloring rules are now disabled instead of discarded. This will provide forward compatibility with a coloring rule change in Wireshark 2.2.

2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-59

    AllJoyn crash. (Bug 12953)

    wnpa-sec-2016-60

    OpenFlow crash. (Bug 13071)

    wnpa-sec-2016-61

    DCERPC crash. (Bug 13072)

    wnpa-sec-2016-62

    DTN infinite loop. (Bug 13097)

The following bugs have been fixed:

    SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0. (Bug 12632)
    Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
    smpp.message not decoded & not available for export using tshark -T fields -e smpp.message. (Bug 12960)
    CLNP dissector does not parse ER NPDU properly. (Bug 12993)
    SNMP trap bindings for NON scalar OIDs. (Bug 13013)
    BGP LS Link Protection Type TLV (1093) decoding. (Bug 13021)
    Application crash sorting column for tcp.window_size_scalefactor up and down. (Bug 13023)
    ZigBee Green Power add key during execution. (Bug 13031)
    Malformed AMPQ packets for session.expected and session.confirmed fields. (Bug 13037)
    [IS-637A] SMS - Teleservice layer parameter -→ IA5 encoded text is not correctly displayed. (Bug 13065)
    Field sna.gds is is not of an FT_{U}INTn type. (Bug 13084)
    E212: 3 digits MNC are identified as 2 digits long if they end with a 0. (Bug 13092)
    Dissector skips DICOM command. (Bug 13110)
    Manufacturer name resolution fail. (Bug 13126)

The Windows PortableApps packages were susceptible to a DLL hijacking flaw.
2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN, E.212, OpenFlow, SMPP, SNA, SNMP, and ZigBee
2.6. New and Updated Capture File Support

2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    Arbitrary file deletion on Windows. (Bug 13217)

The following bugs have been fixed:

    Saving all exported objects (SMB/SMB2) results in out of physical memory. (Bug 11133)
    Export HTTP Objects - Single file shows as multiple files in 2.0.2. (Bug 12230)
    Follow Stream and graph buttons remain greyed out in conversation window. (Bug 12893)
    Dicom list of tags in element of VR=AT not properly decoded. (Bug 13077)
    Malformed Packet: BGP Update (withdraw) message. (Bug 13146)
    Install fail on macOS Sierra (error PKInstallErrorDomain Code=112). (Bug 13152)
    GTP: "Create PDP Context response" message shows back-off timer as malformed when included in the response. (Bug 13153)
    ICMP dissector fails to properly detect timestamps. (Bug 13161)
    RLC misdissection. (Bug 13162)
    Text2pcap on Windows produces corrupt output when writing the capture file to the standard output. (Bug 13165)
    HTML escaping of quotes in error message. (Bug 13178)
    TShark doesn’t respect protocols.display_hidden_proto_items setting. (Bug 13192)
    RPC/RDMA dissector should exit when frame is not RPC-over-RDMA. (Bug 13195)
    Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA. (Bug 13196)
    RPC-over-RDMA frames with chunk lists are "Malformed". (Bug 13197)
    TShark fails to pass RPC-over-RDMA frames to RPC subdissector. (Bug 13198)
    Adding a DOF DPS Identity Secret, session Key, or Mode Template causes Wireshark to crash. (Bug 13209)
    Wireshark shows "MS Video Source Request" in a RTCP packet as "Malformed". (Bug 13212)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    Arbitrary file deletion on Windows. (Bug 13217)

The following bugs have been fixed:

    Saving all exported objects (SMB/SMB2) results in out of physical memory. (Bug 11133)
    Export HTTP Objects - Single file shows as multiple files in 2.0.2. (Bug 12230)
    Dicom list of tags in element of VR=AT not properly decoded. (Bug 13077)
    Malformed Packet: BGP Update (withdraw) message. (Bug 13146)
    GTP: "Create PDP Context response" message shows back-off timer as malformed when included in the response. (Bug 13153)
    ICMP dissector fails to properly detect timestamps. (Bug 13161)
    RLC misdissection. (Bug 13162)
    Text2pcap on windows produces corrupt output when writing the capture file to the standard output. (Bug 13165)
    TShark doesn’t respect protocols.display_hidden_proto_items setting. (Bug 13192)
    RPC/RDMA dissector should exit when frame is not RPC-over-RDMA. (Bug 13195)
    Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA. (Bug 13196)
    Wireshark shows "MS Video Source Request" in a RTCP packet as "Malformed". (Bug 13212)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

BGP, BTLE, DICOM, GTP, ICMP, RPC over RDMA, RTCP, SDP, and SMB
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following vulnerabilities have been fixed:

The ASTERIX dissector could go into an infinite loop.
The DHCPv6 dissector could go into a large loop.

The following bugs have been fixed:

TCP reassembly: tcp.reassembled_in is not set in first packet.
Duplicated Interfaces instances while refreshing.
Time zone name needs to be converted to UTF-8 on Windows.
Crash on fast local interface changes.
Please align columns in tshark’s output.
Display data rate fields for VHT rates invalid with BCC modulation.
plugin_if_get_ws_info causes Access Violation if called during rescan.
SMTP BDAT dissector not reverting to command-code after DATA.
Wireshark fails to recognize V6 DBS Etherwatch capture files.
Runtime Error when try to merge .pcap files (Wireshark crashes).
PPP BCP BPDU size reports not header size, but all data underneath and its header size in UI.
In-line UDP checksum bytes in 6LoWPAN IPHC are swapped.
Uninitialized memcmp on data in daintree-sna.c.
Crash when dissect WDBRPC Version 2 protocol with Dissect unknown program numbers enabled.
Contents/Resources/bin directory isn’t in the app bundle after installation.
Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB Transportation Protocol).
Can’t decode packets captured with OpenBSD enc(4) encapsulating.
UDLD flags are at other end of octet.
MS-WSP dissector no longer works since commit 8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a.
TBCD string decoded wrongly in MAP ATI message.
Filter Documentation: The tilde (~) operator is not documented.
VoIP Flow Sequence Causes Application Crash.

Updated Protocol Support:

6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP, PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

The following bugs have been fixed:

    Duplicated Interfaces instances while refreshing. (Bug 11553)
    Time zone name needs to be converted to UTF-8 on Windows. (Bug 11785)
    Crash on fast local interface changes. (Bug 12263)
    SMTP BDAT dissector not reverting to command-code after DATA. (Bug 13030)
    Wireshark fails to recognize V6 DBS Etherwatch capture files. (Bug 13093)
    PPP BCP BPDU size reports not header size, but all data underneath and its header size in UI. (Bug 13188)
    Uninitialized memcmp on data in daintree-sna.c. (Bug 13246)
    UDLD flags are at other end of octet. (Bug 13280)
    MS-WSP dissector no longer works since commit 8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. (Bug 13299)
    TBCD string decoded wrongly in MAP ATI message. (Bug 13316)
    Filter Documentation: The tilde (~) operator is not documented. (Bug 13320)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

DVB-CI, GSM MAP, ISAKMP, MS-WSP, PPP, QUIC, SMTP, and UDLD
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.

Daintree SNA, and DBS Etherwatch
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-03

    LDSS dissector crash (Bug 13346)

    wnpa-sec-2017-04

    RTMTP dissector infinite loop (Bug 13347)

    wnpa-sec-2017-05

    WSP dissector infinite loop (Bug 13348)

    wnpa-sec-2017-06

    STANAG 4607 file parser infinite loop (Bug 13416)

    wnpa-sec-2017-07

    NetScaler file parser infinite loop (Bug 13429)

    wnpa-sec-2017-08

    NetScaler file parser crash (Bug 13430)

    wnpa-sec-2017-09

    K12 file parser crash (Bug 13431)

    wnpa-sec-2017-10

    IAX2 dissector infinite loop (Bug 13432)

    wnpa-sec-2017-11

    NetScaler file parser infinite loop (Bug 12083)

The 32-bit and 64-bit Windows installers might have been susceptible to a DLL hijacking flaw.

The following bugs have been fixed:

    Display filter textbox loses focus during live capturing. (Bug 11890)
    Wireshark crashes when saving pcaps, opening pcaps, and exporting specified packets. (Bug 12036)
    tshark stalls on FreeBSD if androiddump is present. (Bug 13104)
    UTF-8 characters in packet list column title. (Bug 13342)
    Recent capture file list should appear immediately on startup. (Bug 13352)
    editcap segfault if a packet length is shorter than ignore bytes parameter. (Bug 13378)
    dftest segfault with automated build of 2.2.5. (Bug 13387)
    UMTS MAC Dissector shows Packet size limited for BCCH payload. (Bug 13392)
    VS2010 win32 编译失败. (Bug 13398)
    EAP AKA not being decoded properly. (Bug 13411)
    Dumpcap crashes during rpcap setup. (Bug 13418)
    Crash on closing SNMP capture file if snmp credentials are present. (Bug 13420)
    GPRS-NS message PDU type displayed in octal instead of hexadecimal. (Bug 13428)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

GPRS-NS, GTPv2, IAX2, IEEE 802.11, LDSS, MS-WSP, OpcUa, ROHC, RTMTP, SNMP, STANAG 4607, T.38, and UMTS FP
2.6. New and Updated Capture File Support

K12 and NetScaler
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-03

    LDSS dissector crash (Bug 13346)

    wnpa-sec-2017-04

    RTMTP dissector infinite loop (Bug 13347)

    wnpa-sec-2017-05

    WSP dissector infinite loop (Bug 13348)

    wnpa-sec-2017-06

    STANAG 4607 file parser infinite loop (Bug 13416)

    wnpa-sec-2017-07

    NetScaler file parser infinite loop (Bug 13429)

    wnpa-sec-2017-08

    NetScaler file parser crash (Bug 13430)

    wnpa-sec-2017-09

    K12 file parser crash (Bug 13431)

    wnpa-sec-2017-10

    IAX2 dissector infinite loop (Bug 13432)

    wnpa-sec-2017-11

    NetScaler file parser infinite loop (Bug 12083)

The 32-bit and 64-bit Windows installers might have been susceptible to a DLL hijacking flaw.

The following bugs have been fixed:

    Wireshark crashes when saving pcaps, opening pcaps, and exporting specified packets. (Bug 12036)
    editcap segfault if a packet length is shorter than ignore bytes parameter. (Bug 13378)
    UMTS MAC Dissector shows Packet size limited for BCCH payload. (Bug 13392)
    Dumpcap crashes during rpcap setup. (Bug 13418)
    Crash on closing SNMP capture file if snmp credentials are present. (Bug 13420)
    GPRS-NS message PDU type displayed in octal instead of hexadecimal. (Bug 13428)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

GPRS-NS, LDSS, MS-WSP, OpcUa, ROHC, RTMTP, SNMP, STANAG 4607, UMTS FP, and WSP
2.6. New and Updated Capture File Support

K12, and NetScaler
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-12

    IMAP dissector crash (Bug 13466) CVE-2017-7703

    wnpa-sec-2017-13

    WBMXL dissector infinite loop (Bug 13477) CVE-2017-7702

    wnpa-sec-2017-14

    NetScaler file parser infinite loop (Bug 13478) CVE-2017-7700

    wnpa-sec-2017-15

    RPCoRDMA dissector infinite loop (Bug 13558) CVE-2017-7705

    wnpa-sec-2017-16

    BGP dissector infinite loop (Bug 13557) CVE-2017-7701

    wnpa-sec-2017-17

    DOF dissector infinite loop (Bug 13453) CVE-2017-7704

    wnpa-sec-2017-18

    PacketBB dissector crash (Bug 13559)

    wnpa-sec-2017-19

    SLSK dissector long loop (Bug 13576)

    wnpa-sec-2017-20

    SIGCOMP dissector infinite loop (Bug 13578)

    wnpa-sec-2017-21

    WSP dissector infinite loop (Bug 13581)

The following bugs have been fixed:

    T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
    Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
    Added IEEE 802.15.4-2003 AES-CCM security modes (packet-ieee802154). (Bug 4912)
    Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
    IEEE 802.15.4: an area of Payload IEs is dissected twice. (Bug 13068)
    Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
    Crash on exit due to an invalid frame data sequence state. (Bug 13433)
    Access Violation using Lua dissector. (Bug 13457)
    Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
    VOIP RTP stream Find Reverse button doesn’t work. (Bug 13462)
    Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
    GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
    Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
    Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
    Wrong BGP capability dissect. (Bug 13521)
    Endpoint statistics column labels seem incorrect. (Bug 13526)
    Strange automatic jump in packet details for a certain DNS response packet. (Bug 13533)
    When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
    IO Graph selects wrong packet or displays "Packet number x isn’t displayed". (Bug 13537)
    tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
    SSL: Handshake type in Info column not always separated by comma. (Bug 13539)
    libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
    libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
    libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
    libfuzzer: MIH dissector bug. (Bug 13547)
    libfuzzer: DNS dissector bug. (Bug 13548)
    libfuzzer: WLCCP dissector bug. (Bug 13549)
    libfuzzer: TAPA dissector bug. (Bug 13553)
    libfuzzer: lapsat dissector bug. (Bug 13554)
    libfuzzer: wassp dissector bug. (Bug 13555)
    Illegal reassembly of GSM SMS packets. (Bug 13572)
    SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
    NBAP malformed packet for short Binding ID. (Bug 13577)
    libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
    libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)
    RTPproxy dissector adds multi lines to info column. (Bug 13582)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

ASTERIX, BGP, BSSGP, BT AVRCP, BT HCI_CMD, BT HFP, BT PBAP, DNS, DOF, EAPOL-MKA, GIOP, GSM SMS, HTTP, ICMP, IEEE 802.11, IEEE 802.15.4, IMAP, ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, NBIFOM, PacketBB, PEEKREMOTE, RPCoRDMA, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, SSL, T.30, TAPA, UA3G, WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.

NetScaler, and pcapng
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-04 RTMTP dissector infinite loop (Bug 13347) CVE-2017-6472

    wnpa-sec-2017-12

    IMAP dissector crash (Bug 13466) CVE-2017-7703

    wnpa-sec-2017-13

    WBMXL dissector infinite loop (Bug 13477) CVE-2017-7702

    wnpa-sec-2017-14

    NetScaler file parser infinite loop (Bug 13478) CVE-2017-7700

    wnpa-sec-2017-15

    RPCoRDMA dissector infinite loop (Bug 13558) CVE-2017-7705

    wnpa-sec-2017-16

    BGP dissector infinite loop (Bug 13557) CVE-2017-7701

    wnpa-sec-2017-18

    PacketBB dissector crash (Bug 13559)

    wnpa-sec-2017-19

    SLSK dissector long loop (Bug 13576)

    wnpa-sec-2017-20

    SIGCOMP dissector infinite loop (Bug 13578)

    wnpa-sec-2017-21

    WSP dissector infinite loop (Bug 13581)

The following bugs have been fixed:

    T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
    Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
    Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
    Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
    Crash on exit due to an invalid frame data sequence state. (Bug 13433)
    Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
    Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
    GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
    Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
    Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
    Wrong BGP capability dissect. (Bug 13521)
    Endpoint statistics column labels seem incorrect. (Bug 13526)
    When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
    tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
    libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
    libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
    libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
    libfuzzer: MIH dissector bug. (Bug 13547)
    libfuzzer: DNS dissector bug. (Bug 13548)
    libfuzzer: WLCCP dissector bug. (Bug 13549)
    libfuzzer: TAPA dissector bug. (Bug 13553)
    libfuzzer: lapsat dissector bug. (Bug 13554)
    libfuzzer: wassp dissector bug. (Bug 13555)
    SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
    NBAP malformed packet for short Binding ID. (Bug 13577)
    libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
    RTPproxy dissector adds multi lines to info column. (Bug 13582)
    libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

ASTERIX, BGP, BT AVRCP, DNS, EAPOL-MKA, GIOP, ICMP, IEEE 802.15.4, IMAP, ISIS LSP, iSNS, LAPSat, MIH, MySQL, NBAP, PacketBB, PEEKREMOTE, RPCoRDMA, RTMTP, RTPproxy, SCCP, SIGCOMP, SLSK, SSH, T.30, TAPA, UA3G, WASSP, WBXML, WLCCP, WSP, and ZigBee ZCL IAS
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.

NetScaler
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-22

    Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352

    wnpa-sec-2017-23

    DOF dissector read overflow (Bug 13608) CVE-2017-9348

    wnpa-sec-2017-24

    DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351

    wnpa-sec-2017-25

    SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346

    wnpa-sec-2017-26

    DNS dissector infinite loop (Bug 13633) CVE-2017-9345

    wnpa-sec-2017-27

    DICOM dissector infinite loop (Bug 13685) CVE-2017-9349

    wnpa-sec-2017-28

    openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350

    wnpa-sec-2017-29

    BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344

    wnpa-sec-2017-30

    MSNIP dissector crash (Bug 13725) CVE-2017-9343

    wnpa-sec-2017-31

    ROS dissector crash (Bug 13637) CVE-2017-9347

    wnpa-sec-2017-32

    RGMP dissector crash (Bug 13646) CVE-2017-9354

    wnpa-sec-2017-33

    IPv6 dissector crash (Bug 13675) CVE-2017-9353

The following bugs have been fixed:

    DICOM dissection error. (Bug 13164)
    Qt: drag & drop of one column header in PacketList moves other columns. (Bug 13183)
    Can not export captured DICOM objects in version 2.2.5. (Bug 13570)
    False complain about bad checksum of ICMP extension header. (Bug 13586)

    LibFuzzer: ISUP dissector bug (isup.number_different_meaning). (Bug 13588)
    Dissector Bug, protocol BT ATT. (Bug 13590)
    Wireshark dispalys RRCConnectionReestablishmentRejectRRCConnectionReestablishmentReject in Info column. (Bug 13595)

    [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type int in packet-ositp.c:551:79. (Bug 13606)

    [oss-fuzz] UBSAN: shift exponent -77 is negative in packet-netflow.c:7717:23. (Bug 13607)

    [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type int in packet-sigcomp.c:2128:28. (Bug 13610)

    [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type guint32 (aka unsigned int) in packet-rtcp.c:917:24. (Bug 13611)

    [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type guint64 (aka unsigned long) in dwarf.c:42:43. (Bug 13616)

    [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-xot.c:260:23. (Bug 13618)

    [oss-fuzz] UBSAN: shift exponent -5 is negative in packet-sigcomp.c:1722:36. (Bug 13619)

    [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in packet-quakeworld.c:134:5. (Bug 13624)

    [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-netsync.c:467:25. (Bug 13639)

    [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-sigcomp.c:3857:24. (Bug 13641)

    [oss-fuzz] ASAN: stack-use-after-return epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field. (Bug 13662)
    Welcome screen invalid capture filter wihtout WinPcap installed causes runtime error. (Bug 13672)
    SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY (0x33) command correctly. (Bug 13690)
    SIP packets with SDP marked as malformed. (Bug 13698)

    [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8] in packet-ieee80211-radiotap.c:1836:12. (Bug 13713)
    Crash on "Show packet bytes…" context menu item click. (Bug 13723)
    DNP3 dissector does not properly decode packed variations with prefixed qualifiers. (Bug 13733)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNP3, DNS, DOF, DWARF, ICMP, IEEE 802.11, IPv6, ISUP, LTE RRC, MSNIP, Netflow, Netsync, openSAFETY, OSITP, QUAKEWORLD, Radiotap, RGMP, ROS, RTCP, SIGCOMP, SMB, SoulSeek, and XOT
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/