<section id="WhatIs"><title>What is Ethereal?</title>
<para>
- Ethereal is the world's most popular network protocol analyzer. It
+ Wireshark is the world's most popular network protocol analyzer. It
is used for troubleshooting, analysis, development, and education.
</para>
</section>
<section id="WhatsNew"><title>What's New</title>
<section><title>Bug Fixes</title>
<para>
- Many security vulnerabilities have been fixed since the
- previous release. See the
- <ulink url="http://www.ethereal.com/appnotes/enpa-sa-00022.html">application
- advisory</ulink> for more details.
- <itemizedlist>
-
- <listitem><para>
- The H.248 dissector could crash.
- <!-- Fixed in r16967, r17015 -->
- <!-- Bug IDs: 651 -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The UMA dissector could go into an infinite loop.
- <!-- Fixed in r17119, r17273 -->
- <!-- Bug IDs: 716 -->
- Versions affected: 0.10.12.
- </para></listitem>
- <!-- Canary bugs found after r17235 -->
+ The following vulnerabilities have been fixed:
- <listitem><para>
- The X.509if dissector could crash.
- <!-- Fixed in r16995, r17337 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.14.
- </para></listitem>
-
- <listitem><para>
- The SRVLOC dissector could crash.
- <!-- Fixed in r17001 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.10.0.
- </para></listitem>
-
- <listitem><para>
- The H.245 dissector could crash.
- <!-- Fixed in r17022 -->
- <!-- Bug IDs: 667 -->
- Versions affected: 0.10.13.
- </para></listitem>
-
- <listitem><para>
- Ethereal's OID printing routine was susceptible to an
- off-by-one error.
- <!-- Fixed in r17048 -->
- <!-- Bug IDs: 698 -->
- Versions affected: 0.10.14.
- </para></listitem>
+ <itemizedlist>
<listitem><para>
- The COPS dissector could overflow a buffer.
- <!-- Fixed in r17051 -->
- <!-- Bug IDs: None -->
- Versions affected: 0.9.15.
+ The XXXXXX dissector could crash.
+ <!-- Fixed in r#####, r##### -->
+ <!-- Bug IDs: ### -->
+ Versions affected: 0.99.0.
</para></listitem>
- <!-- Coverity bugs (r17499 and above) -->
-
</itemizedlist>
+ <!-- Coverity bugs (r17489 and above) -->
+
Under a grant funded by the U.S. Department of Homeland Security,
<ulink url="http://www.coverity.com">Coverity</ulink> has uncovered
- a number of vulnerabilities in Ethereal:
+ a number of vulnerabilities in Wireshark:
<itemizedlist>
+ <!-- CID 1 - 149: Fixed for 0.99.0 -->
+ <!-- CID 150: Post-0.99.0 -->
+
<listitem><para>
- The GSM SMS dissector could crash Ethereal.
- <!-- Fixed in r17506 -->
+ XXXX feature could crash Ethereal.
+ <!-- Fixed in r##### -->
<!-- Bug IDs: None -->
- <!-- Coverity CID 104 -->
+ <!-- Coverity CID ### -->
Versions affected: 0.9.16.
</para></listitem>
</itemizedlist>
</para>
- <para>
- Win32: Unicode characters in the users profile path causes problems
- reading/writing the preferences (and alike) files.
- <!-- Fixed in r17024,r17025 -->
- <!-- Bug IDs: 648 -->
- Versions affected: 0.10.14.
- </para>
-
</section>
<section><title>New and Updated Features</title>
<itemizedlist>
<listitem><para>
- The new command line tool <command>dumpcap</command> makes it
- possible to capture network data without the drawbacks of (t)ethereal
- (memory usage, security problems, ...) while keeping the benefit of
- advanced techniques like multiple (ringbuffer) files and alike.
- </para>
- <para>
- The manpage of <command>dumpcap</command> in HTML format is available
- at: <ulink url="http://www.ethereal.com/docs/"/>
- </para></listitem>
-
- <listitem><para>
- Win32: Catch hardware exceptions caused by buggy dissectors.
- If e.g. a NULL pointer exceptions occurs, Ethereal won't crash now
- but displays the exception and tries to continue decoding packets.
- </para></listitem>
-
- <listitem><para>
- The Windows version of Ethereal now uses native open and save
- file dialogs.
- </para>
- <para>
- In related news, Ethereal now runs as a full-fledged Unicode
- application under Windows.
- </para></listitem>
-
- <listitem><para>
- Recent versions of Ethereal were flagging packets with an
- incorrect TCP checksum as malformed. False positives were
- being triggered on systems that use TCP checksum offloading.
- We now check to see if the checksum is <emphasis>not</emphasis>
- 0x0000 before flagging the packet as malformed.
-
- <note><title>Please Note</title>
- <para>
- If your system uses TCP checksum offloading <emphasis>and</emphasis>
- Ethereal still shows bad checksums for outgoing TCP packets
- <emphasis>and</emphasis> the checksums for outgoing TCP packets
- are <emphasis>not</emphasis> 0x0000, this could mean that your
- operating system is exposing kernel memory unneccessarily. If
- this is the case, you should report the problem to your OS
- vendor.
- </para>
- </note>
</para></listitem>
</itemizedlist>
Most Linux and Unix vendors supply their own Ethereal packages.
You can install or upgrade Ethereal using the package management
system specific to that platform. A list of third-party packages
- can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Ethereal web site.
+ can be found on the <ulink url="http://www.ethereal.com/download.html#otherplat">download page</ulink> on the Wireshark web site.
</para>
</section>
</para>
<para>
- The <userinput>Filter</userinput> button is nonfunctional in the
+ The <guibutton>Filter</guibutton> button is nonfunctional in the
file dialogs under Windows.
</para>
+ <para>
+ Trying to save flow data may crash Ethereal.
+ (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=396">Bug
+ #396</ulink>)
+ </para>
+
+ <para>
+ It may not be possible to re-order coloring rules under Windows.
+ (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=699">Bug
+ #699</ulink>)
+ </para>
+
+ <para>
+ Multiple tap interfaces may cause a crash under FreeBSD.
+ (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=757">Bug
+ #757</ulink>)
+ </para>
+
+ <para>
+ Ethereal may crash while viewing TCP streams.
+ (<ulink url="http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=852">Bug
+ #852</ulink>)
+ </para>
+
</section>
<section id="GettingHelp"><title>Getting Help</title>