This release fixes several off-by-one and integer overflow errors
discovered by Timo Sirainen. See the following url for more details:
http://www.ethereal.com/appnotes/enpa-sa-00009.html
Changes:
- don't build and install static plugins anymore
- use .tar.bz2 distfile
- add more MASTER_SITES (also add one for older distfiles)
- sync DESC with the new description on HOMEPAGE
- TCP sequence number analysis received a few improvements.
- General packet reassembly has been improved.
- The "Follow TCP Stream" window now allows you to filter out
the current stream.
- The Vines code received significant updates.
- Several enhancements were made to the text2pcap utility.
- New protocols:
ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
- Updated protocols:
802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI, EAP,
IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP, M2UA,
M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP, PGM,
Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH, SUA,
TCP, Telnet, Vines, WBXML, WSP, WTP
- Updated capture file support:
Netxray
Based on a patch by Quentin Garnier via PR pkg/21431.
Patch provided by Quentin Garnier via PR pkg/20668.
Changes:
- The Ethereal 0.9.10 release was packaged improperly(!). This release
fixes the packaging, and adds minor updates and fixes for the following
protocols: AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
- IA64 support has been improved.
Patch provided by Quentin Garnier via PR pkg/20624.
Changes:
This release fixes a security hole discovered by Georgi Guninski in
the SOCKS dissector. All users of previous versions are encouraged
to upgrade. For more details see
http://www.ethereal.com/appnotes/enpa-sa-00008.html
Bug Fixes:
==========
- A missing comma in a string array could cause Ethereal to crash
when opening the preferences dialog.
New Protocols:
==============
- MSN Messenger, SSH
Updated Protocols:
==================
- AFS, Apache JServ, BACNET, BGP, DCCP, DCERPC, DCERPC NT, DNS,
Frame Relay, GTP, IPP, IPX, LSA, M3UA, MDSHDR, MPLS, NCP2222,
NETLOGON, PPP, RADIUS, SAMR, SMB, SNMP, SPOOLSS, SRVSVC, SSL,
Token Ring, X11
Updated Capture File Support:
=============================
- NetXRay
New Features
In order to improve the out-of-box responsiveness of Ethereal and
Tethereal, network name resolution has been disabled by default.
TCP analysis (a feature added in the 0.9.6 release) was improved.
The NCP code base received quite a few updates.
Initial support for version 2 of the GTK+ library was added.
RPC staticstics (which use the new Tap API) were added.
Due to added and updated support for the NTLM, SNEGO, and GSS-API
protocols, Ethereal can now dissect most of the security blobs for
Windows 2000 authentication.
The Ethernet "manuf" file now handles addresses specified with a
mask, and contains many well-known addresses.
New Protocols
802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and Juniper),
SCCP-Management, SPNEGO
The following DCE/RPC protocols were also added:
AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, DNSSERVER,
DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, REP_PROC,
ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
Updated Protocols
AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, DCE/RPC
NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-IS,
Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, OSI
Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, WSP
Overview of changes in Ethereal 0.9.6:
* Update README.hpux re: version 11i (Guy)
* Update printing output routines (Guy)
* Properly adjust offset value in packet-bootp.c (Guy)
* Add AppleTalk ZIP support, adjust ddp socket filter names
(Didier Gautheron)
* Fix unsigned value printing in packet-atalk.c (Guy)
* Fix a possible buffer overflow in packet-isis-clv.c (Guy)
* NETLOGON cleanup and updates (Ronnie)
* pcap_dispatch() and fifo updates for tethereal.c (Graeme)
* Add missing static declarations to editcap.c and text2pcap.c (Joerg)
* Fix arguments in SAMR's dissect_nt_policy_hnd() routine (Tim)
* Add signature characters for IPX messages, improve socket number
handling (Guy)
* Allow TCP stream code to handle bad TCP packets (Guy)
* Handle Linux token ring bug (Guy)
* Update vcvars32.bat and cleanbld.bat notes in README.win32 (Guy)
* Improve handling of "send buffer length" in SMB RAP messages
(Devin Heitmueller)
* Fix #includes, DLCI field handling, and Q.931 parameters in IUA (Michael)
* Implemented a couple of easy windows registry dissectors (Tim)
* Fix QueryKey mod time handling in WINREG (Guy)
* Fix FILETIME handling in WINREG (Guy)
* Fix DELTA_USER name and structure in NETLOGON (Ronnie)
* Update README.win32 re cmd.exe vs command.com (Gerald)
* Add selected tree view item length to status bar (Gerald)
* SAMR update (Andrew Bartlett)
* Update command interpreter docs in README.win32 (Guy)
* Fix unneccessary include path, fix plugin directory path handling (Nix)
* Fix DELTA_DOMAIN name, fix structure in NETLOGON (Ronnie)
* Fix DELTA_GROUP name in NETLOGON (Ronnie)
* DELTA_RENAME_GROUP, DELTA_RENAME_USER, DELTA_RENAME_ALIAS NETLOGON
updates (Ronnie)
* Updated NETLOGON DELTA_GROUP_MEMBER and DELTA_ALIAS structures (Ronnie)
* Updated NETLOGON DELTA_ALIAS_MEMBER and DELTA_POLICY (Ronnie)
* Updated NETLOGON DELTA_TRUSTED_DOMAINS and DELTA_ACCOUNTS (Ronnie)
* Updated NETLOGON DELTA_UNION (Ronnie)
* Updated NETLOGON NetrDatabaseDeltas function (Ronnie)
* Fix the setting of "column.format" from the command line in Ethereal
and tethereal (Liviu Daia)
* Add formatting room for long field lengths in the status bar (Guy)
* Update of NETLOGON's DATABASESYNC function (Ronnie)
* Updated NETLOGON ACCOUNTDELTAS and ACCOUNTSYNC functions (Ronnie)
* Give some more information on the "command.com" vs. "cmd.exe" issue
in README.win32 (Guy)
* Support the new version of ASAP's I-Ds (Michael)
* Desegmentation of multi-TCP-segment TNS messages (and support for
multiple TNS messages per TCP segment) (Bernd)
* Updated NETLOGON GetDCName LogonControl and GetAnyDCName (Ronnie)
* Convert from prs_* routines to dissect_ndr_* routines in SPOOLSS (Tim)
* Update types and bases for many TNS fields (Bernd)
* Add NTLMSSP dissector (Devin Heitmueller)
* Reorder boolean fields in NTLMSSP, DCERPC and SPOOLSS (Tim)
* Fix an erroneous example, other errors in README.developer (Guy)
* Put back code to show auth data in DCERPC (Guy)
* NTLMSSP length and message content display fixes (Guy)
* Fix NETLOGON credential time stamp handling (Guy)
* Redback vendor-specific items for RADIUS and L2TP (Thierry Pelle)
* Get rid of unneeded #includes, fix DATA chunk handling in SCTP (Michael)
* Added another authentication service for Snego to DCE RPC (Tim)
* Add NSIS checkbox bitmaps to Makefile.am (Gerald)
* Update IUA to latest drafts, make packet fields searchable, add pref for
Implementers Guide support (Michael)
* Add DOCSIS support (Anand V. Narwani)
* Clean up the order of some lists of plugin items (Guy)
* Fix some warnings in SMB (Tim)
* Add missing #include to packet-smb-mailslot.c (Joerg)
* Fix a typo in packet-ftp.c (Guy)
* Properly handle responses in FTP, make SMTP fields filterable (Guy)
* Add smtp.req and smtp.rsp to the tree only when needed (Guy)
* Fix DOCSIS Info column erasure (Anand)
* Change the reported length of VJ uncompressed data to handle a pppdump
bug (Guy)
* Clarify the octet-stuffed framing code for pppdump (Guy)
* Add a Boolean field for the RSVP Bundle message type (Guy)
* Add/update booleans for RSVP Ack, Srefresh and HELLO (Guy)
* Fix a save-over-existing-capture bug (Richard)
* Fix random access handling in pppdump reader (Guy)
* Allow for SMTP and FTP response codes above 255 (Guy)
* Clean up the setting of "id_offset" and "sd_offset" in pppdump.c (Guy)
* The previous pppdump/VJ bug was actually the FCS. Handle accordingly
(Guy)
* Fix a sample call to add an item to the subtree, add/update documentation
for PROTONAME, PROTOSHORTNAME and PROTOABBREV in README.developer (Guy)
* Glib-ize and otherwise make a bunch of code more portable (Joerg)
* Added support for dissecting RSVP Bundle Messages (Ashok)
* Update the "NT sucks for PPP capture" note to include NT 5.1 in
capture.c (Guy)
* Fix dual sync-mode related capture popup error messages (Graeme)
* Allow "-" as the Wiretap output file name, capture loop optimization
(Graeme)
* Fix some error-message printing code, improve seekable file handling
(Guy)
* Don't allocate random access structs for sequential reads in pppdump.c
(Guy)
* Add needed snprintf.h #includes (Joerg)
* Get rid of unused variables and functions, improve missing libpcap
handling (Guy)
* Removed #if-0-ed code, redundant and unneded #includes all over the
place (Joerg)
* Add VSAs, fix attribute table termination in RADIUS (Kan Sasaki)
* Adjust the behavior of tvb_find_line_end(), and modify SMTP to take
advantage of it (Guy)
* Adjust the tree display, fix a loop termination in RTCP (Guy)
* Fix errors in README.plugins (Richard Urwin)
* #include sys/types.h in snprintf.h (Uwe)
* Add request/response time to SMB tree (Prabhakar Krishnan)
* Fix for the DOCSIS request frame Info column (Anand)
* Change a DOCSIS loop counter from guint8 to int (Guy)
* Fix a capture file overwrite bug (Joerg)
* Fix the declaration of yyin(), update options and usage message in
text2pcap.c (Guy)
* Update text2pcap documentation (Guy)
* Update comments, fix byte ordering in in_cksum.c (Guy)
* Fix info column display, add missing Extended header fields (Anand)
* Fix spacing in Netbios display (Tim)
* Gracefully display stub data in DCE RPC (Guy)
* Fix offsets in SIP (Stefan Wenk)
* Fix and SMB conversation handling bug (Ronnie)
* Put all SMB command PDUs in the summary line (Ronnie)
* Add NetBIOS address handling to Kerberos (Jim McDonough)
* Eliminate the need to #include sys/types.h, netinet/in.h, and
winsock2.h all over the code (Joerg)
* Fix a memory leak in gtk/colors.c found by Valgrind (Joerg)
* Add FPGetUserInfo to AFP (Didier Gautheron)
* Fully decode Quake2 client->server packets, start on server->client
(Jan Berkel)
* Update Windows printing code, fix variable freeing in print code (Guy)
* Add AF_INET6 support for DLT_NULL captures from MacOS X (Michael)
* Fix subtree creation in WSP (Guy)
* Improve progress bar window timing (Graeme)
* Add a CMP_ADDRESS macro (Ronnie)
* Check if 802.11 FCS is present (Chris Waters)
* Fix infinite loops, data fetching in RSVP (Guy)
* Fix a typo in packet_info.h (Ronnie)
* Improve TPKT heuristics (Guy)
* Add support for CoSine L2 debug output (Motonori)
* Fix decoding of AUTHORIZE in HCLNFSD (Mike Frisch)
* Add LsaQueryInformationPolicy2 to LSA (Jim McDonough)
* Add winsock2.h back to wtap.h (Joerg)
* Fix zlib.h #inclusion typo in wtap-int.h (Joerg)
* Fix get_persconffile_path-related memory leaks (Joerg)
* More data type (system-specific vs glib) cleanup (Joerg)
* Add TCP sequence number analysis (Ronnie)
* Fix entry for 0:0:0:0:0:0 in manuf.tmpl (Joerg)
* Update NETLOGON LogonControl2 and ServerAuthenticate2 functions (Ronnie)
* Fix system-specific netinet/in.h and sys/types.h dependencies (Guy)
* Remove unneeded arpa/inet.h and sys/socket.h #includes (Guy)
* Create a minimal TCP tree early on, in case an exception is thrown (Guy)
* Update the IEEE URL in make-manuf and manuf (Joerg)
* Add sequence number wrap to tcp window checking (Joerg)
* Fix a bug in the EPM dissector (Sergei Shokhor)
* Undo a couple of #include changes (Joerg)
* More NETLOGON function updates (Ronnie)
* Fix the PPP FCS computation (Hidetaka Ogawa)
* Remove net/inet.h #include from packet-isis-lsp.c (Joerg)
* Fix MMSE handling of strings with specified character set (Jan Kratochvil)
* Fix frame number data type in NFS (Guy)
* Fix a data type in wiretap/cosine.c (Guy)
* Add DOCSIS to Wiretap's table of encapsulations (Anand)
* Sync the SETCLIENTID args decoder with the latest nfs4_prot.x
(Mike Frisch)
* Fix NFSv4 ACL decoding (Mike)
* Put a comment about DOCSIS in packet-frame.c (Guy)
* Fix a typo in packet-smb.c (Guy)
* Fix SamrConnect[2-4] function names in SAMR (Richard)
* Add more information to the NBNS Info column (Tim)
* Add DOS error 259 to SMB (Tim)
* Fix Info column error reporting in DCERPC NT (Tim)
* Add OpenEntry, EnumKey and Unknown1A to REG, rename WINREG to REG (Tim)
* Fix a return code in SAMR (Tim)
* Fix NFSv4 LOOKUPP, add new error codes, fix ACL decoding (Mike)
* Properly set the LANE traffic type in libpcap.c (Guy)
* Fix non-multipart content handling in MMSE, along with POST data
subtrees (Tom Uijldert)
* Add support for CheckPoint FireWall-1 monitor files (Alfred Koebler)
* Get rid of redundant "fw1_" text in preference name (Guy)
* Remove unused #includes in packet-fw1.c (Joerg)
* Add FATTR4_MOUNTED_ON_FILEID to packet-nfs.c (Mike)
* WTP TPI dissection, and reindentation (Tom Uijldert)
* Update SetInformationPolicy2 function name in LSA (Ronnie)
* Add Xyplex terminal server protocol support (Randy McEoin)
* Handle NTLMSSP authentication messages, and handle the flags field in
NTLMSSP messages properly (Devin)
* Update get_unicode_or_ascii_string(), "un"used variables in SMB (Guy)
* Add a terminator to the ntlmssp_message_types list (Guy)
* Changed some incorrect pointer types in NETLOGON (Ronnie)
* Fix variable name / keyword conflict in packet-fw1.c (Guy)
* Add server name to negprot reply and fixed a pointer deferral problem in
SMB (Ronnie)
* Use "atm_guess_traffic_type()" in wiretap/netmon.c (Guy)
* Get rid of the "vpi" and "vci" arguments to "atm_guess_traffic_type()"
(Guy)
* Handle NTLMSSP over HTTP (Tim)
* Display the protocol name for the DCERPC UUID in the Info column (Tim)
* Update Windows printing prefs (Guy)
* Handle user2 access granted mask, name open/create domain/user/group
policy handles (Tim)
* Get rid of a commented-out #include in packet-smpp.c (Guy)
* Handle base64_decode() properly in packet-http.c (Guy)
* Fix a case statement in capture.c (Guy)
* Fix an NTLMSSP memory leak in packet-http.c. Improve display. (Tim)
* Replace AC_PROG_RANLIB with AM_PROG_LIBTOOL in configure.in (Joerg)
* Update .cvsignore (Joerg)
* Add CPHA support (Yaniv Kaul)
* Add and improve plugin API routines (Tomas Kukosa, Guy)
* Don't free a needed tvb in packet-http.c (Tim)
* Add AC_LIBTOOL_DLOPEN back to configure.in (Joerg)
* Fix unrecognized capability display in BGP, add ORF support (Jian Yu)
* LDP VC FEC dissection fix (Motonori)
* CoSine updates (Motonori)
* Fix FIN and ACK handling in TCP (Ronnie)
* Convert some all caps NETLOGON names to more friendly names (Tim)
* Fixed incorrect NDR pointer type in Authenticate3 in NETLOGON (Ronnie)
* Added new function name LogonSamLogonEx in NETLOGON (Ronnie)
* Fix a typo in a M2UA table and reformat it (Michael)
* Revert part of the TCP session tracking code (Ronnie)
* Fix some incorrect NETLOGON poitner types (Jean-Francois Micouleau)
* Adjust pointer usage in NETLOGON (Ronnie)
* Sync PPP with IANA, add MPLSCP and CDPCP, CDP over PPP (ENDOH Akira)
* Add protocol blurbs to "-G" fields (Vassilii Khachaturov)
* Adjust "-G"scripts to handle FT_UINT64, FT_INT64 and FT_STRING (Guy)
* Properly extract ISAKMP data, handle Initiator and Responder cookies
(Yaniv)
* Fix handling of SCSI mode sense (Bill Studenmund)
* Fix a couple of string handling bugs and properly display a uint in
NTLMSSP (Guy)
* Tweak the Solaris/SVR4 packaging a bit (Gerald)
* Limit the parameter and data tvbuffs in SMB (Guy)
* Keep track of "i", "a" and "m" tags in SDP (Guy)
* Fix "PS" bit recording in SCSI, improve unknown page display, fix MODE
SELECT payload length, add more data length checks, fix density code
(Guy)
* Generalize paths in ethereal.nsi and remove the need for ethereal.nsi.in
(Ulf Lamping)
* Set "SetShellVarContext all" in ethereal.nsi (Gerald)
* Add COMMON_FILES_GNU to config.nmake (Gerald)
* Add LLMNR support (Itojun)
* Add a plain text FAQ to the distribution (Joerg)
* Fix ethereal.nsi entries in Makefile.am (Joerg)
* Add TDS protocol support (Brian Bruns, Joerg)
* Add make-faq script (Joerg)
* Add the text FAQ to each package (Joerg)
* Clean up RPM building process (Joerg)
* Fix zero-infinite-looping problem in packet-tds.c (Guy)
* Fix formatting of SCSI "(size)" tags, track device/command types better,
other updates (Guy)
* Parse ISAKMP group descriptions, improve transform/payload display,
parse vendor ID (Yaniv)
* Add -S option to tethereal (Joerg)
* Improve SCSI device type handling, fix memory leaks, fix SSC READ(6) and
WRITE(6) dissectors (Guy)
* Add missing "-static.o" to Makefile.am
* Fix infinite recursion bug in DOCSIS (Anand)
* Update CPHA to use the new dissector API (Guy)
== June 28, 2002
Ethereal 0.9.5 has been released. This version fixes several potential
security problems revealed since the release of 0.9.4. See the security
advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
more details.
New Features:
The ability to read packet data from a pipe was enhanced. Printing
under Windows now works.
New Protocols
802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
Updated Protocols
ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
WCP, WEP, WSP, WTP
Capture File Updates
Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
NetXRay, and libpcap code all received updates.
bugs discoverd in version 0.9.3 including these four potential
security problems:
- The SMB dissector could potentially dereference a NULL pointer in two cases.
- The X11 dissector could potentially overflow a buffer while parsing keysyms.
- The DNS dissector could go into an infinite loop while reading a malformed
packet.
- The GIOP dissector could potentially allocate large amounts of memory.
the version of ucd-snmp. Therefore, adjust the wildcard dependencies in
dependents to match exactly (barring "nb" version changes), and bump the
dependent's "nb" versions to reflect the change in dependencies. Otherwise,
an "ethereal" binary package (for example) built against ucd-snmp-4.2.4
will happily install against ucd-snmp-4.2.3nb1, but will fail at run-time
with, ``shared object "libucdsnmp-0.4.2.3.so" not found.''
This version fixes problems in the SNMP and LDAP dissectors revealed by
the PROTOS test suite. The SCTP checksum code for CRC32C was updated to
match the new (version 3) draft specification. Additionally, the layout
of the capture dialog was vastly improved.
NCP type 0x2222 packet type support was added to the randpkt utility, and
a script to recreate packets from core dumps (pkt-from-core.py) was added
to the source distribution.
SNA over Ethernet and HiPath HDLC support was added. Dissectors receiving
updates include 802.11w, 802.11, AARP, AFS, ARP, COPS, DCE RPC, EAP/EAPOL,
GIOP, ICQ, iSCSI/SCSI, ISIS, LAPD, LDAP, M3UA, NBNS, NDMP, OSPF, Q.931,
RADIUS, Raw IP, RX, SDB, SMB, SNMP, SSL, TCP, TPKT, UCP, WSP, and YP.
Support for the AiroPeek and pflog file formats was also enhanced.
Program preferences have been expanded to include capture, name
resolution, and window geometry settings. It is now possible to search
for all fields in GIOP messages. You can now build display filters on
the fly by right-clicking on tree view items. Additionally, protocol
hierarchy statistics display and MacOS X capture timeout bugs have
been fixed.
The idl2eth utility now handles CORBA IDL recursive unions and
structs and the text2pcap utility also received updates, including
SCTP support.
New dissectors include DHCPv6, DLSw, IAPP, SCSI, SPOOLSS RPC,
SliMP3, and TSP. Dissectors receiving updates include AFS, AIM,
Auto-RP, BGP, BOOTP, DCE RPC, DIAMETER, FDDI, GTP, H.261, HMIPv6,
IS-IS, iSCSI, ISUP, LDAP, M3UA, MIP, MMSE, MTP3, NBNS, NCP, NDMP,
NFS, ONC RPC, PIM, PPP, PPP, Q.931, RPC, RSVP, RTCP, SCTP, SDP,
SIP, SMB/CIFS, SSL, STAT, Syslog, TCP, TNS, VJ, WTP, and ypbind.
Support for WildPackets' AiroPeek and OpenBSD pflog capture
file formats have been added (you can read pflog data from a file,
or directly from the logging interface). Support for the DBS
Etherwatch, EtherPeek, NetMon, and VMS TCPIPtrace formats has
been enhanced.
--- www.ethereal.com announement
Ethereal 0.9.0 has been released. Several new features have been
added, including TCP graphs and ring buffer captures. The SMB
dissector was completely rewritten, and many enhancements were made
to the user interface. The text2pcap utility can now handle a
broader range of input data formats. The developer documentation
also received many updates. Bug fixes include a workaround for an
SNMP bug present several Linux distributions.
New dissectors include EAPOL, M2TP, MS RPC, MTP2, PCNFSD, PPP/EAPOL,
QLLC, SMPP, and SUA. The AppleTalk, BEEP (formerly BXXP), BGP,
CLNP, Coseventcomm, DCE RPC, Diameter, DVMRP, Gnutella, GRE, GTP,
HTTP, IPSEC, IPX, ISAKMP, iSCSI, IUA, L2TP, LDP, MMSE, Mobile IP,
MPLS, MTP3, OSPF, PPP, Prism, RADIUS, SCCP, SCTP, SDP, SMB, SMTP,
SNA, SOCKS, SSL, Telnet, TFTP, UCP, WAP, WCCP, WSP, and X.25
dissectors all received updates.
Ethereal now supports DBS Etherwatch, Visual Networks Visual UpTime,
and VMS TCPIPtrace capture files. Support for Ascend/Lucent debug,
Etherpeek, iptrace, and MS Netmon capture files was enhanced.
- from www.ethereal.com
New dissectors include Appletalk Data Stream Interface, AUTH_DES,
DVMRP, GIOP, Gnutella, iSCSI, ISUP, M2PA, MP-BGP message, MSDP,
MTP3, PAP, PIMv1, RFC 2250 MPEG1, and for you gamers, QuakeWorld
and Quake II. Many other dissectors were updated and bug-fixed.
Overview of changes in Ethereal 0.8.18:
* Improvement of 'make clean' targets. (gilbert)
* Added the ethereal capture preferences to the preference file. (Jeff, Guy)
* Fix automake packaging of win32-only files. (gilbert)
* Remove "etypes.h" include from "ipproto.c" (gilbert)
* Tvbuffify the ASN.1 code and the Kerberos, LDAP, and SNMP dissectors. (Guy)
* Get rid of an unused variable, and fix a typo in a comment in packet-ldap.c (Guy)
* packet-snmp.c Fix up a pile of NullTVB uses that were left in the previous checkin. (Guy)
* Assorted cleanups in packet-kerberos.c (Guy)
* packet-vines.c, packet-quake.c, packet-snmp.c, check for disabled protocols and set "pinfo->current_proto" (Guy)
* Assorted ISIS enhancements. (Hannes Gredler)
* When dissecting the ISIS NLPID CLV, use the "nlpid_vals" array to convert NLPID values to protocol names. (Guy)
* In wiretap/buffer.c Fix "data" member of a Buffer structure g_malloc casting (Guy)
* In wiretap/lanalyzer.c Removed g_assert_not_reached and return 0; from lanalyzer_open() loop. (Guy)
* Fix the e-mail address for Joerg Mayer (and remove it from files he wasn't involved with). (Guy)
* Quarterly (or so) update to manuf (Gerald)
* Move the declaration of "ipprotostr()" out of "epan/packet.h" into a new "ipproto.h" header file. (Guy)
* Move the declaration of "etype_vals[]" from "epan/packet.h" to "etypes.h". (Guy,Ed Warnicke)
* Fix to a preferences dialog bug, from <inoue@ainet.or.jp>. (Guy)
* Fix to WTP retransmission indicator dissection (Guy,Olivier Biot)
* packet-bgp.c, packet-bgp.h tvbuffified (Heikki Vatiainen, Guy)
* Add -I/usr/local/include" into CFLAGS because GLib 1.2.9 doesn't any more (Guy)
* WTLS client and trusted key ID handling enhancements (Patrick Wolfe, Guy)
* Tvbuffify packet-yhoo.c (Nathan Neulinger)
* Makefile.nmake pulls in settings from config.nmake (Gram)
* ascend-scanner.l, #define YY_NEVER_INTERACTIVE to avoid reference to isatty() on Win32 (Gram)
* IP fragment reassembly (Ronnie Sahlberg, Guy)
* Fixed problem with nmake compiling lemon.c twice (Gram)
* Check the validity of numbers specified in command-line options. (Guy)
* Add ONC RPC strings to the tree as strings, with a field index (Ronnie Sahlberg, Guy)
* YPPASSWD support (Ronnie Sahlberg, Guy)
* Distribute wtap.def (Gram)
* Include "image/Makefile.nmake" in the distribution tarball. (Guy)
* Fixed up the messages printed for the SSL checks (Guy)
* Have status bar to display nothing, rather than "Text (text)", when a
"proto_tree_add_text()" field is selected. (Ronnie Sahlberg, Guy)
* Cleanup the text item pseudo-field for the '-G' option (Guy)
* Get rid of the FT_-name-to-description filtering in eproto2sgml (Guy)
* DCE RPC updates (Todd Sabin, Guy)
* Cleanup packet-rsvp.c object class-specific types (Guy)
* Added error messages to proto.c for BASE_NONE in FT_INTn & FT_UINTn (hagbard,Guy)
* Added perl script to generate X11 dissector fields (Guy)
* Include "process-x11-fields.pl" and "x11-fields" in the source distribution (Guy)
* Fix up "process-x11-fields" to allow both a base *and* VALS to be specified (Guy)
* Make the X11 fields that correspond to drawable IDs, masks, and the like
display as hex rather than decimal. (Guy)
* packet-x11.c - Use "%u", not "%d", to print unsigned quantities (Guy)
* Add support for comments in "process-x11-fields.pl", and add a copyright
notice/RCS ID/credit to Christophe to "x11-fields" as a comment. (Guy)
* packet-eigrp.c - Put top-level item for a TLV into the protocol tree with a text
value, for display if an exception occurs (Guy)
* KLM support (Ronnie Sahlberg, Guy)
* Put an RCS ID/GPL/copyright notice into the "process-x11-fields.pl" script (Guy)
* tethereal.c - Add a "return 0;" at the end of main() to pacify MSVC 5 (Gram)
* Fix Gerald's e-mail address - (Guy)
* dfilter_expr_dlg.c - Treat BASE_BIN like BASE_DEC for numeric value of value_string (Guy)
* README.developer - Explain BASE_{DEC,HEX,OCT,BIN} a bit more (Guy)
* editcap.c - add return 0; to main routine (Guy)
* TODO - Update the reassembly item to note that IPv4 fragments are now reassembled. (Guy)
* SPRAY support (Ronnie Sahlberg, Guy)
* rquota support completed (Ronnie Sahlberg, Guy)
* When registering numeric fields, check that a base other than BASE_NONE was specified. (Guy)
* Tvbuffification of the IPv6 and ICMPv6 dissectors, and some bug fixes (Heikki Vatiainen, Guy)
* Get rid of NullTVB references. (Guy)
* Get rid of END_OF_FRAME, BYTES_ARE_IN_FRAME references in tvbuffified dissectors. (Guy)
* Move the declarations of IP protocol numbers to "ipproto.h" from "packet-ip.h". (Guy)
* Get rid of unnecessary includes. (Guy)
* Signed vs. unsigned fixes (Joerg Mayer, Guy)
* Tvbuffify the RIPng dissector. (Guy)
* RANAP support (Martin Held, Guy)
* Modbus/TCP support (Riaan Swart, Guy)
* Tvbuffify the Gryphon dissector. (Guy)
* Undefine "isprint()" before re-defining it, to squelch a compiler warning. (Guy)
* Configure.in - Fail if both UCD and CMU SNMP headers are found because of link problem (Guy)
* If the SNMP headers were found but we failed to find "sprint_objid()", fail SNMP config (Guy)
* Make "col_set_str()" and "tvb_reported_length_remaining()" available in plugins. (Guy)
* Get rid of support for non-tvbuffified plugin dissectors. (Guy)
* "-l" command-line option to turn on automatic scrolling in "Update list
of captures in real time" captures (Christian Lacunza, Guy)
* HPUX plugin support using g_module_supported (Guy)
* Added support for DHCP Authentication extensions specified in
draft-ietf-dhc-authentication-16.txt (Ashokn)
* Added support for RSVP Refresh Reduction Extensions -
draft-ietf-rsvp-refresh-reduct-05. (Ashokn)
* Added one-line summary of each RSVP object in the object line. (Ashokn)
* Additional OSPF LSA types and opaque-options flag (Michael Rozhavsky, Guy)
* packet-wtls.c updates (Alexandre P. Ferreira, Guy)
* IPX SAP over IPX EIGRP support, and IP EIGRP authentication updates (Paul Ionescu, Guy)
* PIM enhancements and fixes (Heikki Vatiainen, Guy)
* Support for dissecting XDR arrays (Ronnie Sahlberg, Guy)
* NIS+ support (Ronnie Sahlberg, Guy)
* Additional LDAP checks for invalid packets (Scott Renfro, Guy)
* Better support of timestamps from NetXRay captures (Chris Jepeway, Guy)
* Automake updates for next version of automake (Nathan Neulinger, Guy)
* Updates for the next version of autoconf (Nathan Neulinger, Guy)
* Passive FTP support (Juan Toledo, Guy)
* Fix a text window, scrollbar bug reported by Christopher McAvaney (gerald)
* Updates to OSPF for the changes between drafts 3 and 4 of
* Various ISIS improvements (Jean-Christian Pennetier, Guy)
* osi-util.c Fix postfix error in string generation (Chris Fould, Guy)
* Support for Cisco-proprietary capabilities in BGP (Jian Yu)
Overview of changes in Ethereal 0.8.17:
* Display filter GUI fix (Guy)
* Build fix: use SSL_LIBS if found by configure (Henri Gomez)
* Fix 2 off-by-1 erros in the code that selects a field after
user clicks on a byte in the hex dump (Gilbert)
* Typo fixes to packet-q931.c (Thomas Gimpel)
* Win32 build: create HTML doco (Gilbert)
* Fixes for Lemon compilation (Guy)
* Wiretap file-close fix (Guy)
* Wiretap open() design fix (Guy)
* New dissector: support for CUPS browsing protocol (Charles Levert)
* Wiretap support for Cisco HDLC (Guy)
* New dissector: Cisco HDLC (guy)
* Tvbuffication of MOUNT dissector (Ronnie Sahlberg)
* Tvbuffication of HCLNFSD dissector (Ronnie Sahlberg)
* Memory double-free fix (Guy)
* Change tvb_get_ptr() to return 'const guint8*' (Gilbert, Guy)
* Fix for IEEE 802.11 trying to modify result of tvb_get_ptr() (Guy)
* Update to CUPS (Guy)
* Update to CLNP (Guy)
* Fix for Win32 file renaming (Guy)
* Update to MGCP (Ed Warnicke, Guy)
* Update to STAT dissector (Ronnie Sahlberg)
* Check for NULL in proto_tree_add_* routines (Guy, Jeff)
* Tvbuffication of YPSERV (Ronnie Sahlberg)
* Tvbuffication of BOOTPARAM (Ronnie Sahlberg)
* New dissector: DCE RPC support (Tod Sabin)
* Update to SMB mailslot, browse, pipe (Guy)
* Update to SMB (Guy)
* Add 48.48 PNG of new 3d logo (Gilbert)
* Compiler warning fixes (Guy)
* MS Proxy fix and tvbuffication (Guy, Jeff)
* Move address routines to epan (Ed Warnicke)
* Change "IEE 802.3" Ethernet label (Gilbert)
* New feature: Protocol Hierarchy Statistics (Gilbert, Guy)
* Win32 build: build wiretap as DLL, use WinPcap 2.1 (Gilbert)
* New feature: multiple named data sources (Jeff, Guy)
* Update to Frame Relay (Jeff, Guy)
* New dissector: LMI for frame relay (Jeff)
* New dissector: Wellfleet compression (Jeff)
* Update to WTP (Guy)
* Updates to AFS (Nathan)
* Fix for WCP (Guy, Jeff)
* Back out guint64 handling in wiretap netxray module (Guy)
* Add APi for creating progess dialogues (Guy)
* Tvbuffication of ICQ (Guy)
* GTK-related code fixes (Eduardo Pérez Ureta)
* Update to RX (Nathan)
* Add "-D" flag to tethereal to show list of all network
interfaces (Guy)
* Update to IP: check for small header lengths (Guy)
* Update TPKT (Guy)
* Fix for ICMPv6 crash (Olivier, found by Heikki Vatiainen)
* Fix for "checksum bad" flags in proto_tree in IP, UDP, TCP (Guy)
* Update to PPP (Guy)
* Update to Q.931 (Guy)
* New disector: BACNET (Hartmut Mueller)
* Code movement from dissectors to epan (Ed Warnicke, Guy)
* General code cleaning (Guy)
* Win32: load wpcap.dll at run-time, not load-time (Gilbert)
* Support for "Transparent Ethernet Bridging" (Guy)
* New dissector: GTP (Michal Melerowicz)
* Fix for ISAKMP : check for length of payload (Tim Newsham)
* Win32 build: use NullSoft Installer to provide packaging (Gilbert)
* Win32 build: keep version number in config.nmake, and generate
text files that need that version number (Gilbert)
* Win32 build: wiretap can use zlib (Gilbert)
* Update to SNMP (Guy)
* New dissector: RWALL (Ronnie Sahlberg)
* OSI-over-PPP support, plus fixes to ISIS (Hannes Gredler)
* Updates to SCTP (Michael Tuexen)
* Wiretap: support for Ascend version 7 output (Gerald)
* Fixes to NTP (Joerg Mayer)
* Doco updates (Guy, Gilbert)
* Fix for GTK file selection showing wrong directory in Open/Save As (Gilbert)
* Win32: isprint() hack to keep GTK from not showing characters in hex
dump and follow-tcp-stream window in certain cases (Gilbert)
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
Martti Kuparinen in PR pkg/12379. Changes since version 0.8.15:
- new dissectors include SUA Light, HCLNFSD, Rquota.
- many other dissectors were updated and bug-fixed
- the wiretap library can now read Etherpeek files, and write NetMon 2.x
files
- capture filters and display filters are kept in separate dialogues/files
to help minimize confusion.
- a new "Decode As" feature allows some run-time configuration of which
dissectors are called for a particular packet
- the display filter code was re-written, and some syntax changed (esp. for
boolean variables)
An exploit for a buffer overrun in the AFS dissector was recently
released on BugTraq. Ethereal 0.8.14 fixes this and other
possibly-exploitable overruns. Also new in 0.8.14 are dissectors
for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, and MGCP (plugin).
Other dissectors were updated as well. Be sure to upgrade to
0.8.14 as soon as possible
Changes:
New dissectors include H.261, TPKT, and IGRP, RTP and RTCP were
re-written, and many other dissectors were updated and improved. The
wiretap library enables Ethereal to read Nokia-firewall tcpdump files,
Shomiti Surveyor 3.x files, pppd log files (pppdump format), and
NetXRay ATM files.
This version understands our PPP protocol again (PPP over serial, i.e.).
Other changes:
Ethereal now understands Kerberos 5, rsh, and Zebra, and has the
initial work done for BXXP. Ethereal (via our wiretap library) can
now read Cisco Secure IDS iplog files. Ethereal's Help menu option
finally gives help. Many other updates and fixes were made in
version 0.8.12.