X-Git-Url: http://git.samba.org/samba.git/?a=blobdiff_plain;f=NEWS;h=5d7230d21efefc4349262a3f7bb28d540c684765;hb=b822a4dffce65c338e55acdd0b2e443101c8382a;hp=2f9bb68812e480d3a9fae9a952ed3d1d7b4bee78;hpb=151dcf1c94fb83c2fdfa3524e6f404da40bd1a33;p=obnox%2Fwireshark%2Fwip.git diff --git a/NEWS b/NEWS index 2f9bb68812..5d7230d21e 100644 --- a/NEWS +++ b/NEWS @@ -1,1912 +1,102 @@ -$Id$ +Wireshark 1.3.0 Release Notes -== December 27, 2005 + ------------------------------------------------------------------ -Ethereal 0.10.14 has been released. +What is Wireshark? - Bug Fixes - - Three security vulnerabilities have been fixed since the previous - release. See the [1]application advisory for more details. + Wireshark is the world's most popular network protocol analyzer. + It is used for troubleshooting, analysis, development, and + education. - o The IRC dissector could go into an infinite loop. Versions - affected: 0.10.13. +What's New - o The GTP dissector could go into an infinite loop. Versions - affected: 0.9.1 to 0.10.13. + Bug Fixes - o iDefense found a buffer overflow in the OSPF dissector. - Versions affected: 0.8.20 to 0.10.13. + The following vulnerabilities have been fixed. See the security + advisory for details and a workaround. - New and Updated Features + o The NetFlow dissector could run off with your dog, crash your + truck, and write a country music song about the experience. - The following features are new (or have been significantly - updated) since the last release: + Versions affected: 0.99.5 to 1.0.8 - o The Windows installer now ships with GTK+ 2.6 instead of GTK+ - 2.4. This should fix several long-standing bugs. + The following bugs have been fixed: - o If you're loading a saved capture file and press "Cancel", - Ethereal will now display the packets read up to that point. - In previous versions, Ethereal would abort the attempt - completely and clear the packet list. + o Wireshark could crash without warning. - This means that if you're loding a huge capture file, you can - stop loading in the middle and still be able to analyze part - of the file. + New and Updated Features - o The maximum number of files allowed in a ring buffer has been - increased from 1024 to 10,000. + The following features are new (or have been significantly + updated) since version 1.0: - o OID to name resolution has been improved. + o The packet list internals have been rewritten and are now more + efficient. - o TCP graphs now handle upper and lower bounds better. + o Capturing from pipes on Windows has been improved. New Protocol Support - 3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB, - NBAP, NCP SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC, - UDP-Lite, X.501 - Updated Protocol Support - ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL, - CMP, CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN, - NT, WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric, - FC-DNS, FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235, - H.245, H.248, H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6, - IRC, ISIS LSP, ISUP, IUUP, Juniper, LLDP, M3UA, MIP, MIPv6, - Modbus/TCP, MTP3, NCP, NDPS, NDS, NEMO, NMAS, NTLMSSP, OSPF, PER, - PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931, RADIUS, RANAP, RDT, RLOGIN, - RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP, SCTP, SES, SIP, SMB, - SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication, X.411, X.420, - X.509 - New and Updated Capture File Support - DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces, - Tektronix K12 - -Getting Ethereal - - Microsoft Windows - - Download ethereal-setup-0.10.14.exe from the [2]Windows download - area on the main web site. Double-click the installer executable. +Getting Wireshark - Sun Solaris - - Download the appropriate package from the [3]Solaris download area - on the main web site. Uncompress the package using bzip2, and - install it using pkgadd. - - Source Code - - Download ethereal-0.10.14.tar.gz from the [4]main download area on - the web site. Extract the package using tar and gzip. Run - "configure ; make ; make install". + Wireshark source code and installation packages are available from + the download page on the main web site. Vendor-supplied Packages - Most Linux and Unix vendors supply their own Ethereal packages. - You can install or upgrade Ethereal using the package management - system specific to that platform. A list of third-party packages - can be found on the [5]download page on the Wireshark web site. + Most Linux and Unix vendors supply their own Wireshark packages. + You can usually install or upgrade Wireshark using the package + management system specific to that platform. A list of third-party + packages can be found on the download page on the Wireshark web + site. File Locations - Ethereal and Tethereal look in several different locations for + Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system. Known Problems - On Windows systems the packet list scroll bar can sometimes - disappear or become unusable. Until the problem is fixed you can - work around it by resizing the packet list or the main window. - ([6]Bug #220) - -Getting Help - - Community support is available on the ethereal-users mailing list. - Subscription information and archives for all of Ethereal's - mailing lists can be found on [7]the web site. There is also an - [8]IRC channel dedicated to Ethereal. - - Commercial support, training, and development services are - available from [9]Ethereal Software. - -Frequently Asked Questions - - A complete FAQ is available on the [10]Ethereal web site. - -References - - Visible links - 1. http://www.ethereal.com/appnotes/enpa-sa-00022.html - 2. http://www.ethereal.com/docs/distribution/win32/ - 3. http://www.ethereal.com/docs/distribution/solaris/ - 4. http://www.ethereal.com/docs/distribution/ - 5. http://www.ethereal.com/download.html#otherplat - 6. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220 - 7. http://www.ethereal.com/lists/ - 8. irc://irc.freenode.net/ethereal - 9. http://www.etherealsoft.com/ - 10. http://www.ethereal.com/faq.html - -== October 17, 2005 - -Ethereal 0.10.13 has been released. - - Bug Fixes - - Several security vulnerabilities have been fixed since the previous - release. See the [1]application advisory for more details. - - o The ISAKMP dissector could exhaust system memory. Versions affected: - 0.10.11 to 0.10.12. - - o The FC-FCS dissector could exhaust system memory. Versions affected: - 0.9.0 to 0.10.12. - - o The RSVP dissector could exhaust system memory. Versions affected: - 0.9.4 to 0.10.12. - - o The ISIS LSP dissector could exhaust system memory. Versions affected: - 0.8.18 to 0.10.12. - - o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12. - - o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1 - to 0.10.12. - - o The BER dissector was susceptible to an infinite loop. Versions - affected: 0.10.3 to 0.10.12. - - o The SCSI dissector could dereference a null pointer and crash. - Versions affected: 0.10.3 to 0.10.12. - - o If the "Dissect unknown RPC program numbers" option was enabled, the - ONC RPC dissector might be able to exhaust system memory. This option - is disabled by default. Versions affected: 0.7.7 to 0.10.12. - - o The sFlow dissector could dereference a null pointer and crash. - Versions affected: 0.9.14 to 0.10.12. - - o The RTnet dissector could dereference a null pointer and crash. - Versions affected: 0.10.8 to 0.10.12. - - o The SigComp UDVM could go into an infinite loop or crash. Versions - affected: 0.10.12. - - o If SMB transaction payload reassembly is enabled the SMB dissector - could crash. This preference is disabled by default. Versions - affected: 0.9.7 to 0.10.12. - - o The X11 dissector could attempt to divide by zero. Versions affected: - 0.10.1 to 0.10.12. - - o The AgentX dissector could overflow a buffer. Versions affected: - 0.10.10 to 0.10.12. - - o The WSP dissector could free an invalid pointer. Versions affected: - 0.10.1 to 0.10.12. - - o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions - affected: 0.10.0 to 0.10.12. - - When trying to save a flow graph, Ethereal could crash. - - When viewing protocol hierarchy statistics, Ethereal and Tethereal could - crash. - - The PCRE library that ships with the Windows installer has been upgraded - from version 4.4 to 6.3 in response to a [2]security vulnerability. - - New and Updated Features - - The following features are new (or have been significantly updated) since - the last release: - - o The timestamp display precision of the Packet List can be adjusted - now. The precision will be automatically adjusted depending on the - file format loaded, e.g. libpcap typically uses microsecond resolution - displayed like "0.000000". In addition you can adjust the precision - manually through the View/Time Display Format menu items. - - o The WinPcap version 3.1 installer was released since the last Ethereal - release. The version included in the Wireshark Windows installer has - been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap - separately or install a different version you can download it from: - [3]the WinPcap web site. - - o The behavior of the display filter "ip.checksum_bad" has changed. - Instead of merely checking for its presence you must now make sure it - is set, e.g. instead of using "ip.checksum_bad" you must now use - "ip.checksum_bad == 1". - - o A new capture file format "Nanosecond libpcap (Ethereal)" was added. - It is very similar to the common libpcap file format but is capable of - keeping nanosecond resolution timestamps. This format is currently - supported only by Wireshark. - - o Ethereal's memory managment has been greatly improved. - - o Ethereal can now save gzip-compressed capture files. - - New Protocol Support - - CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS - Replication, X.411, X.420 - - Updated Protocol Support - - 802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13, - ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP, - AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP, - BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS, - DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR, - SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT, - FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP, - H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2, - IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC, - IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12, - Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO, - MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS, - OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP, - RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow, - SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN, - T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25, - X.509, XML, YMSG - - New and Updated Capture File Support - - 5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows - Sniffer, Tektronix K12 - -Getting Ethereal - - Microsoft Windows - - Download ethereal-setup-0.10.13.exe from the [4]Windows download area on - the main web site. Double-click the installer executable. - - Sun Solaris + Wireshark may appear offscreen on multi-monitor Windows systems. + (Bug 553) - Download the appropriate package from the [5]Solaris download area on the - main web site. Uncompress the package using bzip2, and install it using - pkgadd. + Wireshark might make your system disassociate from a wireless + network on OS X. (Bug 1315) - Source Code + Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) - Download ethereal-0.10.13.tar.gz from the [6]main download area on the web - site. Extract the package using tar and gzip. Run "configure ; make ; make - install". + Wireshark is unable to decrypt WPA group keys. (Bug 1420) - Vendor-supplied Packages + The BER dissector might infinitely loop. (Bug 1516) - Most Linux and Unix vendors supply their own Ethereal packages. You can - install or upgrade Ethereal using the package management system specific - to that platform. A list of third-party packages can be found on the - [7]download page on the Wireshark web site. + Wireshark can't dynamically update the packet list. This means + that host name resolutions above a certain response time threshold + won't show up in the packet list. (Bug 1605) -File Locations + Capture filters aren't applied when capturing from named pipes. + (Bug 1814) - Ethereal and Tethereal look in several different locations for preference - files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary - from platform to platform. You can use About->Folders to find the default - locations on your system. + Wireshark might freeze when reading from a pipe. (Bug 2082) -Known Problems + Capturing from named pipes might be delayed on Windows. (Bug 2200) - On Windows systems the packet list scroll bar can sometimes disappear or - become unusable. Until the problem is fixed you can work around it by - resizing the packet list or the main window. ([8]Bug #220) + Filtering tshark captures with display filters (-R) no longer + works. (Bug 2234) Getting Help - Community support is available on the ethereal-users mailing list. - Subscription information and archives for all of Ethereal's mailing lists - can be found on [9]the web site. There is also an [10]IRC channel - dedicated to Ethereal. + Community support is available on the wireshark-users mailing + list. Subscription information and archives for all of Wireshark's + mailing lists can be found on the web site. - Commercial support, training, and development services are available from - [11]Ethereal Software. + Commercial support, training, and development services are + available from CACE Technologies. Frequently Asked Questions - A complete FAQ is available on the [12]Ethereal web site. - -References - - Visible links - 1. http://www.ethereal.com/appnotes/enpa-sa-00021.html - 2. http://www.securityfocus.com/bid/14620 - 3. http://www.winpcap.org/ - 4. http://www.ethereal.com/docs/distribution/win32/ - 5. http://www.ethereal.com/docs/distribution/solaris/ - 6. http://www.ethereal.com/docs/distribution/ - 7. http://www.ethereal.com/download.html#otherplat - 8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220 - 9. http://www.ethereal.com/lists/ - 10. irc://irc.freenode.net/ethereal - 11. http://www.etherealsoft.com/ - 12. http://www.ethereal.com/faq.html - -== July 26, 2005 - -Ethereal 0.10.12 has been released. - -Our testing program has turned up several more security issues: - - The LDAP dissector could free static memory and crash. - Versions affected: 0.8.5 to 0.10.11 - - The AgentX dissector could crash. - Versions affected: 0.10.10 to 0.10.11 - - The 802.3 dissector could go into an infinite loop. - Versions affected: 0.8.16 to 0.10.11 - - The PER dissector could abort. - Versions affected: 0.10.5 to 0.10.11 - - The DHCP dissector could go into an infinite loop. - Versions affected: 0.10.7 to 0.10.11 - - The BER dissector could abort or loop infinitely. - Version affected: 0.10.11 - - The MEGACO dissector could go into an infinite loop. - Versions affected: 0.9.14 to 0.10.11 - - The GIOP dissector could dereference a null pointer. - Versions affected: 0.8.20 to 0.10.11 - - The SMB dissector was susceptible to a buffer overflow. - Versions affected: 0.9.12 to 0.10.11 - - The WBXML could dereference a null pointer. - Versions affected: 0.10.1 to 0.10.11 - - The H1 dissector could go into an infinite loop. - Versions affected: 0.8.15 to 0.10.11 - - The DOCSIS dissector could cause a crash. - Versions affected: 0.9.13 to 0.10.11 - - The SMPP dissector could go into an infinite loop. - Versions affected: 0.10.1 to 0.10.11 - - SCTP graphs could crash. - Version affected: 0.10.11 - - The HTTP dissector could crash. - Versions affected: 0.10.4 to 0.10.11 - - The SMB dissector could go into a large loop. - Versions affected: 0.9.0 to 0.10.11 - - The DCERPC dissector could crash. - Versions affected: 0.9.16 to 0.10.11. - - Several dissectors could crash while reassembling packets. - Versions affected: 0.9.0 to 0.10.11 - - - Steve Grubb at Red Hat found the following issues: - - The CAMEL dissector could dereference a null pointer. - Version affected: 0.10.11 - - The DHCP dissector could crash. - Versions affected: 0.10.4 to 0.10.11 - - The CAMEL dissector could crash. - Versions affected: 0.10.10 to 0.10.11 - - The PER dissector could crash. - Versions affected: 0.10.10 to 0.10.11 - - The RADIUS dissector could crash. - Versions affected: 0.9.4 to 0.10.11 - - The Telnet dissector could crash. - Versions affected: 0.9.10 to 0.10.11 - - The IS-IS LSP dissector could crash. - Versions affected: 0.8.19 to 0.10.11 - - The NCP dissector could crash. - Versions affected: 0.9.15 to 0.10.11 - - - iDEFENSE found the following issues: - - Several dissectors were susceptible to a format string overflow. - Versions affected: 0.9.4 to 0.10.11 - - - Ethereal uses the zlib compression library. Security vulnerabilities - have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer - now ships with zlib 1.2.3, which fixes these vulnerabilities. - - -Please see the following advisory for more information: - - http://www.ethereal.com/appnotes/enpa-sa-00020.html - -Everyone is encouraged to upgrade. - - -New and updated features - - The Windows installer now includes the WinPcap 3.1 beta 4 installer. - You don't have to download and install it separately. - - RADIUS dictionaries are now included. - - A lot of documentation was updated - - Some command line parameters have changed, see the Wireshark / Tethereal - manual pages - - A "File/File Set" submenu was added to better handle multiple files - (such as ring buffers). - - Flow graphs can now be created for any protocol. - - Memory management has been greatly improved. - - JXTA has been added to the conversations menu. - - When compiled with MIT/Heimdal Kerberos AND if keytab files are - provided, Ethereal can now decrypt and dissect both SecureLDAP and - encrypted DCE/RPC. - - TCP Sequence graphs should now work for all captures and all - encapsulation types. - - -New protocol support - - ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing, - DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay, - Synergy, TANGO, WLAN Certificate Extensions - - -Updated protocol support - - 802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC, - Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM, - DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP, - GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248, - H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP, - IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC, - LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF, - PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI, - SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP, - Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV - - -New and updated capture file support - - HP Nettl, Tektronix K12 - - -== May 4, 2005 - -Ethereal 0.10.11 has been released. - -An aggressive testing program as well as independent discovery has turned -up a multitude of security issues: - - The ANSI A dissector was susceptible to format string vulnerabilities. - Discovered by Bryan Fulton. - Versions affected: 0.9.15 to 0.10.10 - - The GSM MAP dissector could crash. - Versions affected: 0.10.0 to 0.10.10 - - The AIM dissector could cause a crash. - Versions affected: 0.9.14 to 0.10.10 - - The DISTCC dissector was susceptible to a buffer overflow. - Discovered by Ilja van Sprundel - Versions affected: 0.9.13 to 0.10.10 - - The FCELS dissector was susceptible to a buffer overflow. - Discovered by Neil Kettle - Versions affected: 0.9.9 to 0.10.10 - - The SIP dissector was susceptible to a buffer overflow. - Discovered by Ejovi Nuwere. - Versions affected: 0.10.0 to 0.10.10 - - The KINK dissector was susceptible to a null pointer exception, - endless looping, and other problems. - Versions affected: 0.10.10 - - The LMP dissector was susceptible to an endless loop. - Versions affected: 0.9.4 to 0.10.10 - - The Telnet dissector could abort. - Versions affected: 0.9.10 to 0.10.10 - - The TZSP dissector could cause a segmentation fault. - Versions affected: 0.10.10 to 0.10.10 - - The WSP dissector was susceptible to a null pointer exception and - assertions. - Versions affected: 0.10.0 to 0.10.10 - - The 802.3 Slow protocols dissector could throw an assertion. - Versions affected: 0.10.10 - - The BER dissector could throw assertions. - Versions affected: 0.10.2 to 0.10.10 - - The SMB Mailslot dissector was susceptible to a null pointer exception - and could throw assertions. - Versions affected: 0.9.0 to 0.10.10 - - The H.245 dissector was susceptible to a null pointer exception. - Versions affected: 0.10.10 - - The Bittorrent dissector could cause a segmentation fault. - Versions affected: 0.10.8 to 0.10.10 - - The SMB dissector could cause a segmentation fault and throw assertions. - Versions affected: 0.9.0 to 0.10.10 - - The Fibre Channel dissector could cause a crash. - Versions affected: 0.9.9 to 0.10.10 - - The DICOM dissector could attempt to allocate large amounts of memory. - Versions affected: 0.10.4 to 0.10.10 - - The MGCP dissector was susceptible to a null pointer exception, could - loop indefinitely, and segfault. - Versions affected: 0.8.14 to 0.10.10 - - The RSVP dissector could loop indefinitely. - Versions affected: 0.9.8 to 0.10.10 - - The DHCP dissector was susceptible to format string vulnerabilities, and - could abort. - Versions affected: 0.10.7 to 0.10.10 - - The SRVLOC dissector could crash unexpectedly or go into an infinite loop. - Versions affected: 0.9.8 to 0.10.10 - - The EIGRP dissector could loop indefinitely. - Versions affected: 0.8.18 to 0.10.10 - - The ISIS dissector could overflow a buffer. - Versions affected: 0.8.18 to 0.10.10 - - The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, - and X.509 dissectors could overflow buffers. - Versions affected: 0.10.4 to 0.10.10 - - The NDPS dissector could exhaust system memory or cause an assertion, - or crash. - Versions affected: 0.9.12 to 0.10.10 - - The Q.931 dissector could try to free a null pointer and overflow - a buffer. - Versions affected: 0.10.10 - - The IAX2 dissector could throw an assertion. - Versions affected: 0.10.1 to 0.10.10 - - The ICEP dissector could try to free the same memory twice. - Versions affected: 0.10.7 to 0.10.10 - - The MEGACO dissector was susceptible to an infinite loop and a buffer - overflow. - Versions affected: 0.9.14 to 0.10.10 - - The DLSw dissector was susceptible to an infinite loop. - Versions affected: 0.9.1 to 0.10.10 - - The RPC dissector was susceptible to a null pointer exception. - Versions affected: 0.9.2 to 0.10.10 - - The NCP dissector could overflow a buffer or loop for a large amount - of time. - Versions affected: 0.10.5 to 0.10.10 - - The RADIUS dissector could throw an assertion. - Versions affected: 0.10.3 to 0.10.10 - - The GSM dissector could access an invalid pointer. - Versions affected: 0.10.10 - - The SMB PIPE dissector could throw an assertion. - Versions affected: 0.9.0 to 0.10.10 - - The L2TP dissector was susceptible to an infinite loop. - Versions affected: 0.10.9 to 0.10.10 - - The SMB NETLOGON dissector could dereference a null pointer. - Versions affected: 0.9.12 to 0.10.10 - - The MRDISC dissector could throw an assertion. - Versions affected: 0.8.19 to 0.10.10 - - The ISUP dissector could overflow a buffer or cause a segmentation fault. - Versions affected: 0.8.19 to 0.10.10 - - The LDAP dissector could crash. - Versions affected: 0.10.1 to 0.10.10 - - The TCAP dissector could overflow a buffer or throw an assertion. - Versions affected: 0.10.8 to 0.10.10 - - The NTLMSSP dissector could crash. - Versions affected: 0.9.7 to 0.10.10 - - - Additionally, a number of dissectors could throw an assertion when - passing an invalid protocol tree item length. - Versions affected: 0.10.8 to 0.10.10 - - -Please see the following advisory for more information: - - http://www.ethereal.com/appnotes/enpa-sa-00019.html - -Everyone is encouraged to upgrade. - - -New and updated features - - - -New protocol support - - - -Updated protocol support - - - -New and updated capture file support - - - - -== March 11, 2005 - -Ethereal 0.10.10 has been released. - -This release fixes three security and stability-related issues: - - Matevz Pustisek discovered a buffer overflow in the Etheric dissector. - (CAN-2005-0704) - - The GPRS-LLC dissector could crash if the "ignore cipher bit" option - was enabled. (CAN-2005-0705) - - Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. - This flaw was later reported by Leon Juranic. (CAN-2005-0699) - - Leon Juranic discovered a buffer overflow in the IAPP dissector. - - A bug in the JXTA dissector could make Ethereal crash. - - A bug in the sFlow dissector could make Ethereal crash. - - -Please see the following advisory for more information: - - http://www.ethereal.com/appnotes/enpa-sa-00018.html - -Everyone is encouraged to upgrade. - - -New and updated features - - Tree view item context menus now let you browse to the display filter - reference and wiki pages for a particular protocol. - - Online help has been expanded. - - VoIP call analysis (including nifty connection diagrams) has been - added. - - GSS-API decryption has been greatly enhanced. - - -New protocol support - - AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, - Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP - - -Updated protocol support - - 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, - DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, - GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, - IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper, - JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID, - PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP, - SPNEGO, SSL, STUN, TCAP, TCP, TZSP - - -New and updated capture file support - - DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback) - - -== January 19, 2005 - -Ethereal 0.10.9 has been released. - -This release fixes the following security-related issues: - - The COPS dissector could go into an infinite loop. (CAN-2005-0006) - - The DLSw dissector could cause an assertion, making Ethereal exit - prematurely. (CAN-2005-0007) - - The DNP dissector could cause memory corruption. (CAN-2005-0008) - - The Gnutella dissector could cause an assertion, making Ethereal - exit prematurely. (CAN-2005-0009) - - The MMSE dissector could free static memory. (CAN-2005-0010) - - The X11 protocol dissector is vulnerable to a string buffer overflow. - (CAN-2005-0084) - -Please see the following advisory for more information: - - http://www.ethereal.com/appnotes/enpa-sa-00017.html - -Everyone is encouraged to upgrade. - - -New and updated features - - Ethereal will now detect and flag weak 802.11 WEP IVs. - - Windows Sniffer timestamp handling has been greatly improved. - - A bug which made Ethereal crash at startup on Windows 98 and Windows - ME systems has been fixed. - - Ethereal and Tethereal now support a personal "hosts" file. - - Invalid field length handling has been greatly improved. - - The capture progress window title now shows the interface name. - - -New protocol support - - ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA - -Updated protocol support - - AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM, - DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS, - FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245, - HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos, - L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS, - NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931, - RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC, - SSL/TLS, T.38, TACACS, TCAP, TCP, X11 - - -New and updated capture file support - - Windows Sniffer - -== December 15, 2004 - -Ethereal 0.10.8 has been released. - -This release fixes the following security-related issues: - - Matthew Bing discovered a bug in DICOM dissection that could make - Ethereal crash. (CAN-2004-1139) - - An invalid RTP timestamp could make Ethereal hang and create a large - temporary file, possibly filling available disk space. (CAN-2004-1140) - - The HTTP dissector could access previously-freed memory, causing a - crash. (CAN-2004-1141) - - Brian Caswell discovered that an improperly formatted SMB packet could - make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) - -Please see the following advisory for more information: - - http://www.ethereal.com/appnotes/enpa-sa-00016.html - -Everyone is encouraged to upgrade. - - -New and updated features - - Ethereal now has a packet history, similar to most web browsers. - - Ethereal now supports custom window titles. - - Minor performance enhancements have been added. - - RTP analysis has been enhanced. - - Host name resolution has been improved. - - Ethereal can now track TCP PDU times. See - http://wiki.ethereal.com/TcpPduTime for more details. - - Ethereal now ships with netscreen2dump.py, a utility which converts - netscreen packet-trace hex dumps to hex dumps that can be read by - text2pcap. - - -New protocol support - - AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management - and Session Management, GSM MAP, Extended Security Services, Logotype - Certificate Extensions, MAP Dialogue, Network Service Over IP, Online - Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET - DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI, - - -Updated protocol support - - 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC, - CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey, - ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A, - GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec, - ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT, - PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet, - RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP, - SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25, - X.509af, X.509ce, X.509if, X.509sat, - - -New and updated capture file support - - pppdump - - -== October 20, 2004 - -Ethereal 0.10.7 has been released. - - The Windows installer features new GLib/GTK+, Net-SNMP and ADNS - libraries which fix several known bugs. Unfortunately, a few known - GLib/GTK+ bugs remain. - - In order to avoid a naming conflict with the tcpreplay project, the - "capinfo" utility has been renamed to "capinfos". - - -New and updated features - - Search wrapping is now a configurable option. - - A lot of material has been added to the Developer's Guide. The User's Guide - has been updated as well. - - The "Decode As..." dialog now supports DCERPC and SCTP. - - The "Help" menu now includes a link to the wiki. - - H.323 call analysis is now supported. - - -New protocol support - - Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol, - Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate - extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT, - - -Updated protocol support - - AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS, - DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS, - EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450, - ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA, - MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF, - RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP, - SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11, - - -New and updated capture file support - - HP-UX nettl, NG Sniffer - - -== August 12, 2004 - -Ethereal 0.10.6 has been released. - - This release fixes a preferences bug present in Wireshark which displayed - - (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107 - (gtk_window_resize): assertion `height > 0' failed - - at program startup. A workaround for 0.10.5 is described in - - http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html - - A new command-line utility called "capinfo" has been added to the - distribution which prints statistics about capture files. - - You can now copy conversation and endpoint data to other applications as - CSV data. - - -New and updated features - - X.509 support has been added. - - Crash bugs have been fixed in the RTP and NCP dissectors. - - PostScript(r) output has been improved. - - A bug that prevented mergecap from creating a new output file has been - fixed. - - Conversation and endpoint performance has been enhanced. General packet - display performance has been enhanced. - - The conversation and host list tools have been renamed to be less - confusing. - - You can now copy conversation and host list data as CSV data. - - RTP analysis can now dynamically determine the proper clock rate. - - -New protocol support - - AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1, - X.509AF, X.509CE, X.509IF, X.509SAT - - -Updated protocol support - - 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC), - ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos, - MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP, - SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet - - -New and updated capture file support - - LANalyzer - - -== July 7, 2004 - -Ethereal 0.10.5 has been released. - - -This release fixes bugs in iSNS, SMB, and SNMP, as described in the -following advisory: - - http://www.ethereal.com/appnotes/enpa-sa-00015.html - -Everyone is encouraged to upgrade. - - -New and updated features - - Ethereal can now merge multiple files (you don't have to resort to - mergecap on the command line). - - A preview pane has been added to the file dialog. - - The capture progress dialog can now be disabled. - - The about dialog has received further improvements. - - The behavior of Ethereal's dialog windows has been normalized somewhat. - - The Windows installer can now associate standard file extensions - with Ethereal. - - Ethereal can be configured not to bug you about unsaved captures. - - Ethereal can open help documentation using the default web browser. - - -New protocol support - - DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared) - - -Updated protocol support - - AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA, - NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245, - H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP, - M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP, - RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP, - VRRP, WBXML (User-Agent Profile), WSP, X11 - - -New and updated capture file support - - Radcom - - -== May 13, 2004 - -Ethereal 0.10.4 has been released. - -This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in -the following advisory: - - http://www.ethereal.com/appnotes/enpa-sa-00014.html - -Everyone is encouraged to upgrade. - - -New and updated features - - When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file - selection dialog. - - Export dialogs for Plain text, PostScript(R), PDML and PSML have been added. - - PostScript(R) output has been improved. - - The screen layout of the main window can be changed by Preferences now. - - Many other parts of the user interface have received improvements. - - Compressed and chunked transfer-coded HTTP bodies are now decoded. - - A new generic media dissector more cleanly handles HTTP and WSP - Content-Type information. - - -New protocol support - - ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP, - IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS - - -Updated protocol support - - 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS, - DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL, - FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS, - ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP, - RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP, - Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG - - -Capture file support - - EyeSDN, nettl - - -== March 25, 2004 - -Ethereal 0.10.3 has been released. - -This release fixes several security bugs described in the following -advisory: - - http://www.ethereal.com/appnotes/enpa-sa-00013.html - -Everyone is encouraged to upgrade. - - -New and updated features - - Display filters now support the bitwise and (&) operator. - - Protocol hierarchy statistics now have bandwidth columns. - - The capture dialog has a new layout. - - -New protocol support - - 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC, - MQ, Presentation, SLSK, - - -Updated protocol support - - 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall, - BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC - RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP, - FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP, - Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM, - PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB, - SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC - - -Capture file support - - EyeSDN, libpcap (tcpdump) - - -== February 23, 2004 - -Ethereal 0.10.2 has been released. - -This release fixes two major bugs in 0.10.1: - - Under Windows, the error - - ** WARNING **: error opening - /usr/local/share/ethereal/asn1/default.tt, No such file or - directory - - would be printed at startup. - - The 0.10.1 source release was missing several files required for - compiling. - - -New and updated features - - The user interface has received further updates. The Statistics - menu - layout has been improved, as well as the capture options dialog - layout. - - -New protocol support - - Cisco Cast Client Control Protocol - - -Updated protocol support - - AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS, - HTTP, - IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny, - TCAP, TDS - - -== February 18, 2004 - -Ethereal 0.10.1 has been released. - - -New and updated features - - The Windows installer now lets you choose between the traditional - GTK+ - version 1 interface and a new GTK+ 2 interface. - - Several updates were made to Ethereal's user interface. The "File" - menu - now has a "most recently used" list. The help menu was greatly - expanded. - - The "matches" operator now handles more data types. For example, - you can - now use - - smtp matches joespammer@example.com - - as a display filter. - - I/O statistics now support 1ms resolution. - -Bug fixes - - A column resorting crash on the Windows platform was fixed. - -New protocol support - - EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA - -Updated protocol support - - ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP, - CLNP, - COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL, - TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC, - FC-IP, - FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per - se), - GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6, - IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF, - Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile - IPv6, - MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931, - RADIUS, - RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP, - SNMP, - SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet, - Teredo, - Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11 - - -Updated capture file support - - DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay, - Snoop - - -== December 12, 2003 - -Ethereal 0.10.0 has been released. - - This release fixes issues in the SMB and Q.931 dissectors that could - make Ethereal and Tethereal crash. See - - http://www.ethereal.com/appnotes/enpa-sa-00012.html - - for more details. - -New and updated features - - Many performance improvements have been made to the code. Most - users - should see a 2x to 3x performance increase when loading and working - with - capture files. - - A "matches" display filter operator has been added. It is similar - to - the "contains" operator, but supports Perl-compatible regular - expressions. - - Tethereal can now dump packet data in XML (PDML) format. - - The main application menus have been rearranged and the help windows - have been revamped, along with a host of other UI enhancements. - - The capture progress window now features bar graphs. - - The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the - Windows - installer have been updated. - -New protocol support - - BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY, - RS_PROP_ACCT} - IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK, - -Updated protocol support - - ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC - {DCOM, - EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI, - DTAP, - ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM - MAP, - H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP, - LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP, - RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP, - SRVLOC, - SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP - - -Updated capture file support - - AiroPeek v9 (2.x) support was added. Network Instruments Observer - and - Snoop support was updated. - - -== November 2, 2003 - -Ethereal 0.9.16 has been released. - - This release fixes potential security issues with the GTP, ISAKMP, - MEGACO, and SOCKS dissectors. See - - http://www.ethereal.com/appnotes/enpa-sa-00011.html - - for more details. - -New and updated features - - Ethereal has leapt forward into the 90's and added a toolbar. - - Ethereal and Tethereal can now force the data link type of captured - frames. - - RTP analysis has been enhanced. - - Individual frames can now be marked as time references - - Service response time and general I/O statistics have been enhanced. - I/O - statistics can now calculate client load (experimental). - -New protocol support - - ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC - INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP, - GSM - SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A - (OTA), T.38, TCAP, TPCP - -Updated protocol support - - AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER, - DCE/RPC - DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG, - DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame - Relay, - FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX, - ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP, - NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP, - RIP, - RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS, - SONMP, - SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP, - X.25, Yahoo! Messenger - - -Updated capture file support - - Linux Bluez Bluetooth hcidump support has been added. - - Endace ERF and Network Instruments Observer, and NetXRay support has - been enhanced. - - -== September 9, 2003 - -Ethereal 0.9.15 has been released. - -New and updated features - - Many often-requested features have been added with this release. If - you're running an older version of Ethereal you may want to have a - look. - - Conversation List (aka "top talker") support has been added to - Ethereal - and Tethereal. Protocol statistics in general have been updated. - - Searching capture files has been improved even more -- a new - "contains" - display filter operator that searches for strings in PDUs has been - added. The Find dialog now supports case-insensitive searches, hex - data - searches, and more. - - An H.225 dissector has been added. It can automatically recognize - RTP - and RTCP conversations. - - A preference file has been added for disabled protocols. - - Color filters may now be imported and exported from within Wireshark. - - A new column type has been added for cumulative bytes. - - -New protocols - - GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN - - -Updated protocols - - ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP, - Ethernet, - FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA, - M3UA, - MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP, - SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP, - WSP, - - -Updated capture file support - - Support for Accellent 5Views and Endace ERF capture files was added. - CheckPoint FW-1 and Novell LANalyzer support has been enhanced. - - -== July 23, 2003 - -Ethereal 0.9.14 has been released. - -New and updated features - - The ringbuffer code has been (nearly) completely rewritten. It now - supports an unlimited number of files. - - Ethereal now supports searching for arbitrary text and binary data - in - frames. - - Service response time statistics have been enhanced. - - Tethereal, the text-mode version of Ethereal, can now be compiled - without capture support. - - -New and updated features - - Echo, eDonkey, Jabber, MS Messenger, sFlow - - -Updated protocols - - AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1, - H.245, - IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3, - NDS, - NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP, - SNA, - SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP, - WTP, - X11, Zebra - - -Updated capture file support - - LANalyzer, NetXRay - - -== June 11, 2003 - -Ethereal 0.9.13 has been released. - - This release fixes a large number of security issues discovered by - Timo - Sirainen and others. See - - http://www.ethereal.com/appnotes/enpa-sa-00010.html - - for more details. - -New and updated features - - Ethereal now supports a system-wide color filter file. - - Support for the GNU ADNS library has been added. ADNS allows - asynchronous DNS lookups. - - "Decode As..." functionality has been added to Tethereal via the "- - d" - flag. - - The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are - now - shown in the protocol tree. - -New protocols - - distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA - -Updated protocols - - 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet, - FDDI, - GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS, - NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI, - SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML, - WSP, - WTP - -Updated capture file support - - HP-UX nettl, VMS UCX$TRACE - - -== May 1, 2003 - -Ethereal 0.9.12 has been released. - - This release fixes several off-by-one and integer overflow errors - discovered by Timo Sirainen. See - - http://www.ethereal.com/appnotes/enpa-sa-00009.html - - for more details. - -New and updated features - - TCP sequence number analysis received a few improvements. - - General packet reassembly has been improved. - - The "Follow TCP Stream" window now allows you to filter out the - current - stream. - - The Vines code received significant updates. - - Several enhancements were made to the text2pcap utility. - -New protocols - - ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC - -Updated protocols - - 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI, - EAP, - IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP, - M2UA, - M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP, - PGM, - Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH, - SUA, - TCP, Telnet, Vines, WBXML, WSP, WTP - -Updated capture file support - - Netxray - - -== March 10, 2003 - -Ethereal 0.9.11 has been released. - - The Ethereal 0.9.10 release was packaged improperly. This release - fixes - the packaging, and adds minor updates and fixes for the following - protocols: - - AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH - - IA64 support has been improved. - - -== March 7, 2003 - -Ethereal 0.9.10 has been released. - - This release fixes a security hole discovered by Georgi Guninski in - the - SOCKS dissector as well as problems with the NTLMSSP and Rsync code. - All users of previous versions are encouraged to upgrade. See - - http://www.ethereal.com/appnotes/enpa-sa-00008.html - - for more details. - - -New and Updated Features - - Many small updates were made to the user interface. - - The "Help" menu now includes the FAQ. - - The TCP dissector was enhanced. Many more fields are filterable. - - Tethereal received more IO stats: TCP and UDP top talkers. - - Packet reassembly has been improved. - - The "Follow TCP Stream" feature can now export C byte arrays. - - RTP streams can now be saved to a file. - - -Bug Fixes - - A missing comma in a string array could cause Ethereal to crash when - opening the preferences dialog. - - -New Protocols - - MSN Messenger, Rsync, SSH, Yahoo! Messenger - - -Updated Protocols - - AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS, - DCCP, - DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP - extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC, - LSA, - M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow, - OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA, - SNMP, - SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML, - Wellfleet BofL X.25, X11 - - -Updated Capture File Support - - NetXRay, NGSniffer, Snoop - - -== January 23, 2003 - -Ethereal 0.9.9 has been released. - - Please note the next release will NOT be 1.0. There are still more - features to be added before a 1.0 release will be ready. - - -New and Updated Features - - Plugin search behavior was improved under Unix, allowing more than - one - version of Ethereal to be installed at one time. - - The statistics graphs have been enhanced. More statistics have been - added: - - Round-trip-time statistics are now computed for SMB traffic. - - NCP Call and Reply times are now tracked. - - Top talker statistics for Ethernet, IP and Token Ring are now - available (tethereal only). - - Color allocation and handling was improved. - - The RADIUS dissector can now decrypt user passwords. - - Tethereal now supports reading from a pipe under Unix. - - The ATM code received major improvements. - - The DOS Sniffer code also received major improvements. - - For those that compile Ethereal from source, some fixes and updates - have been made to the configuration and build environment. - - -Bug Fixes - - The capture progress window now shows the correct number of elapsed - minutes. - - A potential infinite loop in the TCP graphing code has been fixed. - - -New Protocols - - MDSHDR, MEGACO, MySQL, SDLC, X.29 - - -Updated Protocols - - 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP, - DCE - RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC, - L2TP, - LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP, - RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC, - SRVSVC, - SUA, TNS, Token Ring, Wellfleet HDLC, X.25 - - -Updated Capture File Support - - Firewall-1, Netmon, NetXRay, Radcom, Sniffer - - -== December 7, 2002 - -Ethereal 0.9.8 has been released. - - Serious problems with the BGP, LMP, PPP, and TDS dissectors have - been - discovered. See - - http://www.ethereal.com/appnotes/enpa-sa-00007.html - - for more details. - - -New and Updated Features - - The TAP subsystem received major updates. Tethereal can display - more statistics, and several graphs have been added to Ethereal. - - A protocol hierarchy statistics tap was added to tethereal. This - code - may be used to replace the hierarchy statistics code in Wireshark. - - More updates have been added to TCP analysis. - - After a long hiatus, the Windows installer once again includes SNMP - support. - - The total running time of the capture is now displayed in the - capture - progress dialog box. The capture progress dialog also shows ARP - packets. - - The look of the plugins dialog was revamped. - - -Bug Fixes and Updates - - A bug which caused Ethereal under Windows to crash when "Update list - of - packets in real time" was enabled has been fixed. - - The stability of the text2pcap utility has been improved. - - In tethereal, the packet count is properly displayed when you ^C out - of a - capture. - - -New Protocols - - ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI, - MDNS, - PCLI, RPL - - -Updated Protocols - - AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR, - DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX, - iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS, - NTLMSSP, - OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP, - Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120, - WEP, - YPSERV - - -Updated Capture File Support - - AIX iptrace and tcpdump, NetXRay, Sniffer, snoop - - -== September 28, 2002 - -Ethereal 0.9.7 has been released. - -New Features - - In order to improve the out-of-box responsiveness of Ethereal and - Tethereal, network name resolution has been disabled by default. - - TCP analysis (a feature added in the 0.9.6 release) was improved. - - The NCP code base received quite a few updates. - - Initial support for version 2 of the GTK+ library was added. - - RPC staticstics (which use the new Tap API) were added. - - Due to added and updated support for the NTLM, SNEGO, and GSS-API - protocols, Ethereal can now dissect most of the security blobs for - Windows 2000 authentication. - - The Ethernet "manuf" file now handles addresses specified with a - mask, and contains many well-known addresses. - - -New Protocols - - 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and - Juniper), - SCCP-Management, SPNEGO - - The following DCE/RPC protocols were also added: - - AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, - DNSSERVER, - DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, - REP_PROC, - ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST, - RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE - - -Updated Protocols - - AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, - DCE/RPC - NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS- - IS, - Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, - OSI - Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, - WSP, - - -== August 20, 2002 - -Ethereal 0.9.6 has been released. - -Bugs Fixed - - A buffer overflow in the ISIS dissector has been fixed. More - information can be found at - http://www.ethereal.com/appnotes/enpa-sa-00006.html. - - A bad TCP header could cause problems for the "Follow TCP Stream" - feature. - - Setting "column.format" from the command line no longer crashes - Ethereal and Tethereal. - - Problems with capture files being overwritten (e.g. if you try to - save over - the current capture file) have been fixed. - - An SMB conversation handling bug has been fixed. - - Thanks to Valgrind, several memory leaks have been fixed. - - Some problems with printing under Windows have been fixed. - - -New Features - - TCP sequence number analysis has been added. - - The DCE RPC NETLOGON dissector has received a major overhaul. - - Data types throughout the code have been cleaned up. - - -New Protocols - - CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP - - -Updated Protocols - - 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, - DCERPC - REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, - L2TP, - LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, - PPP, - Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot, - SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP - - -Capture File Updates - -CheckPoint Firewall-1 monitor file support and CoSine debug file -support -were added. Support for pppdump and Netmon files was updated. - - -== June 28, 2002 - -Ethereal 0.9.5 has been released. This version fixes several potential -security problems revealed since the release of 0.9.4. See the -security -advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for -more details. - - -New Features: - -The ability to read packet data from a pipe was enhanced. Printing -under Windows now works. - - -New Protocols - -802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI - - -Updated Protocols - -ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP, -MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA, -SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP, -WCP, WEP, WSP, WTP - - -Capture File Updates - -Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop, -NetXRay, and libpcap code all received updates. - - + A complete FAQ is available on the Wireshark web site.