Wireshark 0.99.6a
更新細節:
Fixes a problem with updating from WinPcap 4.0 to 4.0.1.
版本下載:Wireshark 0.99.6a
Wireshark 0.99.6
更新細節:
Security-related vulnerabilities in the HTTP, DCP ETSI, SSL, DHCP, and MMS dissectors have been fixed along with the iSeries file reader. See the advisory for details.
This release adds the ability to change columns without restarting Wireshark, display filter macros, HTTP object export, upper() and lower() display filter modifiers, and many more features.
版本下載:Wireshark 0.99.6
Wireshark 0.99.5
更新細節:
Bug Fixes
- The following vulnerabilities have been fixed. See the [1]security
advisory for details and a workaround.
- The TCP dissector could hang or crash while reassembling HTTP
packets. (Bug [2]1200)
Versions affected: 0.99.2 to 0.99.4
[3]CVE-2007-0459
- The HTTP dissector could crash.
Versions affected: 0.99.3 to 0.99.4
[4]CVE-2007-0458
- On some systems, the IEEE 802.11 dissector could crash.
Versions affected: 0.10.14 to 0.99.4
[5]CVE-2007-0457
- On some systems, the LLT dissector could crash.
Versions affected: 0.99.3 to 0.99.4
[6]CVE-2007-0456
The following bugs have been fixed:
- On Windows systems the packet list scroll bar could sometimes
disappear or become unusable. ([7]Bug 220)
- The end of HTTP chunked encoding wasn't being displayed.
([8]Bug 646)
- The Follow TCP Stream window could omit characters. ([9]Bug
1043)
- Opening a flow graph could crash Wireshark. ([10]Bug 1117)
- Follow TCP Stream would sometimes get the direction wrong.
([11]Bug 1138)
- The foreground text in the coloring rules editor was always
black.. ([12]Bug 1164)
- The CSV export format was incorrect. ([13]Bug 1173)
- On some Windows systems Wireshark could take a long time to
start up.
- Malformed UDLD packets could cause an exception.
- The ISUP statistics report could overflow a buffer and crash
when displaying IPv6 addresses.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
- We are now offering Wireshark as a [14]U3 package for Windows.
U3 packages are suitable for using on USB drives and CD-ROMs.
It's still experimental, but you're welcome to try it out and
report any problems or successes.
- Decryption support for WPA/WPA2 and SNMPv3 has been added. The
TDS / MS SQL dissector now de-obfuscates passwords.
- 64-bit file handling has been improved.
- The Find function now selects the corresponding packet detail
item. Find functionality has been added to the TCP and SSL stream dialogs.
- Main window keyboard navigation has been improved.
- Windows file dialogs now show the "places" bar (Desktop, My
Documents, My Computer, My Network Places, etc). File dialogs
now default to "My Documents" in accordance with Microsoft's
HIG.
- [15]AirPcap support (which provides raw mode capture under
Windows) has been enhanced to allow capturing on multiple
AirPcap adapters simultaneously.
- You can no longer install Wireshark on Windows 95, 98, or ME.
(OK, so it's not a feature per se, but it's an important
change). The last version known to work on these systems is
[16]Ethereal 0.99.0.
- ASN.1 BER-encoded files can now be dissected according to a
user-specified syntax.
New Protocol Support
DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN
v2
Updated Protocol Support
2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1
BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS,
EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP,
DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec,
IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP,
MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow,
NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS,
RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP,
SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38,
TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP,
USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG
New and Updated Capture File Support
- Catapult DCT2000, Netttl, Windows Sniffer / NetXray
版本下載:Wireshark 0.99.5
Wireshark 0.99.4
更新細節:
The following vulnerabilities have been fixed
- The HTTP dissector could crash. (Bugs [2]1050 and [3]1079)
- The LDAP dissector (and possibly others) could crash. (Bug [5]1054)
- The XOT dissector could attempt to allocate a large amount of memory and crash. (Bug [7]1133)
- The WBXML dissector could crash. (Bug [9]1134)
- The MIME Multipart dissector was susceptible to an off-by-one error. (Bug [11]1135)
- If AirPcap support was enabled, parsing a WEP key could sometimes cause a crash.
The following bugs have been fixed
- The file set dialog could grow excessively large. ([13]Bug 331)
- Trying to save flow data may crash Wireshark. ([14]Bug 396)
- It may not be possible to re-order coloring rules under Windows. ([15]Bug 699)
- Printing each packet to a new page didn't work under Windows. ([16]Bug 707)
- The personal hosts configuration file wasn't being parsed correctly. ([17]Bug 795)
- "Save as" to an existing file wasn't allowed. ([18]Bug 927)
- The SNMP dissector was not handling 64-bit counters properly. ([19]Bug 1047)
- Wireshark and TShark would fail to start under Windows while trying to acquire a crypto context. ([20]Bug 1096)
- The HTTP content-length field was a string instead of an integer. ([21]Bug 1109)
- Invalid characters could show up in PDML output. ([22]Bug 1110)
New and Updated Features
- [23]AirPcap, support (which provides raw mode capture under Windows) has been enhanced to allow capturing on multiple AirPcap adapters simultaneously using the Multi-Channel Aggregator.
- VoIP call playback has been enhanced. If Wireshark is linked with the PortAudio library, you can play back G.711 conversations. This feature is present in the standard Windows installer.
- The capture interface dialog display has been enhanced.
- The "Save" button has been removed from the "Ok" / "Apply" / "Cancel" button group in the following dialogs:
: Edit/Preferences, View/Coloring Rules, Capture/Capture Filters,Analyze/Display Filters, Analyze/Enabled Protocols
- Reading from stdin ("-i -") now works under Windows.
- Expert analysis has been improved.
- Wireshark now supports USB as a media type. If you're running a Linux distribution with version 2.6.11 of the kernel or greater and you have the usbmon module enabled and you have a recent CVS version of libpcap (post-0.9.5) installed you can also do live captures. More details can be found at the [24]USB capture setup page on the wiki.
- The number of WEP keys that the user can specify in the IEEE 802.11 protocol preferences has been increased from 4 to 64.
版本下載:Wireshark 0.99.4
Wireshark 0.99.3
Wireshark 0.99.2
更新細節:
Bug Fixes
- The GSM BSSMAP dissector could crash. Versions affected: 0.10.11. CVE-2006-3627
- The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0. CVE-2006-3628
- The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10. CVE-2006-3628
- The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4. CVE-2006-3628
- The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE-2006-3628
- The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4. CVE-2006-3629
- The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7. CVE-2006-3630
- The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13. CVE-2006-3628
- The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10. CVE-2006-3631
- The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16. CVE-2006-3632
New and Updated Features
- Multicast stream analysis (Statistics->Multicast Streams) has been added. It lets you determine burst size, output buffer size, and losses for multicast data.
- TCP reassembly has been updated and improved.
- Expert analysis has been updated and improved.
- SCSI service response time statistics have been added.
- You can now find next/previous marked frames.
- The LDAP and SNMP dissectors have been completely rewriten.
- The SMB dissector now tracks filenames and share names.
- The Windows file dialogs have been improved.
- If Wireshark is linked with the PortAudio library, you can now listen to RTP streams. (PortAudio didn't make the cut in the current Windows installer. It will be included with 0.99.3.)
版本下載:Wireshark 0.99.2