1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
|
Wireshark 1.8.4 Release Notes
------------------------------------------------------------------
What is Wireshark?
Wireshark is the world's most popular network protocol analyzer.
It is used for troubleshooting, analysis, development and
education.
What's New
Bug Fixes
The following vulnerabilities have been fixed.
o wnpa-sec-2012-30
Wireshark could leak potentially sensitive host name
resolution information when working with multiple pcap-ng
files. Discovered by Laura Chappell.
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-31
The USB dissector could go into an infinite loop. (Bug 7787)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-32
The sFlow dissector could go into an infinite loop. (Bug 7789)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-33
The SCTP dissector could go into an infinite loop. (Bug 7802)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-34
The EIGRP dissector could go into an infinite loop. (Bug 7800)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-35
The ISAKMP dissector could crash. (Bug 7855)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-36
The iSCSI dissector could go into an infinite loop. (Bug 7858)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-37
The WTP dissector could go into an infinite loop. (Bug 7869)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-38
The RTCP dissector could go into an infinite loop. (Bug 7879)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
o wnpa-sec-2012-39
The 3GPP2 A11 dissector could go into an infinite loop. (Bug
7801)
Versions affected: 1.8.0 to 1.8.3.
o wnpa-sec-2012-40
The ICMPv6 dissector could go into an infinite loop. (Bug
7844)
Versions affected: 1.8.0 to 1.8.3, 1.6.0 to 1.6.11.
The following bugs have been fixed:
o Menu and Title bars inaccessible using GTK2 (non-legacy) with
two monitors. (Bug 553)
o 802.11 Probe Response fails to parse. (Bug 1284)
o Tshark - decimal symbol. (Bug 2880)
o Malformed tpncp.dat file can crash Wireshark. (Bug 6665)
o SSL decryption not work even with example capture file and
key. (Bug 6869)
o Info line is incorrect on SIP message containing another SIP
message in body. (Bug 7780)
o OOPS: dissector table "sctp.ppi" doesn't exist Protocol being
registered is "Datagram Transport Layer Security". (Bug 7784)
o Dissection of IEEE 802.11 Channel Switch Announcement element
fails. (Bug 7797)
o Invalid memory accesses when loading RADIUS captures. (Bug
7803)
o ISUP CIC should have format BASE_DEC, not BASE_HEX. (Bug 7848)
o We don't handle pcap-ng files with IDBs that come after packet
blocks. (Bug 7851)
o '*' wildcard in the 'Src IP' or 'Dest IP' field of the ESP SA
dialog does not work. (Bug 7866)
o nas_eps dissector does not decode some esm message. (Bug 7912)
o WLAN decryption status not updated after updating WEP/WPA
keys. (Bug 7921)
o IPv6 Option Pad1 Incorrect dissection. (Bug 7938)
o Print GNUTLS error message if PEM import fails. (Bug 7948)
o GSM classmark3 8-PSK decode error. (Bug 7964)
o Parsing the Server Name Indication extension in SSL/TLS
traffic reads some fields incorrectly. (Bug 7967)
o Lua code crashes wireshark after update to 1.8.3. (Bug 7976)
o 2 bugs in Ran-Information-Error Rim Container. (Bug 8000)
o Misspelling (typo) in IPv6 display filter field name. (Bug
8006)
o Two BSSGP dissector bugs. (Bug 8008)
o Core dump during SCTP association analysis. (Bug 8011)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
3GPP2 A11, BSSGP, EIGRP, FMP/NOTIFY, GSM A, ICMP, ICMPv6, IEEE
802.11, IPsec, IPv6, ISAKMP, iSCSI, LTE RRC, NAS EPS, NDPS, Prism,
RADIUS, RRC, RTCP, SCTP, sFlow, SIP, SMB2, SSL/TLS, TPNCP, USB
New and Updated Capture File Support
CommView NCF, iSeries, pcap-ng.
Getting Wireshark
Wireshark source code and installation packages are available from
http://www.wireshark.org/download.html.
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package
management system specific to that platform. A list of third-party
packages can be found on the download page on the Wireshark web
site.
File Locations
Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About→Folders to find the default locations on your system.
Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes.
(Bug 1814)
Filtering tshark captures with display filters (-R) no longer
works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption.
(Win64 development page)
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug
4445)
Wireshark and TShark will display incorrect delta times in some
cases. (Bug 4985)
Getting Help
Community support is available on Wireshark's Q&A site and on the
wireshark-users mailing list. Subscription information and
archives for all of Wireshark's mailing lists can be found on the
web site.
Official Wireshark training and certification are available from
Wireshark University.
Frequently Asked Questions
A complete FAQ is available on the Wireshark web site.
|