Fix some pkglint warnings while here.
Wireshark 2.6.3 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-44[1]
• Bluetooth AVDTP dissector crash. Bug 14884[2]. CVE-2018-16058[3].
• wnpa-sec-2018-45[4]
• Bluetooth Attribute Protocol dissector crash. Bug 14994[5].
CVE-2018-16056[6].
• wnpa-sec-2018-46[7]
• Radiotap dissector crash. Bug 15022[8]. CVE-2018-16057[9].
The following bugs have been fixed:
• Wireshark Hangs on startup initializing external capture plugins.
Bug 14657[10].
• Qt: SCTP Analyse Association Dialog: Segmentation fault when
clicking twice the Filter Association button. Bug 14970[11].
• Incorrect presentation of dissected data item (NETMASK) in ISAKMP
dissector. Bug 14987[12].
• Decode NFAPI: CONFIG.request Error. Bug 14988[13].
• udpdump frame too long error. Bug 14989[14].
• ISDN - LAPD dissector broken since version 2.5.0. Bug 15018[15].
• ASTERIX Category 062 / 135 Altitude has wrong value. Bug
15030[16].
• Wireshark cannot decrypt SSL/TLS session if it was proxied over
HTTP tunnel. Bug 15042[17].
• TLS records in a HTTP tunnel are displayed as "Encrypted
Handshake Message". Bug 15043[18].
• BTATT Dissector: Temperature Measurement: Celsius and Fahrenheit
swapped. Bug 15058[19].
• Diameter AVP User Location Info, Mobile Network Code decoded not
correctly. Bug 15068[20].
• Heartbeat message "Info" displayed without comma separator. Bug
15079[21].
Updated Protocol Support
ASTERIX, Bluetooth, Bluetooth ATT, Bluetooth AVDTP, DHCP, DTLS,
E.212, FP, GSM A RR, HTTP, HTTP2, IEEE 802.11, ISAKMP, ISDN, K12,
NFAPI, Nordic BLE, PFCP, Radiotap, SSL, Steam IHS Discovery, and TLS
1.3
New and Updated Capture File Support
pcapng
New and Updated Capture Interfaces support
ciscodump, udpdump
Wireshark 2.6.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2018-34[1]
• BGP dissector large loop. Bug 13741[2]. CVE-2018-14342[3].
• wnpa-sec-2018-35[4]
• ISMP dissector crash. Bug 14672[5]. CVE-2018-14344[6].
• wnpa-sec-2018-36[7]
• Multiple dissectors could crash. Bug 14675[8]. CVE-2018-14340[9].
• wnpa-sec-2018-37[10]
• ASN.1 BER dissector crash. Bug 14682[11]. CVE-2018-14343[12].
• wnpa-sec-2018-38[13]
• MMSE dissector infinite loop. Bug 14738[14]. CVE-2018-14339[15].
• wnpa-sec-2018-39[16]
• DICOM dissector crash. Bug 14742[17]. CVE-2018-14341[18].
• wnpa-sec-2018-40[19]
• Bazaar dissector infinite loop. Bug 14841[20].
CVE-2018-14368[21].
• wnpa-sec-2018-41[22]
• HTTP2 dissector crash. Bug 14869[23]. CVE-2018-14369[24].
• wnpa-sec-2018-42[25]
• CoAP dissector crash. Bug 14966[26]. CVE-2018-14367[27].
The following bugs have been fixed:
• ISMP.EDP "Tuples" dissected incorrectly. Bug 4943[28].
• Wireshark - Race issue when switching between files using
Wireshark’s "Files in Set" dialog. Bug 10870[29].
• Sorting on "Source port" or "Destination port" column sorts
alphabetically, not numerically. Bug 11460[30].
• Wireshark crashes when changing profiles. Bug 11648[31].
• Crash when starting capture while saving capture file or
rescanning file after display filter change. Bug 13594[32].
• Crash when switching to TRANSUM enabled profile. Bug 13697[33].
• TCP retransmission with additional payload leads to incorrect
bytes and length in stream. Bug 13700[34].
• Wireshark crashes with single quote string display filter. Bug
14084[35].
• randpkt can write packets that libwiretap can’t read. Bug
14107[36].
• Wireshark crashes when loading new file before previous load has
finished. Bug 14351[37].
• Valid packet produces Malformed Packet: OpcUa. Bug 14465[38].
• Error received from dissect_wccp2_hash_assignment_info(). Bug
14573[39].
• CRC checker wrong for FPP. Bug 14610[40].
• Cross-build broken due to make-dissectors and make-taps. Bug
14622[41].
• Extraction of SMB file results in wrong size. Bug 14662[42].
• 6LoWPAN dissector merges fragments from different sources. Bug
14700[43].
• IP address to name resolution doesn’t work in TShark. Bug
14711[44].
• "Decode as" Modbus RTU over USB doesn’t work with 2.6.0 but with
2.4.6. Bug 14717[45].
• proto_tree_add_protocol_format might leak memory. Bug 14719[46].
• tostring for NSTime objects in lua gives wrong results. Bug
14720[47].
• Media type "application/octet-stream" registered for both Thread
and UASIP. Bug 14729[48].
• Crash related to SCTP tap. Bug 14733[49].
• Formatting of OSI area addresses/address prefixes goes past the
end of the area address/address prefix. Bug 14744[50].
• ICMPv6 Router Renumbering - Packet Dissector - malformed. Bug
14755[51].
• WiMAX HARQ MAP decoder segfaults when length is too short. Bug
14780[52].
• HTTP PUT request following a HEAD request is not correctly
decoded. Bug 14793[53].
• SYNC PDU type 3 miss the last PDU length. Bug 14823[54].
• Reversed 128 bits service UUIDs when Bluetooth Low Energy
advertisement data are dissected. Bug 14843[55].
• Issues with Wireshark when the user doesn’t have permission to
capture. Bug 14847[56].
• Wrong description when LE Bluetooth Device Address type is
dissected. Bug 14866[57].
• LE Role advertisement type (0x1c) is not dissected properly
according to the Bluetooth specification. Bug 14868[58].
• Regression: Wireshark 2.6.0 and 2.6.1 are unable to read NetMon
files which were readable by previous versions. Bug 14876[59].
• Wireshark doesn’t properly display (deliberately) invalid 220
responses from Postfix. Bug 14878[60].
• Follow TCP Stream and click reassembled content moves you to
incorrect current packet. Bug 14898[61].
• Crash when changing profiles while loading a capture file. Bug
14918[62].
• Duplicate PDU during C Arrays Output Export. Bug 14933[63].
• DCE/RPC not dissected when "reserved for use by implementations"
flag bits set. Bug 14942[64].
• Follow TCP Stream truncates output on missing (but ACKed)
segments. Bug 14944[65].
• There’s no option to include column headings when printing
packets or exporting packet dissections with Qt Wireshark. Bug
14945[66].
• Qt: SCTP Graph Dialog: Abort when doing analysis. Bug 14971[67].
• CMake is unable to find LUA libraries. Bug 14983[68].
Updated Protocol Support
6LoWPAN, ASN.1 BER, Bazaar, BGP, Bluetooth, Bluetooth HCI_CMD, CIGI,
Cisco ttag, CoAP, Data, DCERPC, Diameter 3GPP, DICOM, DOCSIS, FPP,
GSM A GM, GTPv2, HTTP, HTTP2, IAX2, ICMPv6, IEEE 1722, IEEE 802.11,
IPv4, ISMP, LISP, MMSE, MTP3, MySQL, NFS, OpcUa, PPI GPS, Q.931,
RNSAP, RPCoRDMA, S1AP, SCTP, SMB, SMTP, STUN, SYNC, T.30, TCP,
TRANSUM, WAP, WCCP, Wi-SUN, WiMax HARQ Map Message, and WSP
New and Updated Capture File Support
Alcatel-Lucent Ascend and Microsoft Network Monitor
Wireshark 2.6.1 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• ws-sa2018-25
• The LDSS dissector could crash. (ws-bug14615)
• ws-sa2018-26
• The IEEE 1905.1a dissector could crash. (ws-bug14647)
• ws-sa2018-27
• The RTCP dissector could crash. (ws-bug14673)
• ws-sa2018-28
• Multiple dissectors could consume excessive memory. (ws-bug14678)
• ws-sa2018-29
• The DNS dissector could crash. (ws-bug14681)
• ws-sa2018-30
• The GSM A DTAP dissector could crash. (ws-bug14688)
• ws-sa2018-31
• The Q.931 dissector could crash. (ws-bug14689)
• ws-sa2018-32
• The IEEE 802.11 dissector could crash. (ws-bug14686)
• ws-sa2018-33
• Multiple dissectors could crash. (ws-bug14703)
The following bugs have been fixed:
• Qt GUI does not snap to exactly half of screen in Windows. (Bug
13516[1])
• Segmentation fault when switching profiles. (Bug 14316[2])
• QUIC dissector produces incorrect packet numbers (wrong-endian).
(Bug 14462[3])
• Wrong default file format chosen in when saving a capture with
comments added if the original format doesn’t support comments.
(Bug 14601[4])
• Lua: Error during loading [AppData directory]:1: bad argument #1
to dofile (dofile: file does not exist). (Bug 14619[5])
• Crash when selecting text. (Bug 14620[6])
• ui/macosx directory missing from source release tarball. (Bug
14627[7])
• Wireshark 2.9.0 snapshot crashes/segfaults on Windows when
launched with -k or -i. (Bug 14632[8])
• "Copy as printable text" isn’t copying non-alphanumeric
characters. (Bug 14633[9])
• File missing from release tarball. (Bug 14634[10])
• NEWS is out of date and does not display properly in Notepad.
(Bug 14636[11])
• l16mono.so is installed in the wrong place. (Bug 14638[12])
• Remove: HACK to support UHD’s weird header offset on data
packets. (Bug 14641[13])
• WinSparkle 0.5.6 is out of date and is buggy. (Bug 14642[14])
• Unable to create or open VOIP captures. (Bug 14648[15])
• RTMPT: incorrect dissection of multiple RTMP packets within a
single TCP packet. (Bug 14650[16])
• Endpoints dialog displays invalid GeoIP information due to
incorrect byte order. (Bug 14656[17])
• Qt: Crash in ShowPacketBytesDialog(). (Bug 14658[18])
• Statistics → Resolved addresses show IP addresses without domain.
(Bug 14667[19])
• Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets.
(Bug 14669[20])
• Files missing from docbook CMake file. (Bug 14676[21])
• Wireshark hangs when opening certain files if it’s been
configured to use the new GeoIP databases. (Bug 14701[22])
The “Open”, “Save”, and other file dialogs should now be shown at the
correct size on HiDPI Windows systems.
Updated Protocol Support
BATADV, BT LE LL, CoAP, DNS, DTLS, GSM A DTAP, GSM A GM, GTP, GTPv2,
IEEE 1905.1a, IEEE 802.11, LDSS, LwM2M-TLV, MAC LTE, NAS EPS, Q.931,
RTCP, RTMPT, SDP, TCP, and VITA 49
New and Updated Capture File Support
3GPP TS 32.423 Trace and Android Logcat
Switch default GUI from gtk3 to qt5. See What's New below for "why".
What’s New
Wireshark 2.6 is the last release that will support the legacy (GTK+)
user interface. It will not be supported or available in Wireshark
3.0.
Many user interface improvements have been made. See the “New and
Updated Features” section below for more details.
Bug Fixes
The following bugs have been fixed:
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.5.0:
• HTTP Request sequences are now supported.
• Wireshark now supports MaxMind DB files. Support for GeoIP and
GeoLite Legacy databases has been removed.
• The Windows packages are now built using Microsoft Visual Studio
2017.
• The IP map feature (the “Map” button in the “Endpoints” dialog)
has been removed.
The following features are new (or have been significantly updated)
since version 2.4.0:
• Display filter buttons can now be edited, disabled, and removed
via a context menu directly from the toolbar
• Drag & Drop filter fields to the display filter toolbar or edit
to create a button on the fly or apply the filter as a display
filter.
• Application startup time has been reduced.
• Some keyboard shortcut mix-ups have been resolved by assigning
new shortcuts to Edit → Copy methods.
• TShark now supports color using the --color option.
• The "matches" display filter operator is now case-insensitive.
• Display expression (button) preferences have been converted to a
UAT. This puts the display expressions in their own file.
Wireshark still supports preference files that contain the old
preferences, but new preference files will be written without the
old fields.
• SMI private enterprise numbers are now read from the
“enterprises.tsv” configuration file.
• The QUIC dissector has been renamed to Google QUIC (quic →
gquic).
• The selected packet number can now be shown in the Status Bar by
enabling Preferences → Appearance → Layout → Show selected packet
number.
• File load time in the Status Bar is now disabled by default and
can be enabled in Preferences → Appearance → Layout → Show file
load time.
• Support for the G.729A codec in the RTP Player is now added via
the bcg729 library.
• Support for hardware-timestamping of packets has been added.
• Improved NetMon .cap support with comments, event tracing,
network filter, network info types and some Message Analyzer
exported types.
• The personal plugins folder on Linux/Unix is now
~/.local/lib/wireshark/plugins.
• TShark can print flow graphs using -z flow…
• Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
SHA1. MD5 output has been removed.
• The packet editor has been removed. (This was a GTK+ only
experimental feature.)
• Support BBC micro:bit Bluetooth profile
• The Linux and UNIX installation step for Wireshark will now
install headers required to build plugins. A pkg-config file is
provided to help with this (see “doc/plugins.example” for
details). Note you must still rebuild all plugins between minor
releases (X.Y).
• The Windows installers and packages now ship with Qt 5.9.4.
• The generic data dissector can now uncompress zlib compressed
data.
• DNS Stats now supports service level statistics.
• DNS filters for retransmissions and unsolicited responses have
been added.
• The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero
window advertisements.
• The membership operator now supports ranges, allowing display
filters such as tcp.port in {4430..4434} to be expressed. See the
User’s Guide, chapter Building display filter expressions for
details.
New Protocol Support
ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling),
AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags
(Broadcom Ethernet switch management frames), CAN-ETH, CVS password
server, Excentis DOCSIS31 XRA header, F1 Application Protocol,
F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High
Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for
Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br
Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol
(UDP), Network Functional Application Platform Interface (NFAPI)
Protocol, New Radio Radio Link Control protocol, New Radio Radio
Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer
Protocol, Object Security for Constrained RESTful Environments
(OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf
(Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect
Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring
protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP
and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
Protocol
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Microsoft Network Monitor
New and Updated Capture Interfaces support
LoRaTap
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-15
The MP4 dissector could crash. ([2]Bug 13777)
* [3]wnpa-sec-2018-16
The ADB dissector could crash. ([4]Bug 14460)
* [5]wnpa-sec-2018-17
The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
* [7]wnpa-sec-2018-18
The NBAP dissector could crash. ([8]Bug 14471)
* [9]wnpa-sec-2018-19
The VLAN dissector could crash. ([10]Bug 14469)
* [11]wnpa-sec-2018-20
The LWAPP dissector could crash. ([12]Bug 14467)
* [13]wnpa-sec-2018-21
The TCP dissector could crash. ([14]Bug 14472)
* [15]wnpa-sec-2018-22
The CQL dissector could to into an infinite loop. ([16]Bug 14530)
* [17]wnpa-sec-2018-23
The Kerberos dissector could crash. ([18]Bug 14576)
* [19]wnpa-sec-2018-24
Multiple dissectors and other modules could leak memory. The TN3270
([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
14488) dissectors were susceptible along with Wireshark and TShark
([29]Bug 14489).
The following bugs have been fixed:
* TRANSUM doesn't account for DNS retries in the Request Spread.
([30]Bug 14210)
* BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not
able to decode the packet correctly. ([31]Bug 14241)
* Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes
in later releases. ([32]Bug 14293)
* PEEKREMOTE dissector lacks 80mhz support, short preamble support
and spatial streams encoding. ([33]Bug 14452)
* Statistics > UDP Multicast Streams > [Copy|Save as..] is broken.
([34]Bug 14477)
* Typo error in enumeration value of speech version identifier.
([35]Bug 14528)
* In "Unsaved packets" dialog one can NOT use keyboard to choose
"Continue without Saving". ([36]Bug 14531)
* WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ([37]Bug
14538)
* Buildbot crash output: fuzz-2018-03-19-19114.pcap. ([38]Bug 14544)
* alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion.
([39]Bug 14552)
* HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ([40]Bug
14554)
* Makefile.in uses non-portable "install" command. ([41]Bug 14555)
* HP-UX HP ANSI C doesn't support assigning {} to a variable in
epan/app_mem_usage.c. ([42]Bug 14556)
* PPP in SSTP, HDLC framing not parsed properly. ([43]Bug 14559)
* Using the DIAMETER dictionary causes the standard input to be
closed when the dictionary is read. ([44]Bug 14577)
Updated Protocol Support
6LoWPAN, ADB, BGP, CQL, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE
802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD,
LWAPP, MIME multipart, MP4, NBAP, NORDIC_BLE, PCP, PEEKREMOTE, S1AP,
SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2018-05
The IEEE 802.11 dissector could crash. [2]Bug 14442,
[3]CVE-2018-7335
* [4]wnpa-sec-2018-06
Multiple dissectors could go into large infinite loops. All ASN.1
BER dissectors ([5]Bug 14444), along with the DICOM ([6]Bug 14411),
DMP ([7]Bug 14408), LLTD ([8]Bug 14419), OpenFlow ([9]Bug 14420),
RELOAD ([10]Bug 14445), RPCoRDMA ([11]Bug 14449), RPKI-Router
([12]Bug 14414), S7COMM ([13]Bug 14423), SCCP ([14]Bug 14413),
Thread ([15]Bug 14428), Thrift ([16]Bug 14379), USB ([17]Bug
14421), and WCCP ([18]Bug 14412) dissectors were susceptible.
* [19]wnpa-sec-2018-07
The UMTS MAC dissector could crash. [20]Bug 14339,
[21]CVE-2018-7334
* [22]wnpa-sec-2018-08
The DOCSIS dissector could crash. [23]Bug 14446, [24]CVE-2018-7337
* [25]wnpa-sec-2018-09
The FCP dissector could crash. [26]Bug 14374, [27]CVE-2018-7336
* [28]wnpa-sec-2018-10
The SIGCOMP dissector could crash. [29]Bug 14398, [30]CVE-2018-7320
* [31]wnpa-sec-2018-11
The pcapng file parser could crash. [32]Bug 14403,
[33]CVE-2018-7420
* [34]wnpa-sec-2018-12
The IPMI dissector could crash. [35]Bug 14409, [36]CVE-2018-7417
* [37]wnpa-sec-2018-13
The SIGCOMP dissector could crash. [38]Bug 14410, [39]CVE-2018-7418
* [40]wnpa-sec-2018-14
The NBAP disssector could crash. [41]Bug 14443, [42]CVE-2018-7419
The following bugs have been fixed:
* Change placement of "double chevron" in Filter Toolbar to eliminate
overlap. ([43]Bug 14121)
* AutoScroll does not work. ([44]Bug 14257)
* BOOTP/DHCP: malformed packet -> when user class option (77) is
present. ([45]Bug 14312)
* GET MAX LUN wLength decoded as big-endian - USB Mass Storage.
([46]Bug 14360)
* Unable to create Filter Expression Button for a yellow filter.
([47]Bug 14369)
* Buildbot crash output: fuzz-2018-01-28-15874.pcap. ([48]Bug 14371)
* NetScaler RPC segmentation fault / stack overflow. ([49]Bug 14399)
* [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc
(generate_hash_key). ([50]Bug 14407)
* Newline "\n" in packet list field increase line height for all
rows. ([51]Bug 14424)
* ieee80211-radio.c preamble duration calculation not correct.
([52]Bug 14439)
* DIS: Malformed packet in SISO-STD-002 transmitter. ([53]Bug 14441)
Updated Protocol Support
ASN.1 BER, BOOTP/DHCP, DCE RPC NETLOGON, DICOM, DIS, DMP, DOCSIS, EPL,
FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP,
LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
S7COMM, SCCP, SIGCOMP, Thread, Thrift, TLS/SSL, UMTS MAC, USB, USB Mass
Storage, and WCCP
New and Updated Capture File Support
pcap pcapng
Changelog:
## Bug Fixes
The following bugs have been fixed:
wnpa-sec-2018-01
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
wnpa-sec-2018-03
The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334
wnpa-sec-2018-04
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
Prior to this release dumpcap enabled the Linux kernel's BPF JIT compiler
via the net.core.bpf_jit_enable sysctl. This could make systems
more vulnerable to Spectre variant 1 (CVE-2017-5753) and this feature
has been removed (Bug 14313).
Some keyboard shortcut mix-up has been resolved by assigning
new shortcuts to Edit -> Copy methods.
Remote interfaces are not saved. (Bug 8557)
Additional grouping in Expert Information dialog. (Bug 11753)
First start with non-empty extcap folder after install or reboot
hangs at "initializing tap listeners". (Bug 12845)
Can't hide expert categories in Expert Information. (Bug 13831)
Expert info dialog should have "Collapse All"/"Expand All" options.
(Bug 13842)
SIP Statistics extract does not work. (Bug 13942)
Service Response Time - SCSI dialog crashes. (Bug 14144)
Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
SSH remote capture promiscuous mode. (Bug 14237)
SOCKS pseudo header displays incorrect Version value. (Bug 14262)
Only first variable of list is dissected in NTP Control request
message. (Bug 14268)
NTP Authenticator field dissection fails if padding is used. (Bug 14269)
BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message.
(Bug 14289)
"[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
There is a potential buffer underflow in File_read_line function in
epan/wslua/wslua_file.c file. (Bug 14295)
Saving a temporary capture file may not result in the temporary
file being removed. (Bug 14298)
## Updated Protocol Support
Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
Changelog:
Bug Fixes
The following bugs have been fixed:
wnpa-sec-2017-47
The IWARP_MPA dissector could crash. (Bug 14236)
wnpa-sec-2017-48
The NetBIOS dissector could crash. (Bug 14249)
wnpa-sec-2017-49
The CIP Safety dissector could crash. (Bug 14250)
"tshark -G ?" doesn't provide expected help. (Bug 13984)
File loading is very slow with TRANSUM dissector enabled. (Bug 14094)
packet-knxnetip.c:936: bad bitmask ?. (Bug 14115)
packet-q931.c:1306: bad compare ?. (Bug 14116)
SSL Dissection bug. (Bug 14117)
Wireshark crashes when exporting various files to .csv, txt and other
'non-capture file' formats. (Bug 14128)
RLC reassembly doesn't work for RLC over UDP heuristic dissector.
Bug 14129)
HTTP Object export fails with long extension (possibly query string).
(Bug 14130)
3GPP Civic Address not displayed in Packet Details. (Bug 14131)
Wireshark prefers packet.dll in System32\\Npcap over the one in
System32. (Bug 14134)
PEEKREMOTE dissector does not decode 11ac MCS rates properly. (Bug 14136)
Visual Studio Community Edition 2015 lacks tools named in developer
guide. (Bug 14147)
TCP: Malformed data with Riverbed Probe option. (Bug 14150)
Wireshark Crash when trying to use Preferences | Advanced. (Bug 14157)
Right click on SMB2 Message ID and then Apply as Column causes Runtime
Error. (Bug 14169)
Return [Enter] should apply change (Column title - Button Label
toolbars). (Bug 14191)
Wireshark crashes if "rip.display_routing_domain" is set to TRUE in
preferences file. (Bug 14197)
Entry point inflatePrime not found for androiddump.exe and
randpktdump.exe. (Bug 14207)
BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not
able to decode the packet correctly. (Bug 14241)
Wrong SSL decryption when using EXTENDED MASTER SECRET and Client
certificate request (mutual authentication). (Bug 14243)
Frame direction isn't always set if it comes from the pcapng record
header rather than the packet pseudo-header. (Bug 14245)
Updated Protocol Support
3GPP NAS, BGP, CIP Safety, DTLS, IEEE 802.11 Radio, IWARP_MPA,
KNXnet/IP, LCSAP, MQTT, NetBIOS, PEEKREMOTE, Q.931, RIP, RLC, SIP,
SSL/TLS, TCP, and TRANSUM
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-42
BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192
* [4]wnpa-sec-2017-43
MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193
* [7]wnpa-sec-2017-44
DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191
The following bugs have been fixed:
* Wireshark crash when end capturing with "Update list of packets in
real-time" option off. ([10]Bug 13024)
* Diameter service response time statistics broken in 2.2.4. ([11]Bug
13442)
* Some Infiniband Connect Req fields are not decoded correctly.
([12]Bug 13997)
* wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in
wrong place ?. ([13]Bug 14016)
* [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). ([14]Bug
14025)
* [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). ([15]Bug
14032)
* RTP Analysis "save as CSV" saves twice the forward stream, if two
streams are selected. ([16]Bug 14040)
* Cannot Apply Bitmask to Long Unsigned. ([17]Bug 14063)
Updated Protocol Support
BT ATT, DCERPC, DMP, E.212, H.248, InfiniBand, MBIM, RPC, and WSP
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-13
WBMXL dissector infinite loop ([2]Bug 13477, [3]Bug 13796)
[4]CVE-2017-7702, cve-idlink:CVE-2017-11410[] Note: This is an
update for a fix in Wireshark 2.2.6 and 2.0.12.
* [5]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([6]Bug 13649, [7]Bug 13755)
[8]CVE-2017-9350, [9]CVE-2017-11411 Note: This is an update for a
fix in Wireshark 2.2.7.
* [10]wnpa-sec-2017-34
AMQP dissector crash. ([11]Bug 13780) [12]CVE-2017-11408
* [13]wnpa-sec-2017-35
MQ dissector crash. ([14]Bug 13792) [15]CVE-2017-11407
* [16]wnpa-sec-2017-36
DOCSIS infinite loop. ([17]Bug 13797) [18]CVE-2017-11406
The following bugs have been fixed:
* Y.1711 dissector reverses defect type order. ([19]Bug 8292)
* Packet list keeps scrolling back to selected packet while names are
being resolved. ([20]Bug 12074)
* [REGRESSION] Export Objects do not show files from a SMB2 capture.
([21]Bug 13214)
* LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values.
([22]Bug 13481)
* Hexpane showing in proportional font again. ([23]Bug 13638)
* Regression in SCCP fragments handling. ([24]Bug 13651)
* TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. ([25]Bug 13739)
* Dissector for WSMP (IEEE 1609.3) not current. ([26]Bug 13766)
* RANAP: possible issue in the heuristic code. ([27]Bug 13770)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-btrfcomm.c:314:37. ([28]Bug 13783)
* RANAP: false positives on heuristic algorithm. ([29]Bug 13791)
* Automatic name resolution not saved to PCAP-NG NRB. ([30]Bug 13798)
* DAAP dissector dissect_daap_one_tag recursion stack exhausted.
([31]Bug 13799)
* Malformed DCERPC PNIO packet decode, exception handler invalid
poionter reference. ([32]Bug 13811)
* It seems SPVID was decoded from wrong field. ([33]Bug 13821)
* README.dissectors: Add notes about predefined string structures not
available to plugin authors. ([34]Bug 13828)
* Statistics->Packet Lengths doesn't display details for 5120 or
greater. ([35]Bug 13844)
* cmake/modules/FindZLIB.cmake doesn't find inflatePrime. ([36]Bug
13850)
* BGP: incorrect decoding COMMUNITIES whose length is larger than
255. ([37]Bug 13872)
Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM
BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF,
PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC,
WBXML, WSMP, and Y.1711
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-22
Bazaar dissector infinite loop ([2]Bug 13599) [3]CVE-2017-9352
* [4]wnpa-sec-2017-23
DOF dissector read overflow ([5]Bug 13608) [6]CVE-2017-9348
* [7]wnpa-sec-2017-24
DHCP dissector read overflow ([8]Bug 13609, [9]Bug 13628)
[10]CVE-2017-9351
* [11]wnpa-sec-2017-25
SoulSeek dissector infinite loop ([12]Bug 13631) [13]CVE-2017-9346
* [14]wnpa-sec-2017-26
DNS dissector infinite loop ([15]Bug 13633) [16]CVE-2017-9345
* [17]wnpa-sec-2017-27
DICOM dissector infinite loop ([18]Bug 13685) [19]CVE-2017-9349
* [20]wnpa-sec-2017-28
openSAFETY dissector memory exhaustion ([21]Bug 13649)
[22]CVE-2017-9350
* [23]wnpa-sec-2017-29
BT L2CAP dissector divide by zero ([24]Bug 13701) [25]CVE-2017-9344
* [26]wnpa-sec-2017-30
MSNIP dissector crash ([27]Bug 13725) [28]CVE-2017-9343
* [29]wnpa-sec-2017-31
ROS dissector crash ([30]Bug 13637) [31]CVE-2017-9347
* [32]wnpa-sec-2017-32
RGMP dissector crash ([33]Bug 13646) [34]CVE-2017-9354
* [35]wnpa-sec-2017-33
IPv6 dissector crash ([36]Bug 13675) [37]CVE-2017-9353
The following bugs have been fixed:
* DICOM dissection error. ([38]Bug 13164)
* Qt: drag & drop of one column header in PacketList moves other
columns. ([39]Bug 13183)
* Can not export captured DICOM objects in version 2.2.5. ([40]Bug
13570)
* False complain about bad checksum of ICMP extension header.
([41]Bug 13586)
* LibFuzzer: ISUP dissector bug (isup.number_different_meaning).
([42]Bug 13588)
* Dissector Bug, protocol BT ATT. ([43]Bug 13590)
* Wireshark dispalys
RRCConnectionReestablishmentRejectRRCConnectionReestablishmentRejec
t in Info column. ([44]Bug 13595)
* [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type
int in packet-ositp.c:551:79. ([45]Bug 13606)
* [oss-fuzz] UBSAN: shift exponent -77 is negative in
packet-netflow.c:7717:23. ([46]Bug 13607)
* [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type
int in packet-sigcomp.c:2128:28. ([47]Bug 13610)
* [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type
guint32 (aka unsigned int) in packet-rtcp.c:917:24. ([48]Bug 13611)
* [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type
guint64 (aka unsigned long) in dwarf.c:42:43. ([49]Bug 13616)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-xot.c:260:23. ([50]Bug 13618)
* [oss-fuzz] UBSAN: shift exponent -5 is negative in
packet-sigcomp.c:1722:36. ([51]Bug 13619)
* [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in
packet-quakeworld.c:134:5. ([52]Bug 13624)
* [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type
int in packet-netsync.c:467:25. ([53]Bug 13639)
* [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type
int in packet-sigcomp.c:3857:24. ([54]Bug 13641)
* [oss-fuzz] ASAN: stack-use-after-return
epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field.
([55]Bug 13662)
* Welcome screen invalid capture filter wihtout WinPcap installed
causes runtime error. ([56]Bug 13672)
* SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY
(0x33) command correctly. ([57]Bug 13690)
* SIP packets with SDP marked as malformed. ([58]Bug 13698)
* [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8]
in packet-ieee80211-radiotap.c:1836:12. ([59]Bug 13713)
* Crash on "Show packet bytes..." context menu item click. ([60]Bug
13723)
* DNP3 dissector does not properly decode packed variations with
prefixed qualifiers. ([61]Bug 13733)
Updated Protocol Support
Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNP3, DNS, DOF, DWARF, ICMP,
IEEE 802.11, IPv6, ISUP, LTE RRC, MSNIP, Netflow, Netsync, openSAFETY,
OSITP, QUAKEWORLD, Radiotap, RGMP, ROS, RTCP, SIGCOMP, SMB, SoulSeek,
and XOT
Wireshark 2.2.4 Release Notes
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2017-01
The ASTERIX dissector could go into an infinite loop. ([2]Bug
13344)
* [3]wnpa-sec-2017-02
The DHCPv6 dissector could go into a large loop. ([4]Bug 13345)
The following bugs have been fixed:
* TCP reassembly: tcp.reassembled_in is not set in first packet.
([5]Bug 3264)
* Duplicated Interfaces instances while refreshing. ([6]Bug 11553)
* Time zone name needs to be converted to UTF-8 on Windows. ([7]Bug
11785)
* Crash on fast local interface changes. ([8]Bug 12263)
* Please align columns in tshark's output. ([9]Bug 12502)
* Display data rate fields for VHT rates invalid with BCC modulation.
([10]Bug 12859)
* plugin_if_get_ws_info causes Access Violation if called during
rescan. ([11]Bug 12973)
* SMTP BDAT dissector not reverting to command-code after DATA.
([12]Bug 13030)
* Wireshark fails to recognize V6 DBS Etherwatch capture files.
([13]Bug 13093)
* Runtime Error when try to merge .pcap files (Wireshark crashes).
([14]Bug 13175)
* PPP BCP BPDU size reports not header size, but all data underneath
and its header size in UI. ([15]Bug 13188)
* In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. ([16]Bug
13233)
* Uninitialized memcmp on data in daintree-sna.c. ([17]Bug 13246)
* Crash when dissect WDBRPC Version 2 protocol with Dissect unknown
program numbers enabled. ([18]Bug 13266)
* Contents/Resources/bin directory isn't in the app bundle after
installation. ([19]Bug 13270)
* Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB
Transportation Protocol). ([20]Bug 13274)
* Can't decode packets captured with OpenBSD enc(4) encapsulating.
([21]Bug 13279)
* UDLD flags are at other end of octet. ([22]Bug 13280)
* MS-WSP dissector no longer works since commit
8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. ([23]Bug 13299)
* TBCD string decoded wrongly in MAP ATI message. ([24]Bug 13316)
* Filter Documentation: The tilde (~) operator is not documented.
([25]Bug 13320)
* VoIP Flow Sequence Causes Application Crash. ([26]Bug 13329)
Updated Protocol Support
6LoWPAN, DVB-CI, ENC, GSM MAP, IEEE 1722, IEEE 1722.1, ISAKMP, MS-WSP,
PPP, QUIC, Radiotap, RPC, SMTP, TCP, UCD, and UDLD
New and Updated Capture File Support
Daintree SNA, and DBS Etherwatch
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* Arbitrary file deletion on Windows. ([1]Bug 13217)
The following bugs have been fixed:
* Saving all exported objects (SMB/SMB2) results in out of physical
memory. ([2]Bug 11133)
* Export HTTP Objects - Single file shows as multiple files in 2.0.2.
([3]Bug 12230)
* Follow Stream and graph buttons remain greyed out in conversation
window. ([4]Bug 12893)
* Dicom list of tags in element of VR=AT not properly decoded.
([5]Bug 13077)
* Malformed Packet: BGP Update (withdraw) message. ([6]Bug 13146)
* Install fail on macOS Sierra (error PKInstallErrorDomain Code=112).
([7]Bug 13152)
* GTP: "Create PDP Context response" message shows back-off timer as
malformed when included in the response. ([8]Bug 13153)
* ICMP dissector fails to properly detect timestamps. ([9]Bug 13161)
* RLC misdissection. ([10]Bug 13162)
* Text2pcap on Windows produces corrupt output when writing the
capture file to the standard output. ([11]Bug 13165)
* HTML escaping of quotes in error message. ([12]Bug 13178)
* TShark doesn't respect protocols.display_hidden_proto_items
setting. ([13]Bug 13192)
* RPC/RDMA dissector should exit when frame is not RPC-over-RDMA.
([14]Bug 13195)
* Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA.
([15]Bug 13196)
* RPC-over-RDMA frames with chunk lists are "Malformed". ([16]Bug
13197)
* TShark fails to pass RPC-over-RDMA frames to RPC subdissector.
([17]Bug 13198)
* Adding a DOF DPS Identity Secret, session Key, or Mode Template
causes Wireshark to crash. ([18]Bug 13209)
* Wireshark shows "MS Video Source Request" in a RTCP packet as
"Malformed". ([19]Bug 13212)
Updated Protocol Support
BGP, BOOTP/DHCP, BTLE, DICOM, DOF, Echo, GTP, ICMP, Radiotap, RLC, RPC
over RDMA, RTCP, SMB, TCP, UFTP4, and VXLAN
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-58
Profinet I/O long loop. ([2]Bug 12851)
* [3]wnpa-sec-2016-59
AllJoyn crash. ([4]Bug 12953)
* [5]wnpa-sec-2016-60
OpenFlow crash. ([6]Bug 13071)
* [7]wnpa-sec-2016-61
DCERPC crash. ([8]Bug 13072)
* [9]wnpa-sec-2016-62
DTN infinite loop. ([10]Bug 13097)
The Windows PortableApps packages were susceptible to a [11]DLL
hijacking flaw.
The following bugs have been fixed:
* TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN
true. ([12]Bug 12579)
* SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0.
([13]Bug 12632)
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([14]Bug 12712)
* dmg for OS X does not install man pages. ([15]Bug 12746)
* Fails to compile against Heimdal 1.5.3. ([16]Bug 12831)
* TCP: Next sequence number off by one when sending payload in SYN
packet (e.g. TFO). ([17]Bug 12838)
* Follow TCP Stream shows duplicate stream data. ([18]Bug 12855)
* Dissection engine falsely asserts that EIGRP packet's checksum is
incorrect. ([19]Bug 12982)
* IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
([20]Bug 12984)
* Capture Filter Bookmark Inactive in Capture Options page. ([21]Bug
12986)
* CLNP dissector does not parse ER NPDU properly. ([22]Bug 12993)
* SNMP trap bindings for NON scalar OIDs. ([23]Bug 13013)
* BGP LS Link Protection Type TLV (1093) decoding. ([24]Bug 13021)
* Application crash sorting column for tcp.window_size_scalefactor up
and down. ([25]Bug 13023)
* ZigBee Green Power add key during execution. ([26]Bug 13031)
* Malformed AMPQ packets for session.expected and session.confirmed
fields. ([27]Bug 13037)
* Wireshark 2.2.1 crashes when attempting to merge pcap files.
([28]Bug 13060)
* [IS-637A] SMS - Teleservice layer parameter --> IA5 encoded text is
not correctly displayed. ([29]Bug 13065)
*
* Failure to dissect USB Audio feature unit descriptors missing the
iFeature field. ([30]Bug 13085)
* MSISDN not populated/decoded in JSON GTP-C decoding. ([31]Bug
13086)
* E212: 3 digits MNC are identified as 2 digits long if they end with
a 0. ([32]Bug 13092)
* Exception with last unknown Cisco AVP available in a SCCRQ message.
([33]Bug 13103)
* TShark stalls on FreeBSD if androiddump is present. ([34]Bug 13104)
* Dissector skips DICOM command. ([35]Bug 13110)
* UUID (FT_GUID) filtering isn't working. ([36]Bug 13121)
* Manufacturer name resolution fail. ([37]Bug 13126)
* packet-sdp.c allocates transport_info->encoding_name from wrong
memory pool. ([38]Bug 13127)
* Payload type name for dynamic payload is wrong for reverse RTP
channels. ([39]Bug 13132)
Updated Protocol Support
6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN,
E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583,
Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP,
Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee
What's New
Bug Fixes
The following vulnerabilities have been fixed:
* [1]wnpa-sec-2016-56
The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
* [3]wnpa-sec-2016-57
The NCP dissector could crash. ([4]Bug 12945)
The following bugs have been fixed:
* Flow Graph colored data arrows. ([5]Bug 12065)
* Capture File Properties under Statistics Grayed Out after Stopping
a Capture. ([6]Bug 12071)
* Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
* Unable to save changes to coloring rules. ([8]Bug 12814)
* Bad description for NBSS error code 0x81. ([9]Bug 12835)
* Live capture from USBPcap fails immediately. ([10]Bug 12846)
* Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
([11]Bug 12879)
* Export packet dissections Option disabled after capturing traffic.
([12]Bug 12898)
* Failure to open file named with Chinese or other multibyte
characters. ([13]Bug 12900)
* k12 text file format causes errors. ([14]Bug 12903)
* File | File Set | List Files dialog is blank. ([15]Bug 12904)
* Decoding/Display of an INAP CONNECT message goes wrong for the
Destination Routing Address part. ([16]Bug 12911)
* TLS padding extension dissector length parsing bug. ([17]Bug 12922)
* Diameter dictionary bugs. ([18]Bug 12927)
* File open from menu bar with filter in place causes Wireshark to
crash. ([19]Bug 12929)
* Unable to capture USBPcap trace using tshark with extcap built.
([20]Bug 12949)
* P1 dissector fails a TVB assertion. ([21]Bug 12976)
* Multiple PortableApps instances can once again be run at the same
time.
Updated Protocol Support
6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
NBT, NCP, NetFlow, SSL / TLS, and U3V
New and Updated Capture File Support
Ascend, and K12
What's New
Bug Fixes
* Upgrading to latest version uninstalls Microsoft Visual C++
redistributable. ([1]Bug 12712)
* Extcap errors not reported back to UI. ([2]Bug 11892)
New and Updated Features
The following features are new (or have been significantly updated)
since version 2.2.0rc1:
"Decode As" supports SSL (TLS) over TCP.
The following features are new (or have been significantly updated)
since version 2.1.1:
* Invalid coloring rules are now disabled instead of discarded. This
will provide backward compatibility with a coloring rule change in
Wireshark 2.2.
The following features are new (or have been significantly updated)
since version 2.1.0:
* Added -d option for Decode As support in Wireshark (mimics TShark
functionality)
* The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
TShark can additionally export packets as Elasticsearch-compatible
JSON.
* The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
deprecated.
* The Conversations and Endpoints dialogs are more responsive when
viewing large numbers of items.
* The RTP player now allows up to 30 minutes of silence frames.
* Packet bytes can now be displayed as EBCDIC.
* The Qt UI loads captures faster on Windows.
* proto_tree_add_checksum was added as an API. This attempts to
standardize how checksums are reported and filtered for within
*Shark. There are no more individual "good" and "bad" filter
fields, protocols now have a "checksum.status" field that records
"Good", "Bad" and "Unverified" (neither good or bad). Color filters
provided with Wireshark have been adjusted to the new display
filter names, but custom ones may need to be updated.
The following features are new (or have been significantly updated)
since version 2.0.0:
* The intelligent scroll bar now sits to the left of a normal scroll
bar and provides a clickable map of nearby packets.
* You can now switch between between Capture and File Format
dissection of the current capture file via the View menu in the Qt
GUI.
* You can now show selected packet bytes as ASCII, HTML, Image, ISO
8859-1, Raw, UTF-8, a C array, or YAML.
* You can now use regular expressions in Find Packet and in the
advanced preferences.
* Name resolution for packet capture now supports asynchronous DNS
lookups only. Therefore the "concurrent DNS resolution" preference
has been deprecated and is a no-op. To enable DNS name resolution
some build dependencies must be present (currently c-ares). If that
is not the case DNS name resolution will be disabled (but other
name resolution mechanisms, such as host files, are still
available).
* The byte under the mouse in the Packet Bytes pane is now
highlighted.
* TShark supports exporting PDUs via the -U flag.
* The Windows and OS X installers now come with the "sshdump" and
"ciscodump" extcap interfaces.
* Most dialogs in the Qt UI now save their size and positions.
* The Follow Stream dialog now supports UTF-16.
* The Firewall ACL Rules dialog has returned.
* The Flow (Sequence) Analysis dialog has been improved.
* We no longer provide packages for 32-bit versions of OS X.
* The Bluetooth Device details dialog has been added.
New File Format Decoding Support
Wireshark is able to display the format of some types of files (rather
than displaying the contents of those files). This is useful when
you're curious about, or debugging, a file and its format. To open a
capture file (such as PCAP) in this mode specify "MIME Files Format" as
the file's format in the Open File dialog.
New Protocol Support
Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
Digital Equipment Corporation Local Area Transport, Distributed Object
Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
Kernel Packet Header Dissector Added (IPOS), Extensible Control &
Management Protocol (eCMP), FLEXRAY Protocol dissector added
(automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO
8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
LAT protocol (DECNET), Metamako trailers, Network Service Header for
Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia
Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight
Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location
System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service,
STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link
Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras),
USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters
Dissectors Added (Closures Lighting General Measurement & Sensing HVAC
Security & Safety)
Updated Protocol Support
Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
allow to DecodeAs it over USB, TCP and UDP.
A preference was added to TCP dissector for handling IPFIX process
information. It has been disabled by default.
New and Updated Capture File Support
Micropross mplog
New and Updated Capture Interfaces support
Non-empty section placeholder.
Major API Changes
The libwireshark API has undergone some major changes:
* The address macros (e.g., SET_ADDRESS) have been removed. Use the
(lower case) functions of the same names instead.
* "old style" dissector functions (that don't return number of bytes
used) have been replaced in name with the "new style" dissector
functions.
* tvb_get_string and tvb_get_stringz have been replaced with
tvb_get_string_enc and tvb_get_stringz_enc respectively.
