Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed.
The following bugs have been fixed:
- DCE RPC "Decode As" capability is missing. (Bug 10368)
- Mergecap turns nanosecond-resolution time stamps into microsecond-resolution time stamps. (Bug 11202)
- The Aruba ERM Type 1 Dissector inconsistent with Type 0 and Type 3. (Bug 11204)
- Parse CFM Type Test signal (TST) without CRC. (Bug 11286)
- Tshark: output format of rpc.xid changed from Hex to Integer. (Bug 11292)
- Not stop -a filecount <COUNT>. (Bug 11305)
- lldp.ieee.802_3.mdi_power_class display is wrong. (Bug 11330)
- Powerlink (EPL) SDO packages interpreted as frame dublication. (Bug 11341)
- Mysql dissector adds packet content to INFO column without scrubbing it. (Bug 11344)
- PIM null-register according to rfc4601 is incorrectly parsed. (Bug 11354)
- Wireshark Lua dissectors: both expand together. (Bug 11356)
- Link-type not retrieved for rpcap interfaces configured with authentication. (Bug 11366)
- SSL Decryption (RSA private key with p smaller than q) failing on the Windows 7 buildbot. (Bug 11372)
- [gtpv2]PCSCF ip in the Protocol configuration of update bearer request is not getting populated. (Bug 11378)
- wpan.src64 (and dst64) filter always gives "is not a valid EUI64 Address" error. (Bug 11380)
- Websphere MQ Work Information Header incorrectly showing "Reserved". (Bug 11384)
- DUP ACK Counter resetting after Window Update. (Bug 11397)
- CSV values missing when using tshark -2 option. (Bug 11401)
- Ethernet PAUSE frames are decoded incorrectly as PFC. (Bug 11403)
- SOCKS decoder giving strange values for seemingly normal SOCKS connection. (Bug 11417)
- 802.11ad decoding error. (Bug 11419)
Aruba ERM, CFM, EPL, GSM A-bis OML, GSM MAP, GSM RLC/MAC, GTPv2, IEEE 802.11, LLDP, LTE RRC, MAC Control, MQ, MySQL, OpcUa, OpenFlow, Radiotap, SCCP, SOCKS, TCP, WaveAgent, WCCP, and ZigBee
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.