Wireshark 2.0.4 (32-bit)
更新細節:
# Vulnerabilities fixed:
- The SPOOLS dissector could go into an infinite loop. Discovered by the CESG.
- The IEEE 802.11 dissector could crash.
- The IEEE 802.11 dissector could crash. Discovered by Mateusz Jurczyk.
- The UMTS FP dissector could crash.
- Some USB dissectors could crash. Discovered by Mateusz Jurczyk.
- The Toshiba file parser could crash. Discovered by iDefense Labs.
- The CoSine file parser could crash. Discovered by iDefense Labs.
- The NetScreen file parser could crash. Discovered by iDefense Labs.
- The Ethernet dissector could crash.
# Bugs fixed:
- Saving pcap capture file with ERF encapsulation creates an invalid pcap file.
- Questionable calling of Ethernet dissector by encapsulating protocol dissectors.
- Wireshark 1.12.0 does not dissect HTTP correctly.
- Don’t copy details of hidden columns.
- RTP audio player crashes.
- Crash when saving RTP audio Telephony→RTP→RTP Streams→Analyze→Save→Audio.
- Edit - preferences - add column field not showing dropdown for choices.
- Using _ws.expert in a filter can cause a crash. (Bug 12335)
- Crash in SCCP dissector UAT (Qt UI only).
- J1939 frame without data = malformed packet ?
- The stream number in tshark’s "-z follow,tcp,<stream number>" option is 0-origin rather than 1-origin.
- IP Header Length display filter should show calculated value.
- Multiple file radio buttons should be check boxes.
- Wrong check for getaddrinfo and gethostbyname on Solaris 11.
- ICMPv6 dissector doesn’t respect actual packet length.
- Format DIS header timestamp mm:ss.nnnnnn.
- RTP Stream Analysis can no longer be sorted in 2.0.3.
- RTP Stream Analysis fails to complete in 2.0.3 when packets are sliced.
- Network-Layer Name Resolution uses first 32-bits of IPv6 DNS address as IPv4 address in some circumstances.
- BACnet decoder incorrectly flags a valid APDU as a "Malformed Packet".
- Valid ISUP messages marked with warnings.
- Profile command line switch "-C" not working in Qt interface.
- MRCPv2: info column not showing info correctly.
- Diameter: Experimental result code 5142.
- Tshark crashes when analyzing RTP due to pointer being freed not allocated.
- NFS: missing information in getattr for supported exclusive create attributes.
- Ethernet type field with a value of 9100 is shown as "Unknown".
- Documentation does not include support for Windows Server 2012 R2.
- Column preferences ruined too easily.
- SMB Open andX extended response decoded incorrectly.
- SMB NtCreate andX with extended response sometimes incorrect.
- Viewing NFSv3 Data, checking SRTs doesn’t work.
- Make wireshark with Qt enabled buildable on ARM.
版本下載:Wireshark 2.0.4 (32-bit)
Wireshark 2.0.3 (32-bit)
更新細節:
# Vulnerabilities fixed:
- The NCP dissector could crash.
- TShark could crash due to a packet reassembly bug.
- The IEEE 802.11 dissector could crash.
- The PKTC dissector could crash.
- The PKTC dissector could crash.
- The IAX2 dissector could go into an infinite loop.
- Wireshark and TShark could exhaust the stack.
- The GSM CBCH dissector could crash.
- MS-WSP dissector crash.
# Bugs fixed:
- Protocol Hierarchy Statistics shows LDAP lines recursively.
- UTF-8 replacement characters in FT_STRINGs are escaped for presentation.
- DTLS : reassembly error, protocol DTLS: New fragment overlaps old data.
- Packet byte pane in Qt version of packet window isn’t being displayed.
- "wireshark -i usbmon2 -k" results in "No interfaces selected" when restarting a capture.
- Crash when changing the "which packets to print" radio button in the Print dialog.
- Selecting packets causes memory leak.
- Client Hello not dissected when failed SSL handshake fully captured.
- TCP graphs - wrong stream graphed if stream index > 99.
- Typo in packet-gsm_a_dtap.c.
- Lua dot file error.
- "All Files" does not allow selecting files without period.
- wlan, wlan_mgt, Length error shown for IE BSS AC Access Delay/WAPI Parameter Set (68).
- Qt GUI very slow when expanding packet details with a lot of items.
- Comparing a boolean field against 1 always succeeds on big-endian machines.
- FIN flag not always correctly passed to subdissectors.
- Interpretation of BGP NLRI for default route cause malformed packet.
- Capture Interfaces dialog crashes after clicking the bookmark menu.
- Wireshark crashes right after a capture filter is selected.
- GSM GMM Identity Response dissection error.
- Crash reloading "dissector.lua" from the Wireshark website.
- VoIP calls does not show IAX2 calls.
- Wireshark CPU usage has dramatically increased.
- RPC/NFS incorrectly decodes as ACAP.
- Wireshark mistakenly flags CF-End packets as being Malformed.
- ASTERIX Category 48 Reserved Expansion Field.
- It is not possible to enter characters requiring "Alt Gr" in the display filter box such as "[" on a Swedish keyboard.
- tshark crashes when trying to export to pdml.
- Build fails on Centos 6.5 with gtk2 in ui/gtk/rtp_player.c rtp_channel_info_r has no no member start_time.
- TCP Dissector - spurious retransmissions not always recognized.
- PRA Identifier of the IE PRA Action should use 3 octets (6 to 8) and not 2 in GTPv2.
- Dissector bug, failed assertion, proto_desegment pinfo→can_desegment.
- Colorize with filter, new coloring rule, is labeled as new conversation rule.
- Qt Multicast Stream Dialog error in input field Burst alarm threshold and Buffer alarm.
- 6LoWPAN reassembly incorrect if extension header padding was elided.
- USBPcap prevents keyboard from working.
- Crash when reloading Lua script when Field is gone.
- Wrong display of USSD strings in the GSM 7-bit alphabet for non-ASCII characters in Wireshark 2.0.x.
- Malformed Packet: RTP.
- Incorrect error on MPA pdu length on iWARP packets.
- Endpoints window doesn’t show name resolution.
版本下載:Wireshark 2.0.3 (32-bit)
HWiNFO 5.22
Wireshark 2.0.2 (32-bit)
更新細節:
# Vulnerabilities fixed:
- DLL hijacking vulnerability.
- ASN.1 BER dissector crash.
- DNP dissector infinite loop.
- X.509AF dissector crash.
- HTTP/2 dissector crash.
- HiQnet dissector crash.
- 3GPP TS 32.423 Trace file parser crash.
- LBMC dissector crash.
- iSeries file parser crash.
- RSL dissector crash.
- LLRP dissector crash.
- Ixia IxVeriWave file parser crash.
- IEEE 802.11 dissector crash.
- GSM A-bis OML dissector crash.
- ASN.1 BER dissector crash.
- SPICE dissector large loop.
- NFS dissector crash.
- ASN.1 BER dissector crash.
# Bugs fixed:
- HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP streams" option is enabled.
- Questionable calling of ethernet dissector by encapsulating protocol dissectors.
- [Qt & Legacy & probably TShark too] Delta Time Conversation column is empty.
- extcap: abort when validating capture filter for DLT 147.
- Missing columns in Qt Flow Graph.
- Interface list doesn’t show well when the list is very long.
- Unable to use saved Capture Filters in Qt UI.
- extcap: Capture interface options snaplen, buffer and promiscuous not being used.
- Improper RPC reassembly
- GTPv1 Dual Stack with one static and one Dynamic IP.
- Wireshark 2.0.1 MPLS dissector not decoding payload when control word is present in pseudowire.
- "…using this filter" turns white (not green or red). Plus dropdown arrow does nothing.
- EIGRP field eigrp.ipv4.destination does not show the correct destination.
- tshark -z conv,type[,filter] swapped frame / byte values from / to columns.
- The field name nstrace.tcpdbg.tcpack should be nstrace.tcpdbg.tcprtt.
- 6LoWPAN IPHC traffic class not decompressed correctly
- Crash with snooping NFS file handles.
- 802.11 dissector fails to decrypt some broadcast messages.
- Wireshark hangs when adding a new profile.
- Issues when closing the application with a running capture without packets.
- New Qt UI lacks ability to step through multiple TCP streams with Analyze > Follow > TCP Stream.
- GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded.
- Wireshark 2.0.1 crash on start.
- Wi-Fi 4-way handshake 4/4 is displayed as 2/4.
- ACN: acn.dmx.data has incorrect type.
- editcap packet comment won’t add multiple comments.
- DICOM Sequences no longer able to be expanded.
- Wrong TCP stream when port numbers are reused.
- SSL decryption fails in presence of a Client certificate.
- LUA: TVBs backing a data source is freed too early.
- PIM: pim.group filter have the same name for IPv4 and IPv6.
- Failed to parse M3AP IE (TNL information).
- Wrong interpretation of Instance ID value in OSPFv3 packet.
- MP2T Dissector does parse RTP properly in 2.0.1.
- editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs.
- Guard Interval is not consistent between Radiotap & wlan_radio.
- Calling dumpcap -i- results in access violation.
- Qt: Friendly Name and Interface Name columns should not be editable.
- PPTP GRE call ID not always decoded.
- Interface list does not show device description anymore.
- Find Packet does not highlight the matching tree item or packet bytes.
- "total block length … is too large" error when opening pcapng file with multiple SHB sections.
- http.request.full_uri is malformed if an HTTP Proxy is used.
- SNMP dissector fails at msgSecurityParameters with long length encoding.
# Updated Protocol Support
- 6LoWPAN, ACN, ASN.1 BER, BATADV, DICOM, DNP3, DOCSIS INT-RNG-REQ, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, HTTP, HTTP/2, IEEE 802.11, IKEv2, InfiniBand, IPv4, IPv6, LBMC, LLRP, M3AP, MAC LTE, MP2T, MPLS, NFS, NS Trace, OSPF, PIM, PPTP, RLC LTE, RoHC, RPC, RSL, SNMP, SPICE, SSL, TCP, TRILL, VXLAN, WaveAgent, and X.509AF
# New and Updated Capture File Support
- 3GPP TS 32.423 Trace, iSeries, Ixia IxVeriWave, pcap, and pcapng
# Vendor-supplied Packages
- Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
# File Locations
- Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
版本下載:Wireshark 2.0.2 (32-bit)
Wireshark 2.0.1 (32-bit)
更新細節:
# Bug Fixes:
- Zooming out (Ctrl+-) too far crashes Wireshark.
- IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly.
- About → Plugins should be a scrollable.
- Profile change leaves prior profile residue.
- Wireshark crashes when using the VoIP player.
- Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242).
- Not possible to stop a capture with invalid filter.
- "No interface selected" when having a valid capture filter.
- Malformed packet with IPv6 mobility header.
- Wireshark crashes dissecting Profinet NRT (DCE-RPC) packet.
- All fields in the packet detail pane of a "new packet" window are expanded by default.
- Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding.
- Display filters arranges columns incorrectly.
- Scrolling and navigating using the trackpad on Mac OS X could be much better.
- Lua Proto() does not validate arguments.
- Pointers to deallocated memory when redissecting.
- Suggestion for re-phrasing the TCP Window Full message.
- Can’t parse MPEG-2 Transport Streams generated by the Logik L26DIGB21 TV.
- Qt UI on Windows crashes when changing to next capture file.
- First displayed frame not updated when changing profile.
- LDAP decode shows invalid number of results for searchResEntry packets.
- Crash when escape to Follow TCP → Save.
- USBPcap prevents mouse and keyboard from working.
- Y-axis in RTP graph is in microseconds.
- "Delta time displayed" column in Wireshark doesn’t work well, but Wireshark-gtk does.
- UDP 12001 SNA Data no longer shown in EBCDIC.
- Wireshark Portable is not starting (no messages at all).
- IPv6 RPL Routing Header with length of 8 bytes still reads an address.
- g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2.
- Calling plugin_if_goto_frame when there is no file loaded causes a Protection Exception.
- Qt UI SIGSEGV before main() in initializer for colors_.
- Unable to add a directory to "GeoIP Database Paths".
- C++ Run time error when filtering on Expert limit to display filter.
- Widening the window doesn’t correctly widen the rightmost column.
- SSL V2 Client Hello no longer dissected in Wireshark 2.0.
- PacketBB (RFC5444) dissector displays IPv4 addresses incorrectly.
- SMTP over port 587 shows identical content for fields "Username" and "Password" when not decoding base-64-encoded authentication information.
- Converting of EUI64 address to string does not take offset into account.
- CIP segment dissection causes PDML assertion/failure.
- In Import from Hex Dump, an attempt to enter the timestamp format manually crashes the application.
- Follow Stream directional selector not readable.
- Coloring rule custom colors not saved.
- Total number of streams not correct in Follow TCP Stream dialog.
- Command line switch -Y for display filter does not work.
- Creating Debian package doesn’t work.
- Visual C++ Runtime Library Error "The application has requested the Runtime to terminate it in an unusual way." when you do not wait until Conversations is completely updated before applying "Limit to display filter".
- dpkg-buildpackage relocation R_X86_64_PC32 against symbol.
- Bits view in Packet Bytes pane is not persistent.
- ICMP Timestamp days, hours, minutes, seconds is incorrect.
- MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong.
版本下載:Wireshark 2.0.1 (32-bit)
Wireshark 2.0.0 (32-bit)
更新細節:
* An RTP player crash has been fixed.
* Flow graph issues have been fixed.
* A Follow Stream dialog crash has been fixed.
* An extcap crash has been fixed.
* A file merge crash has been fixed.
* A handle leak crash has been fixed.
* Several other crashes and usability issues have been fixed.
版本下載:Wireshark 2.0.0 (32-bit)
Wireshark 2.0.0 (32-bit) RC3
Wireshark 2.0.0 (32-bit) RC2
Webmin 1.770
更新細節:
New and Updated Features:
Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available. It is recommended that you use these independently of the NSIS (.exe) installers. That is, you should make sure the NSIS package is completely uninstalled before installing the Windows Installer package and vice-versa.
Source packages are now compressed using xz instead of bzip2.
The legacy (GTK+) UI is disabled by default in the Windows installer.
The legacy (GTK+) UI is disabled by default in Autotools and CMake.
SS7 Point Codes can now be resolved into names with a hosts-like file.
Wireshark can now go fullscreen to have more room for packets.
TShark can now export objects like the other GUI interfaces.
Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
You can now choose the output device when playing RTP streams.
Added support for dissectors to include a unit name natively in their hf field. A field can now automatically append "seconds" or "ms" to its value without additional printf-style APIs.
The Default profile can now be reset to default values.
You can move back and forth in the selection history in the Qt UI.
IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original decryption key preference has been obsoleted.
Extcap utilities can now provide configuration for a GUI interface toolbar to control the extcap utility while capturing.
Extcap utilities can now validate the capture filter.
Display filter function len() can now be used on all string and byte fields.
Added timeline view for 802.11 wireless packet data.
New Protocol Support:
(Facebook) Zero, Bluetooth HCI Vendor Intel, CAN FD, DirectPlay 8 protocol, Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol), Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux, GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local Service Discovery (LSD), M2 Application Protocol, Mesh Link Establishment (MLE), Netgear Ensemble Protocol, NetScaler HA Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol, NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs, OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion Messages, Snort Post-dissector, Thread CoAP, Unified Diagnostic Services (UDS), vSocket, Windows Cluster Management API (clusapi), and X-Rite i1 Display Pro (and derivatives) USB protocol.
New and Updated Capture File Support:
Non-empty section placeholder.
New and Updated Capture Interfaces support:
Non-empty section placeholder.
IEEE802.11: wlan_mgt display filter element got renamed to wlan.Libgcrypt is now a required dependency.
版本下載:Webmin 1.770
Wireshark 2.0.0 (32-bit) RC1
Wireshark 1.12.8 (32-bit)
更新細節:
# Bug Fixes:
- wnpa-sec-2015-30 Pcapng file parser crash. Discovered by Dario Lombardo and Shannon Sabens.
- Last Address field for IPv6 RPL routing header is interpreted incorrectly.
- Comparing two capture files crashes Wireshark when navigating the results.
- 802.11 frame is not correctly dissected if it contains HT Control.
- GVCP bit-fields not updated.
- Tshark crash when specifying ssl.keys_list on CLI.
- pcapng: SPB capture length is incorrectly truncated if IDB snaplen = 0.
- pcapng: NRB IPv4 address is endian swapped but shouldn’t be.
- pcapng: NRB with options causes file read failure.
- pcapng: ISB without if_drop option is shown as max value.
- UNISTIM dissector - Message length not included in offset for "Select Adjustable Rx Volume".
版本下載:Wireshark 1.12.8 (32-bit)
Wireshark 1.99.9 (32-bit) Beta
Wireshark 1.12.7 (32-bit)
更新細節:
# Vulnerabilities fixed:
- Protocol tree crash.
- Memory manager crash.
- Dissector table crash.
- ZigBee crash.
- GSM RLC/MAC infinite loop.
- WaveAgent crash.
- OpenFlow infinite loop.
- Ptvcursor crash.
- WCCP crash.
# Bugs Fixed :
- DCE RPC "Decode As" capability is missing.
- Mergecap turns nanosecond-resolution time stamps into microsecond-resolution time stamps.
- The Aruba ERM Type 1 Dissector inconsistent with Type 0 and Type 3.
- Parse CFM Type Test signal (TST) without CRC.
- Tshark: output format of rpc.xid changed from Hex to Integer.
- Not stop -a filecount <COUNT>.
- lldp.ieee.802_3.mdi_power_class display is wrong.
- Powerlink (EPL) SDO packages interpreted as frame dublication.
- Mysql dissector adds packet content to INFO column without scrubbing it.
- PIM null-register according to rfc4601 is incorrectly parsed.
- Wireshark Lua dissectors: both expand together.
- Link-type not retrieved for rpcap interfaces configured with authentication.
- SSL Decryption (RSA private key with p smaller than q) failing on the Windows 7 buildbot.
- [gtpv2]PCSCF ip in the Protocol configuration of update bearer request is not getting populated.
- wpan.src64 (and dst64) filter always gives "is not a valid EUI64 Address" error.
- Websphere MQ Work Information Header incorrectly showing "Reserved".
- DUP ACK Counter resetting after Window Update.
- CSV values missing when using tshark -2 option.
- Ethernet PAUSE frames are decoded incorrectly as PFC.
- SOCKS decoder giving strange values for seemingly normal SOCKS connection.
- 802.11ad decoding error.
# New and Updated Features:
- New Protocol Support
- Updated Protocol Support
- New and Updated Capture File Support
版本下載:Wireshark 1.12.7 (32-bit)