5 Ethereal 0.10.13 has been released.
9 Several security vulnerabilities have been fixed since the previous
10 release. See the [1]application advisory for more details.
12 o The ISAKMP dissector could exhaust system memory. Versions affected:
15 o The FC-FCS dissector could exhaust system memory. Versions affected:
18 o The RSVP dissector could exhaust system memory. Versions affected:
21 o The ISIS LSP dissector could exhaust system memory. Versions affected:
24 o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
26 o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
29 o The BER dissector was susceptible to an infinite loop. Versions
30 affected: 0.10.3 to 0.10.12.
32 o The SCSI dissector could dereference a null pointer and crash.
33 Versions affected: 0.10.3 to 0.10.12.
35 o If the "Dissect unknown RPC program numbers" option was enabled, the
36 ONC RPC dissector might be able to exhaust system memory. This option
37 is disabled by default. Versions affected: 0.7.7 to 0.10.12.
39 o The sFlow dissector could dereference a null pointer and crash.
40 Versions affected: 0.9.14 to 0.10.12.
42 o The RTnet dissector could dereference a null pointer and crash.
43 Versions affected: 0.10.8 to 0.10.12.
45 o The SigComp UDVM could go into an infinite loop or crash. Versions
48 o If SMB transaction payload reassembly is enabled the SMB dissector
49 could crash. This preference is disabled by default. Versions
50 affected: 0.9.7 to 0.10.12.
52 o The X11 dissector could attempt to divide by zero. Versions affected:
55 o The AgentX dissector could overflow a buffer. Versions affected:
58 o The WSP dissector could free an invalid pointer. Versions affected:
61 o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
62 affected: 0.10.0 to 0.10.12.
64 When trying to save a flow graph, Ethereal could crash.
66 When viewing protocol hierarchy statistics, Ethereal and Tethereal could
69 The PCRE library that ships with the Windows installer has been upgraded
70 from version 4.4 to 6.3 in response to a [2]security vulnerability.
72 New and Updated Features
74 The following features are new (or have been significantly updated) since
77 o The timestamp display precision of the Packet List can be adjusted
78 now. The precision will be automatically adjusted depending on the
79 file format loaded, e.g. libpcap typically uses microsecond resolution
80 displayed like "0.000000". In addition you can adjust the precision
81 manually through the View/Time Display Format menu items.
83 o The WinPcap version 3.1 installer was released since the last Ethereal
84 release. The version included in the Ethereal Windows installer has
85 been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap
86 separately or install a different version you can download it from:
87 [3]the WinPcap web site.
89 o The behavior of the display filter "ip.checksum_bad" has changed.
90 Instead of merely checking for its presence you must now make sure it
91 is set, e.g. instead of using "ip.checksum_bad" you must now use
92 "ip.checksum_bad == 1".
94 o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
95 It is very similar to the common libpcap file format but is capable of
96 keeping nanosecond resolution timestamps. This format is currently
97 supported only by Ethereal.
99 o Ethereal's memory managment has been greatly improved.
101 o Ethereal can now save gzip-compressed capture files.
105 CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS
106 Replication, X.411, X.420
108 Updated Protocol Support
110 802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13,
111 ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP,
112 AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP,
113 BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS,
114 DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR,
115 SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT,
116 FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP,
117 H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2,
118 IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC,
119 IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12,
120 Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO,
121 MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS,
122 OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP,
123 RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow,
124 SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN,
125 T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25,
128 New and Updated Capture File Support
130 5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows
131 Sniffer, Tektronix K12
137 Download ethereal-setup-0.10.13.exe from the [4]Windows download area on
138 the main web site. Double-click the installer executable.
142 Download the appropriate package from the [5]Solaris download area on the
143 main web site. Uncompress the package using bzip2, and install it using
148 Download ethereal-0.10.13.tar.gz from the [6]main download area on the web
149 site. Extract the package using tar and gzip. Run "configure ; make ; make
152 Vendor-supplied Packages
154 Most Linux and Unix vendors supply their own Ethereal packages. You can
155 install or upgrade Ethereal using the package management system specific
156 to that platform. A list of third-party packages can be found on the
157 [7]download page on the Ethereal web site.
161 Ethereal and Tethereal look in several different locations for preference
162 files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
163 from platform to platform. You can use About->Folders to find the default
164 locations on your system.
168 On Windows systems the packet list scroll bar can sometimes disappear or
169 become unusable. Until the problem is fixed you can work around it by
170 resizing the packet list or the main window. ([8]Bug #220)
174 Community support is available on the ethereal-users mailing list.
175 Subscription information and archives for all of Ethereal's mailing lists
176 can be found on [9]the web site. There is also an [10]IRC channel
177 dedicated to Ethereal.
179 Commercial support, training, and development services are available from
180 [11]Ethereal Software.
182 Frequently Asked Questions
184 A complete FAQ is available on the [12]Ethereal web site.
189 1. http://www.ethereal.com/appnotes/enpa-sa-00021.html
190 2. http://www.securityfocus.com/bid/14620
191 3. http://www.winpcap.org/
192 4. http://www.ethereal.com/docs/distribution/win32/
193 5. http://www.ethereal.com/docs/distribution/solaris/
194 6. http://www.ethereal.com/docs/distribution/
195 7. http://www.ethereal.com/download.html#otherplat
196 8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
197 9. http://www.ethereal.com/lists/
198 10. irc://irc.freenode.net/ethereal
199 11. http://www.etherealsoft.com/
200 12. http://www.ethereal.com/faq.html
204 Ethereal 0.10.12 has been released.
206 Our testing program has turned up several more security issues:
208 The LDAP dissector could free static memory and crash.
209 Versions affected: 0.8.5 to 0.10.11
211 The AgentX dissector could crash.
212 Versions affected: 0.10.10 to 0.10.11
214 The 802.3 dissector could go into an infinite loop.
215 Versions affected: 0.8.16 to 0.10.11
217 The PER dissector could abort.
218 Versions affected: 0.10.5 to 0.10.11
220 The DHCP dissector could go into an infinite loop.
221 Versions affected: 0.10.7 to 0.10.11
223 The BER dissector could abort or loop infinitely.
224 Version affected: 0.10.11
226 The MEGACO dissector could go into an infinite loop.
227 Versions affected: 0.9.14 to 0.10.11
229 The GIOP dissector could dereference a null pointer.
230 Versions affected: 0.8.20 to 0.10.11
232 The SMB dissector was susceptible to a buffer overflow.
233 Versions affected: 0.9.12 to 0.10.11
235 The WBXML could dereference a null pointer.
236 Versions affected: 0.10.1 to 0.10.11
238 The H1 dissector could go into an infinite loop.
239 Versions affected: 0.8.15 to 0.10.11
241 The DOCSIS dissector could cause a crash.
242 Versions affected: 0.9.13 to 0.10.11
244 The SMPP dissector could go into an infinite loop.
245 Versions affected: 0.10.1 to 0.10.11
247 SCTP graphs could crash.
248 Version affected: 0.10.11
250 The HTTP dissector could crash.
251 Versions affected: 0.10.4 to 0.10.11
253 The SMB dissector could go into a large loop.
254 Versions affected: 0.9.0 to 0.10.11
256 The DCERPC dissector could crash.
257 Versions affected: 0.9.16 to 0.10.11.
259 Several dissectors could crash while reassembling packets.
260 Versions affected: 0.9.0 to 0.10.11
263 Steve Grubb at Red Hat found the following issues:
265 The CAMEL dissector could dereference a null pointer.
266 Version affected: 0.10.11
268 The DHCP dissector could crash.
269 Versions affected: 0.10.4 to 0.10.11
271 The CAMEL dissector could crash.
272 Versions affected: 0.10.10 to 0.10.11
274 The PER dissector could crash.
275 Versions affected: 0.10.10 to 0.10.11
277 The RADIUS dissector could crash.
278 Versions affected: 0.9.4 to 0.10.11
280 The Telnet dissector could crash.
281 Versions affected: 0.9.10 to 0.10.11
283 The IS-IS LSP dissector could crash.
284 Versions affected: 0.8.19 to 0.10.11
286 The NCP dissector could crash.
287 Versions affected: 0.9.15 to 0.10.11
290 iDEFENSE found the following issues:
292 Several dissectors were susceptible to a format string overflow.
293 Versions affected: 0.9.4 to 0.10.11
296 Ethereal uses the zlib compression library. Security vulnerabilities
297 have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
298 now ships with zlib 1.2.3, which fixes these vulnerabilities.
301 Please see the following advisory for more information:
303 http://www.ethereal.com/appnotes/enpa-sa-00020.html
305 Everyone is encouraged to upgrade.
308 New and updated features
310 The Windows installer now includes the WinPcap 3.1 beta 4 installer.
311 You don't have to download and install it separately.
313 RADIUS dictionaries are now included.
315 A lot of documentation was updated
317 Some command line parameters have changed, see the Ethereal / Tethereal
320 A "File/File Set" submenu was added to better handle multiple files
321 (such as ring buffers).
323 Flow graphs can now be created for any protocol.
325 Memory management has been greatly improved.
327 JXTA has been added to the conversations menu.
329 When compiled with MIT/Heimdal Kerberos AND if keytab files are
330 provided, Ethereal can now decrypt and dissect both SecureLDAP and
333 TCP Sequence graphs should now work for all captures and all
339 ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
340 DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
341 Synergy, TANGO, WLAN Certificate Extensions
344 Updated protocol support
346 802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
347 Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
348 DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
349 GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
350 H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
351 IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
352 LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
353 PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
354 SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
355 Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV
358 New and updated capture file support
360 HP Nettl, Tektronix K12
365 Ethereal 0.10.11 has been released.
367 An aggressive testing program as well as independent discovery has turned
368 up a multitude of security issues:
370 The ANSI A dissector was susceptible to format string vulnerabilities.
371 Discovered by Bryan Fulton.
372 Versions affected: 0.9.15 to 0.10.10
374 The GSM MAP dissector could crash.
375 Versions affected: 0.10.0 to 0.10.10
377 The AIM dissector could cause a crash.
378 Versions affected: 0.9.14 to 0.10.10
380 The DISTCC dissector was susceptible to a buffer overflow.
381 Discovered by Ilja van Sprundel
382 Versions affected: 0.9.13 to 0.10.10
384 The FCELS dissector was susceptible to a buffer overflow.
385 Discovered by Neil Kettle
386 Versions affected: 0.9.9 to 0.10.10
388 The SIP dissector was susceptible to a buffer overflow.
389 Discovered by Ejovi Nuwere.
390 Versions affected: 0.10.0 to 0.10.10
392 The KINK dissector was susceptible to a null pointer exception,
393 endless looping, and other problems.
394 Versions affected: 0.10.10
396 The LMP dissector was susceptible to an endless loop.
397 Versions affected: 0.9.4 to 0.10.10
399 The Telnet dissector could abort.
400 Versions affected: 0.9.10 to 0.10.10
402 The TZSP dissector could cause a segmentation fault.
403 Versions affected: 0.10.10 to 0.10.10
405 The WSP dissector was susceptible to a null pointer exception and
407 Versions affected: 0.10.0 to 0.10.10
409 The 802.3 Slow protocols dissector could throw an assertion.
410 Versions affected: 0.10.10
412 The BER dissector could throw assertions.
413 Versions affected: 0.10.2 to 0.10.10
415 The SMB Mailslot dissector was susceptible to a null pointer exception
416 and could throw assertions.
417 Versions affected: 0.9.0 to 0.10.10
419 The H.245 dissector was susceptible to a null pointer exception.
420 Versions affected: 0.10.10
422 The Bittorrent dissector could cause a segmentation fault.
423 Versions affected: 0.10.8 to 0.10.10
425 The SMB dissector could cause a segmentation fault and throw assertions.
426 Versions affected: 0.9.0 to 0.10.10
428 The Fibre Channel dissector could cause a crash.
429 Versions affected: 0.9.9 to 0.10.10
431 The DICOM dissector could attempt to allocate large amounts of memory.
432 Versions affected: 0.10.4 to 0.10.10
434 The MGCP dissector was susceptible to a null pointer exception, could
435 loop indefinitely, and segfault.
436 Versions affected: 0.8.14 to 0.10.10
438 The RSVP dissector could loop indefinitely.
439 Versions affected: 0.9.8 to 0.10.10
441 The DHCP dissector was susceptible to format string vulnerabilities, and
443 Versions affected: 0.10.7 to 0.10.10
445 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
446 Versions affected: 0.9.8 to 0.10.10
448 The EIGRP dissector could loop indefinitely.
449 Versions affected: 0.8.18 to 0.10.10
451 The ISIS dissector could overflow a buffer.
452 Versions affected: 0.8.18 to 0.10.10
454 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
455 and X.509 dissectors could overflow buffers.
456 Versions affected: 0.10.4 to 0.10.10
458 The NDPS dissector could exhaust system memory or cause an assertion,
460 Versions affected: 0.9.12 to 0.10.10
462 The Q.931 dissector could try to free a null pointer and overflow
464 Versions affected: 0.10.10
466 The IAX2 dissector could throw an assertion.
467 Versions affected: 0.10.1 to 0.10.10
469 The ICEP dissector could try to free the same memory twice.
470 Versions affected: 0.10.7 to 0.10.10
472 The MEGACO dissector was susceptible to an infinite loop and a buffer
474 Versions affected: 0.9.14 to 0.10.10
476 The DLSw dissector was susceptible to an infinite loop.
477 Versions affected: 0.9.1 to 0.10.10
479 The RPC dissector was susceptible to a null pointer exception.
480 Versions affected: 0.9.2 to 0.10.10
482 The NCP dissector could overflow a buffer or loop for a large amount
484 Versions affected: 0.10.5 to 0.10.10
486 The RADIUS dissector could throw an assertion.
487 Versions affected: 0.10.3 to 0.10.10
489 The GSM dissector could access an invalid pointer.
490 Versions affected: 0.10.10
492 The SMB PIPE dissector could throw an assertion.
493 Versions affected: 0.9.0 to 0.10.10
495 The L2TP dissector was susceptible to an infinite loop.
496 Versions affected: 0.10.9 to 0.10.10
498 The SMB NETLOGON dissector could dereference a null pointer.
499 Versions affected: 0.9.12 to 0.10.10
501 The MRDISC dissector could throw an assertion.
502 Versions affected: 0.8.19 to 0.10.10
504 The ISUP dissector could overflow a buffer or cause a segmentation fault.
505 Versions affected: 0.8.19 to 0.10.10
507 The LDAP dissector could crash.
508 Versions affected: 0.10.1 to 0.10.10
510 The TCAP dissector could overflow a buffer or throw an assertion.
511 Versions affected: 0.10.8 to 0.10.10
513 The NTLMSSP dissector could crash.
514 Versions affected: 0.9.7 to 0.10.10
517 Additionally, a number of dissectors could throw an assertion when
518 passing an invalid protocol tree item length.
519 Versions affected: 0.10.8 to 0.10.10
522 Please see the following advisory for more information:
524 http://www.ethereal.com/appnotes/enpa-sa-00019.html
526 Everyone is encouraged to upgrade.
529 New and updated features
537 Updated protocol support
541 New and updated capture file support
548 Ethereal 0.10.10 has been released.
550 This release fixes three security and stability-related issues:
552 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
555 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
556 was enabled. (CAN-2005-0705)
558 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
559 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
561 Leon Juranic discovered a buffer overflow in the IAPP dissector.
563 A bug in the JXTA dissector could make Ethereal crash.
565 A bug in the sFlow dissector could make Ethereal crash.
568 Please see the following advisory for more information:
570 http://www.ethereal.com/appnotes/enpa-sa-00018.html
572 Everyone is encouraged to upgrade.
575 New and updated features
577 Tree view item context menus now let you browse to the display filter
578 reference and wiki pages for a particular protocol.
580 Online help has been expanded.
582 VoIP call analysis (including nifty connection diagrams) has been
585 GSS-API decryption has been greatly enhanced.
590 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
591 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
594 Updated protocol support
596 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
597 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
598 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
599 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
600 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
601 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
602 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
605 New and updated capture file support
607 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
612 Ethereal 0.10.9 has been released.
614 This release fixes the following security-related issues:
616 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
618 The DLSw dissector could cause an assertion, making Ethereal exit
619 prematurely. (CAN-2005-0007)
621 The DNP dissector could cause memory corruption. (CAN-2005-0008)
623 The Gnutella dissector could cause an assertion, making Ethereal
624 exit prematurely. (CAN-2005-0009)
626 The MMSE dissector could free static memory. (CAN-2005-0010)
628 The X11 protocol dissector is vulnerable to a string buffer overflow.
631 Please see the following advisory for more information:
633 http://www.ethereal.com/appnotes/enpa-sa-00017.html
635 Everyone is encouraged to upgrade.
638 New and updated features
640 Ethereal will now detect and flag weak 802.11 WEP IVs.
642 Windows Sniffer timestamp handling has been greatly improved.
644 A bug which made Ethereal crash at startup on Windows 98 and Windows
645 ME systems has been fixed.
647 Ethereal and Tethereal now support a personal "hosts" file.
649 Invalid field length handling has been greatly improved.
651 The capture progress window title now shows the interface name.
656 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
658 Updated protocol support
660 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
661 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
662 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
663 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
664 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
665 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
666 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
667 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
670 New and updated capture file support
676 Ethereal 0.10.8 has been released.
678 This release fixes the following security-related issues:
680 Matthew Bing discovered a bug in DICOM dissection that could make
681 Ethereal crash. (CAN-2004-1139)
683 An invalid RTP timestamp could make Ethereal hang and create a large
684 temporary file, possibly filling available disk space. (CAN-2004-1140)
686 The HTTP dissector could access previously-freed memory, causing a
687 crash. (CAN-2004-1141)
689 Brian Caswell discovered that an improperly formatted SMB packet could
690 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
692 Please see the following advisory for more information:
694 http://www.ethereal.com/appnotes/enpa-sa-00016.html
696 Everyone is encouraged to upgrade.
699 New and updated features
701 Ethereal now has a packet history, similar to most web browsers.
703 Ethereal now supports custom window titles.
705 Minor performance enhancements have been added.
707 RTP analysis has been enhanced.
709 Host name resolution has been improved.
711 Ethereal can now track TCP PDU times. See
712 http://wiki.ethereal.com/TcpPduTime for more details.
714 Ethereal now ships with netscreen2dump.py, a utility which converts
715 netscreen packet-trace hex dumps to hex dumps that can be read by
721 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
722 and Session Management, GSM MAP, Extended Security Services, Logotype
723 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
724 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
725 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
728 Updated protocol support
730 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
731 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
732 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
733 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
734 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
735 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
736 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
737 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
738 X.509af, X.509ce, X.509if, X.509sat,
741 New and updated capture file support
748 Ethereal 0.10.7 has been released.
750 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
751 libraries which fix several known bugs. Unfortunately, a few known
752 GLib/GTK+ bugs remain.
754 In order to avoid a naming conflict with the tcpreplay project, the
755 "capinfo" utility has been renamed to "capinfos".
758 New and updated features
760 Search wrapping is now a configurable option.
762 A lot of material has been added to the Developer's Guide. The User's Guide
763 has been updated as well.
765 The "Decode As..." dialog now supports DCERPC and SCTP.
767 The "Help" menu now includes a link to the wiki.
769 H.323 call analysis is now supported.
774 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
775 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
776 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
779 Updated protocol support
781 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
782 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
783 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
784 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
785 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
786 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
787 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
790 New and updated capture file support
792 HP-UX nettl, NG Sniffer
797 Ethereal 0.10.6 has been released.
799 This release fixes a preferences bug present in Ethereal which displayed
801 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
802 (gtk_window_resize): assertion `height > 0' failed
804 at program startup. A workaround for 0.10.5 is described in
806 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
808 A new command-line utility called "capinfo" has been added to the
809 distribution which prints statistics about capture files.
811 You can now copy conversation and endpoint data to other applications as
815 New and updated features
817 X.509 support has been added.
819 Crash bugs have been fixed in the RTP and NCP dissectors.
821 PostScript(r) output has been improved.
823 A bug that prevented mergecap from creating a new output file has been
826 Conversation and endpoint performance has been enhanced. General packet
827 display performance has been enhanced.
829 The conversation and host list tools have been renamed to be less
832 You can now copy conversation and host list data as CSV data.
834 RTP analysis can now dynamically determine the proper clock rate.
839 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
840 X.509AF, X.509CE, X.509IF, X.509SAT
843 Updated protocol support
845 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
846 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
847 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
848 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
851 New and updated capture file support
858 Ethereal 0.10.5 has been released.
861 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
864 http://www.ethereal.com/appnotes/enpa-sa-00015.html
866 Everyone is encouraged to upgrade.
869 New and updated features
871 Ethereal can now merge multiple files (you don't have to resort to
872 mergecap on the command line).
874 A preview pane has been added to the file dialog.
876 The capture progress dialog can now be disabled.
878 The about dialog has received further improvements.
880 The behavior of Ethereal's dialog windows has been normalized somewhat.
882 The Windows installer can now associate standard file extensions
885 Ethereal can be configured not to bug you about unsaved captures.
887 Ethereal can open help documentation using the default web browser.
892 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
895 Updated protocol support
897 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
898 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
899 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
900 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
901 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
902 VRRP, WBXML (User-Agent Profile), WSP, X11
905 New and updated capture file support
912 Ethereal 0.10.4 has been released.
914 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
915 the following advisory:
917 http://www.ethereal.com/appnotes/enpa-sa-00014.html
919 Everyone is encouraged to upgrade.
922 New and updated features
924 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
927 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
929 PostScript(R) output has been improved.
931 The screen layout of the main window can be changed by Preferences now.
933 Many other parts of the user interface have received improvements.
935 Compressed and chunked transfer-coded HTTP bodies are now decoded.
937 A new generic media dissector more cleanly handles HTTP and WSP
938 Content-Type information.
943 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
944 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
947 Updated protocol support
949 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
950 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
951 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
952 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
953 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
954 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
964 Ethereal 0.10.3 has been released.
966 This release fixes several security bugs described in the following
969 http://www.ethereal.com/appnotes/enpa-sa-00013.html
971 Everyone is encouraged to upgrade.
974 New and updated features
976 Display filters now support the bitwise and (&) operator.
978 Protocol hierarchy statistics now have bandwidth columns.
980 The capture dialog has a new layout.
985 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
986 MQ, Presentation, SLSK,
989 Updated protocol support
991 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
992 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
993 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
994 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
995 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
996 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
997 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
1000 Capture file support
1002 EyeSDN, libpcap (tcpdump)
1005 == February 23, 2004
1007 Ethereal 0.10.2 has been released.
1009 This release fixes two major bugs in 0.10.1:
1011 Under Windows, the error
1013 ** WARNING **: error opening
1014 /usr/local/share/ethereal/asn1/default.tt, No such file or
1017 would be printed at startup.
1019 The 0.10.1 source release was missing several files required for
1023 New and updated features
1025 The user interface has received further updates. The Statistics
1027 layout has been improved, as well as the capture options dialog
1031 New protocol support
1033 Cisco Cast Client Control Protocol
1036 Updated protocol support
1038 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
1040 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
1044 == February 18, 2004
1046 Ethereal 0.10.1 has been released.
1049 New and updated features
1051 The Windows installer now lets you choose between the traditional
1053 version 1 interface and a new GTK+ 2 interface.
1055 Several updates were made to Ethereal's user interface. The "File"
1057 now has a "most recently used" list. The help menu was greatly
1060 The "matches" operator now handles more data types. For example,
1064 smtp matches joespammer@example.com
1066 as a display filter.
1068 I/O statistics now support 1ms resolution.
1072 A column resorting crash on the Windows platform was fixed.
1074 New protocol support
1076 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
1078 Updated protocol support
1080 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
1082 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
1083 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
1085 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
1087 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
1088 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
1089 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
1091 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
1093 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
1095 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
1097 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
1100 Updated capture file support
1102 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
1106 == December 12, 2003
1108 Ethereal 0.10.0 has been released.
1110 This release fixes issues in the SMB and Q.931 dissectors that could
1111 make Ethereal and Tethereal crash. See
1113 http://www.ethereal.com/appnotes/enpa-sa-00012.html
1117 New and updated features
1119 Many performance improvements have been made to the code. Most
1121 should see a 2x to 3x performance increase when loading and working
1125 A "matches" display filter operator has been added. It is similar
1127 the "contains" operator, but supports Perl-compatible regular
1130 Tethereal can now dump packet data in XML (PDML) format.
1132 The main application menus have been rearranged and the help windows
1133 have been revamped, along with a host of other UI enhancements.
1135 The capture progress window now features bar graphs.
1137 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
1139 installer have been updated.
1141 New protocol support
1143 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
1145 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
1147 Updated protocol support
1149 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
1151 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
1153 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
1155 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
1156 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
1157 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
1159 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
1162 Updated capture file support
1164 AiroPeek v9 (2.x) support was added. Network Instruments Observer
1166 Snoop support was updated.
1171 Ethereal 0.9.16 has been released.
1173 This release fixes potential security issues with the GTP, ISAKMP,
1174 MEGACO, and SOCKS dissectors. See
1176 http://www.ethereal.com/appnotes/enpa-sa-00011.html
1180 New and updated features
1182 Ethereal has leapt forward into the 90's and added a toolbar.
1184 Ethereal and Tethereal can now force the data link type of captured
1187 RTP analysis has been enhanced.
1189 Individual frames can now be marked as time references
1191 Service response time and general I/O statistics have been enhanced.
1193 statistics can now calculate client load (experimental).
1195 New protocol support
1197 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
1198 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
1200 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
1201 (OTA), T.38, TCAP, TPCP
1203 Updated protocol support
1205 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
1207 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
1208 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
1210 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
1211 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
1212 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
1214 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
1216 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
1217 X.25, Yahoo! Messenger
1220 Updated capture file support
1222 Linux Bluez Bluetooth hcidump support has been added.
1224 Endace ERF and Network Instruments Observer, and NetXRay support has
1228 == September 9, 2003
1230 Ethereal 0.9.15 has been released.
1232 New and updated features
1234 Many often-requested features have been added with this release. If
1235 you're running an older version of Ethereal you may want to have a
1238 Conversation List (aka "top talker") support has been added to
1240 and Tethereal. Protocol statistics in general have been updated.
1242 Searching capture files has been improved even more -- a new
1244 display filter operator that searches for strings in PDUs has been
1245 added. The Find dialog now supports case-insensitive searches, hex
1249 An H.225 dissector has been added. It can automatically recognize
1251 and RTCP conversations.
1253 A preference file has been added for disabled protocols.
1255 Color filters may now be imported and exported from within Ethereal.
1257 A new column type has been added for cumulative bytes.
1262 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
1267 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
1269 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
1271 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
1272 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
1276 Updated capture file support
1278 Support for Accellent 5Views and Endace ERF capture files was added.
1279 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
1284 Ethereal 0.9.14 has been released.
1286 New and updated features
1288 The ringbuffer code has been (nearly) completely rewritten. It now
1289 supports an unlimited number of files.
1291 Ethereal now supports searching for arbitrary text and binary data
1295 Service response time statistics have been enhanced.
1297 Tethereal, the text-mode version of Ethereal, can now be compiled
1298 without capture support.
1301 New and updated features
1303 Echo, eDonkey, Jabber, MS Messenger, sFlow
1308 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
1310 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
1312 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
1314 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
1319 Updated capture file support
1326 Ethereal 0.9.13 has been released.
1328 This release fixes a large number of security issues discovered by
1330 Sirainen and others. See
1332 http://www.ethereal.com/appnotes/enpa-sa-00010.html
1336 New and updated features
1338 Ethereal now supports a system-wide color filter file.
1340 Support for the GNU ADNS library has been added. ADNS allows
1341 asynchronous DNS lookups.
1343 "Decode As..." functionality has been added to Tethereal via the "-
1347 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
1349 shown in the protocol tree.
1353 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
1357 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
1359 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1360 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1361 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1365 Updated capture file support
1367 HP-UX nettl, VMS UCX$TRACE
1372 Ethereal 0.9.12 has been released.
1374 This release fixes several off-by-one and integer overflow errors
1375 discovered by Timo Sirainen. See
1377 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1381 New and updated features
1383 TCP sequence number analysis received a few improvements.
1385 General packet reassembly has been improved.
1387 The "Follow TCP Stream" window now allows you to filter out the
1391 The Vines code received significant updates.
1393 Several enhancements were made to the text2pcap utility.
1397 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1401 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1403 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1405 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1407 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1409 TCP, Telnet, Vines, WBXML, WSP, WTP
1411 Updated capture file support
1418 Ethereal 0.9.11 has been released.
1420 The Ethereal 0.9.10 release was packaged improperly. This release
1422 the packaging, and adds minor updates and fixes for the following
1425 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1427 IA64 support has been improved.
1432 Ethereal 0.9.10 has been released.
1434 This release fixes a security hole discovered by Georgi Guninski in
1436 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1437 All users of previous versions are encouraged to upgrade. See
1439 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1444 New and Updated Features
1446 Many small updates were made to the user interface.
1448 The "Help" menu now includes the FAQ.
1450 The TCP dissector was enhanced. Many more fields are filterable.
1452 Tethereal received more IO stats: TCP and UDP top talkers.
1454 Packet reassembly has been improved.
1456 The "Follow TCP Stream" feature can now export C byte arrays.
1458 RTP streams can now be saved to a file.
1463 A missing comma in a string array could cause Ethereal to crash when
1464 opening the preferences dialog.
1469 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1474 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1476 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1477 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1479 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1480 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1482 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1483 Wellfleet BofL X.25, X11
1486 Updated Capture File Support
1488 NetXRay, NGSniffer, Snoop
1493 Ethereal 0.9.9 has been released.
1495 Please note the next release will NOT be 1.0. There are still more
1496 features to be added before a 1.0 release will be ready.
1499 New and Updated Features
1501 Plugin search behavior was improved under Unix, allowing more than
1503 version of Ethereal to be installed at one time.
1505 The statistics graphs have been enhanced. More statistics have been
1508 Round-trip-time statistics are now computed for SMB traffic.
1510 NCP Call and Reply times are now tracked.
1512 Top talker statistics for Ethernet, IP and Token Ring are now
1513 available (tethereal only).
1515 Color allocation and handling was improved.
1517 The RADIUS dissector can now decrypt user passwords.
1519 Tethereal now supports reading from a pipe under Unix.
1521 The ATM code received major improvements.
1523 The DOS Sniffer code also received major improvements.
1525 For those that compile Ethereal from source, some fixes and updates
1526 have been made to the configuration and build environment.
1531 The capture progress window now shows the correct number of elapsed
1534 A potential infinite loop in the TCP graphing code has been fixed.
1539 MDSHDR, MEGACO, MySQL, SDLC, X.29
1544 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1546 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1548 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1549 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1551 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1554 Updated Capture File Support
1556 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1561 Ethereal 0.9.8 has been released.
1563 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1567 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1572 New and Updated Features
1574 The TAP subsystem received major updates. Tethereal can display
1575 more statistics, and several graphs have been added to Ethereal.
1577 A protocol hierarchy statistics tap was added to tethereal. This
1579 may be used to replace the hierarchy statistics code in Ethereal.
1581 More updates have been added to TCP analysis.
1583 After a long hiatus, the Windows installer once again includes SNMP
1586 The total running time of the capture is now displayed in the
1588 progress dialog box. The capture progress dialog also shows ARP
1591 The look of the plugins dialog was revamped.
1594 Bug Fixes and Updates
1596 A bug which caused Ethereal under Windows to crash when "Update list
1598 packets in real time" was enabled has been fixed.
1600 The stability of the text2pcap utility has been improved.
1602 In tethereal, the packet count is properly displayed when you ^C out
1609 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1616 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1617 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1618 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1620 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1621 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1626 Updated Capture File Support
1628 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1631 == September 28, 2002
1633 Ethereal 0.9.7 has been released.
1637 In order to improve the out-of-box responsiveness of Ethereal and
1638 Tethereal, network name resolution has been disabled by default.
1640 TCP analysis (a feature added in the 0.9.6 release) was improved.
1642 The NCP code base received quite a few updates.
1644 Initial support for version 2 of the GTK+ library was added.
1646 RPC staticstics (which use the new Tap API) were added.
1648 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1649 protocols, Ethereal can now dissect most of the security blobs for
1650 Windows 2000 authentication.
1652 The Ethernet "manuf" file now handles addresses specified with a
1653 mask, and contains many well-known addresses.
1658 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1660 SCCP-Management, SPNEGO
1662 The following DCE/RPC protocols were also added:
1664 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1666 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1668 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1669 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1674 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1676 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1678 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1680 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1686 Ethereal 0.9.6 has been released.
1690 A buffer overflow in the ISIS dissector has been fixed. More
1691 information can be found at
1692 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1694 A bad TCP header could cause problems for the "Follow TCP Stream"
1697 Setting "column.format" from the command line no longer crashes
1698 Ethereal and Tethereal.
1700 Problems with capture files being overwritten (e.g. if you try to
1702 the current capture file) have been fixed.
1704 An SMB conversation handling bug has been fixed.
1706 Thanks to Valgrind, several memory leaks have been fixed.
1708 Some problems with printing under Windows have been fixed.
1713 TCP sequence number analysis has been added.
1715 The DCE RPC NETLOGON dissector has received a major overhaul.
1717 Data types throughout the code have been cleaned up.
1722 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1727 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1729 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1731 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1733 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1734 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1737 Capture File Updates
1739 CheckPoint Firewall-1 monitor file support and CoSine debug file
1741 were added. Support for pppdump and Netmon files was updated.
1746 Ethereal 0.9.5 has been released. This version fixes several potential
1747 security problems revealed since the release of 0.9.4. See the
1749 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1755 The ability to read packet data from a pipe was enhanced. Printing
1756 under Windows now works.
1761 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1766 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1767 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1768 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1772 Capture File Updates
1774 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1775 NetXRay, and libpcap code all received updates.