- Security-related vulnerabilities in the SCTP, SNMP, and TFTP dissectors
have been fixed.
- This release adds configuration profiles, temporary coloring rules,
enhanced I/O graphs, WLAN traffic statistics, and many other useful
features.
version 0.99.6:
- Fixes for the security problems reported in "wnpa-sec-2007-03"
- Most of the capture code has been moved out of the GUI, which means
that Wireshark no longer needs to be run as root.
- Many display filter names have been cleaned up. If your favorite
display filter just went missing, please consult the display filter
reference to find out where it ended up.
- You can now filter directly on SNMP OIDs.
- IO graphs have more display options, and you can now export graphs.
- You can now follow UDP streams in addition to TCP and SSL streams.
- You can now disable coloring rules without deleting them.
- Main window toolbar buttons are now available even when the window is
small.
- Optimizations have been applied in some places to make Wireshark start up
and run faster.
- New Protocol Support
ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT,
ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah,
IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN,
WiMAX ASN Control Plane, X.224
- Updated Protocol Support
3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP,
Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT,
CFM, CIP, Cisco ERSPAN, CLNP, CMIP, CMS, COPS, CTDB, DCCP, DCERPC
ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI,
DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS,
DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE,
FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP,
IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS,
ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP,
MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2,
MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER,
PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP,
Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP,
RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB,
SMPP, SMTP, SNDCP, SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP,
text/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX,
WLCCP, X.411, X.420, X.509 SAT, XML
- New and Updated Capture File Support
Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks,
Windows Sniffer (NetXRay)
Changes since version 0.99.4:
- Bug Fixes
o The TCP dissector could hang or crash while reassembling HTTP
packets.
Versions affected: 0.99.2 to 0.99.4
CVE-2007-0459
o The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0458
o On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
CVE-2007-0457
o On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
CVE-2007-0456
The following bugs have been fixed:
o The end of HTTP chunked encoding wasn't being displayed.
o The Follow TCP Stream window could omit characters.
o Opening a flow graph could crash Wireshark.
o Follow TCP Stream would sometimes get the direction wrong.
o The foreground text in the coloring rules editor was always
black.
o The CSV export format was incorrect.
o On some Windows systems Wireshark could take a long time to
start up.
o Malformed UDLD packets could cause an exception.
o The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
- New and Updated Features
o Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
o 64-bit file handling has been improved.
o The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL
stream dialogs.
o Main window keyboard navigation has been improved.
o ASN.1 BER-encoded files can now be dissected according to a
user-specified syntax.
- New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
v2
- Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
- New and Updated Capture File Support
Catapult DCT2000, Netttl, Windows Sniffer / NetXray
Changes since version 0.99.3:
- Bug fixes
o The HTTP dissector could crash. (Bugs 1050 and 1079)
Versions affected: 0.99.3.
CVE-2006-5468
o The LDAP dissector (and possibly others) could crash. (Bug 1054)
Versions affected: 0.99.3.
o The XOT dissector could attempt to allocate a large amount of
memory and crash. (Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805
o The WBXML dissector could crash. (Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469
o The MIME Multipart dissector was susceptible to an off-by-one
error. (Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574
o If AirPcap support was enabled, parsing a WEP key could
sometimes cause a crash.
Versions affected: 0.99.3.
o The file set dialog could grow excessively large. (Bug 331)
o Trying to save flow data may crash Wireshark. (Bug 396)
o The personal hosts configuration file wasn't being parsed
correctly. (Bug 795)
o "Save as" to an existing file wasn't allowed. (Bug 927)
o The SNMP dissector was not handling 64-bit counters properly.
(Bug 1047)
o The HTTP content-length field was a string instead of an
integer. (Bug 1109)
o Invalid characters could show up in PDML output. (Bug 1110)
- New and Updated Features
o AirPcap, support (which provides raw mode capture under
Windows) has been enhanced to allow capturing on multiple
AirPcap adapters simultaneously using the Multi-Channel
Aggregator.
o VoIP call playback has been enhanced. If Wireshark is linked
with the PortAudio library, you can play back G.711
conversations.
o The capture interface dialog display has been enhanced.
o The "Save" button has been removed from the "Ok" / "Apply" /
"Cancel" button group in the following dialogs:
o Edit/Preferences
o View/Coloring Rules
o Capture/Capture Filters
o Analyze/Display Filters
o Analyze/Enabled Protocols
If you're fond of the "Save" button it can be resurrected in
the User Interface preferences.
o Expert analysis has been improved.
o Wireshark now supports USB as a media type. If you're running
a Linux distribution with version 2.6.11 of the kernel or
greater and you have the usbmon module enabled and you have a
recent CVS version of libpcap (post-0.9.5) installed you can
also do live captures. More details can be found at the
USB capture setup page on the wiki.
o The number of WEP keys that the user can specify in the IEEE
802.11 protocol preferences has been increased from 4 to 64.
- New Protocol Support
Enea LINX, Ethernet Powerlink (v1 and v2), H.248 Q.1950 Annex A,
Linux pktgen, MP2T, NEWMAIL, PNG, SCSI OSD, UDLD, UMTS FP, USB,
WLCCP, WZCSVC
- Updated Protocol Support
3Com NJACK, 802.11, ACSE, AH, ALCAP, ANSI MAP, ATM, ASN.1, BACapp,
BER, BGP, BSSAP, Camel, Catapult DCT2000, CFlow, CLNP, Common
Windows networking, DAP, DCERPC (DCERPC, ATSVC, DFS, EFS, EPM,
EVENTLOG, INITSHUTDOWN, MAPI, NT, PIPE, SAMR, SPOOLSS, SRVSVC,
SVCCTL, WINREG), DCOM (DCOM, CBA-ACCO, SYSACT), DIAMETER, DISP,
DNS, DOP, DSP, ESP, Ethernet, FC, FCP, GSM A, GSM MAP, GSM SMS,
GSSAPI, GTP, H.225, H.245, H.248, HTTP, ICQ, IKE, ISAKMP, iSCSI,
ISUP, IUUP, Kerberos 4, LAP-D, LDAP, LLC, LogotypeCertExtn,
MEGACO, MIME Multipart, MIP6, MMS, MSRP, MTP3, NCP, NDMP, NDPS,
NFS, NTP, OSI, PER, PN-MRP, PPP, 19154Q.931, RADIUS, Redback, RPC,
RTCP, RTP, SCCP, SCSI, SDP, SIP, SMB, SMRSE, SNMP, SSL, STANAG
5066, STP, TCAP, TCP, TFTP, TIPC, UDP, UMA, VLAN, VNC, VRRP,
X.509ce X11, YMSG, WTLS
- Removed Protocols
The CISCOWL dissector has been superseded by WLCCP.
- New and Updated Capture File Support
Catapult DCT2000, EyeSDN, iSeries
The following vulnerabilities have been fixed:
o The SCSI dissector could crash. Versions affected: 0.99.2.
o If Wireshark was compiled with ESP decryption support, the
IPsec ESP preference parser was susceptible to off-by-one
errors. Versions affected: 0.99.2.
o If the SSCOP dissector has a port range configured and the
SSCOP payload protocol is Q.2931, a malformed packet could
make the Q.2931 dissector use up available memory. No port
range is configured by default. Versions affected: 0.7.9 -
0.99.2.
The following bugs have been fixed:
o The VOIP call analysis feature could cause an assertion.
o The RTP analysis feature could freeze for an extended period.
o Selecting "Apply as Filter" wouldn't work for some tree items.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The packet list context menu now includes a conversation
filter.
o Wireshark can now generate ACL rules for several popular
firewall products.
New Protocol Support
Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control,
Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
Updated Protocol Support
All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637,
AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS,
EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER,
DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP,
Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT,
Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny,
SMB, SSL, TCP, text/media, Time, XML
New and Updated Capture File Support
Catapult DCT2000, nettl
Wireshark is a network protocol analyzer and the successor of "ethereal".
Changes since "ethereal" version 0.99.0:
- The GSM BSSMAP dissector could crash. Versions affected:
0.10.11.
- The ANSI MAP dissector was vulnerable to a format string
overflow. Versions affected: 0.10.0.
- The Checkpoint FW-1 dissector was vulnerable to a format
string overflow. Versions affected: 0.10.10.
- The MQ dissector was vulnerable to a format string overflow.
Versions affected: 0.10.4.
- The XML dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The MOUNT dissector could attempt to allocate large amounts of
memory. Versions affected: 0.9.4.
- The NCP NMAS and NDPS dissectors were susceptible to
off-by-one errors. Versions affected: 0.9.7.
- The NTP dissector was vulnerable to a format string overflow.
Versions affected: 0.10.13.
- The SSH dissector was vulnerable to an infinite loop. Versions
affected: 0.9.10.
- The NFS dissector may have been susceptible to a buffer
overflow. Versions affected: 0.8.16.
- The "Follow TCP Stream" dialog now wraps long lines.
- Problems with ring buffers under 0.99.0 have been fixed.
- It was possible for Wireshark to crash when closing the
capture information dialog. This has been fixed.
- It was possible for Wireshark to crash when using the "Find"
feature. This has been fixed.
- Wireshark could crash if an interface was removed while
viewing the interface list. This has been fixed.
- Multicast stream analysis (Statistics->Multicast Streams) has
been added. It lets you determine burst size, output buffer
size, and losses for multicast data.
- TCP reassembly has been updated and improved.
- Expert analysis has been updated and improved.
- SCSI service response time statistics have been added.
- You can now find next/previous marked frames.
- The LDAP and SNMP dissectors have been completely rewriten.
- The SMB dissector now tracks filenames and share names.
