-== September 28, 2002
+Wireshark 0.99.5 Release Notes
-Ethereal 0.9.7 has been released.
+ ------------------------------------------------------------------
-Bugs Fixed
+What is Wireshark?
+ Wireshark is the world's most popular network protocol analyzer.
+ It is used for troubleshooting, analysis, development, and
+ education.
-New Features
+What's New
- TCP analysis was improved
- NCP code received quite a few updates
- Initial GTK2 support
+ Bug Fixes
-* BGP segfault?
+ The following vulnerabilities have been fixed. See the [1]security
+ advisory for details and a workaround.
-New Protocols
+ o The TCP dissector could hang or crash while reassembling HTTP
+ packets. (Bug [2]1200)
-GSS-API,
-Interbase,
-SPNEGO,
+ Versions affected: 0.99.2 to 0.99.4
+ [3]CVE-2007-0459
-Updated Protocols
+ o The HTTP dissector could crash.
-AODV/AODV6,
-BGP,
-CHPA,
-DCERPC NT,
-DCERPC LSA,
-DCERPC SAMR,
-DNS,
-DOCSIS,
-GTP,
-IP,
-IS-IS,
-iSCSI,
-Kerberos,
-LDAP,
-LDP,
-NCP,
-NETLOGON,
-NTLMSSP,
-RPC,
-SCSI,
-SMB,
-SNEGO,
-SPOOLSS,
-SRVSVC,
-TCP,
+ Versions affected: 0.99.3 to 0.99.4
+ [4]CVE-2007-0458
+ o On some systems, the IEEE 802.11 dissector could crash.
-Capture File Updates
+ Versions affected: 0.10.14 to 0.99.4
+ [5]CVE-2007-0457
+ o On some systems, the LLT dissector could crash.
+ Versions affected: 0.99.3 to 0.99.4
+ [6]CVE-2007-0456
+ The following bugs have been fixed:
+ o On Windows systems the packet list scroll bar could sometimes
+ disappear or become unusable. ([7]Bug 220)
-== August 20, 2002
+ o The end of HTTP chunked encoding wasn't being displayed.
+ ([8]Bug 646)
-Ethereal 0.9.6 has been released.
+ o The Follow TCP Stream window could omit characters. ([9]Bug
+ 1043)
-Bugs Fixed
+ o Opening a flow graph could crash Wireshark. ([10]Bug 1117)
- A buffer overflow in the ISIS dissector has been fixed. More
- information can be found at
- http://www.ethereal.com/appnotes/enpa-sa-00006.html.
-
- A bad TCP header could cause problems for the "Follow TCP Stream"
- feature.
-
- Setting "column.format" from the command line no longer crashes
- Ethereal and Tethereal.
+ o Follow TCP Stream would sometimes get the direction wrong.
+ ([11]Bug 1138)
- Problems with capture files being overwritten (e.g. if you try to save over
- the current capture file) have been fixed.
+ o The foreground text in the coloring rules editor was always
+ black.. ([12]Bug 1164)
- An SMB conversation handling bug has been fixed.
+ o The CSV export format was incorrect. ([13]Bug 1173)
- Thanks to Valgrind, several memory leaks have been fixed.
+ o On some Windows systems Wireshark could take a long time to
+ start up.
- Some problems with printing under Windows have been fixed.
+ o Malformed UDLD packets could cause an exception.
+ o The ISUP statistics report could overflow a buffer and crash
+ when displaying IPv6 addresses.
-New Features
+ New and Updated Features
- TCP sequence number analysis has been added.
+ The following features are new (or have been significantly
+ updated) since the last release:
- The DCE RPC NETLOGON dissector has received a major overhaul.
+ o We are now offering Wireshark as a [14]U3 package for Windows.
+ U3 packages are suitable for using on USB drives and CD-ROMs.
+ It's still experimental, but you're welcome to try it out and
+ report any problems or successes.
- Data types throughout the code have been cleaned up.
+ o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
+ TDS / MS SQL dissector now de-obfuscates passwords.
+ o 64-bit file handling has been improved.
-New Protocols
+ o The Find function now selects the corresponding packet detail
+ item. Find functionality has been added to the TCP and SSL
+ stream dialogs.
- CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
+ o Main window keyboard navigation has been improved.
+ o Windows file dialogs now show the "places" bar (Desktop, My
+ Documents, My Computer, My Network Places, etc). File dialogs
+ now default to "My Documents" in accordance with Microsoft's
+ HIG.
-Updated Protocols
+ o [15]AirPcap support (which provides raw mode capture under
+ Windows) has been enhanced to allow capturing on multiple
+ AirPcap adapters simultaneously.
- 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC
- REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP,
- LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP,
- Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
- SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
+ o You can no longer install Wireshark on Windows 95, 98, or ME.
+ (OK, so it's not a feature per se, but it's an important
+ change). The last version known to work on these systems is
+ [16]Ethereal 0.99.0.
+ o ASN.1 BER-encoded files can now be dissected according to a
+ user-specified syntax.
-Capture File Updates
+ New Protocol Support
-CheckPoint Firewall-1 monitor file support and CoSine debug file support
-were added. Support for pppdump and Netmon files was updated.
+ DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
+ v2
+ Updated Protocol Support
-== June 28, 2002
+ 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
+ BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
+ EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
+ DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
+ HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
+ IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
+ MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
+ NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
+ RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
+ SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
+ TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
+ USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
-Ethereal 0.9.5 has been released. This version fixes several potential
-security problems revealed since the release of 0.9.4. See the security
-advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
-more details.
+ New and Updated Capture File Support
+ Catapult DCT2000, Netttl, Windows Sniffer / NetXray
-New Features:
+Getting Wireshark
-The ability to read packet data from a pipe was enhanced. Printing
-under Windows now works.
+ Wireshark source code and installation packages are available from
+ the [17]download page on the main web site.
+ Vendor-supplied Packages
-New Protocols
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package
+ management system specific to that platform. A list of third-party
+ packages can be found on the [18]download page on the Wireshark
+ web site.
-802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
+File Locations
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
+ These locations vary from platform to platform. You can use
+ About->Folders to find the default locations on your system.
-Updated Protocols
+Known Problems
-ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
-MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
-SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
-WCP, WEP, WSP, WTP
+ The Filter button is nonfunctional in the file dialogs under
+ Windows. ([19]Bug 942)
+Getting Help
-Capture File Updates
+ Community support is available on the wireshark-users mailing
+ list. Subscription information and archives for all of Wireshark's
+ mailing lists can be found on [20]the web site.
-Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
-NetXRay, and libpcap code all received updates.
+ Commercial support, training, and development services are
+ available from [21]CACE Technologies.
+Frequently Asked Questions
+
+ A complete FAQ is available on the [22]Wireshark web site.
+
+References
+
+ Visible links
+ 1. http://www.wireshark.org/security/wnpa-sec-2007-01.html
+ 2. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1200
+ 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459
+ 4. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458
+ 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457
+ 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456
+ 7. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220
+ 8. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=646
+ 9. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1043
+ 10. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1117
+ 11. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1138
+ 12. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1164
+ 13. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1173
+ 14. http://www.u3.com/
+ 15. http://www.cacetech.com/products/airpcap.htm
+ 16. http://www.ethereal.com/
+ 17. http://www.wireshark.org/download.html
+ 18. http://www.wireshark.org/download.html#otherplat
+ 19. http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942
+ 20. http://www.wireshark.org/lists/
+ 21. http://www.cacetech.com/
+ 22. http://www.wireshark.org/faq.html