5 Ethereal 0.10.14 has been released.
9 Three security vulnerabilities have been fixed since the previous
10 release. See the [1]application advisory for more details.
12 o The IRC dissector could go into an infinite loop. Versions
15 o The GTP dissector could go into an infinite loop. Versions
16 affected: 0.9.1 to 0.10.13.
18 o iDefense found a buffer overflow in the OSPF dissector.
19 Versions affected: 0.8.20 to 0.10.13.
21 New and Updated Features
23 The following features are new (or have been significantly
24 updated) since the last release:
26 o The Windows installer now ships with GTK+ 2.6 instead of GTK+
27 2.4. This should fix several long-standing bugs.
29 o If you're loading a saved capture file and press "Cancel",
30 Ethereal will now display the packets read up to that point.
31 In previous versions, Ethereal would abort the attempt
32 completely and clear the packet list.
34 This means that if you're loding a huge capture file, you can
35 stop loading in the middle and still be able to analyze part
38 o The maximum number of files allowed in a ring buffer has been
39 increased from 1024 to 10,000.
41 o OID to name resolution has been improved.
43 o TCP graphs now handle upper and lower bounds better.
47 3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB,
48 NBAP, NCP SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC,
51 Updated Protocol Support
53 ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL,
54 CMP, CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN,
55 NT, WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric,
56 FC-DNS, FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235,
57 H.245, H.248, H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6,
58 IRC, ISIS LSP, ISUP, IUUP, Juniper, LLDP, M3UA, MIP, MIPv6,
59 Modbus/TCP, MTP3, NCP, NDPS, NDS, NEMO, NMAS, NTLMSSP, OSPF, PER,
60 PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931, RADIUS, RANAP, RDT, RLOGIN,
61 RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP, SCTP, SES, SIP, SMB,
62 SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication, X.411, X.420,
65 New and Updated Capture File Support
67 DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces,
74 Download ethereal-setup-0.10.14.exe from the [2]Windows download
75 area on the main web site. Double-click the installer executable.
79 Download the appropriate package from the [3]Solaris download area
80 on the main web site. Uncompress the package using bzip2, and
81 install it using pkgadd.
85 Download ethereal-0.10.14.tar.gz from the [4]main download area on
86 the web site. Extract the package using tar and gzip. Run
87 "configure ; make ; make install".
89 Vendor-supplied Packages
91 Most Linux and Unix vendors supply their own Ethereal packages.
92 You can install or upgrade Ethereal using the package management
93 system specific to that platform. A list of third-party packages
94 can be found on the [5]download page on the Ethereal web site.
98 Ethereal and Tethereal look in several different locations for
99 preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
100 These locations vary from platform to platform. You can use
101 About->Folders to find the default locations on your system.
105 On Windows systems the packet list scroll bar can sometimes
106 disappear or become unusable. Until the problem is fixed you can
107 work around it by resizing the packet list or the main window.
112 Community support is available on the ethereal-users mailing list.
113 Subscription information and archives for all of Ethereal's
114 mailing lists can be found on [7]the web site. There is also an
115 [8]IRC channel dedicated to Ethereal.
117 Commercial support, training, and development services are
118 available from [9]Ethereal Software.
120 Frequently Asked Questions
122 A complete FAQ is available on the [10]Ethereal web site.
127 1. http://www.ethereal.com/appnotes/enpa-sa-00022.html
128 2. http://www.ethereal.com/docs/distribution/win32/
129 3. http://www.ethereal.com/docs/distribution/solaris/
130 4. http://www.ethereal.com/docs/distribution/
131 5. http://www.ethereal.com/download.html#otherplat
132 6. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
133 7. http://www.ethereal.com/lists/
134 8. irc://irc.freenode.net/ethereal
135 9. http://www.etherealsoft.com/
136 10. http://www.ethereal.com/faq.html
140 Ethereal 0.10.13 has been released.
144 Several security vulnerabilities have been fixed since the previous
145 release. See the [1]application advisory for more details.
147 o The ISAKMP dissector could exhaust system memory. Versions affected:
150 o The FC-FCS dissector could exhaust system memory. Versions affected:
153 o The RSVP dissector could exhaust system memory. Versions affected:
156 o The ISIS LSP dissector could exhaust system memory. Versions affected:
159 o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
161 o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
164 o The BER dissector was susceptible to an infinite loop. Versions
165 affected: 0.10.3 to 0.10.12.
167 o The SCSI dissector could dereference a null pointer and crash.
168 Versions affected: 0.10.3 to 0.10.12.
170 o If the "Dissect unknown RPC program numbers" option was enabled, the
171 ONC RPC dissector might be able to exhaust system memory. This option
172 is disabled by default. Versions affected: 0.7.7 to 0.10.12.
174 o The sFlow dissector could dereference a null pointer and crash.
175 Versions affected: 0.9.14 to 0.10.12.
177 o The RTnet dissector could dereference a null pointer and crash.
178 Versions affected: 0.10.8 to 0.10.12.
180 o The SigComp UDVM could go into an infinite loop or crash. Versions
183 o If SMB transaction payload reassembly is enabled the SMB dissector
184 could crash. This preference is disabled by default. Versions
185 affected: 0.9.7 to 0.10.12.
187 o The X11 dissector could attempt to divide by zero. Versions affected:
190 o The AgentX dissector could overflow a buffer. Versions affected:
193 o The WSP dissector could free an invalid pointer. Versions affected:
196 o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
197 affected: 0.10.0 to 0.10.12.
199 When trying to save a flow graph, Ethereal could crash.
201 When viewing protocol hierarchy statistics, Ethereal and Tethereal could
204 The PCRE library that ships with the Windows installer has been upgraded
205 from version 4.4 to 6.3 in response to a [2]security vulnerability.
207 New and Updated Features
209 The following features are new (or have been significantly updated) since
212 o The timestamp display precision of the Packet List can be adjusted
213 now. The precision will be automatically adjusted depending on the
214 file format loaded, e.g. libpcap typically uses microsecond resolution
215 displayed like "0.000000". In addition you can adjust the precision
216 manually through the View/Time Display Format menu items.
218 o The WinPcap version 3.1 installer was released since the last Ethereal
219 release. The version included in the Ethereal Windows installer has
220 been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap
221 separately or install a different version you can download it from:
222 [3]the WinPcap web site.
224 o The behavior of the display filter "ip.checksum_bad" has changed.
225 Instead of merely checking for its presence you must now make sure it
226 is set, e.g. instead of using "ip.checksum_bad" you must now use
227 "ip.checksum_bad == 1".
229 o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
230 It is very similar to the common libpcap file format but is capable of
231 keeping nanosecond resolution timestamps. This format is currently
232 supported only by Ethereal.
234 o Ethereal's memory managment has been greatly improved.
236 o Ethereal can now save gzip-compressed capture files.
240 CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS
241 Replication, X.411, X.420
243 Updated Protocol Support
245 802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13,
246 ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP,
247 AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP,
248 BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS,
249 DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR,
250 SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT,
251 FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP,
252 H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2,
253 IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC,
254 IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12,
255 Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO,
256 MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS,
257 OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP,
258 RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow,
259 SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN,
260 T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25,
263 New and Updated Capture File Support
265 5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows
266 Sniffer, Tektronix K12
272 Download ethereal-setup-0.10.13.exe from the [4]Windows download area on
273 the main web site. Double-click the installer executable.
277 Download the appropriate package from the [5]Solaris download area on the
278 main web site. Uncompress the package using bzip2, and install it using
283 Download ethereal-0.10.13.tar.gz from the [6]main download area on the web
284 site. Extract the package using tar and gzip. Run "configure ; make ; make
287 Vendor-supplied Packages
289 Most Linux and Unix vendors supply their own Ethereal packages. You can
290 install or upgrade Ethereal using the package management system specific
291 to that platform. A list of third-party packages can be found on the
292 [7]download page on the Ethereal web site.
296 Ethereal and Tethereal look in several different locations for preference
297 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
298 from platform to platform. You can use About->Folders to find the default
299 locations on your system.
303 On Windows systems the packet list scroll bar can sometimes disappear or
304 become unusable. Until the problem is fixed you can work around it by
305 resizing the packet list or the main window. ([8]Bug #220)
309 Community support is available on the ethereal-users mailing list.
310 Subscription information and archives for all of Ethereal's mailing lists
311 can be found on [9]the web site. There is also an [10]IRC channel
312 dedicated to Ethereal.
314 Commercial support, training, and development services are available from
315 [11]Ethereal Software.
317 Frequently Asked Questions
319 A complete FAQ is available on the [12]Ethereal web site.
324 1. http://www.ethereal.com/appnotes/enpa-sa-00021.html
325 2. http://www.securityfocus.com/bid/14620
326 3. http://www.winpcap.org/
327 4. http://www.ethereal.com/docs/distribution/win32/
328 5. http://www.ethereal.com/docs/distribution/solaris/
329 6. http://www.ethereal.com/docs/distribution/
330 7. http://www.ethereal.com/download.html#otherplat
331 8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
332 9. http://www.ethereal.com/lists/
333 10. irc://irc.freenode.net/ethereal
334 11. http://www.etherealsoft.com/
335 12. http://www.ethereal.com/faq.html
339 Ethereal 0.10.12 has been released.
341 Our testing program has turned up several more security issues:
343 The LDAP dissector could free static memory and crash.
344 Versions affected: 0.8.5 to 0.10.11
346 The AgentX dissector could crash.
347 Versions affected: 0.10.10 to 0.10.11
349 The 802.3 dissector could go into an infinite loop.
350 Versions affected: 0.8.16 to 0.10.11
352 The PER dissector could abort.
353 Versions affected: 0.10.5 to 0.10.11
355 The DHCP dissector could go into an infinite loop.
356 Versions affected: 0.10.7 to 0.10.11
358 The BER dissector could abort or loop infinitely.
359 Version affected: 0.10.11
361 The MEGACO dissector could go into an infinite loop.
362 Versions affected: 0.9.14 to 0.10.11
364 The GIOP dissector could dereference a null pointer.
365 Versions affected: 0.8.20 to 0.10.11
367 The SMB dissector was susceptible to a buffer overflow.
368 Versions affected: 0.9.12 to 0.10.11
370 The WBXML could dereference a null pointer.
371 Versions affected: 0.10.1 to 0.10.11
373 The H1 dissector could go into an infinite loop.
374 Versions affected: 0.8.15 to 0.10.11
376 The DOCSIS dissector could cause a crash.
377 Versions affected: 0.9.13 to 0.10.11
379 The SMPP dissector could go into an infinite loop.
380 Versions affected: 0.10.1 to 0.10.11
382 SCTP graphs could crash.
383 Version affected: 0.10.11
385 The HTTP dissector could crash.
386 Versions affected: 0.10.4 to 0.10.11
388 The SMB dissector could go into a large loop.
389 Versions affected: 0.9.0 to 0.10.11
391 The DCERPC dissector could crash.
392 Versions affected: 0.9.16 to 0.10.11.
394 Several dissectors could crash while reassembling packets.
395 Versions affected: 0.9.0 to 0.10.11
398 Steve Grubb at Red Hat found the following issues:
400 The CAMEL dissector could dereference a null pointer.
401 Version affected: 0.10.11
403 The DHCP dissector could crash.
404 Versions affected: 0.10.4 to 0.10.11
406 The CAMEL dissector could crash.
407 Versions affected: 0.10.10 to 0.10.11
409 The PER dissector could crash.
410 Versions affected: 0.10.10 to 0.10.11
412 The RADIUS dissector could crash.
413 Versions affected: 0.9.4 to 0.10.11
415 The Telnet dissector could crash.
416 Versions affected: 0.9.10 to 0.10.11
418 The IS-IS LSP dissector could crash.
419 Versions affected: 0.8.19 to 0.10.11
421 The NCP dissector could crash.
422 Versions affected: 0.9.15 to 0.10.11
425 iDEFENSE found the following issues:
427 Several dissectors were susceptible to a format string overflow.
428 Versions affected: 0.9.4 to 0.10.11
431 Ethereal uses the zlib compression library. Security vulnerabilities
432 have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
433 now ships with zlib 1.2.3, which fixes these vulnerabilities.
436 Please see the following advisory for more information:
438 http://www.ethereal.com/appnotes/enpa-sa-00020.html
440 Everyone is encouraged to upgrade.
443 New and updated features
445 The Windows installer now includes the WinPcap 3.1 beta 4 installer.
446 You don't have to download and install it separately.
448 RADIUS dictionaries are now included.
450 A lot of documentation was updated
452 Some command line parameters have changed, see the Ethereal / Tethereal
455 A "File/File Set" submenu was added to better handle multiple files
456 (such as ring buffers).
458 Flow graphs can now be created for any protocol.
460 Memory management has been greatly improved.
462 JXTA has been added to the conversations menu.
464 When compiled with MIT/Heimdal Kerberos AND if keytab files are
465 provided, Ethereal can now decrypt and dissect both SecureLDAP and
468 TCP Sequence graphs should now work for all captures and all
474 ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
475 DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
476 Synergy, TANGO, WLAN Certificate Extensions
479 Updated protocol support
481 802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
482 Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
483 DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
484 GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
485 H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
486 IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
487 LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
488 PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
489 SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
490 Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV
493 New and updated capture file support
495 HP Nettl, Tektronix K12
500 Ethereal 0.10.11 has been released.
502 An aggressive testing program as well as independent discovery has turned
503 up a multitude of security issues:
505 The ANSI A dissector was susceptible to format string vulnerabilities.
506 Discovered by Bryan Fulton.
507 Versions affected: 0.9.15 to 0.10.10
509 The GSM MAP dissector could crash.
510 Versions affected: 0.10.0 to 0.10.10
512 The AIM dissector could cause a crash.
513 Versions affected: 0.9.14 to 0.10.10
515 The DISTCC dissector was susceptible to a buffer overflow.
516 Discovered by Ilja van Sprundel
517 Versions affected: 0.9.13 to 0.10.10
519 The FCELS dissector was susceptible to a buffer overflow.
520 Discovered by Neil Kettle
521 Versions affected: 0.9.9 to 0.10.10
523 The SIP dissector was susceptible to a buffer overflow.
524 Discovered by Ejovi Nuwere.
525 Versions affected: 0.10.0 to 0.10.10
527 The KINK dissector was susceptible to a null pointer exception,
528 endless looping, and other problems.
529 Versions affected: 0.10.10
531 The LMP dissector was susceptible to an endless loop.
532 Versions affected: 0.9.4 to 0.10.10
534 The Telnet dissector could abort.
535 Versions affected: 0.9.10 to 0.10.10
537 The TZSP dissector could cause a segmentation fault.
538 Versions affected: 0.10.10 to 0.10.10
540 The WSP dissector was susceptible to a null pointer exception and
542 Versions affected: 0.10.0 to 0.10.10
544 The 802.3 Slow protocols dissector could throw an assertion.
545 Versions affected: 0.10.10
547 The BER dissector could throw assertions.
548 Versions affected: 0.10.2 to 0.10.10
550 The SMB Mailslot dissector was susceptible to a null pointer exception
551 and could throw assertions.
552 Versions affected: 0.9.0 to 0.10.10
554 The H.245 dissector was susceptible to a null pointer exception.
555 Versions affected: 0.10.10
557 The Bittorrent dissector could cause a segmentation fault.
558 Versions affected: 0.10.8 to 0.10.10
560 The SMB dissector could cause a segmentation fault and throw assertions.
561 Versions affected: 0.9.0 to 0.10.10
563 The Fibre Channel dissector could cause a crash.
564 Versions affected: 0.9.9 to 0.10.10
566 The DICOM dissector could attempt to allocate large amounts of memory.
567 Versions affected: 0.10.4 to 0.10.10
569 The MGCP dissector was susceptible to a null pointer exception, could
570 loop indefinitely, and segfault.
571 Versions affected: 0.8.14 to 0.10.10
573 The RSVP dissector could loop indefinitely.
574 Versions affected: 0.9.8 to 0.10.10
576 The DHCP dissector was susceptible to format string vulnerabilities, and
578 Versions affected: 0.10.7 to 0.10.10
580 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
581 Versions affected: 0.9.8 to 0.10.10
583 The EIGRP dissector could loop indefinitely.
584 Versions affected: 0.8.18 to 0.10.10
586 The ISIS dissector could overflow a buffer.
587 Versions affected: 0.8.18 to 0.10.10
589 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
590 and X.509 dissectors could overflow buffers.
591 Versions affected: 0.10.4 to 0.10.10
593 The NDPS dissector could exhaust system memory or cause an assertion,
595 Versions affected: 0.9.12 to 0.10.10
597 The Q.931 dissector could try to free a null pointer and overflow
599 Versions affected: 0.10.10
601 The IAX2 dissector could throw an assertion.
602 Versions affected: 0.10.1 to 0.10.10
604 The ICEP dissector could try to free the same memory twice.
605 Versions affected: 0.10.7 to 0.10.10
607 The MEGACO dissector was susceptible to an infinite loop and a buffer
609 Versions affected: 0.9.14 to 0.10.10
611 The DLSw dissector was susceptible to an infinite loop.
612 Versions affected: 0.9.1 to 0.10.10
614 The RPC dissector was susceptible to a null pointer exception.
615 Versions affected: 0.9.2 to 0.10.10
617 The NCP dissector could overflow a buffer or loop for a large amount
619 Versions affected: 0.10.5 to 0.10.10
621 The RADIUS dissector could throw an assertion.
622 Versions affected: 0.10.3 to 0.10.10
624 The GSM dissector could access an invalid pointer.
625 Versions affected: 0.10.10
627 The SMB PIPE dissector could throw an assertion.
628 Versions affected: 0.9.0 to 0.10.10
630 The L2TP dissector was susceptible to an infinite loop.
631 Versions affected: 0.10.9 to 0.10.10
633 The SMB NETLOGON dissector could dereference a null pointer.
634 Versions affected: 0.9.12 to 0.10.10
636 The MRDISC dissector could throw an assertion.
637 Versions affected: 0.8.19 to 0.10.10
639 The ISUP dissector could overflow a buffer or cause a segmentation fault.
640 Versions affected: 0.8.19 to 0.10.10
642 The LDAP dissector could crash.
643 Versions affected: 0.10.1 to 0.10.10
645 The TCAP dissector could overflow a buffer or throw an assertion.
646 Versions affected: 0.10.8 to 0.10.10
648 The NTLMSSP dissector could crash.
649 Versions affected: 0.9.7 to 0.10.10
652 Additionally, a number of dissectors could throw an assertion when
653 passing an invalid protocol tree item length.
654 Versions affected: 0.10.8 to 0.10.10
657 Please see the following advisory for more information:
659 http://www.ethereal.com/appnotes/enpa-sa-00019.html
661 Everyone is encouraged to upgrade.
664 New and updated features
672 Updated protocol support
676 New and updated capture file support
683 Ethereal 0.10.10 has been released.
685 This release fixes three security and stability-related issues:
687 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
690 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
691 was enabled. (CAN-2005-0705)
693 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
694 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
696 Leon Juranic discovered a buffer overflow in the IAPP dissector.
698 A bug in the JXTA dissector could make Ethereal crash.
700 A bug in the sFlow dissector could make Ethereal crash.
703 Please see the following advisory for more information:
705 http://www.ethereal.com/appnotes/enpa-sa-00018.html
707 Everyone is encouraged to upgrade.
710 New and updated features
712 Tree view item context menus now let you browse to the display filter
713 reference and wiki pages for a particular protocol.
715 Online help has been expanded.
717 VoIP call analysis (including nifty connection diagrams) has been
720 GSS-API decryption has been greatly enhanced.
725 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
726 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
729 Updated protocol support
731 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
732 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
733 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
734 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
735 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
736 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
737 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
740 New and updated capture file support
742 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
747 Ethereal 0.10.9 has been released.
749 This release fixes the following security-related issues:
751 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
753 The DLSw dissector could cause an assertion, making Ethereal exit
754 prematurely. (CAN-2005-0007)
756 The DNP dissector could cause memory corruption. (CAN-2005-0008)
758 The Gnutella dissector could cause an assertion, making Ethereal
759 exit prematurely. (CAN-2005-0009)
761 The MMSE dissector could free static memory. (CAN-2005-0010)
763 The X11 protocol dissector is vulnerable to a string buffer overflow.
766 Please see the following advisory for more information:
768 http://www.ethereal.com/appnotes/enpa-sa-00017.html
770 Everyone is encouraged to upgrade.
773 New and updated features
775 Ethereal will now detect and flag weak 802.11 WEP IVs.
777 Windows Sniffer timestamp handling has been greatly improved.
779 A bug which made Ethereal crash at startup on Windows 98 and Windows
780 ME systems has been fixed.
782 Ethereal and Tethereal now support a personal "hosts" file.
784 Invalid field length handling has been greatly improved.
786 The capture progress window title now shows the interface name.
791 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
793 Updated protocol support
795 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
796 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
797 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
798 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
799 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
800 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
801 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
802 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
805 New and updated capture file support
811 Ethereal 0.10.8 has been released.
813 This release fixes the following security-related issues:
815 Matthew Bing discovered a bug in DICOM dissection that could make
816 Ethereal crash. (CAN-2004-1139)
818 An invalid RTP timestamp could make Ethereal hang and create a large
819 temporary file, possibly filling available disk space. (CAN-2004-1140)
821 The HTTP dissector could access previously-freed memory, causing a
822 crash. (CAN-2004-1141)
824 Brian Caswell discovered that an improperly formatted SMB packet could
825 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
827 Please see the following advisory for more information:
829 http://www.ethereal.com/appnotes/enpa-sa-00016.html
831 Everyone is encouraged to upgrade.
834 New and updated features
836 Ethereal now has a packet history, similar to most web browsers.
838 Ethereal now supports custom window titles.
840 Minor performance enhancements have been added.
842 RTP analysis has been enhanced.
844 Host name resolution has been improved.
846 Ethereal can now track TCP PDU times. See
847 http://wiki.ethereal.com/TcpPduTime for more details.
849 Ethereal now ships with netscreen2dump.py, a utility which converts
850 netscreen packet-trace hex dumps to hex dumps that can be read by
856 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
857 and Session Management, GSM MAP, Extended Security Services, Logotype
858 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
859 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
860 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
863 Updated protocol support
865 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
866 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
867 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
868 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
869 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
870 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
871 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
872 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
873 X.509af, X.509ce, X.509if, X.509sat,
876 New and updated capture file support
883 Ethereal 0.10.7 has been released.
885 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
886 libraries which fix several known bugs. Unfortunately, a few known
887 GLib/GTK+ bugs remain.
889 In order to avoid a naming conflict with the tcpreplay project, the
890 "capinfo" utility has been renamed to "capinfos".
893 New and updated features
895 Search wrapping is now a configurable option.
897 A lot of material has been added to the Developer's Guide. The User's Guide
898 has been updated as well.
900 The "Decode As..." dialog now supports DCERPC and SCTP.
902 The "Help" menu now includes a link to the wiki.
904 H.323 call analysis is now supported.
909 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
910 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
911 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
914 Updated protocol support
916 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
917 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
918 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
919 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
920 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
921 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
922 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
925 New and updated capture file support
927 HP-UX nettl, NG Sniffer
932 Ethereal 0.10.6 has been released.
934 This release fixes a preferences bug present in Ethereal which displayed
936 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
937 (gtk_window_resize): assertion `height > 0' failed
939 at program startup. A workaround for 0.10.5 is described in
941 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
943 A new command-line utility called "capinfo" has been added to the
944 distribution which prints statistics about capture files.
946 You can now copy conversation and endpoint data to other applications as
950 New and updated features
952 X.509 support has been added.
954 Crash bugs have been fixed in the RTP and NCP dissectors.
956 PostScript(r) output has been improved.
958 A bug that prevented mergecap from creating a new output file has been
961 Conversation and endpoint performance has been enhanced. General packet
962 display performance has been enhanced.
964 The conversation and host list tools have been renamed to be less
967 You can now copy conversation and host list data as CSV data.
969 RTP analysis can now dynamically determine the proper clock rate.
974 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
975 X.509AF, X.509CE, X.509IF, X.509SAT
978 Updated protocol support
980 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
981 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
982 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
983 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
986 New and updated capture file support
993 Ethereal 0.10.5 has been released.
996 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
999 http://www.ethereal.com/appnotes/enpa-sa-00015.html
1001 Everyone is encouraged to upgrade.
1004 New and updated features
1006 Ethereal can now merge multiple files (you don't have to resort to
1007 mergecap on the command line).
1009 A preview pane has been added to the file dialog.
1011 The capture progress dialog can now be disabled.
1013 The about dialog has received further improvements.
1015 The behavior of Ethereal's dialog windows has been normalized somewhat.
1017 The Windows installer can now associate standard file extensions
1020 Ethereal can be configured not to bug you about unsaved captures.
1022 Ethereal can open help documentation using the default web browser.
1025 New protocol support
1027 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
1030 Updated protocol support
1032 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
1033 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
1034 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
1035 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
1036 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
1037 VRRP, WBXML (User-Agent Profile), WSP, X11
1040 New and updated capture file support
1047 Ethereal 0.10.4 has been released.
1049 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
1050 the following advisory:
1052 http://www.ethereal.com/appnotes/enpa-sa-00014.html
1054 Everyone is encouraged to upgrade.
1057 New and updated features
1059 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
1062 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
1064 PostScript(R) output has been improved.
1066 The screen layout of the main window can be changed by Preferences now.
1068 Many other parts of the user interface have received improvements.
1070 Compressed and chunked transfer-coded HTTP bodies are now decoded.
1072 A new generic media dissector more cleanly handles HTTP and WSP
1073 Content-Type information.
1076 New protocol support
1078 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
1079 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
1082 Updated protocol support
1084 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
1085 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
1086 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
1087 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
1088 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
1089 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
1092 Capture file support
1099 Ethereal 0.10.3 has been released.
1101 This release fixes several security bugs described in the following
1104 http://www.ethereal.com/appnotes/enpa-sa-00013.html
1106 Everyone is encouraged to upgrade.
1109 New and updated features
1111 Display filters now support the bitwise and (&) operator.
1113 Protocol hierarchy statistics now have bandwidth columns.
1115 The capture dialog has a new layout.
1118 New protocol support
1120 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
1121 MQ, Presentation, SLSK,
1124 Updated protocol support
1126 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
1127 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
1128 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
1129 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
1130 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
1131 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
1132 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
1135 Capture file support
1137 EyeSDN, libpcap (tcpdump)
1140 == February 23, 2004
1142 Ethereal 0.10.2 has been released.
1144 This release fixes two major bugs in 0.10.1:
1146 Under Windows, the error
1148 ** WARNING **: error opening
1149 /usr/local/share/ethereal/asn1/default.tt, No such file or
1152 would be printed at startup.
1154 The 0.10.1 source release was missing several files required for
1158 New and updated features
1160 The user interface has received further updates. The Statistics
1162 layout has been improved, as well as the capture options dialog
1166 New protocol support
1168 Cisco Cast Client Control Protocol
1171 Updated protocol support
1173 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
1175 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
1179 == February 18, 2004
1181 Ethereal 0.10.1 has been released.
1184 New and updated features
1186 The Windows installer now lets you choose between the traditional
1188 version 1 interface and a new GTK+ 2 interface.
1190 Several updates were made to Ethereal's user interface. The "File"
1192 now has a "most recently used" list. The help menu was greatly
1195 The "matches" operator now handles more data types. For example,
1199 smtp matches joespammer@example.com
1201 as a display filter.
1203 I/O statistics now support 1ms resolution.
1207 A column resorting crash on the Windows platform was fixed.
1209 New protocol support
1211 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
1213 Updated protocol support
1215 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
1217 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
1218 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
1220 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
1222 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
1223 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
1224 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
1226 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
1228 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
1230 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
1232 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
1235 Updated capture file support
1237 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
1241 == December 12, 2003
1243 Ethereal 0.10.0 has been released.
1245 This release fixes issues in the SMB and Q.931 dissectors that could
1246 make Ethereal and Tethereal crash. See
1248 http://www.ethereal.com/appnotes/enpa-sa-00012.html
1252 New and updated features
1254 Many performance improvements have been made to the code. Most
1256 should see a 2x to 3x performance increase when loading and working
1260 A "matches" display filter operator has been added. It is similar
1262 the "contains" operator, but supports Perl-compatible regular
1265 Tethereal can now dump packet data in XML (PDML) format.
1267 The main application menus have been rearranged and the help windows
1268 have been revamped, along with a host of other UI enhancements.
1270 The capture progress window now features bar graphs.
1272 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
1274 installer have been updated.
1276 New protocol support
1278 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
1280 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
1282 Updated protocol support
1284 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
1286 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
1288 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
1290 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
1291 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
1292 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
1294 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
1297 Updated capture file support
1299 AiroPeek v9 (2.x) support was added. Network Instruments Observer
1301 Snoop support was updated.
1306 Ethereal 0.9.16 has been released.
1308 This release fixes potential security issues with the GTP, ISAKMP,
1309 MEGACO, and SOCKS dissectors. See
1311 http://www.ethereal.com/appnotes/enpa-sa-00011.html
1315 New and updated features
1317 Ethereal has leapt forward into the 90's and added a toolbar.
1319 Ethereal and Tethereal can now force the data link type of captured
1322 RTP analysis has been enhanced.
1324 Individual frames can now be marked as time references
1326 Service response time and general I/O statistics have been enhanced.
1328 statistics can now calculate client load (experimental).
1330 New protocol support
1332 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
1333 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
1335 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
1336 (OTA), T.38, TCAP, TPCP
1338 Updated protocol support
1340 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
1342 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
1343 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
1345 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
1346 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
1347 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
1349 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
1351 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
1352 X.25, Yahoo! Messenger
1355 Updated capture file support
1357 Linux Bluez Bluetooth hcidump support has been added.
1359 Endace ERF and Network Instruments Observer, and NetXRay support has
1363 == September 9, 2003
1365 Ethereal 0.9.15 has been released.
1367 New and updated features
1369 Many often-requested features have been added with this release. If
1370 you're running an older version of Ethereal you may want to have a
1373 Conversation List (aka "top talker") support has been added to
1375 and Tethereal. Protocol statistics in general have been updated.
1377 Searching capture files has been improved even more -- a new
1379 display filter operator that searches for strings in PDUs has been
1380 added. The Find dialog now supports case-insensitive searches, hex
1384 An H.225 dissector has been added. It can automatically recognize
1386 and RTCP conversations.
1388 A preference file has been added for disabled protocols.
1390 Color filters may now be imported and exported from within Ethereal.
1392 A new column type has been added for cumulative bytes.
1397 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
1402 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
1404 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
1406 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
1407 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
1411 Updated capture file support
1413 Support for Accellent 5Views and Endace ERF capture files was added.
1414 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
1419 Ethereal 0.9.14 has been released.
1421 New and updated features
1423 The ringbuffer code has been (nearly) completely rewritten. It now
1424 supports an unlimited number of files.
1426 Ethereal now supports searching for arbitrary text and binary data
1430 Service response time statistics have been enhanced.
1432 Tethereal, the text-mode version of Ethereal, can now be compiled
1433 without capture support.
1436 New and updated features
1438 Echo, eDonkey, Jabber, MS Messenger, sFlow
1443 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
1445 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
1447 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
1449 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
1454 Updated capture file support
1461 Ethereal 0.9.13 has been released.
1463 This release fixes a large number of security issues discovered by
1465 Sirainen and others. See
1467 http://www.ethereal.com/appnotes/enpa-sa-00010.html
1471 New and updated features
1473 Ethereal now supports a system-wide color filter file.
1475 Support for the GNU ADNS library has been added. ADNS allows
1476 asynchronous DNS lookups.
1478 "Decode As..." functionality has been added to Tethereal via the "-
1482 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
1484 shown in the protocol tree.
1488 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
1492 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
1494 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1495 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1496 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1500 Updated capture file support
1502 HP-UX nettl, VMS UCX$TRACE
1507 Ethereal 0.9.12 has been released.
1509 This release fixes several off-by-one and integer overflow errors
1510 discovered by Timo Sirainen. See
1512 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1516 New and updated features
1518 TCP sequence number analysis received a few improvements.
1520 General packet reassembly has been improved.
1522 The "Follow TCP Stream" window now allows you to filter out the
1526 The Vines code received significant updates.
1528 Several enhancements were made to the text2pcap utility.
1532 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1536 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1538 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1540 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1542 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1544 TCP, Telnet, Vines, WBXML, WSP, WTP
1546 Updated capture file support
1553 Ethereal 0.9.11 has been released.
1555 The Ethereal 0.9.10 release was packaged improperly. This release
1557 the packaging, and adds minor updates and fixes for the following
1560 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1562 IA64 support has been improved.
1567 Ethereal 0.9.10 has been released.
1569 This release fixes a security hole discovered by Georgi Guninski in
1571 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1572 All users of previous versions are encouraged to upgrade. See
1574 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1579 New and Updated Features
1581 Many small updates were made to the user interface.
1583 The "Help" menu now includes the FAQ.
1585 The TCP dissector was enhanced. Many more fields are filterable.
1587 Tethereal received more IO stats: TCP and UDP top talkers.
1589 Packet reassembly has been improved.
1591 The "Follow TCP Stream" feature can now export C byte arrays.
1593 RTP streams can now be saved to a file.
1598 A missing comma in a string array could cause Ethereal to crash when
1599 opening the preferences dialog.
1604 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1609 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1611 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1612 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1614 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1615 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1617 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1618 Wellfleet BofL X.25, X11
1621 Updated Capture File Support
1623 NetXRay, NGSniffer, Snoop
1628 Ethereal 0.9.9 has been released.
1630 Please note the next release will NOT be 1.0. There are still more
1631 features to be added before a 1.0 release will be ready.
1634 New and Updated Features
1636 Plugin search behavior was improved under Unix, allowing more than
1638 version of Ethereal to be installed at one time.
1640 The statistics graphs have been enhanced. More statistics have been
1643 Round-trip-time statistics are now computed for SMB traffic.
1645 NCP Call and Reply times are now tracked.
1647 Top talker statistics for Ethernet, IP and Token Ring are now
1648 available (tethereal only).
1650 Color allocation and handling was improved.
1652 The RADIUS dissector can now decrypt user passwords.
1654 Tethereal now supports reading from a pipe under Unix.
1656 The ATM code received major improvements.
1658 The DOS Sniffer code also received major improvements.
1660 For those that compile Ethereal from source, some fixes and updates
1661 have been made to the configuration and build environment.
1666 The capture progress window now shows the correct number of elapsed
1669 A potential infinite loop in the TCP graphing code has been fixed.
1674 MDSHDR, MEGACO, MySQL, SDLC, X.29
1679 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1681 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1683 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1684 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1686 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1689 Updated Capture File Support
1691 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1696 Ethereal 0.9.8 has been released.
1698 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1702 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1707 New and Updated Features
1709 The TAP subsystem received major updates. Tethereal can display
1710 more statistics, and several graphs have been added to Ethereal.
1712 A protocol hierarchy statistics tap was added to tethereal. This
1714 may be used to replace the hierarchy statistics code in Ethereal.
1716 More updates have been added to TCP analysis.
1718 After a long hiatus, the Windows installer once again includes SNMP
1721 The total running time of the capture is now displayed in the
1723 progress dialog box. The capture progress dialog also shows ARP
1726 The look of the plugins dialog was revamped.
1729 Bug Fixes and Updates
1731 A bug which caused Ethereal under Windows to crash when "Update list
1733 packets in real time" was enabled has been fixed.
1735 The stability of the text2pcap utility has been improved.
1737 In tethereal, the packet count is properly displayed when you ^C out
1744 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1751 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1752 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1753 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1755 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1756 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1761 Updated Capture File Support
1763 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1766 == September 28, 2002
1768 Ethereal 0.9.7 has been released.
1772 In order to improve the out-of-box responsiveness of Ethereal and
1773 Tethereal, network name resolution has been disabled by default.
1775 TCP analysis (a feature added in the 0.9.6 release) was improved.
1777 The NCP code base received quite a few updates.
1779 Initial support for version 2 of the GTK+ library was added.
1781 RPC staticstics (which use the new Tap API) were added.
1783 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1784 protocols, Ethereal can now dissect most of the security blobs for
1785 Windows 2000 authentication.
1787 The Ethernet "manuf" file now handles addresses specified with a
1788 mask, and contains many well-known addresses.
1793 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1795 SCCP-Management, SPNEGO
1797 The following DCE/RPC protocols were also added:
1799 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1801 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1803 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1804 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1809 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1811 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1813 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1815 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1821 Ethereal 0.9.6 has been released.
1825 A buffer overflow in the ISIS dissector has been fixed. More
1826 information can be found at
1827 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1829 A bad TCP header could cause problems for the "Follow TCP Stream"
1832 Setting "column.format" from the command line no longer crashes
1833 Ethereal and Tethereal.
1835 Problems with capture files being overwritten (e.g. if you try to
1837 the current capture file) have been fixed.
1839 An SMB conversation handling bug has been fixed.
1841 Thanks to Valgrind, several memory leaks have been fixed.
1843 Some problems with printing under Windows have been fixed.
1848 TCP sequence number analysis has been added.
1850 The DCE RPC NETLOGON dissector has received a major overhaul.
1852 Data types throughout the code have been cleaned up.
1857 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1862 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1864 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1866 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1868 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1869 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1872 Capture File Updates
1874 CheckPoint Firewall-1 monitor file support and CoSine debug file
1876 were added. Support for pppdump and Netmon files was updated.
1881 Ethereal 0.9.5 has been released. This version fixes several potential
1882 security problems revealed since the release of 0.9.4. See the
1884 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1890 The ability to read packet data from a pipe was enhanced. Printing
1891 under Windows now works.
1896 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1901 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1902 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1903 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1907 Capture File Updates
1909 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1910 NetXRay, and libpcap code all received updates.