5 Ethereal 0.10.11 has been released.
7 An aggressive testing program as well as independent discovery has turned
8 up a multitude of security issues:
10 The ANSI A dissector was susceptible to format string vulnerabilities.
11 Discovered by Bryan Fulton.
12 Versions affected: 0.9.15 to 0.10.10
14 The GSM MAP dissector could crash.
15 Versions affected: 0.10.0 to 0.10.10
17 The AIM dissector could cause a crash.
18 Versions affected: 0.9.14 to 0.10.10
20 The DISTCC dissector was susceptible to a buffer overflow.
21 Discovered by Ilja van Sprundel
22 Versions affected: 0.9.13 to 0.10.10
24 The FCELS dissector was susceptible to a buffer overflow.
25 Discovered by Neil Kettle
26 Versions affected: 0.9.9 to 0.10.10
28 The SIP dissector was susceptible to a buffer overflow.
29 Discovered by Ejovi Nuwere.
30 Versions affected: 0.10.0 to 0.10.10
32 The KINK dissector was susceptible to a null pointer exception,
33 endless looping, and other problems.
34 Versions affected: 0.10.10
36 The LMP dissector was susceptible to an endless loop.
37 Versions affected: 0.9.4 to 0.10.10
39 The Telnet dissector could abort.
40 Versions affected: 0.9.10 to 0.10.10
42 The TZSP dissector could cause a segmentation fault.
43 Versions affected: 0.10.10 to 0.10.10
45 The WSP dissector was susceptible to a null pointer exception and
47 Versions affected: 0.10.0 to 0.10.10
49 The 802.3 Slow protocols dissector could throw an assertion.
50 Versions affected: 0.10.10
52 The BER dissector could throw assertions.
53 Versions affected: 0.10.2 to 0.10.10
55 The SMB Mailslot dissector was susceptible to a null pointer exception
56 and could throw assertions.
57 Versions affected: 0.9.0 to 0.10.10
59 The H.245 dissector was susceptible to a null pointer exception.
60 Versions affected: 0.10.10
62 The Bittorrent dissector could cause a segmentation fault.
63 Versions affected: 0.10.8 to 0.10.10
65 The SMB dissector could cause a segmentation fault and throw assertions.
66 Versions affected: 0.9.0 to 0.10.10
68 The Fibre Channel dissector could cause a crash.
69 Versions affected: 0.9.9 to 0.10.10
71 The DICOM dissector could attempt to allocate large amounts of memory.
72 Versions affected: 0.10.4 to 0.10.10
74 The MGCP dissector was susceptible to a null pointer exception, could
75 loop indefinitely, and segfault.
76 Versions affected: 0.8.14 to 0.10.10
78 The RSVP dissector could loop indefinitely.
79 Versions affected: 0.9.8 to 0.10.10
81 The DHCP dissector was susceptible to format string vulnerabilities, and
83 Versions affected: 0.10.7 to 0.10.10
85 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
86 Versions affected: 0.9.8 to 0.10.10
88 The EIGRP dissector could loop indefinitely.
89 Versions affected: 0.8.18 to 0.10.10
91 The ISIS dissector could overflow a buffer.
92 Versions affected: 0.8.18 to 0.10.10
94 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
95 and X.509 dissectors could overflow buffers.
96 Versions affected: 0.10.4 to 0.10.10
98 The NDPS dissector could exhaust system memory or cause an assertion,
100 Versions affected: 0.9.12 to 0.10.10
102 The Q.931 dissector could try to free a null pointer and overflow
104 Versions affected: 0.10.10
106 The IAX2 dissector could throw an assertion.
107 Versions affected: 0.10.1 to 0.10.10
109 The ICEP dissector could try to free the same memory twice.
110 Versions affected: 0.10.7 to 0.10.10
112 The MEGACO dissector was susceptible to an infinite loop and a buffer
114 Versions affected: 0.9.14 to 0.10.10
116 The DLSw dissector was susceptible to an infinite loop.
117 Versions affected: 0.9.1 to 0.10.10
119 The RPC dissector was susceptible to a null pointer exception.
120 Versions affected: 0.9.2 to 0.10.10
122 The NCP dissector could overflow a buffer or loop for a large amount
124 Versions affected: 0.10.5 to 0.10.10
126 The RADIUS dissector could throw an assertion.
127 Versions affected: 0.10.3 to 0.10.10
129 The GSM dissector could access an invalid pointer.
130 Versions affected: 0.10.10
132 The SMB PIPE dissector could throw an assertion.
133 Versions affected: 0.9.0 to 0.10.10
135 The L2TP dissector was susceptible to an infinite loop.
136 Versions affected: 0.10.9 to 0.10.10
138 The SMB NETLOGON dissector could dereference a null pointer.
139 Versions affected: 0.9.12 to 0.10.10
141 The MRDISC dissector could throw an assertion.
142 Versions affected: 0.8.19 to 0.10.10
144 The ISUP dissector could overflow a buffer or cause a segmentation fault.
145 Versions affected: 0.8.19 to 0.10.10
147 The LDAP dissector could crash.
148 Versions affected: 0.10.1 to 0.10.10
150 The TCAP dissector could overflow a buffer or throw an assertion.
151 Versions affected: 0.10.8 to 0.10.10
153 The NTLMSSP dissector could crash.
154 Versions affected: 0.9.7 to 0.10.10
157 Additionally, a number of dissectors could throw an assertion when
158 passing an invalid protocol tree item length.
159 Versions affected: 0.10.8 to 0.10.10
162 Please see the following advisory for more information:
164 http://www.ethereal.com/appnotes/enpa-sa-00019.html
166 Everyone is encouraged to upgrade.
169 New and updated features
177 Updated protocol support
181 New and updated capture file support
188 Ethereal 0.10.10 has been released.
190 This release fixes three security and stability-related issues:
192 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
195 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
196 was enabled. (CAN-2005-0705)
198 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
199 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
201 Leon Juranic discovered a buffer overflow in the IAPP dissector.
203 A bug in the JXTA dissector could make Ethereal crash.
205 A bug in the sFlow dissector could make Ethereal crash.
208 Please see the following advisory for more information:
210 http://www.ethereal.com/appnotes/enpa-sa-00018.html
212 Everyone is encouraged to upgrade.
215 New and updated features
217 Tree view item context menus now let you browse to the display filter
218 reference and wiki pages for a particular protocol.
220 Online help has been expanded.
222 VoIP call analysis (including nifty connection diagrams) has been
225 GSS-API decryption has been greatly enhanced.
230 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
231 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
234 Updated protocol support
236 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
237 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
238 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
239 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
240 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
241 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
242 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
245 New and updated capture file support
247 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
252 Ethereal 0.10.9 has been released.
254 This release fixes the following security-related issues:
256 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
258 The DLSw dissector could cause an assertion, making Ethereal exit
259 prematurely. (CAN-2005-0007)
261 The DNP dissector could cause memory corruption. (CAN-2005-0008)
263 The Gnutella dissector could cause an assertion, making Ethereal
264 exit prematurely. (CAN-2005-0009)
266 The MMSE dissector could free static memory. (CAN-2005-0010)
268 The X11 protocol dissector is vulnerable to a string buffer overflow.
271 Please see the following advisory for more information:
273 http://www.ethereal.com/appnotes/enpa-sa-00017.html
275 Everyone is encouraged to upgrade.
278 New and updated features
280 Ethereal will now detect and flag weak 802.11 WEP IVs.
282 Windows Sniffer timestamp handling has been greatly improved.
284 A bug which made Ethereal crash at startup on Windows 98 and Windows
285 ME systems has been fixed.
287 Ethereal and Tethereal now support a personal "hosts" file.
289 Invalid field length handling has been greatly improved.
291 The capture progress window title now shows the interface name.
296 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
298 Updated protocol support
300 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
301 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
302 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
303 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
304 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
305 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
306 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
307 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
310 New and updated capture file support
316 Ethereal 0.10.8 has been released.
318 This release fixes the following security-related issues:
320 Matthew Bing discovered a bug in DICOM dissection that could make
321 Ethereal crash. (CAN-2004-1139)
323 An invalid RTP timestamp could make Ethereal hang and create a large
324 temporary file, possibly filling available disk space. (CAN-2004-1140)
326 The HTTP dissector could access previously-freed memory, causing a
327 crash. (CAN-2004-1141)
329 Brian Caswell discovered that an improperly formatted SMB packet could
330 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
332 Please see the following advisory for more information:
334 http://www.ethereal.com/appnotes/enpa-sa-00016.html
336 Everyone is encouraged to upgrade.
339 New and updated features
341 Ethereal now has a packet history, similar to most web browsers.
343 Ethereal now supports custom window titles.
345 Minor performance enhancements have been added.
347 RTP analysis has been enhanced.
349 Host name resolution has been improved.
351 Ethereal can now track TCP PDU times. See
352 http://wiki.ethereal.com/TcpPduTime for more details.
354 Ethereal now ships with netscreen2dump.py, a utility which converts
355 netscreen packet-trace hex dumps to hex dumps that can be read by
361 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
362 and Session Management, GSM MAP, Extended Security Services, Logotype
363 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
364 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
365 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
368 Updated protocol support
370 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
371 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
372 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
373 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
374 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
375 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
376 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
377 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
378 X.509af, X.509ce, X.509if, X.509sat,
381 New and updated capture file support
388 Ethereal 0.10.7 has been released.
390 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
391 libraries which fix several known bugs. Unfortunately, a few known
392 GLib/GTK+ bugs remain.
394 In order to avoid a naming conflict with the tcpreplay project, the
395 "capinfo" utility has been renamed to "capinfos".
398 New and updated features
400 Search wrapping is now a configurable option.
402 A lot of material has been added to the Developer's Guide. The User's Guide
403 has been updated as well.
405 The "Decode As..." dialog now supports DCERPC and SCTP.
407 The "Help" menu now includes a link to the wiki.
409 H.323 call analysis is now supported.
414 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
415 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
416 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
419 Updated protocol support
421 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
422 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
423 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
424 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
425 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
426 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
427 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
430 New and updated capture file support
432 HP-UX nettl, NG Sniffer
437 Ethereal 0.10.6 has been released.
439 This release fixes a preferences bug present in Ethereal which displayed
441 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
442 (gtk_window_resize): assertion `height > 0' failed
444 at program startup. A workaround for 0.10.5 is described in
446 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
448 A new command-line utility called "capinfo" has been added to the
449 distribution which prints statistics about capture files.
451 You can now copy conversation and endpoint data to other applications as
455 New and updated features
457 X.509 support has been added.
459 Crash bugs have been fixed in the RTP and NCP dissectors.
461 PostScript(r) output has been improved.
463 A bug that prevented mergecap from creating a new output file has been
466 Conversation and endpoint performance has been enhanced. General packet
467 display performance has been enhanced.
469 The conversation and host list tools have been renamed to be less
472 You can now copy conversation and host list data as CSV data.
474 RTP analysis can now dynamically determine the proper clock rate.
479 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
480 X.509AF, X.509CE, X.509IF, X.509SAT
483 Updated protocol support
485 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
486 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
487 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
488 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
491 New and updated capture file support
498 Ethereal 0.10.5 has been released.
501 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
504 http://www.ethereal.com/appnotes/enpa-sa-00015.html
506 Everyone is encouraged to upgrade.
509 New and updated features
511 Ethereal can now merge multiple files (you don't have to resort to
512 mergecap on the command line).
514 A preview pane has been added to the file dialog.
516 The capture progress dialog can now be disabled.
518 The about dialog has received further improvements.
520 The behavior of Ethereal's dialog windows has been normalized somewhat.
522 The Windows installer can now associate standard file extensions
525 Ethereal can be configured not to bug you about unsaved captures.
527 Ethereal can open help documentation using the default web browser.
532 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
535 Updated protocol support
537 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
538 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
539 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
540 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
541 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
542 VRRP, WBXML (User-Agent Profile), WSP, X11
545 New and updated capture file support
552 Ethereal 0.10.4 has been released.
554 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
555 the following advisory:
557 http://www.ethereal.com/appnotes/enpa-sa-00014.html
559 Everyone is encouraged to upgrade.
562 New and updated features
564 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
567 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
569 PostScript(R) output has been improved.
571 The screen layout of the main window can be changed by Preferences now.
573 Many other parts of the user interface have received improvements.
575 Compressed and chunked transfer-coded HTTP bodies are now decoded.
577 A new generic media dissector more cleanly handles HTTP and WSP
578 Content-Type information.
583 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
584 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
587 Updated protocol support
589 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
590 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
591 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
592 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
593 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
594 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
604 Ethereal 0.10.3 has been released.
606 This release fixes several security bugs described in the following
609 http://www.ethereal.com/appnotes/enpa-sa-00013.html
611 Everyone is encouraged to upgrade.
614 New and updated features
616 Display filters now support the bitwise and (&) operator.
618 Protocol hierarchy statistics now have bandwidth columns.
620 The capture dialog has a new layout.
625 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
626 MQ, Presentation, SLSK,
629 Updated protocol support
631 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
632 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
633 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
634 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
635 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
636 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
637 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
642 EyeSDN, libpcap (tcpdump)
647 Ethereal 0.10.2 has been released.
649 This release fixes two major bugs in 0.10.1:
651 Under Windows, the error
653 ** WARNING **: error opening
654 /usr/local/share/ethereal/asn1/default.tt, No such file or
657 would be printed at startup.
659 The 0.10.1 source release was missing several files required for
663 New and updated features
665 The user interface has received further updates. The Statistics
667 layout has been improved, as well as the capture options dialog
673 Cisco Cast Client Control Protocol
676 Updated protocol support
678 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
680 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
686 Ethereal 0.10.1 has been released.
689 New and updated features
691 The Windows installer now lets you choose between the traditional
693 version 1 interface and a new GTK+ 2 interface.
695 Several updates were made to Ethereal's user interface. The "File"
697 now has a "most recently used" list. The help menu was greatly
700 The "matches" operator now handles more data types. For example,
704 smtp matches joespammer@example.com
708 I/O statistics now support 1ms resolution.
712 A column resorting crash on the Windows platform was fixed.
716 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
718 Updated protocol support
720 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
722 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
723 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
725 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
727 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
728 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
729 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
731 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
733 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
735 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
737 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
740 Updated capture file support
742 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
748 Ethereal 0.10.0 has been released.
750 This release fixes issues in the SMB and Q.931 dissectors that could
751 make Ethereal and Tethereal crash. See
753 http://www.ethereal.com/appnotes/enpa-sa-00012.html
757 New and updated features
759 Many performance improvements have been made to the code. Most
761 should see a 2x to 3x performance increase when loading and working
765 A "matches" display filter operator has been added. It is similar
767 the "contains" operator, but supports Perl-compatible regular
770 Tethereal can now dump packet data in XML (PDML) format.
772 The main application menus have been rearranged and the help windows
773 have been revamped, along with a host of other UI enhancements.
775 The capture progress window now features bar graphs.
777 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
779 installer have been updated.
783 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
785 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
787 Updated protocol support
789 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
791 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
793 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
795 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
796 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
797 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
799 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
802 Updated capture file support
804 AiroPeek v9 (2.x) support was added. Network Instruments Observer
806 Snoop support was updated.
811 Ethereal 0.9.16 has been released.
813 This release fixes potential security issues with the GTP, ISAKMP,
814 MEGACO, and SOCKS dissectors. See
816 http://www.ethereal.com/appnotes/enpa-sa-00011.html
820 New and updated features
822 Ethereal has leapt forward into the 90's and added a toolbar.
824 Ethereal and Tethereal can now force the data link type of captured
827 RTP analysis has been enhanced.
829 Individual frames can now be marked as time references
831 Service response time and general I/O statistics have been enhanced.
833 statistics can now calculate client load (experimental).
837 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
838 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
840 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
841 (OTA), T.38, TCAP, TPCP
843 Updated protocol support
845 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
847 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
848 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
850 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
851 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
852 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
854 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
856 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
857 X.25, Yahoo! Messenger
860 Updated capture file support
862 Linux Bluez Bluetooth hcidump support has been added.
864 Endace ERF and Network Instruments Observer, and NetXRay support has
870 Ethereal 0.9.15 has been released.
872 New and updated features
874 Many often-requested features have been added with this release. If
875 you're running an older version of Ethereal you may want to have a
878 Conversation List (aka "top talker") support has been added to
880 and Tethereal. Protocol statistics in general have been updated.
882 Searching capture files has been improved even more -- a new
884 display filter operator that searches for strings in PDUs has been
885 added. The Find dialog now supports case-insensitive searches, hex
889 An H.225 dissector has been added. It can automatically recognize
891 and RTCP conversations.
893 A preference file has been added for disabled protocols.
895 Color filters may now be imported and exported from within Ethereal.
897 A new column type has been added for cumulative bytes.
902 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
907 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
909 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
911 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
912 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
916 Updated capture file support
918 Support for Accellent 5Views and Endace ERF capture files was added.
919 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
924 Ethereal 0.9.14 has been released.
926 New and updated features
928 The ringbuffer code has been (nearly) completely rewritten. It now
929 supports an unlimited number of files.
931 Ethereal now supports searching for arbitrary text and binary data
935 Service response time statistics have been enhanced.
937 Tethereal, the text-mode version of Ethereal, can now be compiled
938 without capture support.
941 New and updated features
943 Echo, eDonkey, Jabber, MS Messenger, sFlow
948 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
950 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
952 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
954 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
959 Updated capture file support
966 Ethereal 0.9.13 has been released.
968 This release fixes a large number of security issues discovered by
970 Sirainen and others. See
972 http://www.ethereal.com/appnotes/enpa-sa-00010.html
976 New and updated features
978 Ethereal now supports a system-wide color filter file.
980 Support for the GNU ADNS library has been added. ADNS allows
981 asynchronous DNS lookups.
983 "Decode As..." functionality has been added to Tethereal via the "-
987 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
989 shown in the protocol tree.
993 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
997 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
999 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1000 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1001 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1005 Updated capture file support
1007 HP-UX nettl, VMS UCX$TRACE
1012 Ethereal 0.9.12 has been released.
1014 This release fixes several off-by-one and integer overflow errors
1015 discovered by Timo Sirainen. See
1017 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1021 New and updated features
1023 TCP sequence number analysis received a few improvements.
1025 General packet reassembly has been improved.
1027 The "Follow TCP Stream" window now allows you to filter out the
1031 The Vines code received significant updates.
1033 Several enhancements were made to the text2pcap utility.
1037 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1041 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1043 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1045 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1047 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1049 TCP, Telnet, Vines, WBXML, WSP, WTP
1051 Updated capture file support
1058 Ethereal 0.9.11 has been released.
1060 The Ethereal 0.9.10 release was packaged improperly. This release
1062 the packaging, and adds minor updates and fixes for the following
1065 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1067 IA64 support has been improved.
1072 Ethereal 0.9.10 has been released.
1074 This release fixes a security hole discovered by Georgi Guninski in
1076 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1077 All users of previous versions are encouraged to upgrade. See
1079 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1084 New and Updated Features
1086 Many small updates were made to the user interface.
1088 The "Help" menu now includes the FAQ.
1090 The TCP dissector was enhanced. Many more fields are filterable.
1092 Tethereal received more IO stats: TCP and UDP top talkers.
1094 Packet reassembly has been improved.
1096 The "Follow TCP Stream" feature can now export C byte arrays.
1098 RTP streams can now be saved to a file.
1103 A missing comma in a string array could cause Ethereal to crash when
1104 opening the preferences dialog.
1109 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1114 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1116 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1117 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1119 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1120 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1122 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1123 Wellfleet BofL X.25, X11
1126 Updated Capture File Support
1128 NetXRay, NGSniffer, Snoop
1133 Ethereal 0.9.9 has been released.
1135 Please note the next release will NOT be 1.0. There are still more
1136 features to be added before a 1.0 release will be ready.
1139 New and Updated Features
1141 Plugin search behavior was improved under Unix, allowing more than
1143 version of Ethereal to be installed at one time.
1145 The statistics graphs have been enhanced. More statistics have been
1148 Round-trip-time statistics are now computed for SMB traffic.
1150 NCP Call and Reply times are now tracked.
1152 Top talker statistics for Ethernet, IP and Token Ring are now
1153 available (tethereal only).
1155 Color allocation and handling was improved.
1157 The RADIUS dissector can now decrypt user passwords.
1159 Tethereal now supports reading from a pipe under Unix.
1161 The ATM code received major improvements.
1163 The DOS Sniffer code also received major improvements.
1165 For those that compile Ethereal from source, some fixes and updates
1166 have been made to the configuration and build environment.
1171 The capture progress window now shows the correct number of elapsed
1174 A potential infinite loop in the TCP graphing code has been fixed.
1179 MDSHDR, MEGACO, MySQL, SDLC, X.29
1184 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1186 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1188 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1189 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1191 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1194 Updated Capture File Support
1196 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1201 Ethereal 0.9.8 has been released.
1203 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1207 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1212 New and Updated Features
1214 The TAP subsystem received major updates. Tethereal can display
1215 more statistics, and several graphs have been added to Ethereal.
1217 A protocol hierarchy statistics tap was added to tethereal. This
1219 may be used to replace the hierarchy statistics code in Ethereal.
1221 More updates have been added to TCP analysis.
1223 After a long hiatus, the Windows installer once again includes SNMP
1226 The total running time of the capture is now displayed in the
1228 progress dialog box. The capture progress dialog also shows ARP
1231 The look of the plugins dialog was revamped.
1234 Bug Fixes and Updates
1236 A bug which caused Ethereal under Windows to crash when "Update list
1238 packets in real time" was enabled has been fixed.
1240 The stability of the text2pcap utility has been improved.
1242 In tethereal, the packet count is properly displayed when you ^C out
1249 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1256 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1257 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1258 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1260 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1261 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1266 Updated Capture File Support
1268 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1271 == September 28, 2002
1273 Ethereal 0.9.7 has been released.
1277 In order to improve the out-of-box responsiveness of Ethereal and
1278 Tethereal, network name resolution has been disabled by default.
1280 TCP analysis (a feature added in the 0.9.6 release) was improved.
1282 The NCP code base received quite a few updates.
1284 Initial support for version 2 of the GTK+ library was added.
1286 RPC staticstics (which use the new Tap API) were added.
1288 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1289 protocols, Ethereal can now dissect most of the security blobs for
1290 Windows 2000 authentication.
1292 The Ethernet "manuf" file now handles addresses specified with a
1293 mask, and contains many well-known addresses.
1298 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1300 SCCP-Management, SPNEGO
1302 The following DCE/RPC protocols were also added:
1304 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1306 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1308 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1309 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1314 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1316 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1318 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1320 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1326 Ethereal 0.9.6 has been released.
1330 A buffer overflow in the ISIS dissector has been fixed. More
1331 information can be found at
1332 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1334 A bad TCP header could cause problems for the "Follow TCP Stream"
1337 Setting "column.format" from the command line no longer crashes
1338 Ethereal and Tethereal.
1340 Problems with capture files being overwritten (e.g. if you try to
1342 the current capture file) have been fixed.
1344 An SMB conversation handling bug has been fixed.
1346 Thanks to Valgrind, several memory leaks have been fixed.
1348 Some problems with printing under Windows have been fixed.
1353 TCP sequence number analysis has been added.
1355 The DCE RPC NETLOGON dissector has received a major overhaul.
1357 Data types throughout the code have been cleaned up.
1362 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1367 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1369 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1371 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1373 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1374 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1377 Capture File Updates
1379 CheckPoint Firewall-1 monitor file support and CoSine debug file
1381 were added. Support for pppdump and Netmon files was updated.
1386 Ethereal 0.9.5 has been released. This version fixes several potential
1387 security problems revealed since the release of 0.9.4. See the
1389 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1395 The ability to read packet data from a pipe was enhanced. Printing
1396 under Windows now works.
1401 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1406 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1407 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1408 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1412 Capture File Updates
1414 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1415 NetXRay, and libpcap code all received updates.