-->
<!--
-Ethereal Info
+Wireshark Info
-->
- <!ENTITY EtherealCurrentVersion "0.99.0">
+ <!ENTITY WiresharkCurrentVersion "1.5.0">
]>
<article>
- <title>Ethereal &EtherealCurrentVersion; Release Notes</title>
+ <title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
- <section id="WhatIs"><title>What is Ethereal?</title>
+ <section id="WhatIs"><title>What is Wireshark?</title>
<para>
- Ethereal is the world's most popular network protocol analyzer. It
- is used for troubleshooting, analysis, development, and education.
+ Wireshark is the world's most popular network protocol analyzer. It
+ is used for troubleshooting, analysis, development and education.
</para>
</section>
<section id="WhatsNew"><title>What's New</title>
- <section><title>Bug Fixes</title>
- <para>
- Many security vulnerabilities have been fixed since the
- previous release. See the
- <ulink url="http://www.ethereal.com/appnotes/enpa-sa-00022.html">application
- advisory</ulink> for more details.
- <itemizedlist>
-
- <listitem><para>
- The H.248 dissector could crash.
- <!-- Fixed in r16967, r17015 -->
- <!-- Bug IDs: 651 -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The UMA dissector could go into an infinite loop.
- <!-- Fixed in r17119, r17273 -->
- <!-- Bug IDs: 716 -->
- Versions affected: 0.10.12.
- </para></listitem>
-
- <!-- Canary bugs found after r17235 -->
-
- <listitem><para>
- The X.509if dissector could crash.
- <!-- Fixed in r16995, r17337 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The SRVLOC dissector could crash.
- <!-- Fixed in r17001 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.0.
- </para></listitem>
+ <section id="BugFixes"><title>Bug Fixes</title>
- <listitem><para>
- The H.245 dissector could crash.
- <!-- Fixed in r17022 -->
- <!-- Bug IDs: 667 -->
- Versions affected: 0.10.13.
- </para></listitem>
-
- <listitem><para>
- Ethereal's OID printing routine was susceptible to an
- off-by-one error.
- <!-- Fixed in r17048 -->
- <!-- Bug IDs: 698 -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The COPS dissector could overflow a buffer.
- <!-- Fixed in r17051 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.9.15.
- </para></listitem>
-
- <listitem><para>
- The ALCAP dissector could overflow a buffer.
- <!-- Fixed in r17495 -->
- <!-- Bug IDs: 794 -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- </itemizedlist>
+ <para>
- <!-- Coverity bugs (r17489 and above) -->
+ The following bugs have been fixed:
- Under a grant funded by the U.S. Department of Homeland Security,
- <ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
- a number of vulnerabilities in Ethereal:
<itemizedlist>
- <!-- CID 1 - 30: DEADCODE -->
- <!-- CID 31: Post-0.10.14 -->
-
- <listitem><para>
- The statistics counter could crash Ethereal.
- <!-- Fixed in r17497 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 32 -->
- Versions affected: 0.10.10.
- </para></listitem>
-
- <listitem><para>
- Ethereal could crash while reading a malformed Sniffer capture.
- <!-- Fixed in r17556 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 33 -->
- Versions affected: 0.8.12.
- </para></listitem>
-
- <listitem><para>
- An invalid display filter could crash Ethereal.
- <!-- Fixed in r17555 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 34 -->
- Versions affected: 0.9.16.
- </para></listitem>
-
- <listitem><para>
- The general packet dissector could crash Ethereal.
- <!-- Fixed in r17494 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 35 -->
- Versions affected: 0.10.9.
- </para></listitem>
-
- <!-- CID 36 - 38: Bogus -->
-
<listitem><para>
- The AIM dissector could crash Ethereal.
- <!-- Fixed in r17512 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 39 -->
- Versions affected: 0.10.7.
+ Wireshark is unresponsive when capturing from named pipes on Windows.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1759">Bug
+ 1759</ulink>)
</para></listitem>
- <listitem><para>
- The RPC dissector could crash Ethereal.
- <!-- Fixed in r17546 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 40 -->
- Versions affected: 0.9.8.
- </para></listitem>
-
- <listitem><para>
- The DCERPC dissector could crash Ethereal.
- <!-- Fixed in r17657 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 41 -->
- Versions affected: 0.9.16.
- </para></listitem>
-
- <listitem><para>
- The ASN.1 dissector could crash Ethereal.
- <!-- Fixed in r17548, r17710, r17736, r17770 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 42, 43, 146 -->
- Versions affected: 0.9.8.
- </para></listitem>
-
- <listitem><para>
- The SMB PIPE dissector could crash Ethereal.
- <!-- Fixed in r17509, r17523, r17621, r17708 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 44, 46, 47, 48 -->
- Versions affected: 0.8.20.
- </para></listitem>
-
- <!-- CID 45: Bogus -->
- <!-- CID 46 - 48: See CID 44 -->
- <!-- CID 49: Bogus -->
- <!-- CID 50 - 62: Not security-related -->
- <!-- CID 63 - 66: Bogus -->
-
- <listitem><para>
- The BER dissector could loop excessively.
- <!-- Fixed in r17498, r17625 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 67, 68, 136 -->
- Versions affected: 0.10.4.
- </para></listitem>
-
- <!-- CID 69 - 72: Bogus -->
-
- <listitem><para>
- The SNDCP dissector could abort.
- <!-- Fixed in r17518 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 73 -->
- Versions affected: 0.10.4.
- </para></listitem>
-
- <!-- CID 74 - 78: Bogus -->
- <!-- CID 79: Lemon is a build-time tool -->
- <!-- CID 80: Bogus -->
- <!-- CID 81: Post-0.10.14 -->
-
- <listitem><para>
- The Network Instruments file code could overrun a buffer.
- <!-- Fixed in r17520 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 82 -->
- Versions affected: 0.10.0.
- </para></listitem>
-
- <listitem><para>
- The NetXray/Windows Sniffer file code could overrun a buffer.
- <!-- Fixed in r17580 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 83 -->
- Versions affected: 0.10.13.
- </para></listitem>
-
- <!-- CID 83 - 103: Bogus -->
-
- <listitem><para>
- The GSM SMS dissector could crash Ethereal.
- <!-- Fixed in r17506 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 104 -->
- Versions affected: 0.9.16.
- </para></listitem>
-
- <listitem><para>
- The ALCAP dissector could overrun a buffer.
- <!-- Fixed in r17724 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 105 -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The telnet dissector could overrun a buffer.
- <!-- Fixed in r17487 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 106 -->
- Versions affected: 0.8.5.
- </para></listitem>
-
- <!-- CID 107: See CID 79 -->
- <!-- CID 108: Not security-related -->
-
- <listitem><para>
- ASN.1-based dissectors could crash Ethereal.
- <!-- Fixed in r17489 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 109 -->
- Versions affected: 0.9.10.
- </para></listitem>
-
- <!-- CID 110: Not security-related -->
- <!-- CID 111: Bogus -->
- <!-- CID 112: Not security-related -->
+ </itemizedlist>
- <listitem><para>
- The H.248 dissector could crash Ethereal.
- <!-- Fixed in r17571 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 113,114 -->
- Versions affected: 0.10.11.
- </para></listitem>
+ </para>
- <!-- CID 115, 116: See CID 79 -->
- <!-- CID 117: Bogus -->
- <!-- CID 118 - 119: Not security-related -->
- <!-- CID 120 - 121: Bogus -->
- <!-- CID 122 - 126: Not security-related -->
- <!-- CID 127: Bogus -->
+ </section>
- <listitem><para>
- The DCERPC NT dissector could crash Ethereal.
- <!-- Fixed in r17511 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 128 -->
- Versions affected: 0.9.14.
- </para></listitem>
+ <section id="NewFeatures"><title>New and Updated Features</title>
+ <para>
+ The following features are new (or have been significantly updated)
+ since version 1.2:
- <!-- CID 129: Bogus -->
- <!-- CID 130 - 134: Not security-related -->
+ <itemizedlist>
- <listitem><para>
- The PER dissector could crash Ethereal.
- <!-- Fixed in r17511 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 135 -->
- Versions affected: 0.9.14.
- </para></listitem>
+ <listitem>
+ <para>
+ The packet list internals have been rewritten and are now more
+ efficient.
+ </para>
+ </listitem>
- <!-- CID 136: See CID 67 -->
- <!-- CID 137 - 139: Not security-releated -->
- <!-- CID 140 - 141: Bogus -->
- <!-- CID 142: Not security-releated -->
- <!-- CID 143 - 144: See CID 79 -->
- <!-- CID 144: Lemon is a build-time tool -->
- <!-- CID 145: Post-0.10.14 -->
- <!-- CID 146: See CID 42 -->
- <!-- CID 147 - 148: Post-0.10.14 -->
- <!-- CID 149: DEADCODE -->
+ <listitem>
+ <para>
+ Columns are easier to use. You can add a protocol field as a column
+ by right-clicking on its packet detail item, and you can adjust
+ some column preferences by right-clicking the column header.
+ </para>
+ </listitem>
- </itemizedlist>
- </para>
+ <listitem>
+ <para>
+ Preliminary Python scripting support has been added.
+ </para>
+ </listitem>
- <para>
- Win32: Unicode characters in the users profile path causes problems
- reading/writing the preferences (and alike) files.
- <!-- Fixed in r17024,r17025 -->
- <!-- Bug IDs: 648 -->
- Versions affected: 0.10.14.
- </para>
+ <listitem>
+ <para>
+ Many memory leaks have been fixed.
+ </para>
+ </listitem>
- <para>
- The Coverity audit turned up several UI-related bugs that could
- make Ethereal crash.
- </para>
+ <listitem>
+ <para>
+ Wireshark no longer supports Windows 2000. Please use
+ Wireshark 1.2 or 1.0 on those systems.
+ </para>
+ </listitem>
- </section>
+ <listitem>
+ <para>
+ Packets can now be ignored (excluded from dissection), similar to
+ the way they can be marked.
+ </para>
+ </listitem>
- <section><title>New and Updated Features</title>
- <para>
- The following features are new (or have been significantly updated)
- since the last release:
- <itemizedlist>
+ <listitem>
+ <para>
+ Manual IP address resolution is now supported.
+ </para>
+ </listitem>
- <listitem><para>
- The new command line tool <command>dumpcap</command> makes it
- possible to capture network data without the drawbacks of (t)ethereal
- (memory usage, security problems, ...) while keeping the benefit of
- advanced techniques like multiple (ringbuffer) files and alike.
+ <listitem>
+ <para>
+ Columns with seconds can now be displayed as hours, minutes and
+ seconds.
</para>
+ </listitem>
+
+ <listitem>
<para>
- The manpage of <command>dumpcap</command> in HTML format is available
- at: <ulink url="http://www.ethereal.com/docs/"/>
- </para></listitem>
+ You can now set the capture buffer size on UNIX and Linux if you have
+ libpcap 1.0.0 or greater.
+ </para>
+ </listitem>
- <listitem><para>
- Win32: Catch hardware exceptions caused by buggy dissectors.
- If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now
- but displays the exception and tries to continue decoding packets.
- </para></listitem>
+ <listitem>
+ <para>
+ TShark no longer needs elevated privileges on UNIX or Linux to list
+ interfaces. Only dumpcap requires privileges now.
+ </para>
+ </listitem>
- <listitem><para>
- The Windows version of Ethereal now uses native open and save
- file dialogs.
- </para>
- <para>
- In related news, Ethereal now runs as a full-fledged Unicode
- application under Windows.
- </para></listitem>
+ <listitem>
+ <para>
+ Wireshark and TShark can enable 802.11 monitor mode directly if you
+ have libpcap 1.0.0 or greater.
+ </para>
+ </listitem>
- <listitem><para>
- Recent versions of Ethereal were flagging packets with an
- incorrect TCP checksum as malformed. False positives were
- being triggered on systems that use TCP checksum offloading.
- We now check to see if the checksum is <emphasis>not</emphasis>
- 0x0000 before flagging the packet as malformed.
+ <listitem>
+ <para>
+ Play the RTP stream directly from the RTP Analysis.
+ </para>
+ </listitem>
- <note><title>Please Note</title>
+ <listitem>
<para>
- If your system uses TCP checksum offloading <emphasis>and</emphasis>
- Ethereal still shows bad checksums for outgoing TCP packets
- <emphasis>and</emphasis> the checksums for outgoing TCP packets
- are <emphasis>not</emphasis> 0x0000, this could mean that your
- operating system is exposing kernel memory unneccessarily. If
- this is the case, you should report the problem to your OS
- vendor.
+ Capinfos and editcap now respectively support time order checking
+ and forcing.
</para>
- </note>
- </para></listitem>
+ </listitem>
</itemizedlist>
+
</para>
</section>
- <section><title>New Protocol Support</title>
+ <section id="NewProtocols"><title>New Protocol Support</title>
<para>
</para>
</section>
- <section><title>Updated Protocol Support</title> <para>
+ <section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
</para>
</section>
- <section><title>New and Updated Capture File Support</title>
+ <section id="NewCapture"><title>New and Updated Capture File Support</title>
<para>
</para>
</section>
- <section id="GettingEthereal"><title>Getting Ethereal</title>
- <section><title>Microsoft Windows</title>
- <para>
- Download ethereal-setup-&EtherealCurrentVersion;.exe from the
- <ulink url="http://www.ethereal.com/distribution/win32/">Windows
- download area</ulink> on the main web site. Double-click the
- installer executable.
- </para>
- </section>
-
- <section><title>Sun Solaris</title>
- <para>
- Download the appropriate package from the
- <ulink url="http://www.ethereal.com/distribution/solaris/">Solaris
- download area</ulink> on the main web site. Uncompress the package
- using bzip2, and install it using pkgadd.
- </para>
- </section>
-
- <section><title>Source Code</title>
- <para>
- Download ethereal-&EtherealCurrentVersion;.tar.gz from the
- <ulink url="http://www.ethereal.com/distribution/">main
- download area</ulink> on the web site. Extract the package
- using tar and gzip. Run "configure ; make ; make install".
- </para>
- </section>
+ <section id="GettingWireshark"><title>Getting Wireshark</title>
+ <para>
+ Wireshark source code and installation packages are available from
+ <ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
+ </para>
- <section><title>Vendor-supplied Packages</title>
+ <section id="VendorPackages"><title>Vendor-supplied Packages</title>
<para>
- Most Linux and Unix vendors supply their own Ethereal packages.
- You can install or upgrade Ethereal using the package management
- system specific to that platform. A list of third-party packages
- can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Ethereal web site.
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages
+ can be found on the
+ <ulink url="http://www.wireshark.org/download.html#thirdparty">download page</ulink>
+ on the Wireshark web site.
</para>
</section>
</section>
<!-- XXX needs to be written
- <section id="RemovingEthereal"><title>Removing Ethereal</title>
+ <section id="RemovingWireshark"><title>Removing Wireshark</title>
<para>
</para>
</section>
<section id="FileLocations"><title>File Locations</title>
<para>
- Ethereal and Tethereal look in several different locations for
+ Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.
<section id="KnownProblems"><title>Known Problems</title>
<para>
- On Windows systems the packet list scroll bar can sometimes disappear
- or become unusable. Until the problem is fixed you can work around it
- by resizing the packet list or the main window.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220">Bug
- #220</ulink>)
+ Wireshark may appear offscreen on multi-monitor Windows systems.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=553">Bug
+ 553</ulink>)
+ </para>
+
+ <para>
+ Wireshark might make your system disassociate from a wireless network
+ on OS X 10.4.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
+ 1315</ulink>)
</para>
<para>
- The <guibutton>Filter</guibutton> button is nonfunctional in the
- file dialogs under Windows.
+ Dumpcap might not quit if Wireshark or TShark crashes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
+ 1419</ulink>)
</para>
<para>
- Trying to save flow data may crash Ethereal.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=396">Bug
- #396</ulink>)
+ The BER dissector might infinitely loop.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
+ 1516</ulink>)
</para>
<para>
- It may not be possible to re-order coloring rules under Windows.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=699">Bug
- #699</ulink>)
+ Capture filters aren't applied when capturing from named pipes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
+ 1814</ulink>)
</para>
<para>
- Multiple tap interfaces may cause a crash under FreeBSD.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=57">Bug
- #757</ulink>)
+ Filtering tshark captures with display filters (-R) no longer works.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
+ 2234</ulink>)
</para>
<para>
- Ethereal may crash while viewing TCP streams.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=852">Bug
- #852</ulink>)
+ The 64-bit Windows installer does not ship with the same libraries as the
+ 32-bit installer.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3610">Bug
+ 3610</ulink>)
+ </para>
+
+ <para>
+ Application crash when changing real-time option.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035">Bug
+ 4035</ulink>)
+ </para>
+
+ <para>
+ Hex pane display issue after startup.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056">Bug
+ 4056</ulink>)
+ </para>
+
+ <para>
+ Crash when sorting column while capturing.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4273">Bug
+ 4273</ulink>)
+ </para>
+
+ <para>
+ Packet list rows are oversized.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357">Bug
+ 4357</ulink>)
+ </para>
+
+ <para>
+ Summary pane selected frame highlighting not maintained.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445">Bug
+ 4445</ulink>)
</para>
</section>
<section id="GettingHelp"><title>Getting Help</title>
<para>
- Community support is available on the ethereal-users mailing list.
- Subscription information and archives for all of Ethereal's mailing
- lists can be found on <ulink url="http://www.ethereal.com/lists/">the
- web site</ulink>. There is also an <ulink url="irc://irc.freenode.net/ethereal">IRC channel dedicated to Ethereal</ulink>.
+ Community support is available on the wireshark-users mailing list.
+ Subscription information and archives for all of Wireshark's mailing
+ lists can be found on <ulink url="http://www.wireshark.org/lists/">the
+ web site</ulink>.
+ </para>
+ <para>
+ Commercial support is available from
+ <ulink url="http://www.cacetech.com/products/sharknet.html">CACE Technologies</ulink>.
</para>
<para>
- Commercial support, training, and development services are available
- from <ulink url="http://www.etherealsoft.com/">Ethereal Software</ulink>.
+ Training is available from
+ <ulink url="http://www.wiresharktraining.com/">Wireshark University</ulink>.
</para>
</section>
<section id="FAQ"><title>Frequently Asked Questions</title>
<para>
A complete FAQ is available on the
- <ulink url="http://www.ethereal.com/faq.html">Ethereal web site</ulink>.
+ <ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.
</para>
</section>