-->
<!--
-Ethereal Info
+Wireshark Info
-->
- <!ENTITY EtherealCurrentVersion "0.99.0">
+ <!ENTITY WiresharkCurrentVersion "1.3.3">
]>
<article>
- <title>Ethereal &EtherealCurrentVersion; Release Notes</title>
+ <title>Wireshark &WiresharkCurrentVersion; Release Notes</title>
- <section id="WhatIs"><title>What is Ethereal?</title>
+ <section id="WhatIs"><title>What is Wireshark?</title>
<para>
- Ethereal is the world's most popular network protocol analyzer. It
+ Wireshark is the world's most popular network protocol analyzer. It
is used for troubleshooting, analysis, development, and education.
</para>
</section>
<section id="WhatsNew"><title>What's New</title>
- <section><title>Bug Fixes</title>
+ <section id="BugFixes"><title>Bug Fixes</title>
<para>
- Many security vulnerabilities have been fixed since the
- previous release. See the
- <ulink url="http://www.ethereal.com/appnotes/enpa-sa-00022.html">application
- advisory</ulink> for more details.
- <itemizedlist>
-
- <listitem><para>
- The H.248 dissector could crash.
- <!-- Fixed in r16967, r17015 -->
- <!-- Bug IDs: 651 -->
- Versions affected: 0.10.14.
- </para></listitem>
- <listitem><para>
- The UMA dissector could go into an infinite loop.
- <!-- Fixed in r17119, r17273 -->
- <!-- Bug IDs: 716 -->
- Versions affected: 0.10.12.
- </para></listitem>
+ The following vulnerabilities have been fixed. See the
+ <ulink url="http://www.wireshark.org/security/wnpa-sec-2007-02.html">security advisory</ulink> for details and a workaround.
- <!-- Canary bugs found after r17235 -->
-
- <listitem><para>
- The X.509if dissector could crash.
- <!-- Fixed in r16995, r17337 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The SRVLOC dissector could crash.
- <!-- Fixed in r17001 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.0.
- </para></listitem>
+ <itemizedlist>
- <listitem><para>
- The H.245 dissector could crash.
- <!-- Fixed in r17022 -->
- <!-- Bug IDs: 667 -->
- Versions affected: 0.10.13.
- </para></listitem>
+ <listitem>
+ <para>
+ The NetFlow dissector could run off with your dog, crash your truck,
+ and write a country music song about the experience.
+ <!-- Fixed in r????? -->
+ <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=????">????</ulink>) -->
+ </para>
+ <para>Versions affected: 0.99.5 to 1.0.8</para>
+ <para>
+ <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
+ </para>
+ </listitem>
- <listitem><para>
- Ethereal's OID printing routine was susceptible to an
- off-by-one error.
- <!-- Fixed in r17048 -->
- <!-- Bug IDs: 698 -->
- Versions affected: 0.10.14.
- </para></listitem>
+ </itemizedlist>
- <listitem><para>
- The COPS dissector could overflow a buffer.
- <!-- Fixed in r17051 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.9.15.
- </para></listitem>
+ </para>
- <!-- Coverity bugs (r17499 and above) -->
+ <para>
- </itemizedlist>
+ The following bugs have been fixed:
- Under a grant funded by the U.S. Department of Homeland Security,
- <ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
- a number of vulnerabilities in Ethereal:
<itemizedlist>
<listitem><para>
- The GSM SMS dissector could crash Ethereal.
- <!-- Fixed in r17506 -->
- <!-- Bug IDs: None -->
- <!-- Coverity CID 104 -->
- Versions affected: 0.9.16.
+ Wireshark could crash without warning.
</para></listitem>
</itemizedlist>
- </para>
- <para>
- Win32: Unicode characters in the users profile path causes problems
- reading/writing the preferences (and alike) files.
- <!-- Fixed in r17024,r17025 -->
- <!-- Bug IDs: 648 -->
- Versions affected: 0.10.14.
</para>
</section>
- <section><title>New and Updated Features</title>
+ <section id="NewFeatures"><title>New and Updated Features</title>
<para>
The following features are new (or have been significantly updated)
- since the last release:
+ since version 1.2:
+
<itemizedlist>
- <listitem><para>
- The new command line tool <command>dumpcap</command> makes it
- possible to capture network data without the drawbacks of (t)ethereal
- (memory usage, security problems, ...) while keeping the benefit of
- advanced techniques like multiple (ringbuffer) files and alike.
- </para>
+ <listitem>
<para>
- The manpage of <command>dumpcap</command> in HTML format is available
- at: <ulink url="http://www.ethereal.com/docs/"/>
- </para></listitem>
-
- <listitem><para>
- Win32: Catch hardware exceptions caused by buggy dissectors.
- If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now
- but displays the exception and tries to continue decoding packets.
- </para></listitem>
+ The packet list internals have been rewritten and are now more
+ efficient.
+ </para>
+ </listitem>
- <listitem><para>
- The Windows version of Ethereal now uses native open and save
- file dialogs.
- </para>
- <para>
- In related news, Ethereal now runs as a full-fledged Unicode
- application under Windows.
- </para></listitem>
+ <listitem>
+ <para>
+ Python scripting support has been added.
+ </para>
+ </listitem>
- <listitem><para>
- Recent versions of Ethereal were flagging packets with an
- incorrect TCP checksum as malformed. False positives were
- being triggered on systems that use TCP checksum offloading.
- We now check to see if the checksum is <emphasis>not</emphasis>
- 0x0000 before flagging the packet as malformed.
+ <listitem>
+ <para>
+ Capturing from pipes on Windows has been improved.
+ </para>
+ </listitem>
- <note>Please Note</note>
+ <listitem>
<para>
- If your system uses TCP checksum offloading <emphasis>and</emphasis>
- Ethereal still shows bad checksums for outgoing TCP packets
- <emphasis>and</emphasis> the checksums for outgoing TCP packets
- are <emphasis>not</emphasis> 0x0000, this could mean that your
- operating system is exposing kernel memory unneccessarily. If
- this is the case, you should report the problem to your OS
- vendor.
+ Many memory leaks have been fixed.
</para>
- </para></listitem>
+ </listitem>
</itemizedlist>
+
</para>
</section>
- <section><title>New Protocol Support</title>
+ <section id="NewProtocols"><title>New Protocol Support</title>
<para>
</para>
</section>
- <section><title>Updated Protocol Support</title> <para>
+ <section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
</para>
</section>
- <section><title>New and Updated Capture File Support</title>
+ <section id="NewCapture"><title>New and Updated Capture File Support</title>
<para>
</para>
</section>
- <section id="GettingEthereal"><title>Getting Ethereal</title>
- <section><title>Microsoft Windows</title>
- <para>
- Download ethereal-setup-&EtherealCurrentVersion;.exe from the
- <ulink url="http://www.ethereal.com/distribution/win32/">Windows
- download area</ulink> on the main web site. Double-click the
- installer executable.
- </para>
- </section>
-
- <section><title>Sun Solaris</title>
- <para>
- Download the appropriate package from the
- <ulink url="http://www.ethereal.com/distribution/solaris/">Solaris
- download area</ulink> on the main web site. Uncompress the package
- using bzip2, and install it using pkgadd.
- </para>
- </section>
-
- <section><title>Source Code</title>
- <para>
- Download ethereal-&EtherealCurrentVersion;.tar.gz from the
- <ulink url="http://www.ethereal.com/distribution/">main
- download area</ulink> on the web site. Extract the package
- using tar and gzip. Run "configure ; make ; make install".
- </para>
- </section>
+ <section id="GettingWireshark"><title>Getting Wireshark</title>
+ <para>
+ Wireshark source code and installation packages are available from
+ <ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
+ </para>
- <section><title>Vendor-supplied Packages</title>
+ <section id="VendorPackages"><title>Vendor-supplied Packages</title>
<para>
- Most Linux and Unix vendors supply their own Ethereal packages.
- You can install or upgrade Ethereal using the package management
+ Most Linux and Unix vendors supply their own Wireshark packages.
+ You can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages
- can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Ethereal web site.
+ can be found on the
+ <ulink url="http://www.wireshark.org/download.html#otherplat">download page</ulink> on the Wireshark web site.
</para>
</section>
</section>
<!-- XXX needs to be written
- <section id="RemovingEthereal"><title>Removing Ethereal</title>
+ <section id="RemovingWireshark"><title>Removing Wireshark</title>
<para>
</para>
</section>
<section id="FileLocations"><title>File Locations</title>
<para>
- Ethereal and Tethereal look in several different locations for
+ Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.
<section id="KnownProblems"><title>Known Problems</title>
<para>
- On Windows systems the packet list scroll bar can sometimes disappear
- or become unusable. Until the problem is fixed you can work around it
- by resizing the packet list or the main window.
- (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220">Bug
- #220</ulink>)
+ Wireshark may appear offscreen on multi-monitor Windows systems.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=553">Bug
+ 553</ulink>)
+ </para>
+
+ <para>
+ Wireshark might make your system disassociate from a wireless network
+ on OS X.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
+ 1315</ulink>)
+ </para>
+
+ <para>
+ Dumpcap might not quit if Wireshark or TShark crashes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
+ 1419</ulink>)
+ </para>
+
+ <para>
+ Wireshark is unable to decrypt WPA group keys.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420">Bug
+ 1420</ulink>)
+ </para>
+
+ <para>
+ The BER dissector might infinitely loop.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
+ 1516</ulink>)
+ </para>
+
+ <para>
+ Wireshark can't dynamically update the packet list. This means that host
+ name resolutions above a certain response time threshold won't show up in
+ the packet list.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1605">Bug
+ 1605</ulink>)
+ </para>
+
+ <para>
+ Capture filters aren't applied when capturing from named pipes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
+ 1814</ulink>)
+ </para>
+
+ <para>
+ Wireshark might freeze when reading from a pipe.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2082">Bug
+ 2082</ulink>)
+ </para>
+
+ <para>
+ Capturing from named pipes might be delayed on Windows.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2200">Bug
+ 2200</ulink>)
+ </para>
+
+ <para>
+ Filtering tshark captures with display filters (-R) no longer works.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
+ 2234</ulink>)
</para>
<para>
- The <userinput>Filter</userinput> button is nonfunctional in the
- file dialogs under Windows.
+ The 64-bit Windows installer does not ship with the same libraries as the
+ 32-bit installer.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3610">Bug
+ 3610</ulink>)
</para>
</section>
<section id="GettingHelp"><title>Getting Help</title>
<para>
- Community support is available on the ethereal-users mailing list.
- Subscription information and archives for all of Ethereal's mailing
- lists can be found on <ulink url="http://www.ethereal.com/lists/">the
- web site</ulink>. There is also an <ulink url="irc://irc.freenode.net/ethereal">IRC channel dedicated to Ethereal</ulink>.
+ Community support is available on the wireshark-users mailing list.
+ Subscription information and archives for all of Wireshark's mailing
+ lists can be found on <ulink url="http://www.wireshark.org/lists/">the
+ web site</ulink>.
</para>
<para>
Commercial support, training, and development services are available
- from <ulink url="http://www.etherealsoft.com/">Ethereal Software</ulink>.
+ from <ulink url="http://www.cacetech.com/">CACE Technologies</ulink>.
</para>
</section>
<section id="FAQ"><title>Frequently Asked Questions</title>
<para>
A complete FAQ is available on the
- <ulink url="http://www.ethereal.com/faq.html">Ethereal web site</ulink>.
+ <ulink url="http://www.wireshark.org/faq.html">Wireshark web site</ulink>.
</para>
</section>