-$Id: NEWS,v 1.135 2003/09/09 03:34:26 gerald Exp $
-
-== September 9, 2003
-
-Ethereal 0.9.15 has been released.
-
-New and updated features
-
- Many major features have been added with this release. If you're
- running an older version of Ethereal, you may want to have a look.
-
- Conversation List (aka "top talker") support has been added to Ethereal
- and Tethereal. Protocol statistics in general have been updated.
-
- Searching capture files has been improved even more -- a new "contains"
- display filter operator that searches for strings in PDUs has been
- added. The Find dialog now supports case-insensitive searches, hex data
- searches, and more.
-
- An H.225 dissector has been added. It can automatically recognize RTP
- and RTCP conversations.
-
- A preference file has been added for disabled protocols.
-
- Color filters may now be imported and exported from within Ethereal.
-
- A new column type has been added for cumulative bytes.
-
+ Wireshark 1.9.2 Release Notes
+ __________________________________________________________________
+
+What is Wireshark?
+
+ Wireshark is the world's most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
+ __________________________________________________________________
+
+What's New
+
+ Bug Fixes
+
+ The following bugs have been fixed:
+
+ New and Updated Features
+
+ The following features are new (or have been significantly updated)
+ since version 1.8:
+ * Wireshark on 32- and 64-bit Windows supports automatic updates.
+ * The packet bytes view is faster.
+ * You can now display a list of resolved host names in "hosts" format
+ within Wireshark.
+ * The wireless toolbar has been updated.
+ * Wireshark on Linux does a better job of detecting interface
+ addition and removal.
+ * It is now possible to compare two fields in a display filter (for
+ example: udp.srcport != udp.dstport). The two fields must be of the
+ same type for this to work.
+ * The Windows installers ship with WinPcap 4.1.3, which supports
+ Windows 8.
+ * USB type and product name support has been improved.
+ * Wireshark now calculates HTTP response times and presents the
+ result in a new field in the HTTP response. Links from the
+ request's frame to the response's frame and vice-versa are also
+ added.
+ * The main welcome screen and status bar now display file sizes using
+ strict SI prefixes instead of old-style binary prefixes.
+ * Capinfos now prints human-readable statistics with SI suffixes by
+ default.
+ * It is now possible to open a referenced packet (such as the matched
+ request or response packet) in a new window.
+ * It is now possible for tshark to display only the hex/ascii packet
+ data without also requiring that the packet summary and/or packet
+ details are also displayed. If you want the old behavior, use -Px
+ instead of just -x.
+ * The Wireshark application icon, capture toolbar icons, and other
+ icons have been updated.
+
+ New Protocol Support
-New protocols
+ Amateur Radio AX.25, Amateur Radio BPQ, Amateur Radio NET/ROM, America
+ Online (AOL), AR Drone, Automatic Position Reporting System (APRS),
+ AX.25 KISS, AX.25 no Layer 3, Bitcoin Protocol, Bluetooth Attribute
+ Protocol, Bluetooth AVCTP Protocol, Bluetooth AVDTP Protocol, Bluetooth
+ AVRCP Profile, Bluetooth BNEP Protocol, Bluetooth HCI USB Transport,
+ Bluetooth HCRP Profile, Bluetooth HID Profile, Bluetooth MCAP Protocol,
+ Bluetooth SAP Profile, Bluetooth SBC Codec, Bluetooth Security Manager
+ Protocol, Cisco GED-125 Protocol, Clique Reliable Multicast Protocol
+ (CliqueRM), D-Bus, Digital Transmission Content Protection over IP,
+ DVB-S2 Baseband, FlexNet, Forwarding and Control Element Separation
+ Protocol (ForCES), Foundry Discovery Protocol (FDP), Gearman Protocol,
+ GEO-Mobile Radio (1) RACH, HoneyPot Feeds Protocol (HPFEEDS), LTE
+ Positioning Protocol Extensions (LLPe), Media Resource Control Protocol
+ Version 2 (MRCPv2), Media-Independent Handover (MIH), MIDI System
+ Exclusive (SYSEX), Mojito DHT, MPLS-TP Fault-Management, MPLS-TP
+ Lock-Instruct, NASDAQ's OUCH 4.x, NASDAQ's SoupBinTCP, OpenVPN
+ Protocol, Pseudo-Wire OAM, RPKI-Router Protocol, SEL Fast Message,
+ Simple Packet Relay Transport (SPRT), Skype, Smart Message Language
+ (SML), SPNEGO Extended Negotiation Security Mechanism (NEGOEX),
+ UHD/USRP, USB Audio, USB Video, v.150.1 State Signaling Event (SSE),
+ VITA 49 Radio Transport, VNTAG, WebRTC Datachannel Protocol (RTCDC),
+ and WiMAX OFDMA PHY SAP
+
+ Updated Protocol Support
+
+ Too many protocols have been updated to list here.
+
+ New and Updated Capture File Support
+
+ AIX iptrace, Catapult DCT2000, Citrix NetScaler, DBS Etherwatch (VMS),
+ Endace ERF, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, NA Sniffer
+ (DOS), Netscreen, Network Instruments Observer, pcap, pcap-ng, Symbian
+ OS btsnoop, TamoSoft CommView, and Tektronix K12xx
+ __________________________________________________________________
+
+Getting Wireshark
+
+ Wireshark source code and installation packages are available from
+ [1]http://www.wireshark.org/download.html.
+
+ Vendor-supplied Packages
+
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can be
+ found on the [2]download page on the Wireshark web site.
+ __________________________________________________________________
+
+File Locations
+
+ Wireshark and TShark look in several different locations for preference
+ files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
+ vary from platform to platform. You can use About->Folders to find the
+ default locations on your system.
+ __________________________________________________________________
+
+Known Problems
+
+ Dumpcap might not quit if Wireshark or TShark crashes. ([3]Bug 1419)
+
+ The BER dissector might infinitely loop. ([4]Bug 1516)
+
+ Capture filters aren't applied when capturing from named pipes.
+ (ws-buglink:1814)
+
+ Filtering tshark captures with display filters (-R) no longer works.
+ ([5]Bug 2234)
+
+ The 64-bit Windows installer does not support Kerberos decryption.
+ ([6]Win64 development page)
+
+ Application crash when changing real-time option. ([7]Bug 4035)
+
+ Hex pane display issue after startup. ([8]Bug 4056)
+
+ Packet list rows are oversized. ([9]Bug 4357)
+
+ Summary pane selected frame highlighting not maintained. ([10]Bug 4445)
+
+ Wireshark and TShark will display incorrect delta times in some cases.
+ ([11]Bug 4985)
+ __________________________________________________________________
+
+Getting Help
+
+ Community support is available on [12]Wireshark's Q&A site and on the
+ wireshark-users mailing list. Subscription information and archives for
+ all of Wireshark's mailing lists can be found on [13]the web site.
+
+ Official Wireshark training and certification are available from
+ [14]Wireshark University.
+ __________________________________________________________________
-GPRS BSSGP,
-GPRS NS,
-H.225,
-H.263,
-Laplink,
-LWAPP,
-Q.933,
-STUN,
+Frequently Asked Questions
+ A complete FAQ is available on the [15]Wireshark web site.
+ __________________________________________________________________
-Updated protocols
+ Last updated 2013-03-27 11:36:52 PDT
-ArtNet,
-BOOTP/DHCP,
-DCE/RPC,
-DCERPCSTAT,
-DHCPv6,
-ENIP,
-Ethernet,
-FCIP,
-Frame Relay,
-H.245,
-HTTP,
-IPsec,
-LDAP,
-LWRES,
-M2UA,
-M3UA,
-MEGACO,
-MTP3,
-NCP,
-NDPS,
-NFS,
-NTLMSSP,
-PPTP,
-Q.931,
-RPC,
-SAMR,
-SCCP,
-SCTP,
-SMB,
-SMPP,
-SNA,
-SNMP,
-SRVLOC,
-SIP,
-SUA,
-TCP,
-TDS,
-UDP,
-WSP,
-
-Updated capture file support
-
- Accellent 5Views, CheckPoint FW-1, Endace ERF, LANalyzer,
-
-
-== July 23, 2003
-
-Ethereal 0.9.14 has been released.
-
-New and updated features
-
- The ringbuffer code has been (nearly) completely rewritten. It now
- supports an unlimited number of files.
-
- Ethereal now supports searching for arbitrary text and binary data in
- frames.
-
- Service response time statistics have been enhanced.
-
- Tethereal, the text-mode version of Ethereal, can now be compiled
- without capture support.
-
-
-New and updated features
-
- Echo, eDonkey, Jabber, MS Messenger, sFlow
-
-
-Updated protocols
-
- AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1, H.245,
- IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3, NDS,
- NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP, SNA,
- SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP, WTP,
- X11, Zebra
-
-
-Updated capture file support
-
- LANalyzer, NetXRay
-
-
-== June 11, 2003
-
-Ethereal 0.9.13 has been released.
-
- This release fixes a large number of security issues discovered by Timo
- Sirainen and others. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00010.html
-
- for more details.
-
-New and updated features
-
- Ethereal now supports a system-wide color filter file.
-
- Support for the GNU ADNS library has been added. ADNS allows
- asynchronous DNS lookups.
-
- "Decode As..." functionality has been added to Tethereal via the "-d"
- flag.
-
- The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are now
- shown in the protocol tree.
-
-New protocols
-
- distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
-
-Updated protocols
-
- 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet, FDDI,
- GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
- NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
- SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML, WSP,
- WTP
-
-Updated capture file support
-
- HP-UX nettl, VMS UCX$TRACE
-
-
-== May 1, 2003
-
-Ethereal 0.9.12 has been released.
-
- This release fixes several off-by-one and integer overflow errors
- discovered by Timo Sirainen. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00009.html
-
- for more details.
-
-New and updated features
-
- TCP sequence number analysis received a few improvements.
-
- General packet reassembly has been improved.
-
- The "Follow TCP Stream" window now allows you to filter out the current
- stream.
-
- The Vines code received significant updates.
-
- Several enhancements were made to the text2pcap utility.
-
-New protocols
-
- ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
-
-Updated protocols
-
- 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI, EAP,
- IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP, M2UA,
- M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP, PGM,
- Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH, SUA,
- TCP, Telnet, Vines, WBXML, WSP, WTP
-
-Updated capture file support
-
- Netxray
-
-
-== March 10, 2003
-
-Ethereal 0.9.11 has been released.
-
- The Ethereal 0.9.10 release was packaged improperly. This release fixes
- the packaging, and adds minor updates and fixes for the following
- protocols:
-
- AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
-
- IA64 support has been improved.
-
-
-== March 7, 2003
-
-Ethereal 0.9.10 has been released.
-
- This release fixes a security hole discovered by Georgi Guninski in the
- SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
- All users of previous versions are encouraged to upgrade. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00008.html
-
- for more details.
-
-
-New and Updated Features
-
- Many small updates were made to the user interface.
-
- The "Help" menu now includes the FAQ.
-
- The TCP dissector was enhanced. Many more fields are filterable.
-
- Tethereal received more IO stats: TCP and UDP top talkers.
-
- Packet reassembly has been improved.
-
- The "Follow TCP Stream" feature can now export C byte arrays.
-
- RTP streams can now be saved to a file.
-
-
-Bug Fixes
-
- A missing comma in a string array could cause Ethereal to crash when
- opening the preferences dialog.
-
-
-New Protocols
-
- MSN Messenger, Rsync, SSH, Yahoo! Messenger
-
-
-Updated Protocols
-
- AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS, DCCP,
- DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
- extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC, LSA,
- M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
- OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA, SNMP,
- SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
- Wellfleet BofL X.25, X11
-
-
-Updated Capture File Support
-
- NetXRay, NGSniffer, Snoop
-
-
-== January 23, 2003
-
-Ethereal 0.9.9 has been released.
-
- Please note the next release will NOT be 1.0. There are still more
- features to be added before a 1.0 release will be ready.
-
-
-New and Updated Features
-
- Plugin search behavior was improved under Unix, allowing more than one
- version of Ethereal to be installed at one time.
-
- The statistics graphs have been enhanced. More statistics have been
- added:
-
- Round-trip-time statistics are now computed for SMB traffic.
-
- NCP Call and Reply times are now tracked.
-
- Top talker statistics for Ethernet, IP and Token Ring are now
- available (tethereal only).
-
- Color allocation and handling was improved.
-
- The RADIUS dissector can now decrypt user passwords.
-
- Tethereal now supports reading from a pipe under Unix.
-
- The ATM code received major improvements.
-
- The DOS Sniffer code also received major improvements.
-
- For those that compile Ethereal from source, some fixes and updates
- have been made to the configuration and build environment.
-
-
-Bug Fixes
-
- The capture progress window now shows the correct number of elapsed
- minutes.
-
- A potential infinite loop in the TCP graphing code has been fixed.
-
-
-New Protocols
-
- MDSHDR, MEGACO, MySQL, SDLC, X.29
-
-
-Updated Protocols
-
- 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP, DCE
- RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC, L2TP,
- LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
- RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC, SRVSVC,
- SUA, TNS, Token Ring, Wellfleet HDLC, X.25
-
-
-Updated Capture File Support
-
- Firewall-1, Netmon, NetXRay, Radcom, Sniffer
-
-
-== December 7, 2002
-
-Ethereal 0.9.8 has been released.
-
- Serious problems with the BGP, LMP, PPP, and TDS dissectors have been
- discovered. See
-
- http://www.ethereal.com/appnotes/enpa-sa-00007.html
-
- for more details.
-
-
-New and Updated Features
-
- The TAP subsystem received major updates. Tethereal can display
- more statistics, and several graphs have been added to Ethereal.
-
- A protocol hierarchy statistics tap was added to tethereal. This code
- may be used to replace the hierarchy statistics code in Ethereal.
-
- More updates have been added to TCP analysis.
-
- After a long hiatus, the Windows installer once again includes SNMP
- support.
-
- The total running time of the capture is now displayed in the capture
- progress dialog box. The capture progress dialog also shows ARP packets.
-
- The look of the plugins dialog was revamped.
-
-
-Bug Fixes and Updates
-
- A bug which caused Ethereal under Windows to crash when "Update list of
- packets in real time" was enabled has been fixed.
-
- The stability of the text2pcap utility has been improved.
-
- In tethereal, the packet count is properly displayed when you ^C out of a
- capture.
-
-
-New Protocols
-
- ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI, MDNS,
- PCLI, RPL
-
-
-Updated Protocols
-
- AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
- DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
- iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS, NTLMSSP,
- OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
- Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120, WEP,
- YPSERV
-
-
-Updated Capture File Support
-
- AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
-
-
-== September 28, 2002
-
-Ethereal 0.9.7 has been released.
-
-New Features
-
- In order to improve the out-of-box responsiveness of Ethereal and
- Tethereal, network name resolution has been disabled by default.
-
- TCP analysis (a feature added in the 0.9.6 release) was improved.
-
- The NCP code base received quite a few updates.
-
- Initial support for version 2 of the GTK+ library was added.
-
- RPC staticstics (which use the new Tap API) were added.
-
- Due to added and updated support for the NTLM, SNEGO, and GSS-API
- protocols, Ethereal can now dissect most of the security blobs for
- Windows 2000 authentication.
-
- The Ethernet "manuf" file now handles addresses specified with a
- mask, and contains many well-known addresses.
-
-
-New Protocols
-
- 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and Juniper),
- SCCP-Management, SPNEGO
-
- The following DCE/RPC protocols were also added:
-
- AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, DNSSERVER,
- DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, REP_PROC,
- ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
- RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
-
-
-Updated Protocols
-
- AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, DCE/RPC
- NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-IS,
- Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, OSI
- Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, WSP,
-
-
-== August 20, 2002
-
-Ethereal 0.9.6 has been released.
-
-Bugs Fixed
-
- A buffer overflow in the ISIS dissector has been fixed. More
- information can be found at
- http://www.ethereal.com/appnotes/enpa-sa-00006.html.
-
- A bad TCP header could cause problems for the "Follow TCP Stream"
- feature.
-
- Setting "column.format" from the command line no longer crashes
- Ethereal and Tethereal.
-
- Problems with capture files being overwritten (e.g. if you try to save over
- the current capture file) have been fixed.
-
- An SMB conversation handling bug has been fixed.
-
- Thanks to Valgrind, several memory leaks have been fixed.
-
- Some problems with printing under Windows have been fixed.
-
-
-New Features
-
- TCP sequence number analysis has been added.
-
- The DCE RPC NETLOGON dissector has received a major overhaul.
-
- Data types throughout the code have been cleaned up.
-
-
-New Protocols
-
- CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
-
-
-Updated Protocols
-
- 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC
- REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP,
- LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP,
- Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
- SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
-
-
-Capture File Updates
-
-CheckPoint Firewall-1 monitor file support and CoSine debug file support
-were added. Support for pppdump and Netmon files was updated.
-
-
-== June 28, 2002
-
-Ethereal 0.9.5 has been released. This version fixes several potential
-security problems revealed since the release of 0.9.4. See the security
-advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
-more details.
-
-
-New Features:
-
-The ability to read packet data from a pipe was enhanced. Printing
-under Windows now works.
-
-
-New Protocols
-
-802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
-
-
-Updated Protocols
-
-ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
-MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
-SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
-WCP, WEP, WSP, WTP
-
-
-Capture File Updates
-
-Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
-NetXRay, and libpcap code all received updates.
+References
+ 1. http://www.wireshark.org/download.html
+ 2. http://www.wireshark.org/download.html#thirdparty
+ 3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
+ 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
+ 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
+ 6. https://wiki.wireshark.org/Development/Win64
+ 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
+ 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
+ 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
+ 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445
+ 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
+ 12. http://ask.wireshark.org/
+ 13. http://www.wireshark.org/lists/
+ 14. http://www.wiresharktraining.com/
+ 15. http://www.wireshark.org/faq.html