One warning from GCC:

[obnox/wireshark/wip.git] / NEWS

$Id$

== December 27, 2005

Ethereal 0.10.14 has been released.

  Bug Fixes

   Three security vulnerabilities have been fixed since the previous
   release. See the [1]application advisory for more details.

     o The IRC dissector could go into an infinite loop. Versions
       affected: 0.10.13.

     o The GTP dissector could go into an infinite loop. Versions
       affected: 0.9.1 to 0.10.13.

     o iDefense found a buffer overflow in the OSPF dissector.
       Versions affected: 0.8.20 to 0.10.13.

  New and Updated Features

   The following features are new (or have been significantly
   updated) since the last release:

     o The Windows installer now ships with GTK+ 2.6 instead of GTK+
       2.4. This should fix several long-standing bugs.

     o If you're loading a saved capture file and press "Cancel",
       Ethereal will now display the packets read up to that point.
       In previous versions, Ethereal would abort the attempt
       completely and clear the packet list.

       This means that if you're loding a huge capture file, you can
       stop loading in the middle and still be able to analyze part
       of the file.

     o The maximum number of files allowed in a ring buffer has been
       increased from 1024 to 10,000.

     o OID to name resolution has been improved.

     o TCP graphs now handle upper and lower bounds better.

  New Protocol Support

   3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB,
   NBAP, NCP SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC,
   UDP-Lite, X.501

  Updated Protocol Support

   ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL,
   CMP, CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN,
   NT, WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric,
   FC-DNS, FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235,
   H.245, H.248, H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6,
   IRC, ISIS LSP, ISUP, IUUP, Juniper, LLDP, M3UA, MIP, MIPv6,
   Modbus/TCP, MTP3, NCP, NDPS, NDS, NEMO, NMAS, NTLMSSP, OSPF, PER,
   PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931, RADIUS, RANAP, RDT, RLOGIN,
   RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP, SCTP, SES, SIP, SMB,
   SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication, X.411, X.420,
   X.509

  New and Updated Capture File Support

   DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces,
   Tektronix K12

Getting Ethereal

  Microsoft Windows

   Download ethereal-setup-0.10.14.exe from the [2]Windows download
   area on the main web site. Double-click the installer executable.

  Sun Solaris

   Download the appropriate package from the [3]Solaris download area
   on the main web site. Uncompress the package using bzip2, and
   install it using pkgadd.

  Source Code

   Download ethereal-0.10.14.tar.gz from the [4]main download area on
   the web site. Extract the package using tar and gzip. Run
   "configure ; make ; make install".

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Ethereal packages.
   You can install or upgrade Ethereal using the package management
   system specific to that platform. A list of third-party packages
   can be found on the [5]download page on the Wireshark web site.

File Locations

   Ethereal and Tethereal look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About->Folders to find the default locations on your system.

Known Problems

   On Windows systems the packet list scroll bar can sometimes
   disappear or become unusable. Until the problem is fixed you can
   work around it by resizing the packet list or the main window.
   ([6]Bug #220)

Getting Help

   Community support is available on the ethereal-users mailing list.
   Subscription information and archives for all of Ethereal's
   mailing lists can be found on [7]the web site. There is also an
   [8]IRC channel dedicated to Ethereal.

   Commercial support, training, and development services are
   available from [9]Ethereal Software.

Frequently Asked Questions

   A complete FAQ is available on the [10]Ethereal web site.

References

   Visible links
   1. http://www.ethereal.com/appnotes/enpa-sa-00022.html
   2. http://www.ethereal.com/docs/distribution/win32/
   3. http://www.ethereal.com/docs/distribution/solaris/
   4. http://www.ethereal.com/docs/distribution/
   5. http://www.ethereal.com/download.html#otherplat
   6. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
   7. http://www.ethereal.com/lists/
   8. irc://irc.freenode.net/ethereal
   9. http://www.etherealsoft.com/
  10. http://www.ethereal.com/faq.html

== October 17, 2005

Ethereal 0.10.13 has been released.

  Bug Fixes

   Several security vulnerabilities have been fixed since the previous
   release. See the [1]application advisory for more details.

     o The ISAKMP dissector could exhaust system memory. Versions affected:
       0.10.11 to 0.10.12.

     o The FC-FCS dissector could exhaust system memory. Versions affected:
       0.9.0 to 0.10.12.

     o The RSVP dissector could exhaust system memory. Versions affected:
       0.9.4 to 0.10.12.

     o The ISIS LSP dissector could exhaust system memory. Versions affected:
       0.8.18 to 0.10.12.

     o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.

     o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
       to 0.10.12.

     o The BER dissector was susceptible to an infinite loop. Versions
       affected: 0.10.3 to 0.10.12.

     o The SCSI dissector could dereference a null pointer and crash.
       Versions affected: 0.10.3 to 0.10.12.

     o If the "Dissect unknown RPC program numbers" option was enabled, the
       ONC RPC dissector might be able to exhaust system memory. This option
       is disabled by default. Versions affected: 0.7.7 to 0.10.12.

     o The sFlow dissector could dereference a null pointer and crash.
       Versions affected: 0.9.14 to 0.10.12.

     o The RTnet dissector could dereference a null pointer and crash.
       Versions affected: 0.10.8 to 0.10.12.

     o The SigComp UDVM could go into an infinite loop or crash. Versions
       affected: 0.10.12.

     o If SMB transaction payload reassembly is enabled the SMB dissector
       could crash. This preference is disabled by default. Versions
       affected: 0.9.7 to 0.10.12.

     o The X11 dissector could attempt to divide by zero. Versions affected:
       0.10.1 to 0.10.12.

     o The AgentX dissector could overflow a buffer. Versions affected:
       0.10.10 to 0.10.12.

     o The WSP dissector could free an invalid pointer. Versions affected:
       0.10.1 to 0.10.12.

     o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
       affected: 0.10.0 to 0.10.12.

   When trying to save a flow graph, Ethereal could crash.

   When viewing protocol hierarchy statistics, Ethereal and Tethereal could
   crash.

   The PCRE library that ships with the Windows installer has been upgraded
   from version 4.4 to 6.3 in response to a [2]security vulnerability.

  New and Updated Features

   The following features are new (or have been significantly updated) since
   the last release:

     o The timestamp display precision of the Packet List can be adjusted
       now. The precision will be automatically adjusted depending on the
       file format loaded, e.g. libpcap typically uses microsecond resolution
       displayed like "0.000000". In addition you can adjust the precision
       manually through the View/Time Display Format menu items.

     o The WinPcap version 3.1 installer was released since the last Ethereal
       release. The version included in the Wireshark Windows installer has
       been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap
       separately or install a different version you can download it from:
       [3]the WinPcap web site.

     o The behavior of the display filter "ip.checksum_bad" has changed.
       Instead of merely checking for its presence you must now make sure it
       is set, e.g. instead of using "ip.checksum_bad" you must now use
       "ip.checksum_bad == 1".

     o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
       It is very similar to the common libpcap file format but is capable of
       keeping nanosecond resolution timestamps. This format is currently
       supported only by Wireshark.

     o Ethereal's memory managment has been greatly improved.

     o Ethereal can now save gzip-compressed capture files.

  New Protocol Support

   CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS
   Replication, X.411, X.420

  Updated Protocol Support

   802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13,
   ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP,
   AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP,
   BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS,
   DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR,
   SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT,
   FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP,
   H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2,
   IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC,
   IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12,
   Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO,
   MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS,
   OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP,
   RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow,
   SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN,
   T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25,
   X.509, XML, YMSG

  New and Updated Capture File Support

   5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows
   Sniffer, Tektronix K12

Getting Ethereal

  Microsoft Windows

   Download ethereal-setup-0.10.13.exe from the [4]Windows download area on
   the main web site. Double-click the installer executable.

  Sun Solaris

   Download the appropriate package from the [5]Solaris download area on the
   main web site. Uncompress the package using bzip2, and install it using
   pkgadd.

  Source Code

   Download ethereal-0.10.13.tar.gz from the [6]main download area on the web
   site. Extract the package using tar and gzip. Run "configure ; make ; make
   install".

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Ethereal packages. You can
   install or upgrade Ethereal using the package management system specific
   to that platform. A list of third-party packages can be found on the
   [7]download page on the Wireshark web site.

File Locations

   Ethereal and Tethereal look in several different locations for preference
   files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
   from platform to platform. You can use About->Folders to find the default
   locations on your system.

Known Problems

   On Windows systems the packet list scroll bar can sometimes disappear or
   become unusable. Until the problem is fixed you can work around it by
   resizing the packet list or the main window. ([8]Bug #220)

Getting Help

   Community support is available on the ethereal-users mailing list.
   Subscription information and archives for all of Ethereal's mailing lists
   can be found on [9]the web site. There is also an [10]IRC channel
   dedicated to Ethereal.

   Commercial support, training, and development services are available from
   [11]Ethereal Software.

Frequently Asked Questions

   A complete FAQ is available on the [12]Ethereal web site.

References

   Visible links
   1. http://www.ethereal.com/appnotes/enpa-sa-00021.html
   2. http://www.securityfocus.com/bid/14620
   3. http://www.winpcap.org/
   4. http://www.ethereal.com/docs/distribution/win32/
   5. http://www.ethereal.com/docs/distribution/solaris/
   6. http://www.ethereal.com/docs/distribution/
   7. http://www.ethereal.com/download.html#otherplat
   8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
   9. http://www.ethereal.com/lists/
  10. irc://irc.freenode.net/ethereal
  11. http://www.etherealsoft.com/
  12. http://www.ethereal.com/faq.html

== July 26, 2005

Ethereal 0.10.12 has been released.

Our testing program has turned up several more security issues:

  The LDAP dissector could free static memory and crash. 
  Versions affected: 0.8.5 to 0.10.11

  The AgentX dissector could crash.
  Versions affected: 0.10.10 to 0.10.11

  The 802.3 dissector could go into an infinite loop.
  Versions affected: 0.8.16 to 0.10.11

  The PER dissector could abort.
  Versions affected: 0.10.5 to 0.10.11

  The DHCP dissector could go into an infinite loop.
  Versions affected: 0.10.7 to 0.10.11

  The BER dissector could abort or loop infinitely.
  Version affected: 0.10.11

  The MEGACO dissector could go into an infinite loop.
  Versions affected: 0.9.14 to 0.10.11

  The GIOP dissector could dereference a null pointer.
  Versions affected: 0.8.20 to 0.10.11

  The SMB dissector was susceptible to a buffer overflow.
  Versions affected: 0.9.12 to 0.10.11

  The WBXML could dereference a null pointer.
  Versions affected: 0.10.1 to 0.10.11

  The H1 dissector could go into an infinite loop.
  Versions affected: 0.8.15 to 0.10.11

  The DOCSIS dissector could cause a crash.
  Versions affected: 0.9.13 to 0.10.11

  The SMPP dissector could go into an infinite loop.
  Versions affected: 0.10.1 to 0.10.11

  SCTP graphs could crash.
  Version affected: 0.10.11

  The HTTP dissector could crash.
  Versions affected: 0.10.4 to 0.10.11

  The SMB dissector could go into a large loop.
  Versions affected: 0.9.0 to 0.10.11

  The DCERPC dissector could crash.
  Versions affected: 0.9.16 to 0.10.11.

  Several dissectors could crash while reassembling packets.
  Versions affected: 0.9.0 to 0.10.11


  Steve Grubb at Red Hat found the following issues:

  The CAMEL dissector could dereference a null pointer.
  Version affected: 0.10.11

  The DHCP dissector could crash.
  Versions affected: 0.10.4 to 0.10.11

  The CAMEL dissector could crash.
  Versions affected: 0.10.10 to 0.10.11

  The PER dissector could crash.
  Versions affected: 0.10.10 to 0.10.11

  The RADIUS dissector could crash.
  Versions affected: 0.9.4 to 0.10.11

  The Telnet dissector could crash.
  Versions affected: 0.9.10 to 0.10.11

  The IS-IS LSP dissector could crash.
  Versions affected: 0.8.19 to 0.10.11

  The NCP dissector could crash.
  Versions affected: 0.9.15 to 0.10.11


  iDEFENSE found the following issues:

  Several dissectors were susceptible to a format string overflow.
  Versions affected: 0.9.4 to 0.10.11


  Ethereal uses the zlib compression library.  Security vulnerabilities
  have been discovered in zlib 1.2.1 and 1.2.2.  The Windows installer
  now ships with zlib 1.2.3, which fixes these vulnerabilities.


Please see the following advisory for more information:
  
    http://www.ethereal.com/appnotes/enpa-sa-00020.html
    
Everyone is encouraged to upgrade.


New and updated features

  The Windows installer now includes the WinPcap 3.1 beta 4 installer.
  You don't have to download and install it separately.

  RADIUS dictionaries are now included.

  A lot of documentation was updated

  Some command line parameters have changed, see the Wireshark / Tethereal
  manual pages

  A "File/File Set" submenu was added to better handle multiple files
  (such as ring buffers).

  Flow graphs can now be created for any protocol.

  Memory management has been greatly improved.

  JXTA has been added to the conversations menu.

  When compiled with MIT/Heimdal Kerberos AND if keytab files are
  provided, Ethereal can now decrypt and dissect both SecureLDAP and
  encrypted DCE/RPC.

  TCP Sequence graphs should now work for all captures and all
  encapsulation types.


New protocol support

  ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
  DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
  Synergy, TANGO, WLAN Certificate Extensions


Updated protocol support

  802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
  Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
  DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
  GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
  H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
  IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
  LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
  PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
  SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
  Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV


New and updated capture file support

  HP Nettl, Tektronix K12


== May 4, 2005

Ethereal 0.10.11 has been released.

An aggressive testing program as well as independent discovery has turned
up a multitude of security issues:

  The ANSI A dissector was susceptible to format string vulnerabilities.
  Discovered by Bryan Fulton.
  Versions affected: 0.9.15 to 0.10.10

  The GSM MAP dissector could crash.
  Versions affected: 0.10.0 to 0.10.10

  The AIM dissector could cause a crash.
  Versions affected: 0.9.14 to 0.10.10

  The DISTCC dissector was susceptible to a buffer overflow.
  Discovered by Ilja van Sprundel
  Versions affected: 0.9.13 to 0.10.10

  The FCELS dissector was susceptible to a buffer overflow.
  Discovered by Neil Kettle
  Versions affected: 0.9.9 to 0.10.10

  The SIP dissector was susceptible to a buffer overflow.
  Discovered by Ejovi Nuwere.
  Versions affected: 0.10.0 to 0.10.10

  The KINK dissector was susceptible to a null pointer exception,
  endless looping, and other problems.
  Versions affected: 0.10.10

  The LMP dissector was susceptible to an endless loop.
  Versions affected: 0.9.4 to 0.10.10

  The Telnet dissector could abort.
  Versions affected: 0.9.10 to 0.10.10

  The TZSP dissector could cause a segmentation fault.
  Versions affected: 0.10.10 to 0.10.10

  The WSP dissector was susceptible to a null pointer exception and
  assertions.
  Versions affected: 0.10.0 to 0.10.10

  The 802.3 Slow protocols dissector could throw an assertion.
  Versions affected: 0.10.10

  The BER dissector could throw assertions.
  Versions affected: 0.10.2 to 0.10.10

  The SMB Mailslot dissector was susceptible to a null pointer exception
  and could throw assertions.
  Versions affected: 0.9.0 to 0.10.10

  The H.245 dissector was susceptible to a null pointer exception.
  Versions affected: 0.10.10

  The Bittorrent dissector could cause a segmentation fault.
  Versions affected: 0.10.8 to 0.10.10

  The SMB dissector could cause a segmentation fault and throw assertions.
  Versions affected: 0.9.0 to 0.10.10

  The Fibre Channel dissector could cause a crash.
  Versions affected: 0.9.9 to 0.10.10

  The DICOM dissector could attempt to allocate large amounts of memory.
  Versions affected: 0.10.4 to 0.10.10

  The MGCP dissector was susceptible to a null pointer exception, could
  loop indefinitely, and segfault.
  Versions affected: 0.8.14 to 0.10.10

  The RSVP dissector could loop indefinitely.
  Versions affected: 0.9.8 to 0.10.10

  The DHCP dissector was susceptible to format string vulnerabilities, and
  could abort.
  Versions affected: 0.10.7 to 0.10.10

  The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
  Versions affected: 0.9.8 to 0.10.10

  The EIGRP dissector could loop indefinitely.
  Versions affected: 0.8.18 to 0.10.10

  The ISIS dissector could overflow a buffer.
  Versions affected: 0.8.18 to 0.10.10

  The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
  and X.509 dissectors could overflow buffers.
  Versions affected: 0.10.4 to 0.10.10

  The NDPS dissector could exhaust system memory or cause an assertion,
  or crash.
  Versions affected: 0.9.12 to 0.10.10

  The Q.931 dissector could try to free a null pointer and overflow
  a buffer.
  Versions affected: 0.10.10

  The IAX2 dissector could throw an assertion.
  Versions affected: 0.10.1 to 0.10.10

  The ICEP dissector could try to free the same memory twice.
  Versions affected: 0.10.7 to 0.10.10

  The MEGACO dissector was susceptible to an infinite loop and a buffer
  overflow.
  Versions affected: 0.9.14 to 0.10.10

  The DLSw dissector was susceptible to an infinite loop.
  Versions affected: 0.9.1 to 0.10.10

  The RPC dissector was susceptible to a null pointer exception.
  Versions affected: 0.9.2 to 0.10.10

  The NCP dissector could overflow a buffer or loop for a large amount
  of time.
  Versions affected: 0.10.5 to 0.10.10

  The RADIUS dissector could throw an assertion.
  Versions affected: 0.10.3 to 0.10.10

  The GSM dissector could access an invalid pointer.
  Versions affected: 0.10.10

  The SMB PIPE dissector could throw an assertion.
  Versions affected: 0.9.0 to 0.10.10

  The L2TP dissector was susceptible to an infinite loop.
  Versions affected: 0.10.9 to 0.10.10

  The SMB NETLOGON dissector could dereference a null pointer.
  Versions affected: 0.9.12 to 0.10.10

  The MRDISC dissector could throw an assertion.
  Versions affected: 0.8.19 to 0.10.10

  The ISUP dissector could overflow a buffer or cause a segmentation fault.
  Versions affected: 0.8.19 to 0.10.10

  The LDAP dissector could crash.
  Versions affected: 0.10.1 to 0.10.10

  The TCAP dissector could overflow a buffer or throw an assertion.
  Versions affected: 0.10.8 to 0.10.10

  The NTLMSSP dissector could crash.
  Versions affected: 0.9.7 to 0.10.10


  Additionally, a number of dissectors could throw an assertion when
  passing an invalid protocol tree item length.
  Versions affected: 0.10.8 to 0.10.10


Please see the following advisory for more information:
  
    http://www.ethereal.com/appnotes/enpa-sa-00019.html
    
Everyone is encouraged to upgrade.


New and updated features



New protocol support



Updated protocol support



New and updated capture file support




== March 11, 2005

Ethereal 0.10.10 has been released.

This release fixes three security and stability-related issues:

  Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
  (CAN-2005-0704)

  The GPRS-LLC dissector could crash if the "ignore cipher bit" option
  was enabled. (CAN-2005-0705)

  Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
  This flaw was later reported by Leon Juranic. (CAN-2005-0699)

  Leon Juranic discovered a buffer overflow in the IAPP dissector.

  A bug in the JXTA dissector could make Ethereal crash.

  A bug in the sFlow dissector could make Ethereal crash.


Please see the following advisory for more information:
  
    http://www.ethereal.com/appnotes/enpa-sa-00018.html
    
Everyone is encouraged to upgrade.


New and updated features

  Tree view item context menus now let you browse to the display filter
  reference and wiki pages for a particular protocol.

  Online help has been expanded.

  VoIP call analysis (including nifty connection diagrams) has been
  added.

  GSS-API decryption has been greatly enhanced.


New protocol support

  AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
  Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP


Updated protocol support

  3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
  DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
  GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
  IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
  JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
  PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
  SPNEGO, SSL, STUN, TCAP, TCP, TZSP


New and updated capture file support

  DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)


== January 19, 2005

Ethereal 0.10.9 has been released.

This release fixes the following security-related issues:

  The COPS dissector could go into an infinite loop.  (CAN-2005-0006)

  The DLSw dissector could cause an assertion, making Ethereal exit
  prematurely.  (CAN-2005-0007)

  The DNP dissector could cause memory corruption.  (CAN-2005-0008)

  The Gnutella dissector could cause an assertion, making Ethereal
  exit prematurely.  (CAN-2005-0009)

  The MMSE dissector could free static memory.  (CAN-2005-0010)

  The X11 protocol dissector is vulnerable to a string buffer overflow.
  (CAN-2005-0084)

Please see the following advisory for more information:
  
    http://www.ethereal.com/appnotes/enpa-sa-00017.html
    
Everyone is encouraged to upgrade.


New and updated features

  Ethereal will now detect and flag weak 802.11 WEP IVs.

  Windows Sniffer timestamp handling has been greatly improved.

  A bug which made Ethereal crash at startup on Windows 98 and Windows
  ME systems has been fixed.

  Ethereal and Tethereal now support a personal "hosts" file.

  Invalid field length handling has been greatly improved.

  The capture progress window title now shows the interface name.


New protocol support

  ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA

Updated protocol support

  AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
  DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
  FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
  HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
  L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
  NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
  RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
  SSL/TLS, T.38, TACACS, TCAP, TCP, X11


New and updated capture file support

  Windows Sniffer

== December 15, 2004

Ethereal 0.10.8 has been released.

This release fixes the following security-related issues:

  Matthew Bing discovered a bug in DICOM dissection that could make
  Ethereal crash. (CAN-2004-1139)

  An invalid RTP timestamp could make Ethereal hang and create a large
  temporary file, possibly filling available disk space. (CAN-2004-1140)

  The HTTP dissector could access previously-freed memory, causing a
  crash. (CAN-2004-1141)

  Brian Caswell discovered that an improperly formatted SMB packet could
  make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)

Please see the following advisory for more information:
  
    http://www.ethereal.com/appnotes/enpa-sa-00016.html
    
Everyone is encouraged to upgrade.


New and updated features

  Ethereal now has a packet history, similar to most web browsers.

  Ethereal now supports custom window titles.

  Minor performance enhancements have been added.
  
  RTP analysis has been enhanced.
  
  Host name resolution has been improved.
  
  Ethereal can now track TCP PDU times.  See
  http://wiki.ethereal.com/TcpPduTime for more details.
  
  Ethereal now ships with netscreen2dump.py, a utility which converts
  netscreen packet-trace hex dumps to hex dumps that can be read by
  text2pcap.


New protocol support

  AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
  and Session Management, GSM MAP, Extended Security Services, Logotype
  Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
  Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
  DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,


Updated protocol support

  3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
  CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
  ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
  GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
  ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
  PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
  RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
  SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
  X.509af, X.509ce, X.509if, X.509sat,


New and updated capture file support

  pppdump


== October 20, 2004

Ethereal 0.10.7 has been released.

  The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
  libraries which fix several known bugs.  Unfortunately, a few known
  GLib/GTK+ bugs remain.

  In order to avoid a naming conflict with the tcpreplay project, the
  "capinfo" utility has been renamed to "capinfos".


New and updated features

  Search wrapping is now a configurable option.
  
  A lot of material has been added to the Developer's Guide.  The User's Guide
  has been updated as well.
  
  The "Decode As..." dialog now supports DCERPC and SCTP.
  
  The "Help" menu now includes a link to the wiki.
  
  H.323 call analysis is now supported.


New protocol support

  Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
  Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
  extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,


Updated protocol support

  AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
  DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
  EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
  ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
  MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
  RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
  SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,


New and updated capture file support

  HP-UX nettl, NG Sniffer


== August 12, 2004

Ethereal 0.10.6 has been released.

  This release fixes a preferences bug present in Wireshark which displayed
 
    (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
    (gtk_window_resize): assertion `height > 0' failed

  at program startup.  A workaround for 0.10.5 is described in

    http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html

  A new command-line utility called "capinfo" has been added to the
  distribution which prints statistics about capture files.  

  You can now copy conversation and endpoint data to other applications as
  CSV data.


New and updated features

  X.509 support has been added.

  Crash bugs have been fixed in the RTP and NCP dissectors.

  PostScript(r) output has been improved.
  
  A bug that prevented mergecap from creating a new output file has been
  fixed.
  
  Conversation and endpoint performance has been enhanced.  General packet
  display performance has been enhanced.
  
  The conversation and host list tools have been renamed to be less
  confusing.
  
  You can now copy conversation and host list data as CSV data.
  
  RTP analysis can now dynamically determine the proper clock rate.


New protocol support

  AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
  X.509AF, X.509CE, X.509IF, X.509SAT


Updated protocol support

  802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
  ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
  MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
  SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet


New and updated capture file support

  LANalyzer


== July 7, 2004

Ethereal 0.10.5 has been released.


This release fixes bugs in iSNS, SMB, and SNMP, as described in the
following advisory:

    http://www.ethereal.com/appnotes/enpa-sa-00015.html

Everyone is encouraged to upgrade.


New and updated features

  Ethereal can now merge multiple files (you don't have to resort to
  mergecap on the command line).

  A preview pane has been added to the file dialog.

  The capture progress dialog can now be disabled.

  The about dialog has received further improvements.

  The behavior of Ethereal's dialog windows has been normalized somewhat.

  The Windows installer can now associate standard file extensions
  with Ethereal.

  Ethereal can be configured not to bug you about unsaved captures.

  Ethereal can open help documentation using the default web browser.


New protocol support

  DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)


Updated protocol support

  AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
  NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
  H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
  M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
  RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
  VRRP, WBXML (User-Agent Profile), WSP, X11


New and updated capture file support

  Radcom


== May 13, 2004

Ethereal 0.10.4 has been released.

This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
the following advisory:

    http://www.ethereal.com/appnotes/enpa-sa-00014.html

Everyone is encouraged to upgrade.


New and updated features

  When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
  selection dialog.

  Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.

  PostScript(R) output has been improved.

  The screen layout of the main window can be changed by Preferences now.
  
  Many other parts of the user interface have received improvements.

  Compressed and chunked transfer-coded HTTP bodies are now decoded.

  A new generic media dissector more cleanly handles HTTP and WSP
  Content-Type information.


New protocol support

  ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
  IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS


Updated protocol support

  3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
  DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
  FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
  ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
  RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
  Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG


Capture file support

  EyeSDN, nettl


== March 25, 2004

Ethereal 0.10.3 has been released.

This release fixes several security bugs described in the following
advisory:

    http://www.ethereal.com/appnotes/enpa-sa-00013.html

Everyone is encouraged to upgrade.


New and updated features

  Display filters now support the bitwise and (&) operator.

  Protocol hierarchy statistics now have bandwidth columns.

  The capture dialog has a new layout.


New protocol support

  3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
  MQ, Presentation, SLSK,


Updated protocol support

  802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
  BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
  RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
  FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
  Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
  PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
  SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC


Capture file support

  EyeSDN, libpcap (tcpdump)


== February 23, 2004

Ethereal 0.10.2 has been released.

This release fixes two major bugs in 0.10.1:

  Under Windows, the error

     ** WARNING **: error opening
     /usr/local/share/ethereal/asn1/default.tt, No such file or
     directory

  would be printed at startup.

  The 0.10.1 source release was missing several files required for
  compiling.


New and updated features

  The user interface has received further updates.  The Statistics
  menu
  layout has been improved, as well as the capture options dialog
  layout.


New protocol support

  Cisco Cast Client Control Protocol


Updated protocol support

  AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
  HTTP,
  IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
  TCAP, TDS


== February 18, 2004

Ethereal 0.10.1 has been released.


New and updated features

  The Windows installer now lets you choose between the traditional
  GTK+
  version 1 interface and a new GTK+ 2 interface.

  Several updates were made to Ethereal's user interface.  The "File"
  menu
  now has a "most recently used" list.  The help menu was greatly
  expanded.

  The "matches" operator now handles more data types.  For example,
  you can
  now use

      smtp matches joespammer@example.com

  as a display filter.

  I/O statistics now support 1ms resolution.

Bug fixes

  A column resorting crash on the Windows platform was fixed.

New protocol support

  EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA

Updated protocol support

  ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
  CLNP,
  COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
  TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
  FC-IP,
  FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
  se),
  GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
  IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
  Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
  IPv6,
  MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
  RADIUS,
  RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
  SNMP,
  SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
  Teredo,
  Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11


Updated capture file support

  DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
  Snoop


== December 12, 2003

Ethereal 0.10.0 has been released.

  This release fixes issues in the SMB and Q.931 dissectors that could
  make Ethereal and Tethereal crash.  See

    http://www.ethereal.com/appnotes/enpa-sa-00012.html

  for more details.

New and updated features

  Many performance improvements have been made to the code.  Most
  users
  should see a 2x to 3x performance increase when loading and working
  with
  capture files.

  A "matches" display filter operator has been added.  It is similar
  to
  the "contains" operator, but supports Perl-compatible regular
  expressions.

  Tethereal can now dump packet data in XML (PDML) format.

  The main application menus have been rearranged and the help windows
  have been revamped, along with a host of other UI enhancements.

  The capture progress window now features bar graphs.

  The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
  Windows
  installer have been updated.

New protocol support

  BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
  RS_PROP_ACCT}
  IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,

Updated protocol support

  ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
  {DCOM,
  EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
  DTAP,
  ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
  MAP,
  H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
  LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
  RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
  SRVLOC,
  SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP


Updated capture file support

  AiroPeek v9 (2.x) support was added.  Network Instruments Observer
  and
  Snoop support was updated.


== November 2, 2003

Ethereal 0.9.16 has been released.

  This release fixes potential security issues with the GTP, ISAKMP,
  MEGACO, and SOCKS dissectors. See

    http://www.ethereal.com/appnotes/enpa-sa-00011.html

  for more details.

New and updated features

  Ethereal has leapt forward into the 90's and added a toolbar.

  Ethereal and Tethereal can now force the data link type of captured
  frames.

  RTP analysis has been enhanced.

  Individual frames can now be marked as time references

  Service response time and general I/O statistics have been enhanced.
  I/O
  statistics can now calculate client load (experimental).

New protocol support

  ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
  INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
  GSM
  SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
  (OTA), T.38, TCAP, TPCP

Updated protocol support

  AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
  DCE/RPC
  DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
  DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
  Relay,
  FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
  ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
  NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
  RIP,
  RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
  SONMP,
  SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
  X.25, Yahoo! Messenger


Updated capture file support

  Linux Bluez Bluetooth hcidump support has been added.

  Endace ERF and Network Instruments Observer, and NetXRay support has
  been enhanced.


== September 9, 2003

Ethereal 0.9.15 has been released.

New and updated features

  Many often-requested features have been added with this release.  If
  you're running an older version of Ethereal you may want to have a
  look.

  Conversation List (aka "top talker") support has been added to
  Ethereal
  and Tethereal.  Protocol statistics in general have been updated.

  Searching capture files has been improved even more -- a new
  "contains"
  display filter operator that searches for strings in PDUs has been
  added.  The Find dialog now supports case-insensitive searches, hex
  data
  searches, and more.

  An H.225 dissector has been added.  It can automatically recognize
  RTP
  and RTCP conversations.

  A preference file has been added for disabled protocols.

  Color filters may now be imported and exported from within Wireshark.

  A new column type has been added for cumulative bytes.


New protocols

  GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN


Updated protocols

  ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
  Ethernet,
  FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
  M3UA,
  MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
  SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
  WSP,


Updated capture file support

  Support for Accellent 5Views and Endace ERF capture files was added.
  CheckPoint FW-1 and Novell LANalyzer support has been enhanced.


== July 23, 2003

Ethereal 0.9.14 has been released.

New and updated features

  The ringbuffer code has been (nearly) completely rewritten.  It now
  supports an unlimited number of files.

  Ethereal now supports searching for arbitrary text and binary data
  in
  frames.

  Service response time statistics have been enhanced.

  Tethereal, the text-mode version of Ethereal, can now be compiled
  without capture support.


New and updated features

  Echo, eDonkey, Jabber, MS Messenger, sFlow


Updated protocols

  AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
  H.245,
  IGMP, IPsec,  IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
  NDS,
  NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
  SNA,
  SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines,  VRRP, WBXML, WEP, WSP,
  WTP,
  X11, Zebra


Updated capture file support

  LANalyzer, NetXRay


== June 11, 2003

Ethereal 0.9.13 has been released.

  This release fixes a large number of security issues  discovered by
  Timo
  Sirainen and others.  See

    http://www.ethereal.com/appnotes/enpa-sa-00010.html

  for more details.

New and updated features

  Ethereal now supports a system-wide color filter file.

  Support for the GNU ADNS library has been added.  ADNS allows
  asynchronous DNS lookups.

  "Decode As..." functionality has been added to Tethereal via the "-
  d"
  flag.

  The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
  now
  shown in the protocol tree.

New protocols

  distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA

Updated protocols

  802.11, AIM,  BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
  FDDI,
  GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
  NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
  SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
  WSP,
  WTP

Updated capture file support

  HP-UX nettl, VMS UCX$TRACE


== May 1, 2003

Ethereal 0.9.12 has been released.

  This release fixes several off-by-one and integer overflow errors
  discovered by Timo Sirainen.  See

    http://www.ethereal.com/appnotes/enpa-sa-00009.html

  for more details.

New and updated features

  TCP sequence number analysis received a few improvements.

  General packet reassembly has been improved.

  The "Follow TCP Stream" window now allows you to filter out the
  current
  stream.

  The Vines code received significant updates.

  Several enhancements were made to the text2pcap utility.

New protocols

  ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC

Updated protocols

  802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
  EAP,
  IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
  M2UA,
  M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
  PGM,
  Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
  SUA,
  TCP, Telnet, Vines, WBXML, WSP, WTP

Updated capture file support

  Netxray


== March 10, 2003

Ethereal 0.9.11 has been released.

  The Ethereal 0.9.10 release was packaged improperly.  This release
  fixes
  the packaging, and adds minor updates and fixes for the following
  protocols:

  AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH

  IA64 support has been improved.


== March 7, 2003

Ethereal 0.9.10 has been released.

  This release fixes a security hole discovered by Georgi Guninski in
  the
  SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
  All users of previous versions are encouraged to upgrade.  See

    http://www.ethereal.com/appnotes/enpa-sa-00008.html

  for more details.


New and Updated Features

  Many small updates were made to the user interface.

  The "Help" menu now includes the FAQ.

  The TCP dissector was enhanced.  Many more fields are filterable.

  Tethereal received more IO stats: TCP and UDP top talkers.

  Packet reassembly has been improved.

  The "Follow TCP Stream" feature can now export C byte arrays.

  RTP streams can now be saved to a file.


Bug Fixes

  A missing comma in a string array could cause Ethereal to crash when
  opening the preferences dialog.


New Protocols

  MSN Messenger, Rsync, SSH, Yahoo! Messenger


Updated Protocols

  AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
  DCCP,
  DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
  extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
  LSA,
  M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
  OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
  SNMP,
  SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
  Wellfleet BofL X.25, X11


Updated Capture File Support

  NetXRay, NGSniffer, Snoop


== January 23, 2003

Ethereal 0.9.9 has been released.

  Please note the next release will NOT be 1.0.  There are still more
  features to be added before a 1.0 release will be ready.


New and Updated Features

  Plugin search behavior was improved under Unix, allowing more than
  one
  version of Ethereal to be installed at one time.

  The statistics graphs have been enhanced.  More statistics have been
  added:

    Round-trip-time statistics are now computed for SMB traffic.

    NCP Call and Reply times are now tracked.

    Top talker statistics for Ethernet, IP and Token Ring are now
    available (tethereal only).

  Color allocation and handling was improved.

  The RADIUS dissector can now decrypt user passwords.

  Tethereal now supports reading from a pipe under Unix.

  The ATM code received major improvements.

  The DOS Sniffer code also received major improvements.

  For those that compile Ethereal from source, some fixes and updates
  have been made to the configuration and build environment.


Bug Fixes

  The capture progress window now shows the correct number of elapsed
  minutes.

  A potential infinite loop in the TCP graphing code has been fixed.


New Protocols

 MDSHDR, MEGACO, MySQL, SDLC, X.29


Updated Protocols

  802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC,  CLNP,
  DCE
  RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP,  IP-over-FC,
  L2TP,
  LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
  RADIUS, RANAP, RPC, SAMR, SCTP, SMB,  SPNEGO, SPOOLSS, SRVLOC,
  SRVSVC,
  SUA, TNS, Token Ring, Wellfleet HDLC, X.25


Updated Capture File Support

  Firewall-1, Netmon, NetXRay, Radcom, Sniffer


== December 7, 2002

Ethereal 0.9.8 has been released.

  Serious problems with the BGP, LMP, PPP, and TDS dissectors have
  been
  discovered.  See

    http://www.ethereal.com/appnotes/enpa-sa-00007.html

  for more details.


New and Updated Features

  The TAP subsystem received major updates.  Tethereal can display
  more statistics, and several graphs have been added to Ethereal.

  A protocol hierarchy statistics tap was added to tethereal.  This
  code
  may be used to replace the hierarchy statistics code in Wireshark.

  More updates have been added to TCP analysis.

  After a long hiatus, the Windows installer once again includes SNMP
  support.

  The total running time of the capture is now displayed in the
  capture
  progress dialog box.  The capture progress dialog also shows ARP
  packets.

  The look of the plugins dialog was revamped.


Bug Fixes and Updates

  A bug which caused Ethereal under Windows to crash when "Update list
  of
  packets in real time" was enabled has been fixed.

  The stability of the text2pcap utility has been improved.

  In tethereal, the packet count is properly displayed when you ^C out
  of a
  capture.


New Protocols

  ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
  MDNS,
  PCLI, RPL


Updated Protocols

  AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
  DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
  iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
  NTLMSSP,
  OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
  Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
  WEP,
  YPSERV


Updated Capture File Support

  AIX iptrace and tcpdump, NetXRay, Sniffer, snoop


== September 28, 2002

Ethereal 0.9.7 has been released.

New Features

  In order to improve the out-of-box responsiveness of Ethereal and
  Tethereal, network name resolution has been disabled by default.

  TCP analysis (a feature added in the 0.9.6 release) was improved.

  The NCP code base received quite a few updates.

  Initial support for version 2 of the GTK+ library was added.

  RPC staticstics (which use the new Tap API) were added.

  Due to added and updated support for the NTLM, SNEGO, and GSS-API
  protocols, Ethereal can now dissect most of the security blobs for
  Windows 2000 authentication.

  The Ethernet "manuf" file now handles addresses specified with a
  mask, and  contains many well-known addresses.


New Protocols

  802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
  Juniper),
  SCCP-Management, SPNEGO

  The following DCE/RPC protocols were also added:

  AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
  DNSSERVER,
  DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
  REP_PROC,
  ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
  RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE


Updated Protocols

  AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
  DCE/RPC
  NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
  IS,
  Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
  OSI
  Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
  WSP,


== August 20, 2002

Ethereal 0.9.6 has been released.

Bugs Fixed

  A buffer overflow in the ISIS dissector has been fixed.  More
  information can be found at
  http://www.ethereal.com/appnotes/enpa-sa-00006.html.

  A bad TCP header could cause problems for the "Follow TCP Stream"
  feature.

  Setting "column.format" from the command line no longer crashes
  Ethereal and Tethereal.

  Problems with capture files being overwritten (e.g. if you try to
  save over
  the current capture file) have been fixed.

  An SMB conversation handling bug has been fixed.

  Thanks to Valgrind, several memory leaks have been fixed.

  Some problems with printing under Windows have been fixed.


New Features

  TCP sequence number analysis has been added.

  The DCE RPC NETLOGON dissector has received a major overhaul.

  Data types throughout the code have been cleaned up.


New Protocols

  CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP


Updated Protocols

  802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
  DCERPC
  REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
  L2TP,
  LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
  PPP,
  Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
  SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP


Capture File Updates

CheckPoint Firewall-1 monitor file support and CoSine debug file
support
were added.  Support for pppdump and Netmon files was updated.


== June 28, 2002

Ethereal 0.9.5 has been released. This version fixes several potential
security problems revealed since the release of 0.9.4. See the
security
advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
more details.


New Features:

The ability to read packet data from a pipe was enhanced.  Printing
under Windows now works.


New Protocols

802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI


Updated Protocols

ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
WCP, WEP, WSP, WTP


Capture File Updates

Ethereal can now write LANalyzer files.  The Sniffer, nettl, snoop,
NetXRay, and libpcap code all received updates.