Version history Wireshark

<<Back

Changes from v1.3.1 Development Release -> v1.3.2 Development Release

• The rewritten packet list internals have been updated.

Changes from v1.2.2 -> v1.2.3

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The Paltalk dissector could crash on alignment-sensitive processors. (Bug 3689)
• Versions affected: 1.2.0 to 1.2.2
• The DCERPC/NT dissector could crash.
• Versions affected: 0.10.10 to 1.2.2
• The SMB dissector could crash.
• Versions affected: 1.2.0 to 1.2.2
• The following bugs have been fixed:
• Wireshark memory leak with each file open and/or display filter change. (Bug 2375)
• DHCP Dissector displays negative lease time. (Bug 2733)
• Invalid advertised window line on tcptrace style graph. (Bug 3417)
• SMB get_dfs_referral referral entry is not dissected correctly. (Bug 3542)
• Error dissecting eMule sourceOBFU message. (Bug 3848)
• Typos in Diameter XML files. (Bug 3878)
• RSL dissector for MS Power IE is broken. (Bug 4017)
• Manifest problem in 1.2.2 Win64 build. (Bug 4024)
• FIP dissector throws assertion. (Bug 4046)
• TCAP problem with indefinite length 'components' SEQ OF. (Bug 4053)
• GSM MAP: an-APDU not decoded. (Bug 4095)
• Add "Drag and Drop entries..." message on Columns preferences page. (Bug 4099)
• Editcap -t and -w option parses fractional digits incorrectly. (Bug 4162)
• New and Updated Features
• The 32-bit and 64-bit Windows packages now include WinPcap 4.1.1. .
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP, Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
• Updated Capture File Support
• Capture file support is unchanged in this release.

Changes from v1.2.1 -> v1.2.2

• The GSM A RR dissector could crash. (Bug 3893)
• Versions affected: 1.2.0 to 1.2.1
• The OpcUa dissector could use excessive CPU and memory. (Bug 3986)
• Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1
• The TLS dissector could crash on some platforms. (Bug 4008)
• Versions affected: 1.2.0 to 1.2.1
• The following bugs have been fixed:
• The "Capture->Interfaces" window can't be closed. (Bug 1740)
• tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)
• Memory leak fixes. (Bug 3330)
• Display filter autocompletion doesn't work for some RADIUS and WiMAX ASNCP fields. (Bug 3538)
• Wireshark Portable includes wrong WinPcap installer. (Bug 3547)
• Crash when loading a profile. (Bug 3640)
• The proto,colinfo tap doesn't work if the INFO column isn't being printed. (Bug 3675)
• Flow Graph adds too much unnecessary garbage. (Bug 3693)
• The EAP Diameter dictionary file was missing in the distribution. (Bug 3761)
• Graph analysis window is behind other window. (Bug 3773)
• IKEv2 Cert Request payload dissection error. (Bug 3782)
• DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified domain-name. (Bug 3792)
• Malformed RTCP Packet error while sending Payload specific RTCP feedback packet( as per RFC 4585). (Bug 3800)
• 802.11n Block Ack packet Bitmap field missing. (Bug 3806)
• Wireshark doesn't decode WBXML/ActiveSync information correctly. (Bug 3811)
• Malformed packet when IPv6 packet has Next Header == 59. (Bug 3820)
• Wireshark could crash while reading an ERF file. (Bug 3849)
• Minor errors in gsm rr dissectors. (Bug 3889)
• WPA Decryption Issues. (Bug 3890)
• GSM A RR sys info dissection problem. (Bug 3901)
• GSM A RR inverts MEAS-VALID values. (Bug 3915)
• PDML output leaks ~300 bytes / packet. (Bug 3913)
• Incorrect station identifier parsing in Kingfisher dissector. (Bug 3946)
• DHCPv6, Vendor-Specific Informantion, SubOption"Option Request" parser incorrect. (Bug 3987)
• Wireshark could leak memory while analyzing SSL.
• Wireshark could crash while updating menu items after reading a file in some cases.
• The Mac OS X ChmodBPF script now works correctly under Snow Leopard.

Changes from v1.2.0 -> v1.2.1

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The IPMI dissector could overrun a buffer. Versions affected: 1.2.0
• The AFS dissector could crash. Versions affected: 0.9.2 to 1.2.0
• The Infiniband dissector could crash on some platforms. Versions affected: 1.0.6 to 1.2.0
• The Bluetooth L2CAP dissector could crash. Versions affected: 1.2.0
• The RADIUS dissector could crash. Versions affected: 1.2.0
• The MIOP dissector could crash. Versions affected: 1.2.0
• The sFlow dissector could use excessive CPU and memory. Versions affected: 1.2.0
• The following bugs have been fixed:
• Wireshark could crash while reading a pcap-ng file.
• Wireshark could crash while reading a PacketLogger file.
• CFLOW decoding is wrong for IPv6 fields (Bug 3328)
• Buildbot crash output: fuzz-2009-04-24-2891.pcap (Bug 3438)
• packet-dcm, corrupt DICOM export files (Bug 3493)
• GeoIP map should use random temporary file name (Bug 3530)
• Wireshark crashes when range_string is the data type (Bug 3536)
• Pcap-ng breaks VoIP call data (Bug 3539)
• ANSI MAP legInformation BER Error (Bug 3541)
• Starting Wireshark Portable 1.2.0 gives error message. (Bug 3547)
• On Windows, Wireshark could crash on startup. (Bug 3555)
• The title in the TCP sequence graphs is too short. (Bug 3556)
• USB Packets in pcap-ng Files Not Dissected Properly (Bug 3560)
• 802.11 decryption is broken (Bug 3590)
• SMB2 Error Response doesn't decode properly (Bug 3609)
• configure.in uses deprecated autoconf test for gnutls detection (Bug 3627)
• Radius Malformed Packet error message (Bug 3635)
• Wireshark could crash when loading a profile. (Bug 3640)
• Analyze->Decode as... menu item becomes unavailable (Bug 3642)
• btsnoop: Incorrect error message for not supported datalink type (Bug 3645)
• Decode error for network-id in BICC BCU-ID (Bug 3648)
• IEC 60870-5-104 dissector decodes nothing (Bug 3650)
• radius_register_avp_dissector() can stop RADIUS dissector from working correctly (Bug 3651)
• ANSI ISUP Cause indicators with coding standard=ANSI fail to dissect. (Bug 3654)
• Wrong field position in PacketCable Multimedia Extended Classifier (Bug 3656)
• FF Protocol "FMS Initiate - Version OD Calling" field packet data not unpacked properly (Bug 3694)
• hci_h4: Optimize column/field handling (Bug 3703)
• BSSLAP Protocol Not Decoded In BSSMAP-LE Messages (Bug 3711)
• Description of tshark -t dd missing from tshark.pod (Bug 3723)
• Problem in packet-per.c for ASN.1 PER Encoding (Bug 3733)
• [SNMP] Crash when dissecting packet (custom MIB) (Bug 3746)
• New and Updated Features
• There are no new or updated features in this release.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• AFS, ANSI ISUP, ANSI MAP, ASN.1 PER, Bluetooth HCI H4, Bluetooth L2CAP, BSS CFLOW, COPS, Diameter, DICOM, FF-HSE, ICMPv6, IEC-60870-5-104, IEEE 802.11, Infiniband, IPMI, MIOP, RADIUS, RSVP, sFlow, SNMP, SMB2, ZIOP
• New Capture File Support
• Btsnoop, DCT3, Packetlogger, pcap-ng.

Changes from v1.2.0 Pre 2 -> v1.2.0

• Bug Fixes
• Too many bugs have been fixed since the 1.0 release to list here.
• Some notable fixes are:
• Type-ahead search now works properly.
• Several bugs that affected capture from pipes have been fixed.
• Many Lua-related bugs have been fixed.
• Several memory leaks have been found and fixed.
• The "Follow TCP Stream" feature could show two streams at the same time The hex dump view has been narrowed.
• WPA and SSL decryption bugs have been fixed.
• Readability problems on 256-color displays on Windows have been fixed.
• New and Updated Features:
• The following features are new (or have been significantly updated) since version 1.0:
• Wireshark has a spiffy new start page.
• Display filters now autocomplete.
• A 64-bit Windows (x64) installer is now provided.
• Support for the c-ares resolver library has been added. It has many advantages over ADNS.
• Many new protocol dissectors and capture file formats have been added (see below for a complete list).
• Macintosh OS X support has been improved.
• GeoIP database lookups.
• OpenStreetMap + GeoIP integration.
• Improved Postscript(R) print output.
• The preference handling code is now much smarter about changes.
• Support for Pcap-ng, the next-generation capture file format.
• Support for process information correlation via IPFIX.
• Column widths are now saved.
• The last used configuration profile is now saved.
• Protocol preferences are changeable from the packet details context menu.
• Support for IP packet comparison.
• Capinfos now shows the average packet rate.
• GTK1 is no longer supported. (Yes, this is a feature.)
• Official Windows packages are now built using Microsoft Visual C++ 2008 SP1.
• New Protocol Support:
• Anything in Anything Protocol, ATM PW, N-to-one Cell Mode, B.A.T.M.A.N. Layer 3 Protocol, BACnet MS/TP, BSS LCS Assistance Protocol, Canon BJNP, CESoPSN basic NxDS0 mode (no RTP support), Charging ASE, Cimetrics MS/TP, DECT Protocol, Digital Private Signalling System No 1 Link Layer, DOCSIS Mac Domain Description, DOCSIS Registration Request Multipart, DOCSIS Registration Response Multipart, DOCSIS Synchronisation Message, E100 Encapsulation, EHS, Enhanced Variable Rate Codec, Ethernet Global Data, Ethernet PW, Exchange 2003 Directory Request For Response, Far End Failure Detection, FCoE Initialization Protocol, GOOSE, GPEF, GPRS Tunneling Protocol V2, GSM A-I/F COMMON, GSM A-I/F GPRS Mobility and Session Management, GSM SACCH, GSM Um Interface, HDLC PW, FR port mode (no CW), HDLC-like framing for PPP, IEC 60870-5-104,Apci, IEC 60870-5-104,Asdu, IEEE 802.15.4 Low-Rate Wireless PAN non-ASK PHY, IEEE C37.118 Synchrophasor Protocol, Intelligent Platform Management Interface (Session Wrapper), Inter-Integrated Circuit, Internal TDM, IPSICTL, ISMACryp Protocol, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, iWARP Marker Protocol data unit Aligned framing, Kontiki Delivery Protocol, LANforge Traffic Generator, Layer 1 Event Messages, Lb-I/F BSSMAP LE, LeCroy VICP, Link Access Procedure, Channel Dm (LAPDm), Local Download Sharing Service, LTE Radio Resource Control (RRC) protocol, MAC-LTE, Memcache Protocol, Mesh Header, MP4V-ES, Nasdaq TotalView-ITCH, Nasdaq-SoupTCP version 2.0, NAT Port Mapping Protocol, Netdump Protocol, Non-Access-Stratum (NAS)PDU, PacketLogger, Paltalk Messenger Protocol, PDCP-LTE, PW Associated Channel Header, PW Ethernet Control Word, PW Frame Relay DLCI Control Word, PW MPLS Control Word (generic/preferred), Real-Time Publish-Subscribe Wire Protocol 2.x, Remote Packet Capture, RLC-LTE, SAToP (no RTP support), SERCOS III V1.1, SIMULCRYPT Protocol, Subnetwork Dependent Convergence Protocol XID, Teamspeak2 Protocol, TTEthernet, TTEthernet Protocol Control Frame, Turbocell Aggregate Data, Turbocell Header, TURN Channel, Unreliable Multicast Inter-ORB Protocol, VCDU, Wave Short Message Protocol(IEEE P1609.3), Wireless Access Station Session Protocol, Wireshark Expert Info, World of Warcraft, Xpress Transport Protocol, ZigBee Application Framework, ZigBee Application Support Layer, ZigBee Device Profile, ZigBee Encapsulation Protocol, ZigBee Network Layer, Zipped Inter-ORB Protocol, ZRTP
• Updated Protocol Support:
• There are too many updates to list here.
• New Capture File Support:
• Apple Bluetooth PacketLogger, Daintree's Sensor Network Analyzer, dct3trace, Pcap-NG, TNEF (yes, those silly winmail.dat attachments)

Changes from v1.1.1 Development Release -> v1.1.2 Development Release

• GeoIP database support has been added
• Supporting libraries have been updated in the Windows installer, including a security fix in c-ares.
• File previews on Windows have been improved

Changes from v1.0.3 -> v1.1.0 Development Release

• Wireshark 1.1.0 has been released. Installers for Windows, Mac OS X Intel 10.5, and source code is now available. This is a development release, intended to be used as a platform for testing new features. The latest stable release of Wireshark is still 1.0.3.

Changes from v1.0.8 -> v1.0.10

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The RADIUS dissector could crash.
• Versions affected: 0.10.10 to 1.0.9, 1.2.0
• CVE-CVE-2009-2560
• The DCERPC/NT dissector could crash.
• Versions affected: 0.10.10 to 1.2.2
• New and Updated Features
• There are no new or updated features in this release.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• DCERPC NT, RADIUS

Changes from v1.0.7 -> v1.0.8

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The PCNFSD dissector could crash.
• Versions affected: 0.8.20 to 1.0.7
• CVE-2009-????
• The following bugs have been fixed:
• Lua integration could crash. (Bug 2453)
• The SCCP dissector could crash when loading more than one file in a single session. (Bug 3409)
• The NDMP dissector could crash if reassembly was enabled. (Bug 3470)
• New and Updated Features
• There are no new or updated features in this release.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066
• New and Updated Capture File Support
• There are no new or updated capture file formats in this release.

Changes from v1.0.6 -> v1.0.7

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382). Versions affected: 0.99.6 to 1.0.6. CVE-2009-1210
• The LDAP dissector could crash on Windows. (Bug 3262). Versions affected: 0.99.2 to 1.0.6. CVE-2009-1267
• The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269). Versions affected: 0.9.6 to 1.0.6. CVE-2009-1268
• Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366). Versions affected: 0.99.6 to 1.0.6. CVE-2009-1269
• The following bugs have been fixed:
• Correct use of proto_tree_add_int_format() (Bug 3048)
• RTP dynamic payload clock rates incorrectly determined (Bug 3067)
• TShark fails to properly close capture files when opening new ones (Bug 3172)
• ANSI MAP digits type decode and bitmask corrections (Bug 3233)
• Two small patches for ipvs-syncd dissector (Bug 3236)
• BGP capability dissection failure (Bug 3247)
• ANSI MAP fix for missing MEID/MSC ID number in RegNot (Bug 3255)
• BACnet PrivateTransferError shows malformed packet (Bug 3257)
• Windows silent installer is not that silent (Bug 3260)
• Crash in ASN.1 dissector when using 'type table' (Bug 3271)
• 802.11n SM Power save mode value 0x3 label is incorrect (Bug 3276)
• 802.11 WME ie displayed incorrectly (Bug 3284)
• "Copy as filter" from the packet list has been fixed.
• New and Updated Features
• There are no new or updated features in this release.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• ACN, ANSI MAP, ASN.1 BACnet, BGP, CPHAP, GSM MAP, IEEE 802.11, IPVS, LDAP, NetFlow/IPFIX, PROFINET, RTP, SNMP, WSP
• New and Updated Capture File Support
• (TBD)

Changes from v1.0.5 -> v1.0.6

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• On non-Windows systems, Wireshark could crash if the HOME environment variable contained sprintf-style string formatting characters. Discovered by babi. (Bug 3150)
• Wireshark could crash while reading a malformed NetScreen snoop file. Discovered by babi. (Bug 3151)
• Wireshark could crash while reading a Tektronix K12 text capture file. (Bug 1937)
• The following bugs have been fixed:
• Crash when loading capture file and Preferences: NO Info column (Bug 2902)
• Some Lua scripts may lead to corruption via out of bounds stack (Bug 3062)
• Build with GLib 1.2 fails with error: 'G_MININT32' undeclared (Bug 3109)
• Wrong decoding IMSI with GSM MAP protocol (Bug 3116)
• Segmentation fault for "Follow TCP stream" (Bug 3119)
• SMPP optional parameter 'network_error_code' incorrectly decoded (Bug 3128)
• DHCPv6 dissector doesn't handle malformed FQDN (Bug 3134)
• WCCP overrides CFLOW as decoded protocol (Bug 3175)
• Improper decoding of MPLS echo reply IPv4 Interface and Label Stack Object (Bug 3179)
• ANSI MAP fix for TRN digits/SMS and OTA subdissection (Bug 3214)
• The 1.0 branch can now be built with Visual Studio 2008.
• New and Updated Features
• The version of GNUTLS included with the Windows packages has been updated from 2.3.8 to 2.6.3.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• AFS, ATM, DHCPv6, DIS, E.212, RTP, UDP, USB, WCCP, WPS
• New and Updated Capture File Support
• NetScreen snoop

Changes from v1.0.4 -> v1.0.5

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The SMTP dissector could consume excessive amounts of CPU and memory. Versions affected: 1.0.4
• The WLCCP dissector could go into an infinte loop. Versions affected: 0.99.7 to 1.0.4
• The following bugs have been fixed:
• Missing CRLF during HTTP POST in the "packet details" window (Bug 2534)
• Memory assertion in time_secs_to_str_buf() when compiled with GCC 4.2.3 (Bug 2777)
• Diameter dissector fails RFC 4005 compliance (Bug 2828)
• LDP vendor private TLV type is not correctly shown (Bug 2832)
• Wireshark on MacOS does not run when there are spaces in its path (Bug 2844)
• OS X Intel package incorrectly claims to be Universal (Bug 2979)
• Compilation broke when compiling without zlib (Bug 2993)
• Memory leak: saved_repoid (Bug 3017)
• Memory leak: follow_info (Bug 3018)
• Memory leak: follow_info (Bug 3019)
• Memory leak: tacplus_data (Bug 3020)
• Memory leak: col_arrows (Bug 3021)
• Memory leak: col_arrows (Bug 3022)
• Incorrect address structure assigned for find_conversation() in WSP (Bug 3071)
• Memory leak with unistim in voip_calls (Bug 3079)
• Error parsing the BSSGP protocol (Bug 3085)
• Assertion thrown in fvalue_get_uinteger when decoding TIPC (Bug 3086)
• LUA script : Wireshark crashes after closing and opening again a window used by a listener.draw() function. (Bug 3090)

Changes from v1.0.3 -> v1.0.4

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• Florent Drouin and David Maciejak found that the Bluetooth ACL dissector could crash or abort. (Bug 1513) Versions affected: 0.99.2 to 1.0.3
• The Q.931 dissector could crash or abort. (Bug 2870) Versions affected: 0.10.3 to 1.0.3
• Wireshark could abort while reading Tamos CommView capture files. (Bug 2926) Versions affected: 0.99.7 to 1.0.3
• David Maciejak found that the USB dissector could crash or abort. This led to the disovery of a similar problem in the Bluetooth RFCOMM dissector. (Bug 2922) Versions affected: 0.99.7 to 1.0.3
• Vivek Gupta and David Maciejak found that the PRP and MATE dissectors could make Wireshark crash. (Neither PRP nor MATE are enabled by default.) (Bug 2549) Versions affected: 0.99.2 to 1.0.3
• The following bugs have been fixed:
• Let MP2T call its subdissectors, even without tree (Bug 2627)
• Wireless Toolbar not enabled (using AirPcap) if PCAP_REMOTE=1 (Bug 2685)
• Failure to dissect long SASL wrapped LDAP response (Bug 2687)
• Fix compiler warnings (Bug 2823)
• Homeplug dissection bugs (Bug 2859)
• Malformed Packet DCP ETSI error (Bug 2860)
• Wrong size of selected_registrar in WPS dissector (Bug 2865)
• Dissector assertion displaying cookies in DTLS frames (Bug 2876)
• Missing field type in documentation (Bug 2889)
• Wireshark -p switch seems to have no effect to PROMISCUOUS mode (Bug 2891)
• Misspelled PPI error vector magnitude filter (Bug 2903)
• Modbus Function 43 Encapsulated Interface Transport decoding (Bug 2917)
• Crash when printing or exporting some protocol data (Bug 2934)
• Crash when selecting "Export Selected Packet Bytes" (Bug 2964)
• New and Updated Features
• There are no new or updated features in this release.
• New Protocol Support
• There are no new protocols in this release.
• Updated Protocol Support
• AFP, Bluetooth ACL, Bluetooth RFCOMM, DCP ETSI, DTLS, Homeplug, IEEE 802.11, IP, Modbus TCP, MP2T, NSIP, NCP, PPI, Q.931, SASL, SNMP, USB, WPS
• New and Updated Capture File Support
• AiroPeek, CommView

Changes from v1.0.2 -> v1.0.3

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The NCP dissector was susceptible to a number of problems, including buffer overflows and an infinite loop.
• Versions affected: 0.9.7 to 1.0.2
• Wireshark could crash while uncompressing zlib-compressed packet data.
• Versions affected: 0.10.14 to 1.0.2
• Wireshark could crash while reading a Tektronix .rf5 file.
• Versions affected: 0.99.6 to 1.0.2
• The following bugs have been fixed:
• 802.11 WPA/WPA2-PSK Unable to decode Group Keys. (Bug 1420)
• Packets could wrongly be dissected as "Redback Lawful Intercept" (Bug 2376)
• MIKEY dissector improvements (Bug 2400)
• tvb_get_bits{16|32} could read past the end of a tvbuff (Bug 2439)
• Incorrect wslua function names. (Bug 2448)
• Memory corruption in wslua. (Bug 2453)
• Unknown PPPoE TAGs which are present in a PPPoE discovery packet are not displayed under "PPPoE Tags" subtree/section. (Bug 2458)
• Following a TCP stream could incorrectly reassemble packets. (Bug 2606)
• SIP decode shows fully expanded "Content-Length" header instead of compact form. (Bug 2635)
• Segmentation fault loading trace containing NCP packets. (Bug 2675)
• SIP packets might incorrectly be displayed as malformed. (Bug 2729)
• RTCP BYE padding interpreted incorrectly. (Bug 2778)
• Reversed RTP stream is saved as silent .au file, forward stream saves correctly. (Bug 2780)
• Fix some lint warnings. (Bug 2822)
• Setting a duration on a capture file would capture for an extra second.

Changes from v1.0.1 -> v1.0.2

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• Wireshark could crash while reassembling packets. Versions affected: 0.8.19 to 1.0.1
• The following bugs have been fixed:
• Dumpcap could crash on some versions of Windows (primarily Vista). (Bug 2677)

Changes from v0.99.7 -> v0.99.8

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• The SCTP dissector could crash. Versions affected: 0.99.5 to 0.99.7
• The SNMP dissector could crash. Versions affected: 0.99.6 to 0.99.7
• The TFTP dissector could crash Wireshark on Ubuntu 7.10. (This appears to be a bug in the Cairo library on that platform.) Reported by Noam Rathaus. Versions affected: 0.6.0 to 0.99.7
• The following bugs have been fixed:
• Wireshark could crash when saving I/O graphs.
• Wireshark could crash when editing table-based preferences.
• Wireshark could crash when trying to play RTP streams.
• Wireshark could crash when trying to apply a display filtermacro.
• Wireshark could crash in Turkish and other locales.
• New and Updated Features
• The following features are new (or have been significantly updated) since the last release:
• You can now have multiple configuration profiles.
• Temporary coloring rules have been added, which let you coloror filter on a conversation.
• I/O graphs have been improved.
• Wireshark now has WLAN traffic statistics.
• The Wireshark GUI now supports RPCAP.
• Conversations and endopoints can now be limited to the current display filter.
• Experimental support for the NTAR/PcapNG file format has beenadded.
• New Protocol Support
• AiroPeek Remote Capture, China Mobile Point to Point, Distributed Lock Manager 3, EUTRAN X2 Application Protocol, Fieldbus Foundation, International Passenger Airline Reservation System/Airline Link Control, Microsoft DirectPlay, Path Computation Element communication Protocol, Real Time Messaging Protocol, S1 Application Protocol, Scripting Service Protocol, Societe Internationale de Telecommunications Aeronautiques, Unisys Transmittal System, Wi-fi Protected Setup,
• Updated Protocol Support
• 3G A11, 3GPP, ACN, ACP133, ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI MAP, ARP, ASAP, AVS WLAN, BACapp, BER, BOOTP, Bluetooth (HCI ACL, HCI CMD, HCI EVT, HCI SCO, L2CAP, SDP), CDP, CFM, CMS, COPS, Camel, Cisco ERSPAN, DAP, DCERPC SPOOLSS, DCERPC, DHCP, DHCPv6, DIAMETER, DMP, DTLS, E.164, EAP, ENIP, ENRP, EtherCAT, Ethernet, FMP, FTAM, GMRP, GRE, GSM MAP, GSM SMS, GSS-API, GTP, Gryphon, H.223, H.225, H.245, H.263, H.264, H.460, HCI H1, HTTP, ICMP, IEEE 802.11, IGMP, IPP, ISAKMP, ISUP, JFIF, JPEG, JXTA, Kerberos, LDAP, MP2T, MS MMS, MTP3MG, NBAP, NFS, NHRP, NetFlow, P7, PER, PIM, PKCS12, PPPoE, PTP, P_Mul, Q.932, Quakeworld, RANAP, RMT ALC, RMT LCT, ROS, RPC, RPL, RRC, RTCP, RTP, SCCP, SCTP, SDP, SLL, SMB, SMB2, SMPP, SMTP, SNMP, SRVLOC, SSL, STUN2, T.38, TCAP, TCP, TFTP, TiVoConnect, UCP, UDP-Lite, USB, VLAN, WBXML, X.411, X.420, X.509if, X.509sat
• New and Updated Capture File Support
• Catapult DCT2000, DBS Etherwatch, NTAR/PcapNG, TamoSoft CommView, Visual Networks
• Getting Wireshark
• Wireshark source code and installation packages are available from the download page on the main web site.
• Vendor-supplied Packages
• Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
• File Locations
• Wireshark and TShark look in several different locations for preference files, plugins, MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
• Known Problems
• The Filter button is nonfunctional in the file dialogs under Windows. (Bug 942)

Changes from v0.99.6a -> v0.99.7

• Bug Fixes
• The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
• Wireshark could crash when reading an MP3 file. Versions affected: 0.99.6
• Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Versions affected: 0.10.12 to 0.99.6
• Stefan Esser discovered a buffer overflow in the SSL dissector. Versions affected: 0.99.0 to 0.99.6
• The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms. Versions affected: 0.99.5 to 0.99.6
• The Firebird/Interbase dissector could go into an infinite loop or crash. Versions affected: 0.99.6
• The NCP dissector could cause a crash. Versions affected: 0.99.6
• The HTTP dissector could crash on some systems while decoding chunked messages. Versions affected: 0.10.14 to 0.99.6
• The MEGACO dissector could enter a large loop and consume system resources. Versions affected: 0.9.14 to 0.99.6
• The DCP ETSI dissector could enter a large loop and consume system resources. Versions affected: 0.99.6
• Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser. Versions affected: 0.99.0 to 0.99.6
• The PPP dissector could overflow a buffer. Versions affected: 0.99.6
• The Bluetooth SDP dissector could go into an infinite loop. Versions affected: 0.99.2 to 0.99.6
• A malformed RPC Portmap packet could cause a crash. Versions affected: 0.8.16 to 0.99.6
• The IPv6 dissector could loop excessively. Versions affected: 0.99.6
• The USB dissector could loop excessively or crash. Versions affected: 0.99.6
• The SMB dissector could crash. Versions affected: 0.99.6
• The RPL dissector could go into an infinite loop. Versions affected: 0.9.8 to 0.99.6
• The WiMAX dissector could crash due to unaligned access on some platforms. Versions affected: 0.99.6
• The CIP dissector could attempt to allocate a huge amount of memory and crash. Versions affected: 0.9.14 to 0.99.6
• The following bugs have been fixed:
• Handling of non-ASCII file names and paths has been improved.
• Wireshark could crash while editing a coloring rule or a UAT table.
• The display filter code could crash while bitwise ANDing an IPv4 address.
• New and Updated Features
• The following features are new (or have been significantly updated) since the last release:
• Most of the capture code has been moved out of the GUI, which means that Wireshark no longer needs to be run as root.
• Many display filter names have been cleaned up. If your favorite display filter just went missing, please consult the display filter reference to find out where it ended up.
• You can now filter directly on SNMP OIDs.
• IO graphs have more display options, and you can now export graphs.
• You can now follow UDP streams in addition to TCP and SSL streams.
• You can now disable coloring rules without deleting them.
• Main window toolbar buttons are now available even when the window is small.
• The version of WinPcap that ships with the Windows installers has been updated to 4.0.2.
• The Windows installers now include a "services" file, which maps port numbers to names.
• The Windows installer now enables npf.sys by default under Vista. Wireshark will print a warning at startup if npf.sys isn't loaded under Vista.
• Optimizations have been applied in some places to make Wireshark start up and run faster.
• New Protocol Support
• ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT, ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah, IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN, WiMAX ASN Control Plane, X.224,
• Updated Protocol Support
• 3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP, Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT, CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI, DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS, DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE, FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP, IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS, ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP, MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2, MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER, PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP, Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP, RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB, SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP, text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX, WLCCP, X.411, X.420, X.509 SAT, XML,
• New and Updated Capture File Support
• Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks, Windows Sniffer (NetXRay)

Changes from v0.99.6 -> v0.99.6a

• A new Windows installer (wireshark-setup-0.99.6a.exe) has been released in order to fix a problem with updating from WinPcap 4.0 to 4.0.1. There are no other changes in this release.

Changes from v0.99.5 -> v0.99.6

• The following vulnerabilities have been fixed.
• Wireshark could crash when dissecting an HTTP chunked response. (Bug 1394) Versions affected: 0.99.5
• On some systems, Wireshark could crash while reading iSeries capture files. (Bug 1415) Versions affected: 0.10.14 to 0.99.5
• Wireshark could exhaust system memory while reading a malformed DCP ETSI packet. (Bug 1264) Versions affected: 0.99.5
• Wireshark could loop excessively while reading a malformed SSL packet. (Bug 1582) Versions affected: 0.8.20 to 0.99.5
• The DHCP/BOOTP dissector was susceptible to an off-by-one error. (Bug 1416) Versions affected: 0.10.17 to 0.99.5
• Wireshark could loop excessively while reading a malformed MMS packet. (Bug 1342) Versions affected: 0.10.12 to 0.99.5
• The following bugs have been fixed:
• WEP decryption would only work for the first key specified. disappear or become unusable. WEP and WPA decryption didn't work for QoS frames. WPA decryption failed if EAPOL handshake packets contained extra data. Wireshark failed to parse colon-separated WEP keys.
• Merging files in Wireshark now appends files properly.
• Wireshark could hang while saving an RTP stream with bad timestamp data.
• You must now explicitly pass "--disable-wireshark" to the build environment if you only want to build TShark; the configure script will fail, rather than automatically building only TShark, if it's run on a system that doesn't have GTK+ headers and libraries installed.
• Capture from named pipes (via -i \\\pipe\) now works under Windows.
• The frame.time_delta display filter now works as expected, matching the delta time between the current and previous captured packet. A new filter, frame.time_delta_displayed, matches the delta time between the current and previous displayed packet.
• The following features are new (or have been significantly updated) since the last release:
• You no longer have to restart Wireshark after changing column preferences. Woohoo!
• You can now export HTTP objects via File?Export?Objects?HTTP.
• Display filter macros are now supported.
• Right-clicking on a packet lets you copy many more things, such as the packet summary and the packet bytes.
• You can now match upper- and lower-case text with the contains operator, e.g. upper(http.request.method) contains "GET".
• A great deal of code has been cleaned up, including fixing many compiler errors. Many thanks to those who worked on this.
• New Protocol Support
• AMQP (Advanced Message Queueing Protocol), BCTP Q.1990, Borland StarTeam, Cisco ERSPAN, CTDB (Cluster TDB), DRDA (Distributed Relational Database Architecture), DTPT (DeskTop PassThrough), EPMD (Erlang Port Mapper Daemon), FCoE (Fibre Channel over Ethernet), Firebird/Interbase (replaces the old Interbase dissector), FMP (File Mapping Protocol), H.248.10, H.248.7, IPsec/ISAKMP over TCP, Kingfisher, MIKEY (Multimedia Internet KEYing), MPEG, NSRP (Juniper Netscreen Redundant Protocol), OpcUa Binary Protocol, PPI (Per-Packet Information header), Q.932, QSIG, TAPA (Trapeze Access Point Access Protocol), WiMAX, WiMAX M2M
• Updated Protocol Support
• ACSE, AFP, AMR, ANSI IS-801, ANSI MAP, ARP, ASAP, ASN.1 BER, ASN.1 PER, AVS WLANCAP, BSSAP, BSSGP, BVLC, Camel, CDT, CIP, CMS, COPS, CPFI, DCCP, DCERPC (DCERPC, ATSVC, DFS, EFS, EVENTLOG, INITSHUTDOWN, NDR, NETLOGON, NSPI, NT, PNIO, SAMR, SPOOLSS, SRVSVC, WINREG, WKSSVC, WZCSVC), DCOM (DCOM, CBA, CBA-ACCO), DCP ETSI, DCP, DCT2000, DHCP, DIAMETER, DMP, DNP, DTLS, EDP, ENRP, EPL, ERF, FCELS, Fibre Channel, FTAM, FTBP, FW-1, GIOP, GSM MAP, GTP, H.223, H.225, H.235, H.245, H.248, H.263, HTTP, IAX2, IEEE 802.11, IGRP, INAP, IP, IPsec, IPv6, iSCSI, ISUP, IUA, IuUP, Juniper, JXTA, K12, Kerberos, L2TP, LDAP, LLDP, LWAPP, M3UA, MEGACO, MIP, MMS, MP2T, MTP3, NBAP, NDMP, Netflow, NFS, NT SONMP, OICQ, OSPF, PANA, PN-PTCP, PPP, P_Mul, Radiotap, RADIUS (Packetcable), RANAP, Redback, RNSAP, RRLP, RSVP, RTCP, RTP, RX, SCCP, SCSI (SCSI, MMC, OSD, SBC, SMC, SSC), SCTP, SDP, SIGCOMP, SIP, Skinny, SliMP3, SLL, SMB PIPE, SMB, SMB2, SMPP, SNMP, SPNEGO, SSCOP, SSL, STUN, SUA, Symantec, Syslog, TACACS, TCAP, TCP, TFTP, UDLD, UDP, ULP, UMA, UMTS (UMTS, FP, RRC), USB, VNC, WCP, WLCCP, X.25, X.411, X.509, YMSG
• New and Updated Capture File Support
• DCT2000, Endace ERF, iSeries, K12, MPEG Audio (yes, this means you can open .mp3 files in Wireshark), NetMon, pppdump, snoop (Shomiti wireless packets), Visual Networks, Windows Sniffer (NetXRay)

<<Back