1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
= Wireshark wireshark-version:[] Release Notes
// $Id$
== What is Wireshark?
Wireshark is the world's most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
== What's New
=== Bug Fixes
The following vulnerabilities have been fixed.
//* ws-buglink:5000[]
//* ws-buglink:6000[Wireshark bug]
//* ws-salink:2013-11[]
//* cve-idlink:2013-2486[]
* ws-salink:2013-61[]
+
The IEEE 802.15.4 dissector could crash.
// Fixed in trunk: r52036
// Fixed in trunk-1.10: r52954
// Fixed in trunk-1.8: r52956
(ws-buglink:9139[])
+
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
+
cve-idlink:2013-6336[]
* ws-salink:2013-62[]
+
The NBAP dissector could crash. Discovered by Laurent Butti.
// Fixed in trunk: r52154
// Fixed in trunk-1.10: r52957
// Fixed in trunk-1.8: r52958
(ws-buglink:9168[])
+
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
+
cve-idlink:2013-6337[]
* ws-salink:2013-63[]
+
The SIP dissector could crash.
// Fixed in trunk: r52354
// Fixed in trunk-1.10: r52959
// Fixed in trunk-1.8: r52960
(ws-buglink:9228[])
+
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
+
cve-idlink:2013-6338[]
* ws-salink:2013-64[]
+
The OpenWire dissector could go into a large loop. Discovered by Murali.
// Fixed in trunk: r52457, r52458, r52463
// Fixed in trunk-1.10: r52490
// Fixed in trunk-1.8: r52490
(ws-buglink:9248[])
+
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
+
cve-idlink:2013-6339[]
* ws-salink:2013-65[]
+
The TCP dissector could crash.
// Fixed in trunk: r52570
// Fixed in trunk-1.10: r52961
// Fixed in trunk-1.8: r52962
(ws-buglink:9263[])
+
Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10
+
cve-idlink:2013-6340[]
The following bugs have been fixed:
//* Wireshark will practice the jazz flute for hours on end when you're trying to sleep. (ws-buglink:0000[])
* new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (ws-buglink:5349[])
* TLS decryption fails with XMPP start_tls. (ws-buglink:8871[])
* Wrong Interpretation of GTS starting slot. (ws-buglink:8946[])
* "Follow TCP Stream" shows only the first HTTP req+res. (ws-buglink:9044[])
* The value of 'SEND_TO_UE' in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0
instead of 1. (ws-buglink:9126[])
* Crash then try to delete the same entry (length range) twice. (ws-buglink:9129[])
* Crash if wrong "packet lengths range" entered. (ws-buglink:9130[])
* Bssgp => SGSN-INVOKE-TRACE use the wrong function... (ws-buglink:9157[])
* Minor correction to dissection of DLR frames in Ethernet/IP dissector. (ws-buglink:9186[])
* WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (ws-buglink:9198[])
* EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (ws-buglink:9199[])
* Files with pcap-ng Simple Packet Blocks can't be read. (ws-buglink:9200[])
* Bug in RTP dissector if RTP extension is present. (ws-buglink:9204[])
* Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (ws-buglink:9206[])
* "make debian-package" fails, missing wsicon32.xpm. (ws-buglink:9209[])
* Fix typo in MODCOD list of DVB-S2 dissector. (ws-buglink:9218[])
* Ring buffer crash when tshark gets too far behind dumpcap. (ws-buglink:9258[])
* PTP Dissector Wrongfully Reports Malformed Packet. (ws-buglink:9262[])
* Wireshark lua dissector unable to load for media_type=application/octet-stream. (ws-buglink:9296[])
* Wireshark crash when dissecting packet with NTLMSSP. (ws-buglink:9299[])
* Padding in uint64 field in DCERPC protocol wrongly reported. (ws-buglink:9300[])
* DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (ws-buglink:9301[])
* Multiple PDUs in the same DCERPC packet are not correctly decrypted. (ws-buglink:9302[])
* The tshark summary line doesn't display the frame number or displays it sporadically. (ws-buglink:9317[])
* Bluetooth: SDP improvements and minor fixes. (ws-buglink:9327[])
* Duplicate header field abbreviation breaks filter (example: irc.response.command). (ws-buglink:9360[])
=== New and Updated Features
There are no new features in this release.
=== New Protocol Support
There are no new protocols in this release.
=== Updated Protocol Support
--sort-and-group--
3GPP2 A11
Bluetooth SDP
BSSGP
DCERPC
DCERPC NDR
DCERPC NT
DIAMETER
DNS
DVB-S2
Ethernet
EtherNet/IP
H.225
IEEE 802.15.4
IRC
NBAP
NTLMSSP
OpenWire
PTP
RTP
SIP
TCP
WiMax
XMPP
--sort-and-group--
=== New and Updated Capture File Support
--sort-and-group--
.
--sort-and-group--
== Getting Wireshark
Wireshark source code and installation packages are available from
http://www.wireshark.org/download.html.
=== Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You can
usually install or upgrade Wireshark using the package management system
specific to that platform. A list of third-party packages can be found
on the http://www.wireshark.org/download.html#thirdparty[download page]
on the Wireshark web site.
== File Locations
Wireshark and TShark look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About→Folders to find the default
locations on your system.
== Known Problems
Dumpcap might not quit if Wireshark or TShark crashes.
(ws-buglink:1419[])
The BER dissector might infinitely loop.
(ws-buglink:1516[])
Capture filters aren't applied when capturing from named pipes.
(ws-buglink:1814[])
Filtering tshark captures with read filters (-R) no longer works.
(ws-buglink:2234[])
The 64-bit Windows installer does not support Kerberos decryption.
(https://wiki.wireshark.org/Development/Win64[Win64 development page])
Resolving (ws-buglink:9044[]) reopens (ws-buglink:3528[]) so that Wireshark
no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option.
(ws-buglink:4035[])
Hex pane display issue after startup.
(ws-buglink:4056[])
Packet list rows are oversized.
(ws-buglink:4357[])
Summary pane selected frame highlighting not maintained.
(ws-buglink:4445[])
Wireshark and TShark will display incorrect delta times in some cases.
(ws-buglink:4985[])
== Getting Help
Community support is available on http://ask.wireshark.org/[Wireshark's
Q&A site] and on the wireshark-users mailing list. Subscription
information and archives for all of Wireshark's mailing lists can be
found on http://www.wireshark.org/lists/[the web site].
Official Wireshark training and certification are available from
http://www.wiresharktraining.com/[Wireshark University].
== Frequently Asked Questions
A complete FAQ is available on the
http://www.wireshark.org/faq.html[Wireshark web site].
|
