-Wireshark 0.99.5 Release Notes
+Wireshark 1.3.0 Release Notes
------------------------------------------------------------------
Bug Fixes
- The following vulnerabilities have been fixed. See the [1]security
+ The following vulnerabilities have been fixed. See the security
advisory for details and a workaround.
- o The TCP dissector could hang or crash while reassembling HTTP
- packets. (Bug [2]1200)
+ o The NetFlow dissector could run off with your dog, crash your
+ truck, and write a country music song about the experience.
- Versions affected: 0.99.2 to 0.99.4
-
- [3]CVE-2007-0459
-
- o The HTTP dissector could crash.
-
- Versions affected: 0.99.3 to 0.99.4
-
- [4]CVE-2007-0458
-
- o On some systems, the IEEE 802.11 dissector could crash.
-
- Versions affected: 0.10.14 to 0.99.4
-
- [5]CVE-2007-0457
-
- o On some systems, the LLT dissector could crash.
-
- Versions affected: 0.99.3 to 0.99.4
-
- [6]CVE-2007-0456
+ Versions affected: 0.99.5 to 1.0.8
The following bugs have been fixed:
- o On Windows systems the packet list scroll bar could sometimes
- disappear or become unusable. ([7]Bug 220)
-
- o The end of HTTP chunked encoding wasn't being displayed.
- ([8]Bug 646)
-
- o The Follow TCP Stream window could omit characters. ([9]Bug
- 1043)
-
- o Opening a flow graph could crash Wireshark. ([10]Bug 1117)
-
- o Follow TCP Stream would sometimes get the direction wrong.
- ([11]Bug 1138)
-
- o The foreground text in the coloring rules editor was always
- black.. ([12]Bug 1164)
-
- o The CSV export format was incorrect. ([13]Bug 1173)
-
- o On some Windows systems Wireshark could take a long time to
- start up.
-
- o Malformed UDLD packets could cause an exception.
-
- o The ISUP statistics report could overflow a buffer and crash
- when displaying IPv6 addresses.
+ o Wireshark could crash without warning.
New and Updated Features
The following features are new (or have been significantly
- updated) since the last release:
+ updated) since version 1.0:
- o We are now offering Wireshark as a [14]U3 package for Windows.
- U3 packages are suitable for using on USB drives and CD-ROMs.
- It's still experimental, but you're welcome to try it out and
- report any problems or successes.
+ o The packet list internals have been rewritten and are now more
+ efficient.
- o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
- TDS / MS SQL dissector now de-obfuscates passwords.
-
- o 64-bit file handling has been improved.
-
- o The Find function now selects the corresponding packet detail
- item. Find functionality has been added to the TCP and SSL
- stream dialogs.
-
- o Main window keyboard navigation has been improved.
-
- o Windows file dialogs now show the "places" bar (Desktop, My
- Documents, My Computer, My Network Places, etc). File dialogs
- now default to "My Documents" in accordance with Microsoft's
- HIG.
-
- o [15]AirPcap support (which provides raw mode capture under
- Windows) has been enhanced to allow capturing on multiple
- AirPcap adapters simultaneously.
-
- o You can no longer install Wireshark on Windows 95, 98, or ME.
- (OK, so it's not a feature per se, but it's an important
- change). The last version known to work on these systems is
- [16]Ethereal 0.99.0.
-
- o ASN.1 BER-encoded files can now be dissected according to a
- user-specified syntax.
+ o Capturing from pipes on Windows has been improved.
New Protocol Support
- DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
- v2
-
Updated Protocol Support
- 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
- BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
- EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
- DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
- HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
- IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
- MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
- NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
- RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
- SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
- TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
- USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
-
New and Updated Capture File Support
- Catapult DCT2000, Netttl, Windows Sniffer / NetXray
-
Getting Wireshark
Wireshark source code and installation packages are available from
- the [17]download page on the main web site.
+ the download page on the main web site.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
- packages can be found on the [18]download page on the Wireshark
- web site.
+ packages can be found on the download page on the Wireshark web
+ site.
File Locations
Known Problems
- The Filter button is nonfunctional in the file dialogs under
- Windows. ([19]Bug 942)
+ Wireshark may appear offscreen on multi-monitor Windows systems.
+ (Bug 553)
+
+ Wireshark might make your system disassociate from a wireless
+ network on OS X. (Bug 1315)
+
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
+
+ Wireshark is unable to decrypt WPA group keys. (Bug 1420)
+
+ The BER dissector might infinitely loop. (Bug 1516)
+
+ Wireshark can't dynamically update the packet list. This means
+ that host name resolutions above a certain response time threshold
+ won't show up in the packet list. (Bug 1605)
+
+ Capture filters aren't applied when capturing from named pipes.
+ (Bug 1814)
+
+ Wireshark might freeze when reading from a pipe. (Bug 2082)
+
+ Capturing from named pipes might be delayed on Windows. (Bug 2200)
+
+ Filtering tshark captures with display filters (-R) no longer
+ works. (Bug 2234)
Getting Help
Community support is available on the wireshark-users mailing
list. Subscription information and archives for all of Wireshark's
- mailing lists can be found on [20]the web site.
+ mailing lists can be found on the web site.
Commercial support, training, and development services are
- available from [21]CACE Technologies.
+ available from CACE Technologies.
Frequently Asked Questions
- A complete FAQ is available on the [22]Wireshark web site.
-
-References
-
- Visible links
- 1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
- 2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200
- 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
- 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
- 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
- 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
- 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
- 8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
- 9. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
- 10. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
- 11. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
- 12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
- 13. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
- 14. http://www.u3.com/
- 15. http://www.cacetech.com/products/airpcap.htm
- 16. file:///dev/
- 17. http://www.wireshark.org/download.html
- 18. http://www.wireshark.org/download.html#otherplat
- 19. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
- 20. http://www.wireshark.org/lists/
- 21. http://www.cacetech.com/
- 22. http://www.wireshark.org/faq.html
+ A complete FAQ is available on the Wireshark web site.