Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
DLL hijacking vulnerability. CVE-2016-2521
DNP dissector infinite loop. (Bug 11938) CVE-2016-2523
RSL dissector crash. (Bug 11829) CVE-2016-2530 CVE-2016-2531
LLRP dissector crash. (Bug 12048) CVE-2016-2532
GSM A-bis OML dissector crash. (Bug 11825)
ASN.1 BER dissector crash. (Bug 12106)
ASN.1 BER dissector crash. (Bug 11822)
The following bugs have been fixed:
- Questionable calling of ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
- Improper RPC reassembly (Bug 11913)
- GTPv1 Dual Stack with one static and one Dynamic IP. (Bug 11945)
- Failed to parse M3AP IE (TNL information). (Bug 12070)
- Wrong interpretation of Instance ID value in OSPFv3 packet. (Bug 12072)
- MP2T Dissector does parse RTP properly in 2.0.1. (Bug 12099)
- editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (Bug 12116)
Windows installers and PortableApps® packages are now dual signed using SHA-1 and SHA-256 in order to comply with Microsoft Authenticode policy. Windows 7 and Windows Server 2008 R2 users should ensure that update 3123479 is installed. Windows Vista and Windows Server 2008 users should ensure that hotfix 2763674 is installed.
ASN.1 BER, BATADV, DNP3, E100, EIGRP, GSM A DTAP, GSM SMS, GTP, HiQnet, InfiniBand, LLRP, M3AP, MP2T, NFS, OSPF, RoHC, RPC, RSL, TRILL, VXLAN, and X.509AF
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.