Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Changelog

WHAT'S NEW:

Wireshark 2.0 features a completely new user interface which should provide a smoother, faster user experience. The new interface should be familiar to current users of Wireshark but provide a faster workflow for many tasks.
The Windows installer provides the option of installing either the new interface (“Wirehsark”) or the old interface (“Wireshark Legacy”). Both are installed by default. Note that the legacy interface will be removed in Wireshark 2.2.
The OS X installer only provides the new interface. If you need the old interface you can install it via Homebrew or MacPorts.
Wireshark’s Debian- and RPM-based package definitions provide the new interface in the “wireshark-qt” package and the old interface in the “wireshark-gtk” package. It is hoped that downstream distributions will follow this convention.

New and Updated Features:

The following features are new (or have been significantly updated) since version 2.0.0rc3:
An RTP player crash has been fixed.
Flow graph issues have been fixed. Bug Bug 11710.
A Follow Stream dialog crash has been fixed. Bug Bug 11711.
An extcap crash has been fixed.
A file merge crash has been fixed. Bug Bug 11718.
A handle leak crash has been fixed. Bug Bug 11702.
Several other crashes and usability issues have been fixed.
The following features are new (or have been significantly updated) since version 2.0.0rc2:
Column editing now works correctly. Bug Bug 11433.
Renaming profiles has been fixed. Bug Bug 11658.
“File”→Merge no longer crashes on Windows. Bug Bug 11684.
Icons in the main toolbar obey magnification settings on Windows. Bug Bug 11675.
The Windows installer does a better job of detecting WinPcap. Bug Bug 10867.
The main window no longer appears off-screen on Windows. Bug Bug 11568.
The following features are new (or have been significantly updated) since version 2.0.0rc1:
For new installations on UN*X, the directory for user preferences is $HOME/.config/wireshark rather than $HOME/.wireshark. If that directory is absent, preferences will still be found and stored under $HOME/.wireshark.

Qt port:

The SIP Statistics dialog has been added.
You can now create filter expressions from the display filter toolbar.
Bugs in the UAT preferences dialog has been fixed.
Several dissector and Qt UI crash bugs have been fixed.
Problems with the OS X application bundle have been fixed.

The following features are new (or have been significantly updated) since version 1.99.9:

Qt port:

The LTE RLC Graph dialog has been added.
The LTE MAC Statistics dialog has been added.
The LTE RLC Statistics dialog has been added.
The IAX2 Analysis dialog has been added.
The Conversation Hash Tables dialog has been added.
The Dissector Tables dialog has been added.
The Supported Protocols dialog has been added.
You can now zoom the I/O and TCP Stream graph X and Y axes independently.
The RTP Player dialog has been added.
Several memory leaks have been fixed.

The following features are new (or have been significantly updated) since version 1.99.8:

Qt port:

The MTP3 statistics and summary dialogs have been added.
The WAP-WSP statistics dialog has been added.
The UDP multicast statistics dialog has been added.
The WLAN statistics dialog has been added.
The display filter macros dialog has been added.
The capture file properties dialog now includes packet comments.
Many more statistics dialogs can be opened from the command line via -z ....
Most dialogs now have a cancellable progress bar.
Many packet list and packet detail context menus items have been added.
Lua plugins can be reloaded from the Analyze menu.
Many bug fixes and improvements.

The following features are new (or have been significantly updated) since version 1.99.7:

Qt port:

The Enabled Protocols dialog has been added.
Many statistics dialogs have been added, including Service response time, DHCP/BOOTP, and ANSI.
The RTP Analysis dialog has been added.
Lua dialog support has been added.
You can now manually resolve addresses.
The Resolved Addresses dialog has been added.
The packet list scrollbar now has a minimap.
The capture interfaces dialog has been updated.
You can now colorize conversations.
Welcome screen behavior has been improved.
Plugin support has been improved.
Many dialogs should now more correctly minimize and maximize.
The reload button has been added back to the toolbar.
The "Decode As" dialog no longer saves decoding behavior.
You can now stop loading large capture files.
The Bluetooth HCI Summary has been added.

The following features are new (or have been significantly updated) since version 1.99.6:

Qt port:

The Bluetooth Devices dialog has been added.
The wireless toolbar has been added.
Opening files via drag and drop is now supported.
The Capture Filter and Display Filter dialogs have been added.
The Display Filter Expression dialog has been added.
Conversation Filter menu items have been added.
You can change protocol preferences by right clicking on the packet list and details.

The following features are new (or have been significantly updated) since version 1.99.4 and 1.99.5:

Qt port:

Capture restarts are now supported.
Menu items for plugins are now supported.
Extcap interfaces are now supported.
The Expert Information dialog has been added.
Display and capture filter completion is now supported.
Many bugs have been fixed.
Translations have been updated.

The following features are new (or have been significantly updated) since version 1.99.3:

Qt port:

Several interface bugs have been fixed.
Translations have been updated.

The following features are new (or have been significantly updated) since version 1.99.2:

Qt port:

Several bugs have been fixed.
You can now open a packet in a new window.
The Bluetooth ATT Server Attributes dialog has been added.
The Coloring Rules dialog has been added.
Many translations have been updated. Chinese, Italian and Polish translations are complete.
General user interface and usability improvements.
Automatic scrolling during capture now works.
The related packet indicator has been updated.

The following features are new (or have been significantly updated) since version 1.99.1:

Qt port:

The welcome screen layout has been updated.
The Preferences dialog no longer crashes on Windows.
The packet list header menu has been added.
Statistics tree plugins are now supported.
The window icon is now displayed properly in the Windows taskbar.
A packet list an byte view selection bug has been fixed (Bug 10896)
The RTP Streams dialog has been added.
The Protocol Hierarchy Statistics dialog has been added.

The following features are new (or have been significantly updated) since version 1.99.0:

Qt port:

You can now show and hide toolbars and major widgets using the View menu.
You can now set the time display format and precision.
The byte view widget is much faster, particularly when selecting large reassembled packets.
The byte view is explorable. Hovering over it highlights the corresponding field and shows a description in the status bar.
An Italian translation has been added.
The Summary dialog has been updated and renamed to Capture File Properties.
The VoIP Calls and SIP Flows dialogs have been added.
Support for HiDPI / Retina displays has been improved in the official packages.
DNS stats: + A new stats tree has been added to the Statistics menu. Now it is possible to collect stats such as qtype/qclass distribution, number of resource record per response section, and stats data (min, max, avg) for values such as query name length or DNS payload.
HPFEEDS stats: + A new stats tree has been added to the statistics menu. Now it is possible to collect stats per channel (messages count and payload size), and opcode distribution.
HTTP2 stats: + A new stats tree has been added to the statistics menu. Now it is possible to collect stats (type distribution).
The following features are new (or have been significantly updated) since version 1.12.0:
The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
TShark now resets its state when changing files in ring-buffer mode.
Expert Info severities can now be configured.
Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.

Qt port:

The Qt UI is now the default (program name is wireshark).
A Polish translation has been added.
The Interfaces dialog has been added.
The interface list is now updated when interfaces appear or disappear.
The Conversations and Endpoints dialogs have been added.
A Japanese translation has been added.
It is now possible to manage remote capture interfaces.
Windows: taskbar progress support has been added.
Most toolbar actions are in place and work.
More command line options are now supported

New File Format Decoding Support:

Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you’re curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file’s format in the Open File dialog.
New files that Wireshark can open in this mode include:
BTSNOOP, PCAP, and PCAPNG

New Protocol Support:

Aeron, AllJoyn Reliable Datagram Protocol, Android Debug Bridge, Android Debug Bridge Service, Android Logcat text, Apache Tribes Heartbeat, APT-X Codec, B.A.T.M.A.N. GW, B.A.T.M.A.N. Vis, BGP Monitoring Prototol (BMP), Bluetooth Broadcom HCI, Bluetooth GATT Attributes (many), Bluetooth OBEX Applications (many), BSSAP2, C15 Call History Protocol (C15ch) and others, Celerra VNX, Ceph, Chargen, Classical IP, Concise Binary Object Representation (CBOR) (RFC 7049), Corosync Totem Single Ring Protocol, Corosync Totemnet, Couchbase, CP “Cooper” 2179, CSN.1, dCache, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC 4728), Elasticsearch, ETSI Card Application Toolkit - Transport Protocol, eXpressive Internet Protocol (XIP), GDB Remote Serial Protocol, Generic Network Virtualization Encapsulation (Geneve), Geospatial and Imagery Access Service (GIAS), Gias Dissector Using GIOP API, GPRS Tunneling Protocol Prim, GVSP GigE Vision ™ Streaming Protocol, H.225 RAS, Harman HiQnet, HCrt, Hotline Command-Response Transaction Protocol, IEEE 802.11 radio information, IP Detail Record (IPDR), IPMI Trace, iSER, KNXnetIP, Link Aggregation Control Protocol, Link Aggregation Marker Protocol, Link Layer Topology Discovery, Link-local Multicast Name Resolution, LISP TCP Control Message, Locator/ID Separation Protocol (Reliable Transport), MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft Pocket Edition), Message Queuing Telemetry Transport For Sensor Networks (MQTT-SN), Minecraft Pocket Edition, MQ Telemetry Transport Protocol for Sensor Networks, Multicast Domain Name Service (mDNS), Neighborhood Watch Protocol (NWP), Network File System over Remote Direct Memory Access (NFSoRDMA), OAMPDU, OCFS2, OptoMMP, Organization Specific Slow Protocol (OSSP), Packet Cable Lawful Intercept (8 byte CCCID), Packet Cable Lawful Intercept (timestamp), Packet Cable Lawful Intercept (timestamp case ID), PacketCable MTA FQDN, Performance Co-Pilot Proxy, QNEX6 (QNET), RakNet games library, Remote Shared Virtual Disk (RSVD), Riemann, RPC over RDMA (RPCoRDMA), S7 Communication, Secure Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA (SMCR), Stateless Transport Tunneling, Sysdig system call events, TCP based Robot Operating System protocol (TCPROS), Thrift, Time Division Multiplexing over Packet Network (TDMoP), Video Services over IP (VSIP), Windows Search Protocol (MS-WSP), XIP Serval, ZigBee ZCL (many), and ZVT Kassenschnittstelle

Updated Protocol Support:

Too many protocols have been updated to list here.

New and Updated Capture File Support:

3GPP TS 32.423 Trace, Android Logcat text files, Colasoft Capsa files, Netscaler 3.5, and Symbian OS BTSNOOP File Format
Additionally, Wireshark now supports nanosecond timestamp resolution in PCAP-NG files.
New and Updated Capture Interfaces support:
Androiddump support now provides interfaces to capture (Logcat, Bluetooth and WiFi) from connected Android devices.

Major API Changes:

The libwireshark API has undergone some major changes:
The emem framework (including all ep_ and se_ memory allocation routines) has been completely removed in favour of wmem which is now fully mature.
The (long-since-broken) Python bindings support has been removed. If you want to write dissectors in something other than C, use Lua.
Plugins can now create GUI menu items.
Heuristic dissectors can now be globally enabled/disabled so heur_dissector_add() has a few more parameters to make that possible
proto_tree_add_text has been removed.
tvb_length() has been removed in favor of tvb_reported_length() and tvb_captured_length().
The API for ONC RPC-based dissectors has changed significantly: the procedure dissectors no longer take an offset, void-argument procedures now need to be declared with a function (use dissect_rpc_void()), and rpc_init_prog() now handles procedure registration too (it takes additional arguments to handle this; rpc_init_proc_table() was removed).

[close]

[SiLæncer]

Changelog

Bug Fixes:

[1]wnpa-sec-2015-31 NBAP dissector crashes. ([2]Bug 11602, [3]Bug 11835, [4]Bug 11841)
[5]wnpa-sec-2015-37 NLM dissector crash.
[6]wnpa-sec-2015-39 BER dissector crash.
[7]wnpa-sec-2015-40 Zlib decompression crash. ([8]Bug 11548)
[9]wnpa-sec-2015-41 SCTP dissector crash. ([10]Bug 11767)
[11]wnpa-sec-2015-42 802.11 decryption crash. ([12]Bug 11790, [13]Bug 11826)
[14]wnpa-sec-2015-43 DIAMETER dissector crash. ([15]Bug 11792)
[16]wnpa-sec-2015-44 VeriWave file parser crashes. ([17]Bug 11789, [18]Bug 11791)
[19]wnpa-sec-2015-45 RSVP dissector crash. ([20]Bug 11793)
[21]wnpa-sec-2015-46 ANSI A & GSM A dissector crashes. ([22]Bug 11797)
[23]wnpa-sec-2015-47 Ascend file parser crash. ([24]Bug 11794)
[25]wnpa-sec-2015-48 NBAP dissector crash. ([26]Bug 11815)
[27]wnpa-sec-2015-49 RSL dissector crash. ([28]Bug 11829)
[29]wnpa-sec-2015-50 ZigBee ZCL dissector crash. ([30]Bug 11830)
[31]wnpa-sec-2015-51 Sniffer file parser crash. ([32]Bug 11827)
[33]wnpa-sec-2015-52 NWP dissector crash. ([34]Bug 11726)
[35]wnpa-sec-2015-53 BT ATT dissector crash. ([36]Bug 11817)
[37]wnpa-sec-2015-54 MP2T file parser crash. ([38]Bug 11820)
[39]wnpa-sec-2015-55 MP2T file parser crash. ([40]Bug 11821)
[41]wnpa-sec-2015-56 S7COMM dissector crash. ([42]Bug 11823)
[43]wnpa-sec-2015-57 IPMI dissector crash. ([44]Bug 11831)
[45]wnpa-sec-2015-58 TDS dissector crash. ([46]Bug 11846)
[47]wnpa-sec-2015-59 PPI dissector crash. ([48]Bug 11876)
[49]wnpa-sec-2015-60 MS-WSP dissector crash. ([50]Bug 11931)
The Windows installers are now built using NSIS 2.50 in order to avoid [51]DLL hijacking flaws.

The following bugs have been fixed:

Zooming out (Ctrl+-) too far crashes Wireshark. ([52]Bug 8854)
IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. ([53]Bug 10627)
About -> Plugins should be a scrollable. ([54]Bug 11427)
Profile change leaves prior profile residue. ([55]Bug 11493)
Wireshark crashes when using the VoIP player. ([56]Bug 11596)
Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242). ([57]Bug 11630)
Not possible to stop a capture with invalid filter. ([58]Bug 11667)
"No interface selected" when having a valid capture filter. ([59]Bug 11671)
Malformed packet with IPv6 mobility header. ([60]Bug 11728)
Wireshark crashes dissecting Profinet NRT (DCE-RPC) packet. ([61]Bug 11730)
All fields in the packet detail pane of a "new packet" window are expanded by default. ([62]Bug 11731)
Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding. ([63]Bug 11736)
Display filters arranges columns incorrectly. ([64]Bug 11737)
Scrolling and navigating using the trackpad on Mac OS X could be much better. ([65]Bug 11738)
Lua Proto() does not validate arguments. ([66]Bug 11739)
Pointers to deallocated memory when redissecting. ([67]Bug 11740)
Suggestion for re-phrasing the TCP Window Full message. ([68]Bug 11741)
Can't parse MPEG-2 Transport Streams generated by the Logik L26DIGB21 TV. ([69]Bug 11749)
Qt UI on Windows crashes when changing to next capture file. ([70]Bug 11756)
First displayed frame not updated when changing profile. ([71]Bug 11757)
LDAP decode shows invalid number of results for searchResEntry packets. ([72]Bug 11761)
Crash when escape to Follow TCP -> Save. ([73]Bug 11763)
USBPcap prevents mouse and keyboard from working. ([74]Bug 11766)
Y-axis in RTP graph is in microseconds. ([75]Bug 11784)
"Delta time displayed" column in Wireshark doesn't work well, but Wireshark-gtk does. ([76]Bug 11786)
UDP 12001 SNA Data no longer shown in EBCDIC. ([77]Bug 11787)
Wireshark Portable is not starting (no messages at all). ([78]Bug 11800)
IPv6 RPL Routing Header with length of 8 bytes still reads an address. ([79]Bug 11803)
g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2. ([80]Bug 11809)
Calling plugin_if_goto_frame when there is no file loaded causes a Protection Exception. ([81]Bug 11810)
Qt UI SIGSEGV before main() in initializer for colors_. ([82]Bug 11833)
Unable to add a directory to "GeoIP Database Paths". ([83]Bug 11842)
C++ Run time error when filtering on Expert limit to display filter. ([84]Bug 11848)
Widening the window doesn't correctly widen the rightmost column. ([85]Bug 11849)
SSL V2 Client Hello no longer dissected in Wireshark 2.0. ([86]Bug 11851)
PacketBB (RFC5444) dissector displays IPv4 addresses incorrectly. ([87]Bug 11852)
SMTP over port 587 shows identical content for fields "Username" and "Password" when not decoding base-64-encoded authentication information. ([88]Bug 11853)
Converting of EUI64 address to string does not take offset into account. ([89]Bug 11856)
CIP segment dissection causes PDML assertion/failure. ([90]Bug 11863)
In Import from Hex Dump, an attempt to enter the timestamp format manually crashes the application. ([91]Bug 11873)
Follow Stream directional selector not readable. ([92]Bug 11887)
Coloring rule custom colors not saved. ([93]Bug 11888)
Total number of streams not correct in Follow TCP Stream dialog. ([94]Bug 11889)
Command line switch -Y for display filter does not work. ([95]Bug 11891)
Creating Debian package doesn't work. ([96]Bug 11893)
Visual C++ Runtime Library Error "The application has requested the Runtime to terminate it in an unusual way." when you do not wait until Conversations is completely updated before applying "Limit to display filter". ([97]Bug 11900)
dpkg-buildpackage relocation R_X86_64_PC32 against symbol. ([98]Bug 11901)
Bits view in Packet Bytes pane is not persistent. ([99]Bug 11903)
ICMP Timestamp days, hours, minutes, seconds is incorrect. ([100]Bug 11910)
MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong. ([101]Bug 11921)

New and Updated Features:

There are no new features in this release.

New File Format Decoding Support:

There are no new file formats in this release.

New Protocol Support:

There are no new protocols in this release.

Updated Protocol Support:

6LoWPAN, ANSI A, ASN.1 BER, BT ATT, CIP, CLNP, DIAMETER, DNS, ENIP, ERF, GSM A, GSM SMS, HiSLIP, ICMP, IEEE 802.11, IEEE 802.11 Radio, IPMI, IPv4, IPv6, ISUP, L2TP, LDAP, Link (ethertype), MIP6, MP2T, MS-WSP, NBAP, NWP, PacketBB, PPI, QUIC, RADIUS, RSL, RSVP, S7COMM, SCSI, SCTP, SMTP, SSL, TCP, TDS, USB, VRT, and ZigBee ZCL

New and Updated Capture File Support:

Ascend, ERF, MP2T, Sniffer, and VeriWave

New and Updated Capture Interfaces support:

There are no new or updated capture interfaces supported in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Release Notes

The Windows installers are now built using NSIS 2.50 in order to avoid DLL hijacking flaws.

The following bugs have been fixed:

    Zooming out (Ctrl+-) too far crashes Wireshark. (Bug 8854)
    IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6 Extension Header. (Bug 9996)
    IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
    Windows Wireshark Installer does not detect WinPcap which is already installed. (Bug 10867)
    SSL Decrypted Packet Not Decoded As HTTP. (Bug 10984)
    Wireshark crashes when using the VoIP player. (Bug 11596)
    [GSMTAP] Incorrect decoding of MS Radio Access Capability using alternative coding. (Bug 11599)
    TCP sequence analysis (expert info) does not work in 802.1ah frames. (Bug 11629)
    No correct GVCP info message for READREG_ACK command. (Bug 11639)
    Bug in EtherCAT dissector with mailbox response. (Bug 11652)
    NLM v4 statistics crash. (Bug 11654)
    Malformed packet with IPv6 mobility header. (Bug 11728)
    LDAP decode shows invalid number of results for searchResEntry packets. (Bug 11761)
    IPv6 RPL Routing Header with length of 8 bytes still reads an address. (Bug 11803)
    g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2. (Bug 11809)
    MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong. (Bug 11921)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

6LoWPAN, 802.1ah, AllJoyn, ANSI A, ASN.1 BER, CLNP, CMS, DCOM, DIAMETER, DNS, ERF, GSM A, GSM SMS, GTP, GVCP, HiSLIP, IEEE 802.11, IPv4, IPv6, L2TP, LDAP, MIP6, MP2T, NBAP, NLM, ONC RPC, PCP, RSL, RSVP, SCTP, SDP, SIGCOMP, SNMP, SPDY, T.38, UMTS FP, and ZigBee ZCL

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes:

The following vulnerabilities have been fixed:

wnpa-sec-2016-01
DLL hijacking vulnerability. CVE-2016-2521
wnpa-sec-2016-02
ASN.1 BER dissector crash. (Bug 11828) CVE-2016-2522
wnpa-sec-2016-03
DNP dissector infinite loop. (Bug 11938) CVE-2016-2523
wnpa-sec-2016-04
X.509AF dissector crash. (Bug 12002) CVE-2016-2524
wnpa-sec-2016-05
HTTP/2 dissector crash. (Bug 12077) CVE-2016-2525
wnpa-sec-2016-06
HiQnet dissector crash. (Bug 11983) CVE-2016-2526
wnpa-sec-2016-07
3GPP TS 32.423 Trace file parser crash. (Bug 11982) CVE-2016-2527
wnpa-sec-2016-08
LBMC dissector crash. (Bug 11984) CVE-2016-2528
wnpa-sec-2016-09
iSeries file parser crash. (Bug 11985) CVE-2016-2529
wnpa-sec-2016-10
RSL dissector crash. (Bug 11829) CVE-2016-2530 CVE-2016-2531
wnpa-sec-2016-11
LLRP dissector crash. (Bug 12048) CVE-2016-2532
wnpa-sec-2016-12
Ixia IxVeriWave file parser crash. (Bug 11795)
wnpa-sec-2016-13
IEEE 802.11 dissector crash. (Bug 11818)
wnpa-sec-2016-14
GSM A-bis OML dissector crash. (Bug 11825)
wnpa-sec-2016-15
ASN.1 BER dissector crash. (Bug 12106)
wnpa-sec-2016-16
SPICE dissector large loop. (Bug 12151)
wnpa-sec-2016-17
NFS dissector crash.
wnpa-sec-2016-18
ASN.1 BER dissector crash. (Bug 11822)

The following bugs have been fixed:

HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP streams" option is enabled. (Bug 9848)
Questionable calling of ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
Qt & Legacy & probably TShark too] Delta Time Conversation column is empty. (Bug 11559)
extcap: abort when validating capture filter for DLT 147. (Bug 11656)
Missing columns in Qt Flow Graph. (Bug 11710)
Interface list doesn’t show well when the list is very long. (Bug 11733)
Unable to use saved Capture Filters in Qt UI. (Bug 11836)
extcap: Capture interface options snaplen, buffer and promiscuous not being used. (Bug 11865)
Improper RPC reassembly (Bug 11913)
GTPv1 Dual Stack with one static and one Dynamic IP. (Bug 11945)
Wireshark 2.0.1 MPLS dissector not decoding payload when control word is present in pseudowire. (Bug 11949)
"…using this filter" turns white (not green or red). Plus dropdown arrow does nothing. (Bug 11950)
EIGRP field eigrp.ipv4.destination does not show the correct destination. (Bug 11953)
tshark -z conv,type[,filter] swapped frame / byte values from / to columns. (Bug 11959)
The field name nstrace.tcpdbg.tcpack should be nstrace.tcpdbg.tcprtt. (Bug 11964)
6LoWPAN IPHC traffic class not decompressed correctly. (Bug 11971)
Crash with snooping NFS file handles. (Bug 11972)
802.11 dissector fails to decrypt some broadcast messages. (Bug 11973)
Wireshark hangs when adding a new profile. (Bug 11979)
Issues when closing the application with a running capture without packets. (Bug 11981)
New Qt UI lacks ability to step through multiple TCP streams with Analyze > Follow > TCP Stream. (Bug 11987)
GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded. (Bug 11989)
Wireshark 2.0.1 crash on start. (Bug 11992)
Wi-Fi 4-way handshake 4/4 is displayed as 2/4. (Bug 11994)
ACN: acn.dmx.data has incorrect type. (Bug 11999)
editcap packet comment won’t add multiple comments. (Bug 12007)
DICOM Sequences no longer able to be expanded. (Bug 12011)
Wrong TCP stream when port numbers are reused. (Bug 12022)
SSL decryption fails in presence of a Client certificate. (Bug 12042)
LUA: TVBs backing a data source is freed too early. (Bug 12050)
PIM: pim.group filter have the same name for IPv4 and IPv6. (Bug 12061)
Failed to parse M3AP IE (TNL information). (Bug 12070)
Wrong interpretation of Instance ID value in OSPFv3 packet. (Bug 12072)
MP2T Dissector does parse RTP properly in 2.0.1. (Bug 12099)
editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (Bug 12116)
Guard Interval is not consistent between Radiotap & wlan_radio. (Bug 12123)
Calling dumpcap -i- results in access violation. (Bug 12143)
Qt: Friendly Name and Interface Name columns should not be editable. (Bug 12146)
PPTP GRE call ID not always decoded. (Bug 12149)
Interface list does not show device description anymore. (Bug 12156)
Find Packet does not highlight the matching tree item or packet bytes. (Bug 12157)
"total block length … is too large" error when opening pcapng file with multiple SHB sections. (Bug 12167)
http.request.full_uri is malformed if an HTTP Proxy is used. (Bug 12176)
SNMP dissector fails at msgSecurityParameters with long length encoding. (Bug 12181)
Windows installers and PortableApps® packages are now dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.

Updated Protocol Support:

6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11, IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS, NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE, SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF

New and Updated Capture File Support:

3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-01

    DLL hijacking vulnerability. CVE-2016-2521

    wnpa-sec-2016-03

    DNP dissector infinite loop. (Bug 11938) CVE-2016-2523

    wnpa-sec-2016-10

    RSL dissector crash. (Bug 11829) CVE-2016-2530 CVE-2016-2531

    wnpa-sec-2016-11

    LLRP dissector crash. (Bug 12048) CVE-2016-2532

    wnpa-sec-2016-14

    GSM A-bis OML dissector crash. (Bug 11825)

    wnpa-sec-2016-15

    ASN.1 BER dissector crash. (Bug 12106)

    wnpa-sec-2016-18

    ASN.1 BER dissector crash. (Bug 11822)

The following bugs have been fixed:

    Questionable calling of ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
    Improper RPC reassembly (Bug 11913)
    GTPv1 Dual Stack with one static and one Dynamic IP. (Bug 11945)
    Failed to parse M3AP IE (TNL information). (Bug 12070)
    Wrong interpretation of Instance ID value in OSPFv3 packet. (Bug 12072)
    MP2T Dissector does parse RTP properly in 2.0.1. (Bug 12099)
    editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (Bug 12116)

Windows installers and PortableApps® packages are now dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

ASN.1 BER, BATADV, DNP3, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, InfiniBand, LLRP, M3AP, MP2T, NFS, OSPF, RoHC, RPC, RSL, TRILL, VXLAN, and X.509AF
2.5. New and Updated Capture File Support

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
2. What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-19

    The NCP dissector could crash. (Bug 11591)

    wnpa-sec-2016-20

    TShark could crash due to a packet reassembly bug. (Bug 11799)

    wnpa-sec-2016-21

    The IEEE 802.11 dissector could crash. (Bug 11824, Bug 12187)

    wnpa-sec-2016-22

    The PKTC dissector could crash. (Bug 12206)

    wnpa-sec-2016-23

    The PKTC dissector could crash. (Bug 12242)

    wnpa-sec-2016-24

    The IAX2 dissector could go into an infinite loop. (Bug 12260)

    wnpa-sec-2016-25

    Wireshark and TShark could exhaust the stack. (Bug 12268)

    wnpa-sec-2016-26

    The GSM CBCH dissector could crash. (Bug 12278)

    wnpa-sec-2016-27

    MS-WSP dissector crash. (Bug 12341)

The following bugs have been fixed:

    Protocol Hierarchy Statistics shows LDAP lines recursively. (Bug 1734)
    UTF-8 replacement characters in FT_STRINGs are escaped for presentation. (Bug 10681)
    DTLS : reassembly error, protocol DTLS: New fragment overlaps old data. (Bug 11477)
    Packet byte pane in Qt version of packet window isn’t being displayed. (Bug 11760)
    "wireshark -i usbmon2 -k" results in "No interfaces selected" when restarting a capture. (Bug 11939)
    Crash when changing the "which packets to print" radio button in the Print dialog. (Bug 12040)
    Selecting packets causes memory leak. (Bug 12044)
    Client Hello not dissected when failed SSL handshake fully captured. (Bug 12132)
    TCP graphs - wrong stream graphed if stream index > 99. (Bug 12163)
    Typo in packet-gsm_a_dtap.c. (Bug 12186)
    Lua dot file error. (Bug 12196)
    "All Files" does not allow selecting files without period. (Bug 12203)
    wlan, wlan_mgt, Length error shown for IE BSS AC Access Delay/WAPI Parameter Set (68). (Bug 12223)
    Qt GUI very slow when expanding packet details with a lot of items. (Bug 12228)
    Comparing a boolean field against 1 always succeeds on big-endian machines. (Bug 12236)
    FIN flag not always correctly passed to subdissectors. (Bug 12238)
    Interpretation of BGP NLRI for default route cause malformed packet. (Bug 12240)
    Capture Interfaces dialog crashes after clicking the bookmark menu. (Bug 12241)
    Wireshark crashes right after a capture filter is selected. (Bug 12245)
    GSM GMM Identity Response dissection error. (Bug 12246)
    Crash reloading "dissector.lua" from the Wireshark website. (Bug 12251)
    VoIP calls does not show IAX2 calls. (Bug 12254)
    Wireshark CPU usage has dramatically increased. (Bug 12258)
    RPC/NFS incorrectly decodes as ACAP. (Bug 12265)
    Wireshark mistakenly flags CF-End packets as being Malformed. (Bug 12266)
    ASTERIX Category 48 Reserved Expansion Field. (Bug 12267)
    It is not possible to enter characters requiring "Alt Gr" in the display filter box such as "[" on a Swedish keyboard. (Bug 12270)
    tshark crashes when trying to export to pdml. (Bug 12276)
    Build fails on Centos 6.5 with gtk2 in ui/gtk/rtp_player.c rtp_channel_info_r has no no member start_time. (Bug 12277)
    TCP Dissector - spurious retransmissions not always recognized. (Bug 12282)
    PRA Identifier of the IE PRA Action should use 3 octets (6 to and not 2 in GTPv2. (Bug 12284)
    Dissector bug, failed assertion, proto_desegment pinfo→can_desegment. (Bug 12285)
    Colorize with filter, new coloring rule, is labeled as new conversation rule. (Bug 12289)
    Qt Multicast Stream Dialog error in input field Burst alarm threshold and Buffer alarm. (Bug 12309)
    6LoWPAN reassembly incorrect if extension header padding was elided. (Bug 12310)
    USBPcap prevents keyboard from working. (Bug 12316)
    Crash when reloading Lua script when Field is gone. (Bug 12328)
    Wrong display of USSD strings in the GSM 7-bit alphabet for non-ASCII characters in Wireshark 2.0.x. (Bug 12337)
    Malformed Packet: RTP. (Bug 12339)
    Incorrect error on MPA pdu length on iWARP packets. (Bug 12348)
    Endpoints window doesn’t show name resolution. (Bug 12353)

Windows installers and PortableApps® packages are dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

6LoWPAN, ACAP, Asterix, BGP, DMP, DNS, DTLS, EAP, FMTP, GPRS LLC, GSM A, GSM A GM, GSM CBCH, GSM MAP, GTPv2, HTTP, IAX2, IEEE 802.11, iWARP MPA, MS-WSP, MySQL, NCP, NFS, PKTC, QUIC, R3, RTP, SMB, SPRT, TCP, ZEP, ZigBee, ZigBee NWK, ZigBee ZCL SE, and ZVT
2.6. New and Updated Capture File Support

and Gammu DCT3
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (Bug 9914)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
2. What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-22

    The PKTC dissector could crash. (Bug 12206)

    wnpa-sec-2016-23

    The PKTC dissector could crash. (Bug 12242)

    wnpa-sec-2016-24

    The IAX2 dissector could go into an infinite loop. (Bug 12260)

    wnpa-sec-2016-25

    Wireshark and TShark could exhaust the stack. (Bug 12268)

    wnpa-sec-2016-26

    The GSM CBCH dissector could crash. (Bug 12278)

    wnpa-sec-2016-28

    The NCP dissector could crash. (Bug 12293)

The following bugs have been fixed:

    wlan, wlan_mgt, Length error shown for IE BSS AC Access Delay/WAPI Parameter Set (68). (Bug 12223)
    RPC/NFS incorrectly decodes as ACAP. (Bug 12265)
    Wireshark mistakenly flags CF-End packets as being Malformed. (Bug 12266)
    ASTERIX Category 48 Reserved Expansion Field. (Bug 12267)
    Dissector bug, failed assertion, proto_desegment pinfo→can_desegment. (Bug 12285)
    Malformed Packet: RTP. (Bug 12339)
    Incorrect error on MPA pdu length on iWARP packets. (Bug 12348)

Windows installers and PortableApps® packages are dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

ACAP, Asterix, GPRS LLC, GSM, IAX2, IEEE 802.11, INAP, iWARP MPA, Kerberos, MySQL, NCP, RTP, and SMB
2.5. New and Updated Capture File Support

and Gammu DCT3
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following vulnerabilities have been fixed:

The SPOOLS dissector could go into an infinite loop.
The IEEE 802.11 dissector could crash. (Bug 11585)
The IEEE 802.11 dissector could crash.(Bug 12175)
The UMTS FP dissector could crash. (Bug 12191)
Some USB dissectors could crash. Discovered by Mateusz Jurczyk. (Bug 12356)
The Toshiba file parser could crash. Discovered by iDefense Labs. (Bug 12394)
The CoSine file parser could crash. Discovered by iDefense Labs. (Bug 12395)
The NetScreen file parser could crash. Discovered by iDefense Labs. (Bug 12396)
The Ethernet dissector could crash. (Bug 12440)

The following bugs have been fixed:

Saving pcap capture file with ERF encapsulation creates an invalid pcap file. (Bug 3606)
Questionable calling of Ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
Wireshark 1.12.0 does not dissect HTTP correctly. (Bug 10335)
Don’t copy details of hidden columns. (Bug 11788)
RTP audio player crashes. (Bug 12166)
Crash when saving RTP audio Telephony→RTP→RTP Streams→Analyze→Save→Audio. (Bug 12211)
Edit - preferences - add column field not showing dropdown for choices. (Bug 12321)
Using _ws.expert in a filter can cause a crash. (Bug 12335)
Crash in SCCP dissector UAT (Qt UI only). (Bug 12364)
J1939 frame without data = malformed packet ? (Bug 12366)
The stream number in tshark’s "-z follow,tcp," option is 0-origin rather than 1-origin. (Bug 12383)
IP Header Length display filter should show calculated value. (Bug 12387)
Multiple file radio buttons should be check boxes. (Bug 12388)
Wrong check for getaddrinfo and gethostbyname on Solaris 11. (Bug 12391)
ICMPv6 dissector doesn’t respect actual packet length. (Bug 12400)
Format DIS header timestamp mm:ss.nnnnnn. (Bug 12402)
RTP Stream Analysis can no longer be sorted in 2.0.3. (Bug 12405)
RTP Stream Analysis fails to complete in 2.0.3 when packets are sliced. (Bug 12406)
Network-Layer Name Resolution uses first 32-bits of IPv6 DNS address as IPv4 address in some circumstances. (Bug 12412)
BACnet decoder incorrectly flags a valid APDU as a "Malformed Packet". (Bug 12422)
Valid ISUP messages marked with warnings. (Bug 12423)
Profile command line switch "-C" not working in Qt interface. (Bug 12425)
MRCPv2: info column not showing info correctly. (Bug 12426)
Diameter: Experimental result code 5142. (Bug 12428)
Tshark crashes when analyzing RTP due to pointer being freed not allocated. (Bug 12430)
NFS: missing information in getattr for supported exclusive create attributes. (Bug 12435)
Ethernet type field with a value of 9100 is shown as "Unknown". (Bug 12441)
Documentation does not include support for Windows Server 2012 R2. (Bug 12455)
Column preferences ruined too easily. (Bug 12465)
SMB Open andX extended response decoded incorrectly. (Bug 12472)
SMB NtCreate andX with extended response sometimes incorrect. (Bug 12473)
Viewing NFSv3 Data, checking SRTs doesn’t work. (Bug 12478)
Make wireshark with Qt enabled buildable on ARM. (Bug 12483)

Updated Protocol Support:

AFS, ANSI IS-637 A, BACapp, BT BNEP, Cisco FabricPath MiM, CSN.1, DCERPC SPOOLS, DIS, Ethernet, GSM A RR, ICMPv6, IEEE 802.11, IPv4, ISUP, J1939, JXTA, LAPSat, LPADm, LTE-RRC, MRCPv2, NFS, OpenFlow, SGsAP, SMB, STT, TZSP, UMTS FP, and USB

New and Updated Capture File Support:

Aethra, Catapult DCT2000, CoSine, DBS Etherwatch, ERF, iSeries, Ixia IxVeriWave, NetScreen, Toshiba, and VMS TCPIPtrace

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following vulnerabilities have been fixed:

    wnpa-sec-2016-29

    The SPOOLS dissector could go into an infinite loop. Discovered by the CESG.

    wnpa-sec-2016-30

    The IEEE 802.11 dissector could crash. (Bug 11585)

    wnpa-sec-2016-32

    The UMTS FP dissector could crash. (Bug 12191)

    wnpa-sec-2016-33

    Some USB dissectors could crash. Discovered by Mateusz Jurczyk. (Bug 12356)

    wnpa-sec-2016-34

    The Toshiba file parser could crash. Discovered by iDefense Labs. (Bug 12394)

    wnpa-sec-2016-35

    The CoSine file parser could crash. Discovered by iDefense Labs. (Bug 12395)

    wnpa-sec-2016-36

    The NetScreen file parser could crash. Discovered by iDefense Labs. (Bug 12396)

    wnpa-sec-2016-38

    The WBXML dissector could go into an infinite loop. Discovered by Chris Benedict, Aurelien Delaitre, NIST SAMATE Project. (Bug 12408)

The following bugs have been fixed:

    Saving pcap capture file with ERF encapsulation creates an invalid pcap file. (Bug 3606)
    Don’t copy details of hidden columns. (Bug 11788)
    The stream number in tshark’s "-z follow,tcp,<stream number>" option is 0-origin rather than 1-origin. (Bug 12383)
    ICMPv6 dissector doesn’t respect actual packet length. (Bug 12400)
    Format DIS header timestamp mm:ss.nnnnnn. (Bug 12402)
    Ethernet type field with a value of 9100 is shown as "Unknown". (Bug 12441)
    SMB Open andX extended response decoded incorrectly. (Bug 12472)

Windows installers and PortableApps® packages are dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

CSN.1, DIS, Ethernet, GSM A RR, ICMPv6, IEEE 802.11, JXTA, LAPSat, LPADm, LTE-RRC, OpenFlow, P1, SMB, SPOOLSS, UMTS FP, USB, and WBXML
2.5. New and Updated Capture File Support

Aethra, CoSine, DBS Etherwatch, ERF, iSeries, Ixia IxVeriWave, NetScreen, Toshiba, and VMS TCPIPtrace
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
You can now use regular expressions in Find Packet and in the advanced preferences.
Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
The byte under the mouse in the Packet Bytes pane is now highlighted.
TShark supports exporting PDUs via the -U flag.
The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
Most dialogs in the Qt UI now save their size and positions.
The Follow Stream dialog now supports UTF-16.
The Firewall ACL Rules dialog has returned.
The Flow (Sequence) Analysis dialog has been improved.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

NEW AND UPDATED FEATURES:

The following features are new (or have been significantly updated) since version 2.1.0:
Added -d option for Decode As support in Wireshark (mimics TShark functionality)
The Qt UI, GTK+ UI, and TShark can now export packets as JSON. TShark can additionally export packets as Elasticsearch-compatible JSON.
The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
The RTP player now allows up to 30 minutes of silence frames.
Packet bytes can now be displayed as EBCDIC.
The Qt UI loads captures faster on Windows.
The following features are new (or have been significantly updated) since version 2.0.0:
The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
You can now use regular expressions in Find Packet and in the advanced preferences.
Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
The byte under the mouse in the Packet Bytes pane is now highlighted.
TShark supports exporting PDUs via the -U flag.
The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
Most dialogs in the Qt UI now save their size and positions.
The Follow Stream dialog now supports UTF-16.
The Firewall ACL Rules dialog has returned.
The Flow (Sequence) Analysis dialog has been improved.
We no longer provide packages for 32-bit versions of OS X.
The Bluetooth Device details dialog has been added.

NEW FILE FORMAT DECODING SUPPORT:

Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you’re curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file’s format in the Open File dialog.

NEW PROTOCOL SUPPORT:

Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control Protocol (ECP), Ericsson IPOS Kernel Packet Header Dissector Added (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO 8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters Dissectors Added (Closures Lighting General Measurement & Sensing HVAC Security & Safety)

UPDATED PROTOCOL SUPPORT:

Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default.
New and Updated Capture File Support and Micropross mplog

NEW AND UPDATED CAPTURE INTERFACES SUPPORT:

Non-empty section placeholder.

MAJOR API CHANGES:

The libwireshark API has undergone some major changes:

The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead.
"old style" dissector functions (that don’t return number of bytes used) have been replaced in name with the "new style" dissector functions.
tvb_get_string and tvb_get_stringz have been replaced with vb_get_string_enc and tvb_get_stringz_enc respectively.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

BUG FIXES:

The following vulnerabilities have been fixed:
CORBA IDL dissector crash on 64-bit Windows. (Bug 12495)
PacketBB crash. (Bug 12577)
WSP infinite loop. (Bug 12594)
RLC long loop. (Bug 12660)
LDSS dissector crash. (Bug 12662)
RLC dissector crash. (Bug 12664)
OpenFlow long loop. (Bug 12659)
MMSE, WAP, WBXML, and WSP infinite loop. (Bug 12661)
WBXML crash. (Bug 12663)

The following bugs have been fixed:

T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
TShark crashes with option "-z io,stat,…" in the presence of negative relative packet timestamps. (Bug 9014)
Packet size limited during capture msg is repeated in the Info column. (Bug 9826)
Wireshark loses windows decorations on second screen when restarting maximized using GNOME. (Bug 11303)
Cannot launch GTK+ version of wireshark as a normal user. (Bug 11400)
Restart current capture fails with "no interface selected" error when capturing in promiscuous mode. (Bug 11834)
Add field completion suggestions when adding a Display filter or Y Field to the IO Graph. (Bug 11899)
Wireshark Qt always indicates locale as "C". (Bug 11960)
Wireshark crashes every time open Statistics → Conversations | Endpoints. (Bug 12288)
Find function within the conversations window does not work. (Bug 12363)
Invalid values for USB SET_REQUEST packets. (Bug 12511)
Display filter dropdown hides cursor. (Bug 12520)
Filter for field name tcp.options.wscale.multiplier cannot exceed 255. (Bug 12525)
Ctrl+ shortcuts that are not text-related do not work when focus is on display filter field. (Bug 12533)
Closing Statistics window results in black screen. (Bug 12544)
OSPF: Incorrect description of N/P-bit in NSSA LSA. (Bug 12555)
Inconsistent VHT data rate. (Bug 12558)
DCE/RPC malformed error when stub-data is missing but a sub-dissector has been registered. (Bug 12561)
Wireshark is marking BGP FlowSpec NLRI as malformed if NLRI length is larger than 239 bytes. (Bug 12568)
"Edit Resolved Name" is not saved in current pcapng file. (Bug 12629)
MPTCP: MP_JOIN B bit not decoded correctly. (Bug 12635)
MPTCP MP_PRIO header with AddrID: incorrect AddrID. (Bug 12641)

Updated Protocol Support:

802.11 Radiotap, BGP, CAN, CANopen, H.248 Q.1950, IPv4, IPv6, LANforge, LDSS, MPTCP, OSPF, PacketBB, PRP, RLC, RMT-FEC, RSVP, RTP MIDI, T.30, TDS, USB, WAP, WBXML, WiMax RNG-RSP, and WSP

New and Updated Capture File Support:

and pcapng
New and Updated Capture Interfaces support:
There are no new or updated capture interfaces supported in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
2. What’s New

This is the final release of Wireshark 1.12. It officially reaches end of life on July 31, 2016. If you are still using Wireshark 1.12 you are encouraged to upgrade to Wireshark 2.0.
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2016-40

    NDS dissector crash. (Bug 12576)

    wnpa-sec-2016-41

    PacketBB crash. (Bug 12577)

    wnpa-sec-2016-42

    WSP infinite loop. (Bug 12594)

    wnpa-sec-2016-43

    MMSE infinite loop. (Bug 12624)

    wnpa-sec-2016-44

    RLC long loop. (Bug 12660)

    wnpa-sec-2016-45

    LDSS dissector crash. (Bug 12662)

    wnpa-sec-2016-46

    RLC dissector crash. (Bug 12664)

    wnpa-sec-2016-47

    OpenFlow long loop. (Bug 12659)

The following bugs have been fixed:

    T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
    TShark crashes with option "-z io,stat,…" in the presence of negative relative packet timestamps. (Bug 9014)
    Packet size limited during capture msg is repeated in the Info column. (Bug 9826)
    Filter for field name tcp.options.wscale.multiplier cannot exceed 255. (Bug 12525)
    Inconsistent VHT data rate. (Bug 12558)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

802.11 Radiotap, LANforge, LDSS, MMSE, PacketBB, PRP, RLC, RTP MIDI, T.30, TCP, VITA 49, WiMax RNG-RSP, and WSP
2.5. New and Updated Capture File Support

and pcapng
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

NEW:

Invalid coloring rules are now disabled instead of discarded. This will provide backward compatibility with a coloring rule change in Wireshark 2.2.

BUG FIXES:

Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. ([1]Bug 12712)

NEW UPDATES AND FEATURES:

Added -d option for Decode As support in Wireshark (mimics TShark functionality)
The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible JSON.
The Qt UI now supports the -j, -J, and -l flags. The -m flag is now deprecated.
The Conversations and Endpoints dialogs are more responsive when viewing large numbers of items.
The RTP player now allows up to 30 minutes of silence frames.
Packet bytes can now be displayed as EBCDIC.
The Qt UI loads captures faster on Windows.
proto_tree_add_checksum was added as an API. This attempts to standardize how checksums are reported and filtered for within Shark. There are no more individual "good" and "bad" filter fields, protocols now have a "checksum.status" field that records "Good", "Bad" and "Unverified" (neither good or bad). Color filters provided with Wireshark have been adjusted to the new display filter names, but custom ones may need to be updated.
The intelligent scroll bar now sits to the left of a normal scroll bar and provides a clickable map of nearby packets.
You can now switch between between Capture and File Format dissection of the current capture file via the View menu in the Qt GUI.
You can now show selected packet bytes as ASCII, HTML, Image, ISO 8859-1, Raw, UTF-8, a C array, or YAML.
You can now use regular expressions in Find Packet and in the advanced preferences.
Name resolution for packet capture now supports asynchronous DNS lookups only. Therefore the "concurrent DNS resolution" preference has been deprecated and is a no-op. To enable DNS name resolution some build dependencies must be present (currently c-ares). If that is not the case DNS name resolution will be disabled (but other name resolution mechanisms, such as host files, are still available).
The byte under the mouse in the Packet Bytes pane is now highlighted.
TShark supports exporting PDUs via the -U flag.
The Windows and OS X installers now come with the "sshdump" and "ciscodump" extcap interfaces.
Most dialogs in the Qt UI now save their size and positions.
The Follow Stream dialog now supports UTF-16.
The Firewall ACL Rules dialog has returned.
The Flow (Sequence) Analysis dialog has been improved.
We no longer provide packages for 32-bit versions of OS X.
The Bluetooth Device details dialog has been added.

New File Format Decoding Support:

Wireshark is able to display the format of some types of files (rather than displaying the contents of those files). This is useful when you're curious about, or debugging, a file and its format. To open a capture file (such as PCAP) in this mode specify "MIME Files Format" as the file's format in the Open File dialog.

New Protocol Support:

Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol, Bluetooth Pseudoheader for BR/EDR, CISCO ERSPAN3 Marker, Edge Control Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS Kernel Packet Header Dissector Added (IPOS), Extensible Control & Management Protocol (eCMP), FLEXRAY Protocol dissector added (automotive bus), IEEE 802.1BR E-Tag, ISO 8583-1, ISO14443, ITU-T
G.7041/Y.1303 Generic Framing Procedure (GFP), LAT protocol (DECNET), Metamako trailers, Network-Based IP Flow Mobility (NBIFOM), Nokia Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location System (RTLS), RTI TCP Transport Layer (RTITCP), STANAG 5602 SIMPLE, USB3 Vision Protocol (USB machine vision cameras), USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters Dissectors Added (Closures Lighting General Measurement & Sensing HVAC Security & Safety)

Updated Protocol Support:

Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex), allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process information. It has been disabled by default.

New and Updated Capture File Support:

Micropross mplog
New and Updated Capture Interfaces support:
Non-empty section placeholder.

Major API CHANGES:

The libwireshark API has undergone some major changes:

The address macros (e.g., SET_ADDRESS) have been removed. Use the (lower case) functions of the same names instead.
"old style" dissector functions (that don't return number of bytes used) have been replaced in name with the "new style" dissector functions.
tvb_get_string and tvb_get_stringz have been replaced with tvb_get_string_enc and tvb_get_stringz_enc respectively.

[close]

http://www.wireshark.org/

[SiLæncer]

Whats new:>>

The following features are new (or have been significantly updated) since version 2.2.0rc1:

"Decode As" supports SSL (TLS) over TCP.

http://www.wireshark.org/