Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-22

    Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352

    wnpa-sec-2017-24

    DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351

    wnpa-sec-2017-25

    SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346

    wnpa-sec-2017-26

    DNS dissector infinite loop (Bug 13633) CVE-2017-9345

    wnpa-sec-2017-27

    DICOM dissector infinite loop (Bug 13685) CVE-2017-9349

    wnpa-sec-2017-28

    openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350

    wnpa-sec-2017-29

    BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344

    wnpa-sec-2017-30

    MSNIP dissector crash (Bug 13725) CVE-2017-9343

    wnpa-sec-2017-32

    RGMP dissector crash (Bug 13646) CVE-2017-9354

The following bugs have been fixed:

    DICOM dissection error. (Bug 13164)
    Can not export captured DICOM objects in version 2.2.5. (Bug 13570)
    LibFuzzer: ISUP dissector bug (isup.number_different_meaning). (Bug 13588)
    Dissector Bug, protocol BT ATT. (Bug 13590)
    [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type int in packet-ositp.c:551:79. (Bug 13606)
    [oss-fuzz] UBSAN: shift exponent -77 is negative in packet-netflow.c:7717:23. (Bug 13607)
    [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type int in packet-sigcomp.c:2128:28. (Bug 13610)
    [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type guint32 (aka unsigned int) in packet-rtcp.c:917:24. (Bug 13611)
    [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type guint64 (aka unsigned long) in dwarf.c:42:43. (Bug 13616)
    [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-xot.c:260:23. (Bug 13618)
    [oss-fuzz] UBSAN: shift exponent -5 is negative in packet-sigcomp.c:1722:36. (Bug 13619)
    [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in packet-quakeworld.c:134:5. (Bug 13624)
    [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-netsync.c:467:25. (Bug 13639)
    [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-sigcomp.c:3857:24. (Bug 13641)
    [oss-fuzz] ASAN: stack-use-after-return epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field. (Bug 13662)
    Welcome screen invalid capture filter wihtout WinPcap installed causes runtime error. (Bug 13672)
    SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY (0x33) command correctly. (Bug 13690)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNS, DWARF, IEEE 802.11, ISUP, MSNIP, Netflow, Netsync, openSAFETY, OSITP, QUAKEWORLD, RGMP, RTCP, SIGCOMP, SMB, SoulSeek, and XOT
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Release Notes

== What's New

//=== Bug Fixes

//The following bugs have been fixed:

//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* cve-idlink:2014-2486[]
//* Wireshark keeps leaving voicemails advertising timeshare condominiums in Fresno. (ws-buglink:0000[])

//_Non-empty section placeholder._

=== New and Updated Features

The following features are new (or have been significantly updated)
since version 2.2.0:

* Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available.
  It is recommended that you use these independently of the NSIS (.exe) installers.
  That is, you should make sure the NSIS package is completely uninstalled before
  installing the Windows Installer package and vice-versa.
* Source packages are now compressed using xz instead of bzip2.
* The legacy (GTK+) UI is disabled by default in the Windows installer.
* The legacy (GTK+) UI is disabled by default in Autotools and CMake.
* SS7 Point Codes can now be resolved into names with a hosts-like file.
* Wireshark can now go fullscreen to have more room for packets.
* TShark can now export objects like the other GUI interfaces.
* Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
* You can now choose the output device when playing RTP streams.
* Added support for dissectors to include a unit name natively in their hf field.
  A field can now automatically append "seconds" or "ms" to its value without
  additional printf-style APIs.
* The Default profile can now be reset to default values.
* You can move back and forth in the selection history in the Qt UI.
* IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original
  decryption key preference has been obsoleted.
* Extcap utilities can now provide configuration for a GUI interface toolbar to
  control the extcap utility while capturing.
* Extcap utilities can now validate the capture filter.
* Display filter function len() can now be used on all string and byte fields.
* Added timeline view for 802.11 wireless packet data.

//=== Removed Dissectors

//=== New File Format Decoding Support

=== New Protocol Support

// Add one protocol per line between the --sort-and-group-- delimiters.
--sort-and-group--
Bluetooth HCI Vendor Intel
CAN FD
Ericsson A-bis P-GSL
Ericsson A-bis TFP (Traffic Forwarding Protocol)
Fc00/cjdns Protocol
Generic Netlink (genl)
GSM Osmux
Health Level 7 (HL7)
High-speed SECS message service (HSMS)
iPerf2
ISO 15765
Linux 802.11 Netlink (nl80211)
Local Service Discovery (LSD)
M2 Application Protocol
Mesh Link Establishment (MLE)
Nordic BLE Sniffer
NVMe Fabrics RDMA
NVMe
OpenThread simulator
RFTap Protocol
SCTE-35 Digital Program Insertion Messages
Snort Post-dissector
Thread CoAP
Unified Diagnostic Services (UDS)
vSocket
Windows Cluster Management API (clusapi)
GSMTAP based logging
HomePNA
X-Rite i1 Display Pro (and derivatives) USB protocol
IndigoCare iCall protocol
IndigoCare Netrix protocol
NetScaler HA Protocol
NetScaler Metric Exchange Protocol
NetScaler RPC Protocol
DirectPlay 8 protocol
NM protocol
Netgear Ensemble Protocol
OBD-II PIDs
(Facebook) Zero
--sort-and-group--

=== Updated Protocol Support

Too many protocols have been updated to list here.

=== New and Updated Capture File Support

_Non-empty section placeholder._
// Add one file type per line between the --sort-and-group-- delimiters.
--sort-and-group--
--sort-and-group--

=== New and Updated Capture Interfaces support

_Non-empty section placeholder._
--sort-and-group--
--sort-and-group--

//=== Major API Changes
IEEE802.11: wlan_mgt display filter element got renamed to wlan.
Libgcrypt is now a required dependency.

== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the https://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.

== Known Problems

Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])

The BER dissector might infinitely loop.
(ws-buglink:1516[])

Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])

Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])

Application crash when changing real-time option.
(ws-buglink:4035[])

Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])

Wireshark should let you work with multiple capture files. (ws-buglink:10488[])

Dell Backup and Recovery (DBAR) makes many Windows applications crash,
including Wireshark. (ws-buglink:12036[])

[close]

http://www.wireshark.org/

[SiLæncer]

Release Notes

Wireshark 2.4.0rc2 has been released. This is the second release candidate for Wireshark 2.4.0. Installers for Windows, macOS, and source code are now available.
New or significantly updated features since version 2.2.0

    Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available. It is recommended that you use these independently of the NSIS (.exe) installers. That is, you should make sure the NSIS package is completely uninstalled before installing the Windows Installer package and vice-versa.
    Source packages are now compressed using xz instead of bzip2.
    The legacy (GTK+) UI is disabled by default in the Windows installer.
    The legacy (GTK+) UI is disabled by default in Autotools and CMake.
    SS7 Point Codes can now be resolved into names with a hosts-like file.
    Wireshark can now go fullscreen to have more room for packets.
    TShark can now export objects like the other GUI interfaces.
    Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
    You can now choose the output device when playing RTP streams.
    Added support for dissectors to include a unit name natively in their hf field. A field can now automatically append "seconds" or "ms" to its value without additional printf-style APIs.
    The Default profile can now be reset to default values.
    You can move back and forth in the selection history in the Qt UI.
    IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original decryption key preference has been obsoleted.
    Extcap utilities can now provide configuration for a GUI interface toolbar to control the extcap utility while capturing.
    Extcap utilities can now validate the capture filter.
    Display filter function len() can now be used on all string and byte fields.
    Added timeline view for 802.11 wireless packet data.

New Protocol Support

(Facebook) Zero, Bluetooth HCI Vendor Intel, CAN FD, DirectPlay 8 protocol, Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol), Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux, GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local Service Discovery (LSD), M2 Application Protocol, Mesh Link Establishment (MLE), Netgear Ensemble Protocol, NetScaler HA Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol, NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs, OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion Messages, Snort Post-dissector, Thread CoAP, Unified Diagnostic Services (UDS), vSocket, Windows Cluster Management API (clusapi), and X-Rite i1 Display Pro (and derivatives) USB protocol

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-13

    WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410

    Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.

    wnpa-sec-2017-28

    openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411

    Note: This is an update for a fix in Wireshark 2.2.7.

    wnpa-sec-2017-34

    AMQP dissector crash. (Bug 13780) CVE-2017-11408

    wnpa-sec-2017-35

    MQ dissector crash. (Bug 13792) CVE-2017-11407

    wnpa-sec-2017-36

    DOCSIS infinite loop. (Bug 13797) CVE-2017-11406

    wnpa-sec-2017-37

    GPRS LLC large loop. (Bug 13603) CVE-2017-11409

The following bugs have been fixed:

    Regression in SCCP fragments handling. (Bug 13651)
    TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (Bug 13739)
    Dissector for WSMP (IEEE 1609.3) not current. (Bug 13766)
    DAAP dissector dissect_daap_one_tag recursion stack exhausted. (Bug 13799)
    Malformed DCERPC PNIO packet decode, exception handler invalid pointer reference. (Bug 13811)
    It seems SPVID was decoded from wrong field. (Bug 13821)
    README.dissectors: Add notes about predefined string structures not available to plugin authors. (Bug 13828)
    cmake/modules/FindZLIB.cmake doesn’t find inflatePrime. (Bug 13850)
    [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. (Bug 13783)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

AMQP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, GPRS LLC, ISIS LSP, MQ, OpenSafety, OSPF, PROFINET IO, SCCP, TCAP, TCP, UMTS FP, UMTS RLC, WBMXL, and WSMP
2.6. New and Updated Capture File Support

pcap
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-13

    WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410

    Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.

    wnpa-sec-2017-28

    openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411

    Note: This is an update for a fix in Wireshark 2.2.7.

    wnpa-sec-2017-34

    AMQP dissector crash. (Bug 13780) CVE-2017-11408

    wnpa-sec-2017-35

    MQ dissector crash. (Bug 13792) CVE-2017-11407

    wnpa-sec-2017-36

    DOCSIS infinite loop. (Bug 13797) CVE-2017-11406

The following bugs have been fixed:

    Y.1711 dissector reverses defect type order. (Bug 8292)
    Packet list keeps scrolling back to selected packet while names are being resolved. (Bug 12074)
    [REGRESSION] Export Objects do not show files from a SMB2 capture. (Bug 13214)
    LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values. (Bug 13481)
    Hexpane showing in proportional font again. (Bug 13638)
    Regression in SCCP fragments handling. (Bug 13651)
    TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (Bug 13739)
    Dissector for WSMP (IEEE 1609.3) not current. (Bug 13766)
    RANAP: possible issue in the heuristic code. (Bug 13770)
    [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. (Bug 13783)
    RANAP: false positives on heuristic algorithm. (Bug 13791)
    Automatic name resolution not saved to PCAP-NG NRB. (Bug 13798)
    DAAP dissector dissect_daap_one_tag recursion stack exhausted. (Bug 13799)
    Malformed DCERPC PNIO packet decode, exception handler invalid poionter reference. (Bug 13811)
    It seems SPVID was decoded from wrong field. (Bug 13821)
    README.dissectors: Add notes about predefined string structures not available to plugin authors. (Bug 13828)
    Statistics→Packet Lengths doesn’t display details for 5120 or greater. (Bug 13844)
    cmake/modules/FindZLIB.cmake doesn’t find inflatePrime. (Bug 13850)
    BGP: incorrect decoding COMMUNITIES whose length is larger than 255. (Bug 13872)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF, PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC, WBXML, WSMP, and Y.1711
2.6. New and Updated Capture File Support

pcap pcap-ng
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

New and Updated Features:

Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available. It is recommended that you use these independently of the NSIS (.exe) installers. That is, you should make sure the NSIS package is completely uninstalled before installing the Windows Installer package and vice-versa.
Source packages are now compressed using xz instead of bzip2.
The legacy (GTK+) UI is disabled by default in the Windows installers.
The legacy (GTK+) UI is disabled by default in the development environment (Autotools and CMake).
SS7 Point Codes can now be resolved into names with a hosts-like file.
Wireshark can now go fullscreen to have more room for packets.
TShark can now export objects like the other GUI interfaces.
Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
You can now choose the output device when playing RTP streams.
Added support for dissectors to include a unit name natively in their hf field. A field can now automatically append "seconds" or "ms" to its value without additional printf-style APIs.
The Default profile can now be reset to default values.
You can move back and forth in the selection history in the Qt UI.
IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original decryption key preference has been obsoleted.
Extcap utilities can now provide configuration for a GUI interface toolbar to control the extcap utility while capturing.
Extcap utilities can now validate the capture filter.
Display filter function len() can now be used on all string and byte fields.
Added an experimental timeline view for 802.11 wireless packet data which can be enabled via the "802.11 radio information" preferences.
Added TLS 1.3 (draft 21) dissection and decryption support (Bug 12779).
The (D)TLS Application Layer protocol (e.g. HTTP or CoAP) can now be changed via the Decode As dialog.
The RSA keys dialog for SSL keys has improved feedback for invalid settings and no longer requires the IP address, Port or Protocol fields to be set in addition to the Key File.
TCP Analysis will detect and flag more spurious retransmissions.

New Protocol Support:

Bluetooth HCI Vendor Intel, CAN FD, Citrix NetScaler Metric Exchange Protocol, Citrix NetScaler RPC Protocol, DirectPlay 8 protocol, Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol), Facebook Zero, Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux, GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local Service Discovery (LSD), M2 Application Protocol, Mesh Link Establishment (MLE), MUDURL, Netgear Ensemble Protocol, NetScaler HA Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol, NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs, OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion Messages, Snort Post-dissector, Thread CoAP, UDP based FTP w/ multicast (UFTP and UFTP4), Unified Diagnostic Services (UDS), vSocket, Windows Cluster Management API (clusapi), and X-Rite i1 Display Pro (and derivatives) USB protocol

New and Updated Capture File Support:

ERF, IxVeriWave, Libpcap, and Pcap-ng

Major API Changes:

IEEE802.11: wlan_mgt display filter element got renamed to wlan.
Libgcrypt is now a required dependency.

File Locations:

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-38

    MSDP dissector infinite loop (Bug 13933)

    wnpa-sec-2017-39

    Profinet I/O buffer overrun (Bug 13847)

    wnpa-sec-2017-41

    IrCOMM dissector buffer overrun (Bug 13929)

The following bugs have been fixed:

    Confusing "Apply a display filter <Command/>" keyboard shortcut. (Bug 12450)
    VNC Protocol disector : Framebuffer Updates. (Bug 13910)
    DNS LOC RRs with out-of-range longitude or latitude aren’t shown as errors. (Bug 13914)
    DIS Dissector Entity Appearance Record displayed in wrong location. (Bug 13917)
    Win64 CMake bug - (CYGWIN_INSTALL_PATH redefinition) causing missing packages when using CMake 3.9.0. (Bug 13922)
    APL records parsed incorrectly for IPv4 prefixes. (Bug 13923)
    TCAP SRT Analysis incorrectly matched TCAP begins and ends. (Bug 13926)
    E.212: Check length before trying 3-digits MNC. (Bug 13935)
    Crash in Wireshark using Dumper:dump() from Lua. (Bug 13944)
    GTPv2 - decoding issue for Packet Flow ID (type 123). (Bug 13987)
    [oss-fuzz] BGP memleak: ASAN: 276 byte(s) leaked in 5 allocation(s). (Bug 13995)
    Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
    802.11 wlan.ft.subelem.r0kh_id should be sequence of bytes. (Bug 14004)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

APL, BGP, DIS, DNS, E.212, GTPv2, IEEE 802.11, InfiniBand, MSDP, MTP2, pcapng MIME, Profinet I/O, SML, TCAP, and VNC

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following bugs have been fixed:

    wnpa-sec-2017-38

    MSDP dissector infinite loop (Bug 13933)

    wnpa-sec-2017-39

    Profinet I/O buffer overrun (Bug 13847)

    wnpa-sec-2017-40

    Modbus dissector crash (Bug 13925)

    wnpa-sec-2017-41

    IrCOMM dissector buffer overrun (Bug 13929)

    Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242). (Bug 11630)
    Confusing "Apply a display filter <Command/>" keyboard shortcut. (Bug 12450)
    Wireshark crashes at startup if it needs to display a dialog early in the startup process. (Bug 13275)
    RADIUS dictionary: BEGIN-VENDOR does not support format=Extended-Vendor-Specific-\*. (Bug 13745)
    Dumpcap on big-endian machines writes out corrupt, unreadable Enhanced Packet Blocks. (Bug 13802)
    Interface Toolbar support for Windows. (Bug 13833)
    Wireshark should behave better on high resolution displays on Windows. (Bug 13877)
    Udpdump.pod missing from build. (Bug 13903)
    RTP Player Format Error. (Bug 13906)
    VNC Protocol disector : Framebuffer Updates. (Bug 13910)
    DNS LOC RRs with out-of-range longitude or latitude aren’t shown as errors. (Bug 13914)
    DIS Dissector Entity Appearance Record displayed in wrong location. (Bug 13917)
    Win64 CMake bug - (CYGWIN_INSTALL_PATH redefinition) causing missing packages when using CMake 3.9.0. (Bug 13922)
    APL records parsed incorrectly for IPv4 prefixes. (Bug 13923)
    File→Merge dialog doesn’t show all options. Resizing doesn’t help. (Bug 13924)
    TCAP SRT Analysis incorrectly matched TCAP begins and ends. (Bug 13926)
    Error in MKA Distributed SAK parameter set dissection. (Bug 13927)
    E.212: Check length before trying 3-digits MNC. (Bug 13935)
    mpeg_descriptor: AC3 System A: Respect descriptor length. (Bug 13939)
    Crash in Wireshark using Dumper:dump() from Lua. (Bug 13944)
    MRCPv2 not decoded correctly. (Bug 13952)
    UDP Checksum verification not working for 0x0000 checksum. (Bug 13955)
    OSPF v3 LSA Type not well parsed. (Bug 13979)
    GTPv2 - decoding issue for Packet Flow ID (type 123). (Bug 13987)
    TRANSUM fails to calculate RTE figures for DCE-RPC where request Packet Type is zero. (Bug 13988)
    BTLE Hop and SCA fields incorrectly dissected in BLE CONNECT_REQ. (Bug 13990)
    [oss-fuzz] BGP memleak: ASAN: 276 byte(s) leaked in 5 allocation(s). (Bug 13995)
    Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
    GTP: gtp.ext_comm_flags_II_pmtsmi bit not decoded correctly. (Bug 14001)
    InfiniBand: sIP and dIP inside IP CM Private Data are decoded in the wrong order. (Bug 14002)
    802.11 wlan.ft.subelem.r0kh_id should be sequence of bytes. (Bug 14004)
    USB capture: Unrecognized libpcap format or not libpcap data. (Bug 14006)
    SQ Header Pointer in NVMoF response capsule is decoded with the wrong endian. (Bug 14008)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

BGP, BT LE, DIS, DNS, E.212, EPL, GTP, GTPv2, IEEE 802.11, InfiniBand, IPv4, IrCOMM, MKA, Modbus, MPEG Descriptor, MRCPv2, MSDP, MTP2, Nordic BLE, NVMe, OSPF, pcapng MIME, PMIPv6, Profinet I/O, RADIUS, SML, TCAP, TRANSUM, UA3G, UDP, VNC, and ZigBee

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following bugs have been fixed:

    wnpa-sec-2017-42

    BT ATT dissector crash (Bug 14049) CVE-2017-15192

    wnpa-sec-2017-43

    MBIM dissector crash (Bug 14056) CVE-2017-15193

    wnpa-sec-2017-44

    DMP dissector crash (Bug 14068) CVE-2017-15191

    wnpa-sec-2017-45

    RTSP dissector crash (Bug 14077) CVE-2017-15190

    wnpa-sec-2017-46

    DOCSIS infinite loop (Bug 14080) CVE-2017-15189

    Wireshark crash when end capturing with "Update list of packets in real-time" option off. (Bug 13024)
    Diameter service response time statistics broken in 2.2.4. (Bug 13442)
    Sequence number isn’t shown as the X axis in TCP Stream Graph - RTT. (Bug 13740)
    Using an SSL subdissector will cause SSL data to not be decoded (related to reassembly of application data). (Bug 13885)
    Wireshark 2.4.0 doesn’t build with Qt 4.8. (Bug 13909)
    Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
    Voip Flow Sequence button crash. (Bug 14010)
    wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in wrong place ?. (Bug 14016)
    wireshark-2.4.1/ui/qt/tcp_stream_dialog.cpp:1206: sanity check in odd place ?. (Bug 14017)
    [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). (Bug 14025)
    [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). (Bug 14032)
    Own interface toolbar logger dialog for each log command. (Bug 14033)
    Wireshark crashes when dissecting DOCSIS REGRSPMP which contains UCD. (Bug 14038)
    Broken installation instructions for Visual Studio Community Edition. (Bug 14039)
    RTP Analysis "save as CSV" saves twice the forward stream, if two streams are selected. (Bug 14040)
    VWR file read ends early with vwr: Invalid data length 0. (Bug 14051)
    reordercap fails with segmentation fault 11 on MacOS. (Bug 14055)
    Cannot Apply Bitmask to Long Unsigned. (Bug 14063)
    text2pcap since version 2.4 aborts when there are no arguments. (Bug 14082)
    gtpprime: Missing in frame.protocols. (Bug 14083)
    HTTP dissector believes ICY response is a request. (Bug 14091)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

6LoWPAN, Bluetooth, BOOTP/DHCP, BT ATT, BT LE, DCERPC, DMP, DOCSIS, EPL, GTP, H.248, HTTP, InfiniBand, MBIM, RPC, RTSP, SSL, and WSP
2.5. New and Updated Capture File Support

Ixia IxVeriWave

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-42

    BT ATT dissector crash (Bug 14049) CVE-2017-15192

    wnpa-sec-2017-43

    MBIM dissector crash (Bug 14056) CVE-2017-15193

    wnpa-sec-2017-44

    DMP dissector crash (Bug 14068) CVE-2017-15191

The following bugs have been fixed:

    Wireshark crash when end capturing with "Update list of packets in real-time" option off. (Bug 13024)
    Diameter service response time statistics broken in 2.2.4. (Bug 13442)
    Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
    wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in wrong place ?. (Bug 14016)
    [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). (Bug 14025)
    [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). (Bug 14032)
    RTP Analysis "save as CSV" saves twice the forward stream, if two streams are selected. (Bug 14040)
    Cannot Apply Bitmask to Long Unsigned. (Bug 14063)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2.1. Bug Fixes

The following bugs have been fixed:

    wnpa-sec-2017-47

    The IWARP_MPA dissector could crash. (Bug 14236)

    wnpa-sec-2017-48

    The NetBIOS dissector could crash. (Bug 14249)

    wnpa-sec-2017-49

    The CIP Safety dissector could crash. (Bug 14250)

    "tshark -G ?" doesn’t provide expected help. (Bug 13984)
    File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
    packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
    packet-q931.c:1306: bad compare ?. (Bug 14116)
    SSL Dissection bug. (Bug 14117)
    Wireshark crashes when exporting various files to .csv, txt and other ‘non-capture file’ formats. (Bug 14128)
    RLC reassembly doesn’t work for RLC over UDP heuristic dissector. (Bug 14129)
    HTTP Object export fails with long extension (possibly query string). (Bug 14130)
    3GPP Civic Address not displayed in Packet Details. (Bug 14131)
    Wireshark prefers packet.dll in System32\\Npcap over the one in System32. (Bug 14134)
    PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
    Visual Studio Community Edition 2015 lacks tools named in developer guide. (Bug 14147)
    TCP: Malformed data with Riverbed Probe option. (Bug 14150)
    Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
    Right click on SMB2 Message ID and then Apply as Column causes Runtime Error. (Bug 14169)
    Return [Enter] should apply change (Column title - Button Label toolbars). (Bug 14191)
    Wireshark crashes if "rip.display_routing_domain" is set to TRUE in preferences file. (Bug 14197)
    Entry point inflatePrime not found for androiddump.exe and randpktdump.exe. (Bug 14207)
    BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly. (Bug 14241)
    Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication). (Bug 14243)
    Frame direction isn’t always set if it comes from the pcapng record header rather than the packet pseudo-header. (Bug 14245)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA, KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP, SSL/TLS, TCP, and TRANSUM

2.5. New and Updated Capture File Support

There is no new or updated capture file support in this release.

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2017-47

    The IWARP_MPA dissector could crash. (Bug 14236)

    wnpa-sec-2017-48

    The NetBIOS dissector could crash. (Bug 14249)

    wnpa-sec-2017-49

    The CIP Safety dissector could crash. (Bug 14250)

The following bugs have been fixed:

    "tshark -G ?" doesn’t provide expected help. (Bug 13984)
    packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
    packet-q931.c:1306: bad compare ?. (Bug 14116)
    Wireshark crashes when exporting various files to .csv, txt and other ‘non-capture file’ formats. (Bug 14128)
    Wireshark prefers packet.dll in System32\Npcap over the one in System32. (Bug 14134)
    PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
    Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
    Right click on SMB2 Message ID and then Apply as Column causes Runtime Error!. (Bug 14169)
    Wireshark crashes if "rip.display_routing_domain" is set to TRUE in preferences file. (Bug 14197)
    Entry point inflatePrime not found for androiddump.exe and randpktdump.exe. (Bug 14207)
    Frame direction isn’t always set if it comes from the pcapng record header rather than the packet pseudo-header. (Bug 14245)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

3GPP NAS, CIP Safety, IWARP_MPA, KNXnet/IP, NetBIOS, PEEKREMOTE, Q.931, and RIP
2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New
2.1. Bug Fixes

The following bugs have been fixed:

    wnpa-sec-2018-01

    Multiple dissectors could crash. (Bug 14253) CVE-2018-5336

    wnpa-sec-2018-03

    The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334

    wnpa-sec-2018-04

    The WCP dissector could crash. (Bug 14251) CVE-2018-5335

Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpf_jit_enable sysctl. This could make systems more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature has been removed (Bug 14313).

    Some keyboard shortcut mix-up has been resolved by assigning new shortcuts to Edit → Copy methods.
    Remote interfaces are not saved. (Bug 8557)
    Additional grouping in Expert Information dialog. (Bug 11753)
    First start with non-empty extcap folder after install or reboot hangs at "initializing tap listeners". (Bug 12845)
    Can’t hide expert categories in Expert Information. (Bug 13831)
    Expert info dialog should have "Collapse All"/"Expand All" options. (Bug 13842)
    SIP Statistics extract does not work. (Bug 13942)
    Service Response Time - SCSI dialog crashes. (Bug 14144)
    Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
    SSH remote capture promiscuous mode. (Bug 14237)
    SOCKS pseudo header displays incorrect Version value. (Bug 14262)
    Only first variable of list is dissected in NTP Control request message. (Bug 14268)
    NTP Authenticator field dissection fails if padding is used. (Bug 14269)
    BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message. (Bug 14289)
    "[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
    There is a potential buffer underflow in File_read_line function in epan/wslua/wslua_file.c file. (Bug 14295)
    Saving a temporary capture file may not result in the temporary file being removed. (Bug 14298)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
2.5. New and Updated Capture File Support

Ixia IxVeriWave
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2018-01

    Multiple dissectors could crash. (Bug 14253) CVE-2018-5336

    wnpa-sec-2018-02

    The MRDISC dissector could crash. (Bug 14299, Bug 13707) CVE-2017-17997

    wnpa-sec-2018-03

    The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334

    wnpa-sec-2018-04

    The WCP dissector could crash. (Bug 14251) CVE-2018-5335

Prior to this release dumpcap enabled the Linux kernel’s BPF JIT compiler via the net.core.bpf_jit_enable sysctl. This could make systems more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature has been removed (Bug 14313).

The following bugs have been fixed:

    First start with non-empty extcap folder after install or reboot hangs at "initializing tap listeners". (Bug 12845)
    SIP Statistics extract does not work. (Bug 13942)
    Service Response Time - SCSI dialog crashes. (Bug 14144)
    SOCKS pseudo header displays incorrect Version value. (Bug 14262)
    Only first variable of list is dissected in NTP Control request message. (Bug 14268)
    NTP Authenticator field dissection fails if padding is used. (Bug 14269)
    There is a potential buffer underflow in File_read_line function in epan/wslua/wslua_file.c file. (Bug 14295)
    Saving a temporary capture file may not result in the temporary file being removed. (Bug 14298)

2.2. New and Updated Features

There are no new features in this release.
2.3. New File Format Decoding Support

There are no new file formats in this release.
2.4. New Protocol Support

There are no new protocols in this release.
2.5. Updated Protocol Support

MRDISC, NTP, SCTP, SOCKS, and WCP
2.6. New and Updated Capture File Support

Ixia IxVeriWave
2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.
2.8. Major API Changes

There are no major API changes in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

This is a semi-experimental release intended to test new features for Wireshark 26
Many user interface improvements have been made See the New and
Updated Features section below for more details

New and Updated Features:

The following features are new (or have been significantly updated)

since version 240:

Display filter buttons can now be edited, disabled, and removed via
a context menu directly from the toolbar
Drag & Drop filter fields to the display filter toolbar or edit to
create a button on the fly or apply the filter as a display filter
Application startup time has been reduced
Some keyboard shortcut mix-ups have been resolved by assigning new
shortcuts to Edit -> Copy methods
TShark now supports color using the --color option
The "matches" display filter operator is now case-insensitive
Display expression (button) preferences have been converted to a
UAT This puts the display expressions in their own file Wireshark
still supports preference files that contain the old preferences,
but new preference files will be written without the old fields
SMI private enterprise numbers are now read from the
"enterprisestsv" configuration file
The QUIC dissector has been renamed to Google QUIC (quic -> gquic)
The selected packet number can now be shown in the Status Bar by
enabling Preferences -> Appearance -> Layout -> Show selected
packet number
File load time in the Status Bar is now disabled by default and can
be enabled in Preferences -> Appearance -> Layout -> Show file load
time
Support for the G729A codec in the RTP Player is now added via the
bcg729 library
Support for hardware-timestamping of packets has been added
Improved NetMon cap support with comments, event tracing, network
filter, network info types and some Message Analyzer exported
types
The personal plugins folder on Linux/Unix is now
~/local/lib/wireshark/plugins
TShark can print flow graphs using -z flow
Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
SHA1 MD5 output has been removed
The packet editor has been removed (This was a GTK+ only
experimental feature)
Support BBC micro:bit Bluetooth profile
The Linux and UNIX installation step for Wireshark will now install
headers required to build plugins A pkg-config file is provided to
help with this (see doc/pluginsexample for details) Note you must
still rebuild all plugins between minor releases (XY)
The Windows installers and packages now ship with Qt 594

New Protocol Support:

80211ax (High Efficiency WLAN (HEW)), ActiveMQ Artemis Core Protocol,
AMT (Automatic Multicast Tunneling), Bluetooth Mesh, Broadcom tags
(Broadcom Ethernet switch management frames), CAN-ETH, CVS password
server, FP Mux, GRPC (gRPC), IEEE 19051a, IEEE 8023br Frame
Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre Filesystem,
Lustre Network, Network Functional Application Platform Interface
(NFAPI) Protocol, New Radio Radio Resource Control protocol, NXP
802154 Sniffer Protocol, PFCP (Packet Forwarding Control Protocol),
Protobuf (Protocol Buffers), QUIC (IETF), Session Multiplex Protocol,
SolarEdge monitoring protocol, Tibia, TWAMP and OWAMP, and Wi-Fi Device
Provisioning Protocol
Updated Protocol Support
Too many protocols have been updated to list here
New and Updated Capture File Support
Microsoft Network Monitor

New and Updated Capture Interfaces support:

LoRaTap

[close]

http://www.wireshark.org/