2 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
9 -Use this section to encode all document information
15 <!ENTITY WiresharkCurrentVersion "0.99.4">
20 <title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
22 <section id="WhatIs"><title>What is Wireshark?</title>
24 Wireshark is the world's most popular network protocol analyzer. It
25 is used for troubleshooting, analysis, development, and education.
29 <section id="WhatsNew"><title>What's New</title>
30 <section><title>Bug Fixes</title>
33 The following vulnerabilities have been fixed. See the
34 <ulink url="http://www.wireshark.org/security/wnpa-sec-2006-02.html">security advisory</ulink> for details and a workaround.
39 The HTTP dissector could crash.
40 <!-- Fixed in r19022, r19153 -->
41 <!-- Bug IDs: 1050, 1079 -->
42 Versions affected: 0.99.3.
46 The LDAP dissector (and possibly others) could crash.
47 <!-- Fixed in r19154 -->
48 <!-- Bug IDs: 1079 -->
49 Versions affected: 0.99.3.
53 The XOT dissector could attempt to allocate a large amount of memory and crash.
54 <!-- Fixed in r19365 -->
55 <!-- Bug IDs: 1133 -->
56 Versions affected: 0.9.8 to 0.99.3.
60 The WBXML dissector could crash.
61 <!-- Fixed in r19560 -->
62 <!-- Bug IDs: 1134 -->
63 Versions affected: 0.10.11 to 0.99.3.
67 If AirPcap support was enabled, parsing a WEP key could sometimes cause a crash.
68 <!-- Fixed in r19401 -->
69 <!-- Bug IDs: None -->
70 Versions affected: 0.99.3.
79 The following bugs have been fixed:
84 The file set dialog could grow excessively large.
85 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=331">Bug
90 Trying to save flow data may crash Wireshark.
91 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=396">Bug
96 It may not be possible to re-order coloring rules under Windows.
97 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=699">Bug
102 Printing each packet to a new page didn't work under Windows.
103 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=707">Bug
108 The personal hosts configuration file wasn't being parsed correctly.
109 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=795">Bug
114 "Save as" to an existing file wasn't allowed.
115 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=927">Bug
120 The SNMP dissector was not handling 64-bit counters properly.
121 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1047">Bug
126 Wireshark and TShark would fail to start under Windows while trying to acquire a crypto context.
127 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1096">Bug
132 Invalid characters could show up in PDML output.
133 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1110">Bug
142 <section><title>New and Updated Features</title>
144 The following features are new (or have been significantly updated)
145 since the last release:
149 <ulink url="http://www.cacetech.com/products/airpcap.htm">AirPcap</ulink>,
150 support (which provides raw mode capture under Windows) has been
155 VoIP call playback has been enhanced. If Wireshark is linked with
156 the PortAudio library, you can play back G.711 conversations. This
157 feature is present in the standard Windows installer.
161 The capture interface dialog display has been enhanced.
165 The "Save" button has been removed from the "Ok" / "Apply" / "Cancel"
166 button group in the following dialogs:
168 <listitem><para>Edit/Preferences</para></listitem>
169 <listitem><para>View/Coloring Rules</para></listitem>
170 <listitem><para>Capture/Capture Filters</para></listitem>
171 <listitem><para>Analyze/Display Filters</para></listitem>
172 <listitem><para>"Analyze/Enabled Protocols</para></listitem>
174 If you're fond of the "Save" button it can be resurrected in the
175 User Interface preferences.
179 Reading from stdin ("-i -") now works under Windows.
183 Expert analysis has been improved.
187 Wireshark now supports USB as a media type. If you're running a
188 Linux distribution with version 2.6.11 of the kernel or greater
189 <strong>and</strong> you have the usbmon module enabled <strong>and</strong>
190 you have a recent CVS version of libpcap (post-0.9.5) installed
191 you can also do live captures. More details can be found at the
192 <ulink url="http://wiki.wireshark.org/CaptureSetup/USB">USB
193 capture setup</ulink> page on the wiki.
200 <section><title>New Protocol Support</title>
204 Ethernet Powerlink (v1 and v2),
205 H.248 Q.1950 Annex A,
220 <section><title>Updated Protocol Support</title> <para>
238 Common Windows networking,
240 DCERPC (DCERPC, ATSVC, DFS, EFS, EPM, EVENTLOG, INITSHUTDOWN, MAPI, NT, PIPE, SAMR, SPOOLSS, SRVSVC, SVCCTL, WINREG),
241 DCOM (DCOM, CBA-ACCO, SYSACT),
320 <section><title>New and Updated Capture File Support</title>
323 Catapult DCT2000, EyeSDN, iSeries
330 <section id="GettingWireshark"><title>Getting Wireshark</title>
332 Wireshark source code and installation packages are available from
333 the <ulink url="http://www.wireshark.org/download.html">download
334 page</ulink> on the main web site.
337 <section><title>Vendor-supplied Packages</title>
339 Most Linux and Unix vendors supply their own Wireshark packages.
340 You can usually install or upgrade Wireshark using the package management
341 system specific to that platform. A list of third-party packages
343 <ulink url="http://www.wireshark.org/download.html#otherplat">download page</ulink> on the Wireshark web site.
349 <!-- XXX needs to be written
350 <section id="RemovingWireshark"><title>Removing Wireshark</title>
356 <section id="FileLocations"><title>File Locations</title>
358 Wireshark and TShark look in several different locations for
359 preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
360 These locations vary from platform to platform. You can use
361 About->Folders to find the default locations on your system.
365 <section id="KnownProblems"><title>Known Problems</title>
368 On Windows systems the packet list scroll bar can sometimes disappear
369 or become unusable. Until the problem is fixed you can work around it
370 by resizing the packet list or the main window.
371 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=220">Bug
376 The <guibutton>Filter</guibutton> button is nonfunctional in the
377 file dialogs under Windows.
378 (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942">Bug
384 <section id="GettingHelp"><title>Getting Help</title>
386 Community support is available on the wireshark-users mailing list.
387 Subscription information and archives for all of Wireshark's mailing
388 lists can be found on <ulink url="http://www.wireshark.org/lists/">the
392 Commercial support, training, and development services are available
393 from <ulink url="http://www.cacetech.com/">CACE Technologies</ulink>.
397 <section id="FAQ"><title>Frequently Asked Questions</title>
399 A complete FAQ is available on the
400 <ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.