Wireshark 0.99.2 Release Notes


What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The GSM BSSMAP dissector could crash. Versions affected: 0.10.11 to 0.99.0. CVE-2006-3627

Ilja van Sprundel discovered the following vulnerabilities:

  • The ANSI MAP dissector was vulnerable to a format string overflow. Versions affected: 0.10.0 to 0.99.0. CVE-2006-3628

  • The Checkpoint FW-1 dissector was vulnerable to a format string overflow. Versions affected: 0.10.10 to 0.99.0. CVE-2006-3628

  • The MQ dissector was vulnerable to a format string overflow. Versions affected: 0.10.4 to 0.99.0. CVE-2006-3628

  • The XML dissector was vulnerable to a format string overflow. Versions affected: 0.10.13 to 0.99.0. CVE-2006-3628

  • The MOUNT dissector could attempt to allocate large amounts of memory. Versions affected: 0.9.4 to 0.99.0. CVE-2006-3629

  • The NCP NMAS and NDPS dissectors were susceptible to off-by-one errors. Versions affected: 0.9.7 to 0.99.0. CVE-2006-3630

  • The NTP dissector was vulnerable to a format string overflow. Versions affected: 0.10.13 to 0.99.0. CVE-2006-3628

  • The SSH dissector was vulnerable to an infinite loop. Versions affected: 0.9.10 to 0.99.0. CVE-2006-3631

  • The NFS dissector may have been susceptible to a buffer overflow. Versions affected: 0.8.16 to 0.99.0. CVE-2006-3632

Ilja found several other problems that could result in mis-dissected packets. They have been fixed.

The following non-security-related bugs have been fixed:

  • The "Follow TCP Stream" dialog now wraps long lines.

  • Wireshark no longer aborts under Windows 95, 98, or ME.

    Warning

    Windows 95, 98, and ME do not support memory protection features that are required in order to run Wireshark securely. It is strongly recommended that you not run Wireshark on these platforms.

  • File exports under Windows work again.

  • Problems with ring buffers under 0.99.0 have been fixed.

  • It was possible for Wireshark to crash when closing the capture information dialog. This has been fixed.

  • It was possible for Wireshark to crash when using the "Find" feature. This has been fixed.

  • Wireshark could crash if an interface was removed while viewing the interface list. This has been fixed.

New and Updated Features

The following features are new (or have been significantly updated) since the last release:

  • Multicast stream analysis (Statistics->Multicast Streams) has been added. It lets you determine burst size, output buffer size, and losses for multicast data.

  • TCP reassembly has been updated and improved.

  • Expert analysis has been updated and improved.

  • SCSI service response time statistics have been added.

  • You can now find next/previous marked frames.

  • The LDAP and SNMP dissectors have been completely rewriten.

  • The SMB dissector now tracks filenames and share names.

  • The Windows file dialogs have been improved.

  • If Wireshark is linked with the PortAudio library, you can now listen to RTP streams. (PortAudio didn't make the cut in the current Windows installer. It will be included with 0.99.3.)

New Protocol Support

Bluetooth HCI (ACL, Command, Event, L2CAP, H4, RFCOMM, SCO, SDP), Cisco WIDS, DTLS, Ether-S-Bus, OMA ULP, PN-MRP, PN-MRRT, REXEC (yes, that REXEC), RRLP, RSerPool (CalcAppProtocol, ComponentStatusProtocol, FractalGeneratorProtocol, PingPongProtocol), Telkonet, TiVoConnect Discovery Protocol

Updated Protocol Support

AIM, AMR, ASAP, BER, BGP, BSSAP, BVLC, CAMEL, CMS, COPS, DAP, DCERPC (NETLOGON, PNIO), DCOM, DIAMETER, DVMRP, EAPOL, ENRP, ESP, FC, FIX, Frame, GPRS LLC, GSM A, GSM MAP, GSSAPI, GTP, H.225, H.235, H.245, H.248, H.263, H.450, H1, ICMP, IEEE 802.11, INAP, IP, IPMI, iSCSI, ISUP, JXTA, Kerberos, LDAP, LLDP, MEGACO, MySQL, NBAP, NDMP, NFS, OICQ, PER, PGM, PN-PTCP, Q.931, RANAP, RNSAP, ROS, RTCP, S4406, S5066, SCCP, SCSI, SDP, SIP, SMB (PIPE, SMB), SNMP, SSL, SUA, TCP, TDS, TELNET, TIPC, UMA, X.420, X.509 (af, ce, if), XML

New and Updated Capture File Support

Wireshark can now read BER-encoded files. Catapult DCT2000 support has been updated.

Getting Wireshark

Microsoft Windows

Download wireshark-setup-0.99.2.exe from the Windows download area on the main web site. Double-click the installer executable.

Source Code

Download wireshark-0.99.2.tar.gz from the main download area on the web site. Extract the package using tar and gzip. Run "configure ; make ; make install".

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

Known Problems

On Windows systems the packet list scroll bar can sometimes disappear or become unusable. Until the problem is fixed you can work around it by resizing the packet list or the main window. (Bug #220)

The Filter button is nonfunctional in the file dialogs under Windows.

Trying to save flow data may crash Wireshark. (Bug #396)

It may not be possible to re-order coloring rules under Windows. (Bug #699)

Getting Help

Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.

Commercial support, training, and development services are available from CACE Technologies.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Packet Analysis Made Easy

    SteelCentral Packet Analyzer Personal Edition graphs
  • Visually rich, powerful LAN analyzer
  • Quickly access very large pcap files
  • Professional, customizable reports
  • Advanced triggers and alerts
  • Fully integrated with Wireshark

Try Packet Analyzer PE FREE for 10 days