Wireshark 2.4.6 Release Notes

Table of Contents

1. What is Wireshark?

2. What’s New

2.1. Bug Fixes
2.2. New and Updated Features
2.3. New Protocol Support
2.4. Updated Protocol Support
2.5. New and Updated Capture File Support

3. Getting Wireshark

3.1. Vendor-supplied Packages

4. File Locations

5. Known Problems

6. Getting Help

7. Frequently Asked Questions

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed:

wnpa-sec-2018-15
The MP4 dissector could crash. (Bug 13777)
wnpa-sec-2018-16
The ADB dissector could crash. (Bug 14460)
wnpa-sec-2018-17
The IEEE 802.15.4 dissector could crash. (Bug 14468)
wnpa-sec-2018-18
The NBAP dissector could crash. (Bug 14471)
wnpa-sec-2018-19
The VLAN dissector could crash. (Bug 14469)
wnpa-sec-2018-20
The LWAPP dissector could crash. (Bug 14467)
wnpa-sec-2018-21
The TCP dissector could crash. (Bug 14472)
wnpa-sec-2018-22
The CQL dissector could to into an infinite loop. (Bug 14530)
wnpa-sec-2018-23
The Kerberos dissector could crash. (Bug 14576)
wnpa-sec-2018-24
Multiple dissectors and other modules could leak memory. The TN3270 (Bug 14480), ISUP (Bug 14481), LAPD (Bug 14482), SMB2 (Bug 14483), GIOP (Bug 14484), ASN.1 (Bug 14485), MIME multipart (Bug 14486), H.223 (Bug 14487), and PCP (Bug 14488) dissectors were susceptible along with Wireshark and TShark (Bug 14489).

The following bugs have been fixed:

TRANSUM doesn’t account for DNS retries in the Request Spread. (Bug 14210)
BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not able to decode the packet correctly. (Bug 14241)
Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes in later releases. (Bug 14293)
PEEKREMOTE dissector lacks 80mhz support, short preamble support and spatial streams encoding. (Bug 14452)
Statistics > UDP Multicast Streams > [Copy|Save as..] is broken. (Bug 14477)
Typo error in enumeration value of speech version identifier. (Bug 14528)
In "Unsaved packets" dialog one can NOT use keyboard to choose "Continue without Saving". (Bug 14531)
WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. (Bug 14538)

Buildbot crash output: fuzz-2018-03-19-19114.pcap. (Bug 14544)
alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion. (Bug 14552)
HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. (Bug 14554)
Makefile.in uses non-portable "install" command. (Bug 14555)
HP-UX HP ANSI C doesn’t support assigning {} to a variable in epan/app_mem_usage.c. (Bug 14556)
PPP in SSTP, HDLC framing not parsed properly. (Bug 14559)
Using the DIAMETER dictionary causes the standard input to be closed when the dictionary is read. (Bug 14577)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

6LoWPAN, ADB, BGP, CQL, DNS, Ethernet, GIOP, GSM BSSMAP, H.223, IEEE 802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD, LWAPP, MIME multipart, MP4, NBAP, NORDIC_BLE, PCP, PEEKREMOTE, S1AP, SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP

2.5. New and Updated Capture File Support

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Packet Analysis Made Easy

SteelCentral Packet Analyzer Personal Edition graphs

Visually rich, powerful LAN analyzer
Quickly access very large pcap files
Professional, customizable reports
Advanced triggers and alerts
Fully integrated with Wireshark

Try Packet Analyzer PE FREE for 10 days