-== September 28, 2002
-
-Ethereal 0.9.7 has been released.
-
-Bugs Fixed
-
-
-New Features
-
- In order to improve the out-of-box responsiveness of Ethereal and
- Tethereal, network name resolution has been disabled by default.
-
- TCP analysis (a feature added in the 0.9.6 release) was improved.
-
- The NCP code base received quite a few updates.
-
- Initial support for version 2 of the GTK+ library was added.
-
- RPC staticstics (which use the new Tap API) were added.
-
- Due to added and updated support for the NTLM, SNEGO, and GSS-API
- protocols, Ethereal can now dissect most of the security blobs for
- Windows 2000 authentication.
-
- The Ethernet "manuf" file now handles addresses specified with a
- mask, and contains many well-known addresses.
-
-* BGP segfault?
-* NTLMSSP crash?
-
-New Protocols
-
-DCE/RPC:
-AFS4INT,
-BOSSVR,
-CDS_CLERKSERVER,
-CDS_SOLICIT,
-CPRPC_SERVER,
-DNSSERVER,
-DTSPROVIDER,
-DTSSTIME_REQ,
-FLDB,
-FTSERVER,
-KRB5RPC,
-REPADMIN,
-REP_PROC,
-ROVERRIDE,
-RPRIV,
-RS_ATTR,
-RSEC_LOGIN,
-RS_MISC,
-RS_PGO,
-RS_REPLIST,
-RS_UNIX,
-SECIDMAP,
-TKN4INT,
-UBIKDISK,
-UKIKVOTE,
+Wireshark 1.3.0 Release Notes
-Other:
-802.1s MSTP,
-FIX,
-GSS-API,
-Interbase,
-NDPS,
-Netflow (Cisco and Juniper),
-SCCP-Management,
-SPNEGO,
+ ------------------------------------------------------------------
+What is Wireshark?
-Updated Protocols
+ Wireshark is the world's most popular network protocol analyzer.
+ It is used for troubleshooting, analysis, development, and
+ education.
-AFP,
-AODV/AODV6,
-BGP,
-CHDLC,
-CHPA,
-DCE/RPC CONV,
-DCE/RPC LSA,
-DCE/RPC NT,
-DCE/RPC SAMR,
-DNS,
-DOCSIS,
-EAP,
-GTP,
-HTTP,
-IP,
-iSCSI,
-IS-IS,
-Kerberos,
-LDAP,
-LDP,
-M2PA
-MMSE,
-NBNS,
-NCP,
-NDS,
-NETLOGON,
-NTLMSSP,
-OSI
-Q.931
-RPC,
-RPCSTAT,
-SCSI,
-Skinny,
-SMB,
-SNEGO,
-SPOOLSS,
-SRVSVC,
-TCP,
-WSP,
+What's New
+ Bug Fixes
+ The following vulnerabilities have been fixed. See the security
+ advisory for details and a workaround.
-Capture File Updates
+ o The NetFlow dissector could run off with your dog, crash your
+ truck, and write a country music song about the experience.
+ Versions affected: 0.99.5 to 1.0.8
+ The following bugs have been fixed:
+ o Wireshark could crash without warning.
+ New and Updated Features
+ The following features are new (or have been significantly
+ updated) since version 1.0:
+ o The packet list internals have been rewritten and are now more
+ efficient.
-== August 20, 2002
+ o Capturing from pipes on Windows has been improved.
-Ethereal 0.9.6 has been released.
+ New Protocol Support
-Bugs Fixed
+ Updated Protocol Support
- A buffer overflow in the ISIS dissector has been fixed. More
- information can be found at
- http://www.ethereal.com/appnotes/enpa-sa-00006.html.
-
- A bad TCP header could cause problems for the "Follow TCP Stream"
- feature.
-
- Setting "column.format" from the command line no longer crashes
- Ethereal and Tethereal.
+ New and Updated Capture File Support
- Problems with capture files being overwritten (e.g. if you try to save over
- the current capture file) have been fixed.
+Getting Wireshark
- An SMB conversation handling bug has been fixed.
+ Wireshark source code and installation packages are available from
+ the download page on the main web site.
- Thanks to Valgrind, several memory leaks have been fixed.
+ Vendor-supplied Packages
- Some problems with printing under Windows have been fixed.
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package
+ management system specific to that platform. A list of third-party
+ packages can be found on the download page on the Wireshark web
+ site.
+File Locations
-New Features
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
+ These locations vary from platform to platform. You can use
+ About->Folders to find the default locations on your system.
- TCP sequence number analysis has been added.
+Known Problems
- The DCE RPC NETLOGON dissector has received a major overhaul.
+ Wireshark may appear offscreen on multi-monitor Windows systems.
+ (Bug 553)
- Data types throughout the code have been cleaned up.
+ Wireshark might make your system disassociate from a wireless
+ network on OS X. (Bug 1315)
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
-New Protocols
+ Wireshark is unable to decrypt WPA group keys. (Bug 1420)
- CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
+ The BER dissector might infinitely loop. (Bug 1516)
+ Wireshark can't dynamically update the packet list. This means
+ that host name resolutions above a certain response time threshold
+ won't show up in the packet list. (Bug 1605)
-Updated Protocols
+ Capture filters aren't applied when capturing from named pipes.
+ (Bug 1814)
- 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC
- REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP,
- LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP,
- Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
- SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
+ Wireshark might freeze when reading from a pipe. (Bug 2082)
+ Capturing from named pipes might be delayed on Windows. (Bug 2200)
-Capture File Updates
+ Filtering tshark captures with display filters (-R) no longer
+ works. (Bug 2234)
-CheckPoint Firewall-1 monitor file support and CoSine debug file support
-were added. Support for pppdump and Netmon files was updated.
+Getting Help
+ Community support is available on the wireshark-users mailing
+ list. Subscription information and archives for all of Wireshark's
+ mailing lists can be found on the web site.
-== June 28, 2002
+ Commercial support, training, and development services are
+ available from CACE Technologies.
-Ethereal 0.9.5 has been released. This version fixes several potential
-security problems revealed since the release of 0.9.4. See the security
-advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
-more details.
-
-
-New Features:
-
-The ability to read packet data from a pipe was enhanced. Printing
-under Windows now works.
-
-
-New Protocols
-
-802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
-
-
-Updated Protocols
-
-ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
-MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
-SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
-WCP, WEP, WSP, WTP
-
-
-Capture File Updates
-
-Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
-NetXRay, and libpcap code all received updates.
+Frequently Asked Questions
+ A complete FAQ is available on the Wireshark web site.