NEWS


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223

Wireshark 1.8.4 Release Notes

   ------------------------------------------------------------------

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development and
   education.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed.

     o wnpa-sec-2012-30

       Wireshark could leak potentially sensitive host name
       resolution information when working with multiple pcap-ng
       files. Discovered by Laura Chappell.

       Versions affected: 1.8.0 to 1.8.3.

     o wnpa-sec-2012-31

       The USB dissector could go into an infinite loop. (Bug 7787)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

     o wnpa-sec-2012-32

       The sFlow dissector could go into an infinite loop. (Bug 7789)

       Versions affected: 1.8.0 to 1.8.3.

     o wnpa-sec-2012-33

       The SCTP dissector could go into an infinite loop. (Bug 7802)

       Versions affected: 1.8.0 to 1.8.3.

     o wnpa-sec-2012-34

       The EIGRP dissector could go into an infinite loop. (Bug 7800)

       Versions affected: 1.8.0 to 1.8.3.

     o wnpa-sec-2012-35

       The ISAKMP dissector could crash. (Bug 7855)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

     o wnpa-sec-2012-36

       The iSCSI dissector could go into an infinite loop. (Bug 7858)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

     o wnpa-sec-2012-37

       The WTP dissector could go into an infinite loop. (Bug 7869)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

     o wnpa-sec-2012-38

       The RTCP dissector could go into an infinite loop. (Bug 7879)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

     o wnpa-sec-2012-39

       The 3GPP2 A11 dissector could go into an infinite loop. (Bug
       7801)

       Versions affected: 1.8.0 to 1.8.3.

     o wnpa-sec-2012-40

       The ICMPv6 dissector could go into an infinite loop. (Bug
       7844)

       Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.

   The following bugs have been fixed:

     o Menu and Title bars inaccessible using GTK2 (non-legacy) with
       two monitors. (Bug 553)

     o 802.11 Probe Response fails to parse. (Bug 1284)

     o Tshark - decimal symbol. (Bug 2880)

     o Malformed tpncp.dat file can crash Wireshark. (Bug 6665)

     o SSL decryption not work even with example capture file and
       key. (Bug 6869)

     o Info line is incorrect on SIP message containing another SIP
       message in body. (Bug 7780)

     o OOPS: dissector table "sctp.ppi" doesn't exist Protocol being
       registered is "Datagram Transport Layer Security". (Bug 7784)

     o Dissection of IEEE 802.11 Channel Switch Announcement element
       fails. (Bug 7797)

     o Invalid memory accesses when loading RADIUS captures. (Bug
       7803)

     o ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)

     o We don't handle pcap-ng files with IDBs that come after packet
       blocks. (Bug 7851)

     o '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA
       dialog does not work. (Bug 7866)

     o nas_eps dissector does not decode some esm message. (Bug 7912)

     o WLAN decryption status not updated after updating WEP/WPA
       keys. (Bug 7921)

     o IPv6 Option Pad1 Incorrect dissection. (Bug 7938)

     o Print GNUTLS error message if PEM import fails. (Bug 7948)

     o GSM classmark3 8-PSK decode error. (Bug 7964)

     o Parsing the Server Name Indication extension in SSL/TLS
       traffic reads some fields incorrectly. (Bug 7967)

     o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)

     o 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)

     o Misspelling (typo) in IPv6 display filter field name. (Bug
       8006)

     o Two BSSGP dissector bugs. (Bug 8008)

     o Core dump during SCTP association analysis. (Bug 8011)

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE
   802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism,
   RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB

  New and Updated Capture File Support

   CommView NCF, iSeries, pcap-ng.

Getting Wireshark

   Wireshark source code and installation packages are available from
   http://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages.
   You can usually install or upgrade Wireshark using the package
   management system specific to that platform. A list of third-party
   packages can be found on the download page on the Wireshark web
   site.

File Locations

   Wireshark and TShark look in several different locations for
   preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
   These locations vary from platform to platform. You can use
   About→Folders to find the default locations on your system.

Known Problems

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

   The BER dissector might infinitely loop. (Bug 1516)

   Capture filters aren't applied when capturing from named pipes.
   (Bug 1814)

   Filtering tshark captures with display filters (-R) no longer
   works. (Bug 2234)

   The 64-bit Windows installer does not support Kerberos decryption.
   (Win64 development page)

   Application crash when changing real-time option. (Bug 4035)

   Hex pane display issue after startup. (Bug 4056)

   Packet list rows are oversized. (Bug 4357)

   Summary pane selected frame highlighting not maintained. (Bug
   4445)

   Wireshark and TShark will display incorrect delta times in some
   cases. (Bug 4985)

Getting Help

   Community support is available on Wireshark's Q&A site and on the
   wireshark-users mailing list. Subscription information and
   archives for all of Wireshark's mailing lists can be found on the
   web site.

   Official Wireshark training and certification are available from
   Wireshark University.

Frequently Asked Questions

   A complete FAQ is available on the Wireshark web site.