Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
The SCSI dissector could crash. Versions affected: 0.99.2. CVE-2006-4330
If Wireshark was compiled with ESP decryption support, the IPsec ESP preference parser was susceptible to off-by-one errors. Versions affected: 0.99.2. CVE-2006-4331
The DHCP dissector (and possibly others) in the Windows version of Wireshark could trigger a bug in Glib and crash. Versions affected: 0.10.13 - 0.99.2. CVE-2006-4332
If the SSCOP dissector has a port range configured and the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. Versions affected: 0.7.9 - 0.99.2. CVE-2006-4333
The following bugs have been fixed:
The VOIP call analysis feature could cause an assertion.
The RTP analysis feature could freeze for an extended period.
Selecting "Apply as Filter" wouldn't work for some tree items.
The following features are new (or have been significantly updated) since the last release:
ESP, Kerberos, and SSL decryption are now supported in the Windows installer. (As as result, Wireshark is now subject to United States export controls.)
The packet list context menu now includes a conversation filter.
Wireshark can now generate ACL rules for several popular firewall products.
Wireshark now supports AirPcap, including raw 802.11 captures under Windows.
Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control, Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport
All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637, AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS, EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER, DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP, Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT, Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny, SMB, SSL, TCP, text/media, Time, XML
Wireshark source code and installation packages are available from the download page on the main web site.
Most Linux and Unix vendors supply their own Wireshark packages. You can install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
On Windows systems the packet list scroll bar can sometimes disappear or become unusable. Until the problem is fixed you can work around it by resizing the packet list or the main window. (Bug 220)
The Bug 942)
button is nonfunctional in the file dialogs under Windows. (Trying to save flow data may crash Wireshark. (Bug 396)
It may not be possible to re-order coloring rules under Windows. (Bug 699)
Multiple tap interfaces may cause a crash under FreeBSD. (Bug 757)
Wireshark may crash while viewing TCP streams. (Bug 852)
Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Commercial support, training, and development services are available from CACE Technologies.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.