5 Ethereal 0.10.12 has been released.
7 Our testing program has turned up several more security issues:
9 The LDAP dissector could free static memory and crash.
10 Versions affected: 0.8.5 to 0.10.11
12 The AgentX dissector could crash.
13 Versions affected: 0.10.10 to 0.10.11
15 The 802.3 dissector could go into an infinite loop.
16 Versions affected: 0.8.16 to 0.10.11
18 The PER dissector could abort.
19 Versions affected: 0.10.5 to 0.10.11
21 The DHCP dissector could go into an infinite loop.
22 Versions affected: 0.10.7 to 0.10.11
24 The BER dissector could abort or loop infinitely.
25 Version affected: 0.10.11
27 The MEGACO dissector could go into an infinite loop.
28 Versions affected: 0.9.14 to 0.10.11
30 The GIOP dissector could dereference a null pointer.
31 Versions affected: 0.8.20 to 0.10.11
33 The SMB dissector was susceptible to a buffer overflow.
34 Versions affected: 0.9.12 to 0.10.11
36 The WBXML could dereference a null pointer.
37 Versions affected: 0.10.1 to 0.10.11
39 The H1 dissector could go into an infinite loop.
40 Versions affected: 0.8.15 to 0.10.11
42 The DOCSIS dissector could cause a crash.
43 Versions affected: 0.9.13 to 0.10.11
45 The SMPP dissector could go into an infinite loop.
46 Versions affected: 0.10.1 to 0.10.11
48 The AFP dissector was susceptible to a format string overflow.
49 Versions affected: 0.9.4 to 0.10.11
51 SCTP graphs could crash.
52 Version affected: 0.10.11
54 The HTTP dissector could crash.
55 Versions affected: 0.10.4 to 0.10.11
57 The SMB dissector could go into a large loop.
58 Versions affected: 0.9.0 to 0.10.11
60 The DCERPC dissector could crash.
61 Versions affected: 0.9.16 to 0.10.11.
63 Several dissectors could crash while reassembling packets.
64 Versions affected: 0.9.0 to 0.10.11
69 A separate review by Steve Grubb at Red Hat turned up the following
72 The CAMEL dissector could dereference a null pointer.
73 Version affected: 0.10.11
75 The DHCP dissector could crash.
76 Versions affected: 0.10.4 to 0.10.11
78 The CAMEL dissector could crash.
79 Versions affected: 0.10.10 to 0.10.11
81 The PER dissector could crash.
82 Versions affected: 0.10.10 to 0.10.11
84 The RADIUS dissector could crash.
85 Versions affected: 0.9.4 to 0.10.11
87 The Telnet dissector could crash.
88 Versions affected: 0.9.10 to 0.10.11
90 The IS-IS LSP dissector could crash.
91 Versions affected: 0.8.19 to 0.10.11
93 The NCP dissector could crash.
94 Versions affected: 0.9.15 to 0.10.11
100 Ethereal uses the zlib compression library. Security vulnerabilities
101 have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
102 now ships with zlib 1.2.3, which fixes these vulnerabilities.
105 Please see the following advisory for more information:
107 http://www.ethereal.com/appnotes/enpa-sa-00020.html
109 Everyone is encouraged to upgrade.
112 New and updated features
114 The Windows installer now includes the WinPcap 3.0 installer. You don't
115 have to download and install it separately.
117 RADIUS dictionaries are now included.
119 Flow graphs can now be created for any protocol.
121 Memory management has been greatly improved.
123 JXTA has been added to the conversations menu.
129 AudioCodes trunk trace,
141 WLAN Certificate Extensions,
144 Updated protocol support
247 New and updated capture file support
249 HP Nettl, Tektronix K12
254 Ethereal 0.10.11 has been released.
256 An aggressive testing program as well as independent discovery has turned
257 up a multitude of security issues:
259 The ANSI A dissector was susceptible to format string vulnerabilities.
260 Discovered by Bryan Fulton.
261 Versions affected: 0.9.15 to 0.10.10
263 The GSM MAP dissector could crash.
264 Versions affected: 0.10.0 to 0.10.10
266 The AIM dissector could cause a crash.
267 Versions affected: 0.9.14 to 0.10.10
269 The DISTCC dissector was susceptible to a buffer overflow.
270 Discovered by Ilja van Sprundel
271 Versions affected: 0.9.13 to 0.10.10
273 The FCELS dissector was susceptible to a buffer overflow.
274 Discovered by Neil Kettle
275 Versions affected: 0.9.9 to 0.10.10
277 The SIP dissector was susceptible to a buffer overflow.
278 Discovered by Ejovi Nuwere.
279 Versions affected: 0.10.0 to 0.10.10
281 The KINK dissector was susceptible to a null pointer exception,
282 endless looping, and other problems.
283 Versions affected: 0.10.10
285 The LMP dissector was susceptible to an endless loop.
286 Versions affected: 0.9.4 to 0.10.10
288 The Telnet dissector could abort.
289 Versions affected: 0.9.10 to 0.10.10
291 The TZSP dissector could cause a segmentation fault.
292 Versions affected: 0.10.10 to 0.10.10
294 The WSP dissector was susceptible to a null pointer exception and
296 Versions affected: 0.10.0 to 0.10.10
298 The 802.3 Slow protocols dissector could throw an assertion.
299 Versions affected: 0.10.10
301 The BER dissector could throw assertions.
302 Versions affected: 0.10.2 to 0.10.10
304 The SMB Mailslot dissector was susceptible to a null pointer exception
305 and could throw assertions.
306 Versions affected: 0.9.0 to 0.10.10
308 The H.245 dissector was susceptible to a null pointer exception.
309 Versions affected: 0.10.10
311 The Bittorrent dissector could cause a segmentation fault.
312 Versions affected: 0.10.8 to 0.10.10
314 The SMB dissector could cause a segmentation fault and throw assertions.
315 Versions affected: 0.9.0 to 0.10.10
317 The Fibre Channel dissector could cause a crash.
318 Versions affected: 0.9.9 to 0.10.10
320 The DICOM dissector could attempt to allocate large amounts of memory.
321 Versions affected: 0.10.4 to 0.10.10
323 The MGCP dissector was susceptible to a null pointer exception, could
324 loop indefinitely, and segfault.
325 Versions affected: 0.8.14 to 0.10.10
327 The RSVP dissector could loop indefinitely.
328 Versions affected: 0.9.8 to 0.10.10
330 The DHCP dissector was susceptible to format string vulnerabilities, and
332 Versions affected: 0.10.7 to 0.10.10
334 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
335 Versions affected: 0.9.8 to 0.10.10
337 The EIGRP dissector could loop indefinitely.
338 Versions affected: 0.8.18 to 0.10.10
340 The ISIS dissector could overflow a buffer.
341 Versions affected: 0.8.18 to 0.10.10
343 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
344 and X.509 dissectors could overflow buffers.
345 Versions affected: 0.10.4 to 0.10.10
347 The NDPS dissector could exhaust system memory or cause an assertion,
349 Versions affected: 0.9.12 to 0.10.10
351 The Q.931 dissector could try to free a null pointer and overflow
353 Versions affected: 0.10.10
355 The IAX2 dissector could throw an assertion.
356 Versions affected: 0.10.1 to 0.10.10
358 The ICEP dissector could try to free the same memory twice.
359 Versions affected: 0.10.7 to 0.10.10
361 The MEGACO dissector was susceptible to an infinite loop and a buffer
363 Versions affected: 0.9.14 to 0.10.10
365 The DLSw dissector was susceptible to an infinite loop.
366 Versions affected: 0.9.1 to 0.10.10
368 The RPC dissector was susceptible to a null pointer exception.
369 Versions affected: 0.9.2 to 0.10.10
371 The NCP dissector could overflow a buffer or loop for a large amount
373 Versions affected: 0.10.5 to 0.10.10
375 The RADIUS dissector could throw an assertion.
376 Versions affected: 0.10.3 to 0.10.10
378 The GSM dissector could access an invalid pointer.
379 Versions affected: 0.10.10
381 The SMB PIPE dissector could throw an assertion.
382 Versions affected: 0.9.0 to 0.10.10
384 The L2TP dissector was susceptible to an infinite loop.
385 Versions affected: 0.10.9 to 0.10.10
387 The SMB NETLOGON dissector could dereference a null pointer.
388 Versions affected: 0.9.12 to 0.10.10
390 The MRDISC dissector could throw an assertion.
391 Versions affected: 0.8.19 to 0.10.10
393 The ISUP dissector could overflow a buffer or cause a segmentation fault.
394 Versions affected: 0.8.19 to 0.10.10
396 The LDAP dissector could crash.
397 Versions affected: 0.10.1 to 0.10.10
399 The TCAP dissector could overflow a buffer or throw an assertion.
400 Versions affected: 0.10.8 to 0.10.10
402 The NTLMSSP dissector could crash.
403 Versions affected: 0.9.7 to 0.10.10
406 Additionally, a number of dissectors could throw an assertion when
407 passing an invalid protocol tree item length.
408 Versions affected: 0.10.8 to 0.10.10
411 Please see the following advisory for more information:
413 http://www.ethereal.com/appnotes/enpa-sa-00019.html
415 Everyone is encouraged to upgrade.
418 New and updated features
426 Updated protocol support
430 New and updated capture file support
437 Ethereal 0.10.10 has been released.
439 This release fixes three security and stability-related issues:
441 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
444 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
445 was enabled. (CAN-2005-0705)
447 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
448 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
450 Leon Juranic discovered a buffer overflow in the IAPP dissector.
452 A bug in the JXTA dissector could make Ethereal crash.
454 A bug in the sFlow dissector could make Ethereal crash.
457 Please see the following advisory for more information:
459 http://www.ethereal.com/appnotes/enpa-sa-00018.html
461 Everyone is encouraged to upgrade.
464 New and updated features
466 Tree view item context menus now let you browse to the display filter
467 reference and wiki pages for a particular protocol.
469 Online help has been expanded.
471 VoIP call analysis (including nifty connection diagrams) has been
474 GSS-API decryption has been greatly enhanced.
479 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
480 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
483 Updated protocol support
485 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
486 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
487 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
488 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
489 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
490 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
491 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
494 New and updated capture file support
496 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
501 Ethereal 0.10.9 has been released.
503 This release fixes the following security-related issues:
505 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
507 The DLSw dissector could cause an assertion, making Ethereal exit
508 prematurely. (CAN-2005-0007)
510 The DNP dissector could cause memory corruption. (CAN-2005-0008)
512 The Gnutella dissector could cause an assertion, making Ethereal
513 exit prematurely. (CAN-2005-0009)
515 The MMSE dissector could free static memory. (CAN-2005-0010)
517 The X11 protocol dissector is vulnerable to a string buffer overflow.
520 Please see the following advisory for more information:
522 http://www.ethereal.com/appnotes/enpa-sa-00017.html
524 Everyone is encouraged to upgrade.
527 New and updated features
529 Ethereal will now detect and flag weak 802.11 WEP IVs.
531 Windows Sniffer timestamp handling has been greatly improved.
533 A bug which made Ethereal crash at startup on Windows 98 and Windows
534 ME systems has been fixed.
536 Ethereal and Tethereal now support a personal "hosts" file.
538 Invalid field length handling has been greatly improved.
540 The capture progress window title now shows the interface name.
545 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
547 Updated protocol support
549 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
550 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
551 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
552 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
553 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
554 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
555 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
556 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
559 New and updated capture file support
565 Ethereal 0.10.8 has been released.
567 This release fixes the following security-related issues:
569 Matthew Bing discovered a bug in DICOM dissection that could make
570 Ethereal crash. (CAN-2004-1139)
572 An invalid RTP timestamp could make Ethereal hang and create a large
573 temporary file, possibly filling available disk space. (CAN-2004-1140)
575 The HTTP dissector could access previously-freed memory, causing a
576 crash. (CAN-2004-1141)
578 Brian Caswell discovered that an improperly formatted SMB packet could
579 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
581 Please see the following advisory for more information:
583 http://www.ethereal.com/appnotes/enpa-sa-00016.html
585 Everyone is encouraged to upgrade.
588 New and updated features
590 Ethereal now has a packet history, similar to most web browsers.
592 Ethereal now supports custom window titles.
594 Minor performance enhancements have been added.
596 RTP analysis has been enhanced.
598 Host name resolution has been improved.
600 Ethereal can now track TCP PDU times. See
601 http://wiki.ethereal.com/TcpPduTime for more details.
603 Ethereal now ships with netscreen2dump.py, a utility which converts
604 netscreen packet-trace hex dumps to hex dumps that can be read by
610 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
611 and Session Management, GSM MAP, Extended Security Services, Logotype
612 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
613 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
614 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
617 Updated protocol support
619 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
620 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
621 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
622 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
623 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
624 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
625 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
626 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
627 X.509af, X.509ce, X.509if, X.509sat,
630 New and updated capture file support
637 Ethereal 0.10.7 has been released.
639 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
640 libraries which fix several known bugs. Unfortunately, a few known
641 GLib/GTK+ bugs remain.
643 In order to avoid a naming conflict with the tcpreplay project, the
644 "capinfo" utility has been renamed to "capinfos".
647 New and updated features
649 Search wrapping is now a configurable option.
651 A lot of material has been added to the Developer's Guide. The User's Guide
652 has been updated as well.
654 The "Decode As..." dialog now supports DCERPC and SCTP.
656 The "Help" menu now includes a link to the wiki.
658 H.323 call analysis is now supported.
663 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
664 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
665 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
668 Updated protocol support
670 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
671 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
672 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
673 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
674 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
675 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
676 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
679 New and updated capture file support
681 HP-UX nettl, NG Sniffer
686 Ethereal 0.10.6 has been released.
688 This release fixes a preferences bug present in Ethereal which displayed
690 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
691 (gtk_window_resize): assertion `height > 0' failed
693 at program startup. A workaround for 0.10.5 is described in
695 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
697 A new command-line utility called "capinfo" has been added to the
698 distribution which prints statistics about capture files.
700 You can now copy conversation and endpoint data to other applications as
704 New and updated features
706 X.509 support has been added.
708 Crash bugs have been fixed in the RTP and NCP dissectors.
710 PostScript(r) output has been improved.
712 A bug that prevented mergecap from creating a new output file has been
715 Conversation and endpoint performance has been enhanced. General packet
716 display performance has been enhanced.
718 The conversation and host list tools have been renamed to be less
721 You can now copy conversation and host list data as CSV data.
723 RTP analysis can now dynamically determine the proper clock rate.
728 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
729 X.509AF, X.509CE, X.509IF, X.509SAT
732 Updated protocol support
734 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
735 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
736 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
737 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
740 New and updated capture file support
747 Ethereal 0.10.5 has been released.
750 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
753 http://www.ethereal.com/appnotes/enpa-sa-00015.html
755 Everyone is encouraged to upgrade.
758 New and updated features
760 Ethereal can now merge multiple files (you don't have to resort to
761 mergecap on the command line).
763 A preview pane has been added to the file dialog.
765 The capture progress dialog can now be disabled.
767 The about dialog has received further improvements.
769 The behavior of Ethereal's dialog windows has been normalized somewhat.
771 The Windows installer can now associate standard file extensions
774 Ethereal can be configured not to bug you about unsaved captures.
776 Ethereal can open help documentation using the default web browser.
781 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
784 Updated protocol support
786 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
787 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
788 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
789 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
790 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
791 VRRP, WBXML (User-Agent Profile), WSP, X11
794 New and updated capture file support
801 Ethereal 0.10.4 has been released.
803 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
804 the following advisory:
806 http://www.ethereal.com/appnotes/enpa-sa-00014.html
808 Everyone is encouraged to upgrade.
811 New and updated features
813 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
816 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
818 PostScript(R) output has been improved.
820 The screen layout of the main window can be changed by Preferences now.
822 Many other parts of the user interface have received improvements.
824 Compressed and chunked transfer-coded HTTP bodies are now decoded.
826 A new generic media dissector more cleanly handles HTTP and WSP
827 Content-Type information.
832 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
833 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
836 Updated protocol support
838 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
839 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
840 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
841 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
842 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
843 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
853 Ethereal 0.10.3 has been released.
855 This release fixes several security bugs described in the following
858 http://www.ethereal.com/appnotes/enpa-sa-00013.html
860 Everyone is encouraged to upgrade.
863 New and updated features
865 Display filters now support the bitwise and (&) operator.
867 Protocol hierarchy statistics now have bandwidth columns.
869 The capture dialog has a new layout.
874 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
875 MQ, Presentation, SLSK,
878 Updated protocol support
880 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
881 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
882 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
883 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
884 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
885 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
886 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
891 EyeSDN, libpcap (tcpdump)
896 Ethereal 0.10.2 has been released.
898 This release fixes two major bugs in 0.10.1:
900 Under Windows, the error
902 ** WARNING **: error opening
903 /usr/local/share/ethereal/asn1/default.tt, No such file or
906 would be printed at startup.
908 The 0.10.1 source release was missing several files required for
912 New and updated features
914 The user interface has received further updates. The Statistics
916 layout has been improved, as well as the capture options dialog
922 Cisco Cast Client Control Protocol
925 Updated protocol support
927 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
929 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
935 Ethereal 0.10.1 has been released.
938 New and updated features
940 The Windows installer now lets you choose between the traditional
942 version 1 interface and a new GTK+ 2 interface.
944 Several updates were made to Ethereal's user interface. The "File"
946 now has a "most recently used" list. The help menu was greatly
949 The "matches" operator now handles more data types. For example,
953 smtp matches joespammer@example.com
957 I/O statistics now support 1ms resolution.
961 A column resorting crash on the Windows platform was fixed.
965 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
967 Updated protocol support
969 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
971 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
972 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
974 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
976 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
977 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
978 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
980 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
982 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
984 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
986 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
989 Updated capture file support
991 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
997 Ethereal 0.10.0 has been released.
999 This release fixes issues in the SMB and Q.931 dissectors that could
1000 make Ethereal and Tethereal crash. See
1002 http://www.ethereal.com/appnotes/enpa-sa-00012.html
1006 New and updated features
1008 Many performance improvements have been made to the code. Most
1010 should see a 2x to 3x performance increase when loading and working
1014 A "matches" display filter operator has been added. It is similar
1016 the "contains" operator, but supports Perl-compatible regular
1019 Tethereal can now dump packet data in XML (PDML) format.
1021 The main application menus have been rearranged and the help windows
1022 have been revamped, along with a host of other UI enhancements.
1024 The capture progress window now features bar graphs.
1026 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
1028 installer have been updated.
1030 New protocol support
1032 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
1034 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
1036 Updated protocol support
1038 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
1040 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
1042 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
1044 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
1045 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
1046 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
1048 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
1051 Updated capture file support
1053 AiroPeek v9 (2.x) support was added. Network Instruments Observer
1055 Snoop support was updated.
1060 Ethereal 0.9.16 has been released.
1062 This release fixes potential security issues with the GTP, ISAKMP,
1063 MEGACO, and SOCKS dissectors. See
1065 http://www.ethereal.com/appnotes/enpa-sa-00011.html
1069 New and updated features
1071 Ethereal has leapt forward into the 90's and added a toolbar.
1073 Ethereal and Tethereal can now force the data link type of captured
1076 RTP analysis has been enhanced.
1078 Individual frames can now be marked as time references
1080 Service response time and general I/O statistics have been enhanced.
1082 statistics can now calculate client load (experimental).
1084 New protocol support
1086 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
1087 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
1089 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
1090 (OTA), T.38, TCAP, TPCP
1092 Updated protocol support
1094 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
1096 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
1097 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
1099 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
1100 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
1101 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
1103 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
1105 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
1106 X.25, Yahoo! Messenger
1109 Updated capture file support
1111 Linux Bluez Bluetooth hcidump support has been added.
1113 Endace ERF and Network Instruments Observer, and NetXRay support has
1117 == September 9, 2003
1119 Ethereal 0.9.15 has been released.
1121 New and updated features
1123 Many often-requested features have been added with this release. If
1124 you're running an older version of Ethereal you may want to have a
1127 Conversation List (aka "top talker") support has been added to
1129 and Tethereal. Protocol statistics in general have been updated.
1131 Searching capture files has been improved even more -- a new
1133 display filter operator that searches for strings in PDUs has been
1134 added. The Find dialog now supports case-insensitive searches, hex
1138 An H.225 dissector has been added. It can automatically recognize
1140 and RTCP conversations.
1142 A preference file has been added for disabled protocols.
1144 Color filters may now be imported and exported from within Ethereal.
1146 A new column type has been added for cumulative bytes.
1151 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
1156 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
1158 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
1160 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
1161 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
1165 Updated capture file support
1167 Support for Accellent 5Views and Endace ERF capture files was added.
1168 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
1173 Ethereal 0.9.14 has been released.
1175 New and updated features
1177 The ringbuffer code has been (nearly) completely rewritten. It now
1178 supports an unlimited number of files.
1180 Ethereal now supports searching for arbitrary text and binary data
1184 Service response time statistics have been enhanced.
1186 Tethereal, the text-mode version of Ethereal, can now be compiled
1187 without capture support.
1190 New and updated features
1192 Echo, eDonkey, Jabber, MS Messenger, sFlow
1197 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
1199 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
1201 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
1203 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
1208 Updated capture file support
1215 Ethereal 0.9.13 has been released.
1217 This release fixes a large number of security issues discovered by
1219 Sirainen and others. See
1221 http://www.ethereal.com/appnotes/enpa-sa-00010.html
1225 New and updated features
1227 Ethereal now supports a system-wide color filter file.
1229 Support for the GNU ADNS library has been added. ADNS allows
1230 asynchronous DNS lookups.
1232 "Decode As..." functionality has been added to Tethereal via the "-
1236 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
1238 shown in the protocol tree.
1242 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
1246 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
1248 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1249 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1250 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1254 Updated capture file support
1256 HP-UX nettl, VMS UCX$TRACE
1261 Ethereal 0.9.12 has been released.
1263 This release fixes several off-by-one and integer overflow errors
1264 discovered by Timo Sirainen. See
1266 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1270 New and updated features
1272 TCP sequence number analysis received a few improvements.
1274 General packet reassembly has been improved.
1276 The "Follow TCP Stream" window now allows you to filter out the
1280 The Vines code received significant updates.
1282 Several enhancements were made to the text2pcap utility.
1286 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1290 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1292 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1294 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1296 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1298 TCP, Telnet, Vines, WBXML, WSP, WTP
1300 Updated capture file support
1307 Ethereal 0.9.11 has been released.
1309 The Ethereal 0.9.10 release was packaged improperly. This release
1311 the packaging, and adds minor updates and fixes for the following
1314 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1316 IA64 support has been improved.
1321 Ethereal 0.9.10 has been released.
1323 This release fixes a security hole discovered by Georgi Guninski in
1325 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1326 All users of previous versions are encouraged to upgrade. See
1328 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1333 New and Updated Features
1335 Many small updates were made to the user interface.
1337 The "Help" menu now includes the FAQ.
1339 The TCP dissector was enhanced. Many more fields are filterable.
1341 Tethereal received more IO stats: TCP and UDP top talkers.
1343 Packet reassembly has been improved.
1345 The "Follow TCP Stream" feature can now export C byte arrays.
1347 RTP streams can now be saved to a file.
1352 A missing comma in a string array could cause Ethereal to crash when
1353 opening the preferences dialog.
1358 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1363 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1365 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1366 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1368 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1369 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1371 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1372 Wellfleet BofL X.25, X11
1375 Updated Capture File Support
1377 NetXRay, NGSniffer, Snoop
1382 Ethereal 0.9.9 has been released.
1384 Please note the next release will NOT be 1.0. There are still more
1385 features to be added before a 1.0 release will be ready.
1388 New and Updated Features
1390 Plugin search behavior was improved under Unix, allowing more than
1392 version of Ethereal to be installed at one time.
1394 The statistics graphs have been enhanced. More statistics have been
1397 Round-trip-time statistics are now computed for SMB traffic.
1399 NCP Call and Reply times are now tracked.
1401 Top talker statistics for Ethernet, IP and Token Ring are now
1402 available (tethereal only).
1404 Color allocation and handling was improved.
1406 The RADIUS dissector can now decrypt user passwords.
1408 Tethereal now supports reading from a pipe under Unix.
1410 The ATM code received major improvements.
1412 The DOS Sniffer code also received major improvements.
1414 For those that compile Ethereal from source, some fixes and updates
1415 have been made to the configuration and build environment.
1420 The capture progress window now shows the correct number of elapsed
1423 A potential infinite loop in the TCP graphing code has been fixed.
1428 MDSHDR, MEGACO, MySQL, SDLC, X.29
1433 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1435 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1437 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1438 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1440 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1443 Updated Capture File Support
1445 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1450 Ethereal 0.9.8 has been released.
1452 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1456 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1461 New and Updated Features
1463 The TAP subsystem received major updates. Tethereal can display
1464 more statistics, and several graphs have been added to Ethereal.
1466 A protocol hierarchy statistics tap was added to tethereal. This
1468 may be used to replace the hierarchy statistics code in Ethereal.
1470 More updates have been added to TCP analysis.
1472 After a long hiatus, the Windows installer once again includes SNMP
1475 The total running time of the capture is now displayed in the
1477 progress dialog box. The capture progress dialog also shows ARP
1480 The look of the plugins dialog was revamped.
1483 Bug Fixes and Updates
1485 A bug which caused Ethereal under Windows to crash when "Update list
1487 packets in real time" was enabled has been fixed.
1489 The stability of the text2pcap utility has been improved.
1491 In tethereal, the packet count is properly displayed when you ^C out
1498 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1505 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1506 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1507 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1509 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1510 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1515 Updated Capture File Support
1517 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1520 == September 28, 2002
1522 Ethereal 0.9.7 has been released.
1526 In order to improve the out-of-box responsiveness of Ethereal and
1527 Tethereal, network name resolution has been disabled by default.
1529 TCP analysis (a feature added in the 0.9.6 release) was improved.
1531 The NCP code base received quite a few updates.
1533 Initial support for version 2 of the GTK+ library was added.
1535 RPC staticstics (which use the new Tap API) were added.
1537 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1538 protocols, Ethereal can now dissect most of the security blobs for
1539 Windows 2000 authentication.
1541 The Ethernet "manuf" file now handles addresses specified with a
1542 mask, and contains many well-known addresses.
1547 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1549 SCCP-Management, SPNEGO
1551 The following DCE/RPC protocols were also added:
1553 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1555 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1557 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1558 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1563 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1565 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1567 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1569 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1575 Ethereal 0.9.6 has been released.
1579 A buffer overflow in the ISIS dissector has been fixed. More
1580 information can be found at
1581 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1583 A bad TCP header could cause problems for the "Follow TCP Stream"
1586 Setting "column.format" from the command line no longer crashes
1587 Ethereal and Tethereal.
1589 Problems with capture files being overwritten (e.g. if you try to
1591 the current capture file) have been fixed.
1593 An SMB conversation handling bug has been fixed.
1595 Thanks to Valgrind, several memory leaks have been fixed.
1597 Some problems with printing under Windows have been fixed.
1602 TCP sequence number analysis has been added.
1604 The DCE RPC NETLOGON dissector has received a major overhaul.
1606 Data types throughout the code have been cleaned up.
1611 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1616 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1618 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1620 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1622 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1623 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1626 Capture File Updates
1628 CheckPoint Firewall-1 monitor file support and CoSine debug file
1630 were added. Support for pppdump and Netmon files was updated.
1635 Ethereal 0.9.5 has been released. This version fixes several potential
1636 security problems revealed since the release of 0.9.4. See the
1638 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1644 The ability to read packet data from a pipe was enhanced. Printing
1645 under Windows now works.
1650 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1655 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1656 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1657 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1661 Capture File Updates
1663 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1664 NetXRay, and libpcap code all received updates.