Wireshark 歷史版本列表
Wireshark (32-bit)Wireshark (64-bit)
更新時間:2013-07-27
更新細節:
What's new in this version:
Bug Fixes:
- The DCP ETSI dissector could crash
- The P1 dissector could crash
- The Radiotap dissector could crash
- The DCOM ISystemActivator dissector could crash
- The Bluetooth SDP dissector could go into a large loop
- The Bluetooth OBEX dissector could go into an infinite loop
- The DIS dissector could go into a large loop
- The DVB-CI dissector could crash
- The GSM RR dissector (and possibly others) could go into a large loop
- The GSM A Common dissector could crash
- The Netmon file parser could crash
- The ASN.1 PER dissector could crash
- The PROFINET Real-Time dissector could crash
- Mark retransmitted SYN and FIN packets as retransmissions.
- Wireshark hides under Taskbar.
- IEEE 802.15.4 frame check sequence in "Chipcon mode" not displayed correctly.
- Mask in Lua ProtoField.uint32() does not work as expected.
- Crash when applying filter with Voip calls.
- Delta time regressions to tshark introduced with SVN 45071.
- Add MAC-DATA support to TETRA dissector and other minor improvements.
- Crash analyzing VoIP Calls (T38).
- Wireshark writes empty NRB FQDN which makes trace unloadable.
- Quick launch icon is absent, so it shows up as a generic icon.
- Wrong encoding for 2 pod files, UTF-8 characters in another.
- SCSI (SPC) sense key specific information field must not include SKSV.
- Wireshark crashes when closing Flow Graph with Graph Analysis opened.
- Wrong size of LLRP ProtocolID Parameter in Accessspec Parameter.
- Detection of IPv6 works only on Solaris 8.
- ip.opt.type triggers for TCP NOP option.
- DCOM-SYSACT dissector crash.
- Incorrect decoding of MPLS Echo Request with BGP FEC.
- Buggy IEC104 dissector caused by commit r48958.
- ansi_637_tele dissector displays MSB as MBS for Call-Back Number.
- LISP Map-Notify flags I and R shown incorrectly.
- ONTAP_V4 fhandle decoding leads to dissector bug.
- Dropped bytes in imap dissector.
- Kismet drone/server dissector improvements.
- TShark iostat_draw sizeof mismatch.
- SCTP bytes graph crash.
- Patch to Wireshark/tshark usage info and man pages to document all timestamp (-t) options.
- Strange behavior of tree expand/collapse in packet details.
- Graph Filter field limited to 256 characters.
- Filter doesn’t support cflow ASN larger than 65535.
- Wireshark crashes when switching from a v1.11.0 profile to a v1.4.6 prof and then to a v1.5.1 prof.
- SIP stats shows incorrect values for Max/Ave setup times.
- NFSv4 delegation not reported correctly.
- Issue with Capture Options Adapter List.
- RFC 5844 - IPv4 Support for Proxy Mobile IPv6 - Mobility option IPv4 DHCP Support Mode Option malformed packet.
- RFC 3775 - Mobility Support in IPv6 - Mobility option PadN incorrectly highlights + 2 bytes.
- All mongodb query show as [Malformed Packet: MONGO].
New and Updated Features:
- There are no new features in this release.
New Protocol Support:
- There are no new protocols in this release.
Updated Protocol Support:
- ANSI IS-637-A, ASN.1, ASN.1 PER, Bluetooth OBEX, Bluetooth SDB, DCERPC NDR, DCOM ISystemActivator, DCP ETSI, Diameter 3GPP, DIS, DVB-CI, Ethernet, GSM Common, GSM SMS, H.235, IEC104, IEEE 802.15.4, IEEE 802a, IMAP, IP, KDSP, LISP, LLRP, MAC-LTE,, Mobile IPv6, MONGO, MPLS Echo, Netflow, NFS, NFSv4, P1, PDCP-LTE, PN-IO, PN-RT, PPP, Radiotap, RLC,, RLC-LTE,, SCSI, SIP, SMTP, SoulSeek, TCP, TETRA, and VNC
New and Updated Capture File Support:
- and Microsoft Network Monitor, pcap-ng.
更新時間:2013-06-06
更新細節:
What's new in this version:
Bug Fixes:
- Redirecting the standard output didn’t redirect the output the of -D or -L flags. This fix means that the output of those flags now goes to the standard output, not the standard error, as it did in previous releases.
New and Updated Features:
- Wireshark on 32- and 64-bit Windows supports automatic updates.
- The packet bytes view is faster.
- You can now display a list of resolved host names in "hosts" format within Wireshark.
- The wireless toolbar has been updated.
- Wireshark on Linux does a better job of detecting interface addition and removal.
- It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
- The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
- USB type and product name support has been improved.
- All Bluetooth profiles and protocols are now supported.
- Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
- The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
- Capinfos now prints human-readable statistics with SI suffixes by default.
- It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
- Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
- Wireshark can be compiled using GTK+ 3.
- The Wireshark application icon, capture toolbar icons, and other icons have been updated.
- Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
- Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
- Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
- Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
- The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
New Protocol Support:
- Amateur Radio AX.25, Amateur Radio BPQ, Amateur Radio NET/ROM, America Online (AOL), AR Drone, Automatic Position Reporting System (APRS), AX.25 KISS, AX.25 no Layer 3, Bitcoin Protocol, Bluetooth Attribute Protocol, Bluetooth AVCTP Protocol, Bluetooth AVDTP Protocol, Bluetooth AVRCP Profile, Bluetooth BNEP Protocol, Bluetooth HCI USB Transport, Bluetooth HCRP Profile, Bluetooth HID Profile, Bluetooth MCAP Protocol, Bluetooth SAP Profile, Bluetooth SBC Codec, Bluetooth Security Manager Protocol, Cisco GED-125 Protocol, Clique Reliable Multicast Protocol (CliqueRM), D-Bus, Digital Transmission Content Protection over IP, DVB-S2 Baseband, FlexNet, Forwarding and Control Element Separation Protocol (ForCES), Foundry Discovery Protocol (FDP), Gearman Protocol, GEO-Mobile Radio (1) RACH, HoneyPot Feeds Protocol (HPFEEDS), LTE Positioning Protocol Extensions (LLPe), Media Resource Control Protocol Version 2 (MRCPv2), Media-Independent Handover (MIH), MIDI System Exclusive (SYSEX), Mojito DHT, MPLS-TP Fault-Management, MPLS-TP Lock-Instruct, NASDAQ’s OUCH 4.x, NASDAQ’s SoupBinTCP, OpenVPN Protocol, Pseudo-Wire OAM, RPKI-Router Protocol, SEL Fast Message, Simple Packet Relay Transport (SPRT), Skype, Smart Message Language (SML), SPNEGO Extended Negotiation Security Mechanism (NEGOEX), UHD/USRP, USB Audio, USB Video, v.150.1 State Signaling Event (SSE), VITA 49 Radio Transport, VNTAG, WebRTC Datachannel Protocol (RTCDC), and WiMAX OFDMA PHY SAP
Updated Protocol Support:
- Too many protocols have been updated to list here.
New and Updated Capture File Support:
- AIX iptrace, CAM Inspector, Catapult DCT2000, Citrix NetScaler, DBS Etherwatch (VMS), Endace ERF, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, NA Sniffer (DOS), Netscreen, Network Instruments Observer, pcap, pcap-ng, Symbian OS btsnoop, TamoSoft CommView, and Tektronix K12xx
更新時間:2013-06-06
更新細節:
What's new in this version:
Bug Fixes:
- Redirecting the standard output didn’t redirect the output the of -D or -L flags. This fix means that the output of those flags now goes to the standard output, not the standard error, as it did in previous releases.
New and Updated Features:
- Wireshark on 32- and 64-bit Windows supports automatic updates.
- The packet bytes view is faster.
- You can now display a list of resolved host names in "hosts" format within Wireshark.
- The wireless toolbar has been updated.
- Wireshark on Linux does a better job of detecting interface addition and removal.
- It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
- The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
- USB type and product name support has been improved.
- All Bluetooth profiles and protocols are now supported.
- Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
- The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
- Capinfos now prints human-readable statistics with SI suffixes by default.
- It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
- Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
- Wireshark can be compiled using GTK+ 3.
- The Wireshark application icon, capture toolbar icons, and other icons have been updated.
- Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
- Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
- Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
- Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
- The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
New Protocol Support:
- Amateur Radio AX.25, Amateur Radio BPQ, Amateur Radio NET/ROM, America Online (AOL), AR Drone, Automatic Position Reporting System (APRS), AX.25 KISS, AX.25 no Layer 3, Bitcoin Protocol, Bluetooth Attribute Protocol, Bluetooth AVCTP Protocol, Bluetooth AVDTP Protocol, Bluetooth AVRCP Profile, Bluetooth BNEP Protocol, Bluetooth HCI USB Transport, Bluetooth HCRP Profile, Bluetooth HID Profile, Bluetooth MCAP Protocol, Bluetooth SAP Profile, Bluetooth SBC Codec, Bluetooth Security Manager Protocol, Cisco GED-125 Protocol, Clique Reliable Multicast Protocol (CliqueRM), D-Bus, Digital Transmission Content Protection over IP, DVB-S2 Baseband, FlexNet, Forwarding and Control Element Separation Protocol (ForCES), Foundry Discovery Protocol (FDP), Gearman Protocol, GEO-Mobile Radio (1) RACH, HoneyPot Feeds Protocol (HPFEEDS), LTE Positioning Protocol Extensions (LLPe), Media Resource Control Protocol Version 2 (MRCPv2), Media-Independent Handover (MIH), MIDI System Exclusive (SYSEX), Mojito DHT, MPLS-TP Fault-Management, MPLS-TP Lock-Instruct, NASDAQ’s OUCH 4.x, NASDAQ’s SoupBinTCP, OpenVPN Protocol, Pseudo-Wire OAM, RPKI-Router Protocol, SEL Fast Message, Simple Packet Relay Transport (SPRT), Skype, Smart Message Language (SML), SPNEGO Extended Negotiation Security Mechanism (NEGOEX), UHD/USRP, USB Audio, USB Video, v.150.1 State Signaling Event (SSE), VITA 49 Radio Transport, VNTAG, WebRTC Datachannel Protocol (RTCDC), and WiMAX OFDMA PHY SAP
Updated Protocol Support:
- Too many protocols have been updated to list here.
New and Updated Capture File Support:
- AIX iptrace, CAM Inspector, Catapult DCT2000, Citrix NetScaler, DBS Etherwatch (VMS), Endace ERF, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, NA Sniffer (DOS), Netscreen, Network Instruments Observer, pcap, pcap-ng, Symbian OS btsnoop, TamoSoft CommView, and Tektronix K12xx
更新時間:2013-05-20
更新細節:
What's new in this version:
Bug Fixes:
- wnpa-sec-2013-23
- The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
- Versions affected: 1.8.0 to 1.8.6.
- CVE-2013-2486
- CVE-2013-2487
- wnpa-sec-2013-24
- The GTPv2 dissector could crash. (Bug 8493)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-25
- The ASN.1 BER dissector could crash. (Bug 8599)
- Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
- wnpa-sec-2013-26
- The PPP CCP dissector could crash. (Bug 8638)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-27
- The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-28
- The MPEG DSM-CC dissector could crash. (Bug 8481)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-29
- The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-30
- The MySQL dissector could go into an infinite loop.
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-31
- The ETCH dissector could go into a large loop.
- Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
- The Windows installer and uninstaller does a better job of detecting running executables.
- Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
- SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
- A console window is never opened. (Bug 7755)
- GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
- Fix include and libs search path when cross compiling. (Bug 7926)
- PER dissector crash. (Bug 8197)
- pcap-ng: name resolution block is not written to file on save. (Bug 8317)
- Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
- Decoding of GSM MAP E164 Digits. (Bug 8450)
- Silent installer and uninstaller not silent. (Bug 8451)
- Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
- Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
- IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
- geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
- IRC message with multiple params causes malformed packet exception. (Bug 8548)
- Part of Ping Reply Message in ICMPv6 Reply Message is marked as "Malformed Packet". (Bug 8554)
- MP2T wiretap heuristic overriding ERF. (Bug 8556)
- Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
- Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
- "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be "ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
- wireshark crashes while displaying I/O Graph. (Bug 8583)
- GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
- DTLS 1.2 uses wrong PRF. (Bug 8608)
- RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
- Universal port not accepted in RSA Keys List window. (Bug 8618)
- Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
- LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
- Bad tcp checksum not detected. (Bug 8629)
- AMR Frame Type uses wrong Value String. (Bug 8681)
Updated Protocol Support:
- AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
New and Updated Capture File Support:
- Endace ERF, NetScreen snoop.
更新時間:2013-05-20
更新細節:
What's new in this version:
Bug Fixes:
- wnpa-sec-2013-23
- The RELOAD dissector could go into an infinite loop. Discovered by Evan Jensen. (Bug 8364, (Bug 8546)
- Versions affected: 1.8.0 to 1.8.6.
- CVE-2013-2486
- CVE-2013-2487
- wnpa-sec-2013-24
- The GTPv2 dissector could crash. (Bug 8493)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-25
- The ASN.1 BER dissector could crash. (Bug 8599)
- Versions affected: 1.8.0 to 1.8.6, 1.6.0 to 1.6.14.
- wnpa-sec-2013-26
- The PPP CCP dissector could crash. (Bug 8638)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-27
- The DCP ETSI dissector could crash. Discovered by Evan Jensen. (Bug 8231, bug 8540, bug 8541)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-28
- The MPEG DSM-CC dissector could crash. (Bug 8481)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-29
- The Websocket dissector could crash. Discovered by Moshe Kaplan. (Bug 8448, Bug 8499)
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-30
- The MySQL dissector could go into an infinite loop.
- Versions affected: 1.8.0 to 1.8.6.
- wnpa-sec-2013-31
- The ETCH dissector could go into a large loop.
- Versions affected: 1.8.0 to 1.8.6.
The following bugs have been fixed:
- The Windows installer and uninstaller does a better job of detecting running executables.
- Library mismatch when compiling on a system with an older Wireshark version. (Bug 6011)
- SNMP dissector bug: STATUS_INTEGER_DIVIDE_BY_ZERO. (Bug 7359)
- A console window is never opened. (Bug 7755)
- GSM_MAP show malformed Packets when two IMSI. (Bug 7882)
- Fix include and libs search path when cross compiling. (Bug 7926)
- PER dissector crash. (Bug 8197)
- pcap-ng: name resolution block is not written to file on save. (Bug 8317)
- Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321)
- Decoding of GSM MAP E164 Digits. (Bug 8450)
- Silent installer and uninstaller not silent. (Bug 8451)
- Replace use of INCLUDES with AM_CPPFLAGS in all Makefiles to placate recent autotools. (Bug 8452)
- Wifi details are not stored in the Decryption Key Management dialog (post 1.8.x). (Bug 8446)
- IO Graph should not be limited to 100k points (NUM_IO_ITEMS). (Bug 8460)
- geographical_description: hf_gsm_a_geo_loc_deg_of_long 24 bit field truncated to 23 bits. (Bug 8532)
- IRC message with multiple params causes malformed packet exception. (Bug 8548)
- Part of Ping Reply Message in ICMPv6 Reply Message is marked as "Malformed Packet". (Bug 8554)
- MP2T wiretap heuristic overriding ERF. (Bug 8556)
- Cannot read content of Ran Information Application Error Rim Container. (Bug 8559)
- Endian error and IP:Port error when decoding BT-DHT response message. (Bug 8572)
- "ACE4_ADD_FILE/ACE4_ADD_SUBDIRECTORY" should be "ACE4_APPEND_DATA / ACE4_ADD_SUBDIRECTORY". (Bug 8575)
- wireshark crashes while displaying I/O Graph. (Bug 8583)
- GTPv2 MM Context (UMTS Key, Quad, and Quint Decoded) incorrectly. (Bug 8596)
- DTLS 1.2 uses wrong PRF. (Bug 8608)
- RTP DTMF digits are no longer displayed in VoIP graph analysis. (Bug 8610)
- Universal port not accepted in RSA Keys List window. (Bug 8618)
- Wireshark Dissector bug with HSRP Version 2. (Bug 8622)
- LISP control packet incorrectly identified as LISP data based when UDP source port is 4341. (Bug 8627)
- Bad tcp checksum not detected. (Bug 8629)
- AMR Frame Type uses wrong Value String. (Bug 8681)
Updated Protocol Support:
- AMR, ASN.1 BER, BAT, Bluetooth DHT, BSSGP, DTLS, E.164, Ericsson A-bis OML, GSM A, GSM MAP, HDFSDATA, ICMP, ICMPv6, ixveriwave, IRC, KDSP, LISP Data, MMS, NFS, OpenWire, PPP, RELOAD, RTP, SASP, SIP, SSL/TLS, TCP, UA3G
New and Updated Capture File Support:
- Endace ERF, NetScreen snoop.
更新時間:2013-03-07
更新細節:
What's new in this version:
The following bugs have been fixed:
- Lua pinfo.cols.protocol not holding value in postdissector.
- data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs.
- HTTP application/json-rpc should be decoded/shown as application/json.
- Maximum value of 802.11-2012 Duration field should be 32767.
- Voice RTP player crash if player is closed while playing.
- Display Filter Macros crash.
- RRC RadioBearerSetup message decoding issue.
- R-click filters add ! in front of field when choosing "apply as filter>selected".
- BACnet - Loop Object - Setpoint-Reference property does not decode correctly.
- WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number.
- Incorrect RTP statistics (Lost Packets indication not ok).
- Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames.
- Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC.
- [BACnet] UCS-2 strings longer than 127 characters do not decode correctly.
- Malformed IEEE80211 frame triggers DISSECTOR_ASSERT.
- Decoding of GSM MAP SMS Diagnostics.
- Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP).
- Netflow dissector flowDurationMicroseconds nanosecond conversion wrong.
- BE (3) AC is wrongly named as "Video" in (qos_acs).
Updated Protocol Support
- ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP
更新時間:2013-03-07
更新細節:
What's new in this version:
The following bugs have been fixed:
- Lua pinfo.cols.protocol not holding value in postdissector.
- data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs.
- HTTP application/json-rpc should be decoded/shown as application/json.
- Maximum value of 802.11-2012 Duration field should be 32767.
- Voice RTP player crash if player is closed while playing.
- Display Filter Macros crash.
- RRC RadioBearerSetup message decoding issue.
- R-click filters add ! in front of field when choosing "apply as filter>selected".
- BACnet - Loop Object - Setpoint-Reference property does not decode correctly.
- WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number.
- Incorrect RTP statistics (Lost Packets indication not ok).
- Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames.
- Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC.
- [BACnet] UCS-2 strings longer than 127 characters do not decode correctly.
- Malformed IEEE80211 frame triggers DISSECTOR_ASSERT.
- Decoding of GSM MAP SMS Diagnostics.
- Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP).
- Netflow dissector flowDurationMicroseconds nanosecond conversion wrong.
- BE (3) AC is wrongly named as "Video" in (qos_acs).
Updated Protocol Support
- ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP
更新時間:2013-01-30
更新細節:
What's new in this version:
Bug Fixes:
- wnpa-sec-2013-01
- Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-02
- The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-03
- The DTN dissector could crash. (Bug 7945)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-04
- The MS-MMC dissector (and possibly others) could crash. (Bug 8112)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-05
- The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-06
- The ROHC dissector could crash. (Bug 7679)
- Versions affected: 1.8.0 to 1.8.4.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-07
- The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-08
- The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-09
- The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar.
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
The following bugs have been fixed:
- SNMPv3 Engine ID registration. (Bug 2426)
- Wrong decoding of gtp.target identification. (Bug 3974)
- Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
- Wireshark crashes when starting due to out-of-date plugin left behind from earlier installation. (Bug 7401)
- Failed to dissect TLS handshake packets. (Bug 7435)
- ISUP dissector problem with empty Generic Number. (Bug 7632)
- Illegal character is used in temporary capture file name. (Bug 7877)
- Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
- Timestamp info is not saved correctly when writing DOS Sniffer files. (Bug 7998)
- 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
- Core dumped when the file is closed. (Bug 8022)
- LPP is misspelled in APDU parameter in e-CIDMeasurementInitiation request for LPPA message. (Bug 8023)
- Wrong packet bytes are selected for ISUP CUG binary code. (Bug 8035)
- Decodes FCoE Group Multicast MAC address as Broadcom MAC address. (Bug 8046)
- The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages. (Bug 8075)
- Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
- Some Information Elements in GTPv2 are not dissected correctly. (Bug 8079)
- Wrong bytes highlighted with "Find Packet...". (Bug 8085)
- 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
- Wireshark does not show "Start and End Time" information for Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
- GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag in Common Flags IE. (Bug 8193)
- Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC & ECI. (Bug 8208)
- Version Number in EtherIP dissector. (Bug 8211)
- Warn Dissector bug, protocol JXTA. (Bug 8212)
- Electromagnetic Emission Parser parses field Event Id as Entity Id. (Bug 8227)
Updated Protocol Support:
- ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1, DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP, Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow, IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS, NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
New and Updated Capture File Support:
- DOS Sniffer
更新時間:2013-01-30
更新細節:
What's new in this version:
Bug Fixes:
- wnpa-sec-2013-01
- Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, SDP, and SIP dissectors. Reported by Laurent Butti. (Bugs 8036, 8037, 8038, 8040, 8041, 8042, 8043, 8198, 8199, 8222)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-02
- The CLNP dissector could crash. Discovered independently by Laurent Butti and the Wireshark development team. (Bug 7871)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-03
- The DTN dissector could crash. (Bug 7945)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-04
- The MS-MMC dissector (and possibly others) could crash. (Bug 8112)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-05
- The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8111)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-06
- The ROHC dissector could crash. (Bug 7679)
- Versions affected: 1.8.0 to 1.8.4.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-07
- The DCP-ETSI dissector could corrupt memory. Discovered by Laurent Butti. (Bug 8213)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-08
- The Wireshark dissection engine could crash. Discovered by Laurent Butti. (Bug 8197)
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
- wnpa-sec-2013-09
- The NTLMSSP dissector could overflow a buffer. Discovered by Ulf Härnhammar.
- Versions affected: 1.8.0 to 1.8.4, 1.6.0 to 1.6.12.
- GENERIC-MAP-NOMATCH
The following bugs have been fixed:
- SNMPv3 Engine ID registration. (Bug 2426)
- Wrong decoding of gtp.target identification. (Bug 3974)
- Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
- Wireshark crashes when starting due to out-of-date plugin left behind from earlier installation. (Bug 7401)
- Failed to dissect TLS handshake packets. (Bug 7435)
- ISUP dissector problem with empty Generic Number. (Bug 7632)
- Illegal character is used in temporary capture file name. (Bug 7877)
- Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
- Timestamp info is not saved correctly when writing DOS Sniffer files. (Bug 7998)
- 1.8.3 Wireshark User's Guide version is 1.6. (Bug 8009)
- Core dumped when the file is closed. (Bug 8022)
- LPP is misspelled in APDU parameter in e-CIDMeasurementInitiation request for LPPA message. (Bug 8023)
- Wrong packet bytes are selected for ISUP CUG binary code. (Bug 8035)
- Decodes FCoE Group Multicast MAC address as Broadcom MAC address. (Bug 8046)
- The SSL dissector stops decrypting the SSL conversation with Malformed Packet:SSL error messages. (Bug 8075)
- Unable to Save/Apply [Unistim Port] in Preferences. (Bug 8078)
- Some Information Elements in GTPv2 are not dissected correctly. (Bug 8079)
- Wrong bytes highlighted with "Find Packet...". (Bug 8085)
- 3GPP ULI AVP. SAI is not correctly decoded. (Bug 8098)
- Wireshark does not show "Start and End Time" information for Cisco Netflow/IPFIX with type 154 to 157. (Bug 8105)
- GPRS Tunnel Protocoll GTP Version 1 does not decode DAF flag in Common Flags IE. (Bug 8193)
- Wrong parcing of ULI of gtpv2 messages - errors in SAC, RAC & ECI. (Bug 8208)
- Version Number in EtherIP dissector. (Bug 8211)
- Warn Dissector bug, protocol JXTA. (Bug 8212)
- Electromagnetic Emission Parser parses field Event Id as Entity Id. (Bug 8227)
Updated Protocol Support:
- ANSI IS-637-A, ASN.1 PER, AX.25, Bluetooth HCI, CLNP, CSN.1, DCP-ETSI, DIAMETER, DIS PDU, DOCSIS CM-STATUS, DTLS, DTN, EtherIP, Fibre Channel, GPRS, GTP, GTPv2, HomePlug AV, IEEE 802.3 Slow, IEEE 802.15.4, ISUP, JXTA, LAPD, LPPa, MPLS, MS-MMC, NAS-EPS, NTLMSSP, ROHC, RSL, RTPS, SDP, SIP, SNMP, SSL
New and Updated Capture File Support:
- DOS Sniffer
更新時間:2012-11-29
更新細節:
What's new in this version:
Bug Fixes:
- Wireshark could leak potentially sensitive host name resolution information when working with multiple pcap-ng files.
- Versions affected: 1.8.0 to 1.8.3.
- The USB dissector could go into an infinite loop. (Bug 7787)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The sFlow dissector could go into an infinite loop. (Bug 7789)
- Versions affected: 1.8.0 to 1.8.3.
- The SCTP dissector could go into an infinite loop. (Bug 7802)
- Versions affected: 1.8.0 to 1.8.3.
- The EIGRP dissector could go into an infinite loop. (Bug 7800)
- Versions affected: 1.8.0 to 1.8.3.
- The ISAKMP dissector could crash. (Bug 7855)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The iSCSI dissector could go into an infinite loop. (Bug 7858)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The WTP dissector could go into an infinite loop. (Bug 7869)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The RTCP dissector could go into an infinite loop. (Bug 7879)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- The 3GPP2 A11 dissector could go into an infinite loop. (Bug 7801)
- Versions affected: 1.8.0 to 1.8.3.
- The ICMPv6 dissector could go into an infinite loop. (Bug 7844)
- Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
- Menu and Title bars inaccessible using GTK2 (non-legacy) with two monitors. (Bug 553)
- 802.11 Probe Response fails to parse. (Bug 1284)
- Tshark - decimal symbol. (Bug 2880)
- Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
- SSL decryption not work even with example capture file and key. (Bug 6869)
- Info line is incorrect on SIP message containing another SIP message in body. (Bug 7780)
- OOPS: dissector table "sctp.ppi" doesn't exist Protocol being registered is "Datagram Transport Layer Security". (Bug 7784)
- Dissection of IEEE 802.11 Channel Switch Announcement element fails. (Bug 7797)
- Invalid memory accesses when loading RADIUS captures. (Bug 7803)
- ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
- We don't handle pcap-ng files with IDBs that come after packet blocks. (Bug 7851)
- '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA dialog does not work. (Bug 7866)
- nas_eps dissector does not decode some esm message. (Bug 7912)
- WLAN decryption status not updated after updating WEP/WPA keys. (Bug 7921)
- IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
- Print GNUTLS error message if PEM import fails. (Bug 7948)
- GSM classmark3 8-PSK decode error. (Bug 7964)
- Parsing the Server Name Indication extension in SSL/TLS traffic reads some fields incorrectly. (Bug 7967)
- Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
- 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
- Misspelling (typo) in IPv6 display filter field name. (Bug 8006)
- Two BSSGP dissector bugs. (Bug 8008)
- Core dump during SCTP association analysis. (Bug 8011)
Updated Protocol Support:
- 3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE 802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism, RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
New and Updated Capture File Support:
- CommView NCF, iSeries, pcap-ng.