Wireshark 0.99.4 Release Notes


What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The HTTP dissector could crash. (Bugs 1050 and 1079)

    Versions affected: 0.99.3.

    CVE-2006-5468

  • The LDAP dissector (and possibly others) could crash. (Bug 1054)

    Versions affected: 0.99.3.

    CVE-2006-5740

  • The XOT dissector could attempt to allocate a large amount of memory and crash. (Bug 1133)

    Versions affected: 0.9.8 to 0.99.3.

    CVE-2006-4805

  • The WBXML dissector could crash. (Bug 1134)

    Versions affected: 0.10.11 to 0.99.3.

    CVE-2006-5469

  • The MIME Multipart dissector was susceptible to an off-by-one error. (Bug 1135)

    Versions affected: 0.10.1 to 0.99.3.

    CVE-2006-4574

  • If AirPcap support was enabled, parsing a WEP key could sometimes cause a crash.

    Versions affected: 0.99.3.

The following bugs have been fixed:

  • The file set dialog could grow excessively large. (Bug 331)

  • Trying to save flow data may crash Wireshark. (Bug 396)

  • It may not be possible to re-order coloring rules under Windows. (Bug 699)

  • Printing each packet to a new page didn't work under Windows. (Bug 707)

  • The personal hosts configuration file wasn't being parsed correctly. (Bug 795)

  • "Save as" to an existing file wasn't allowed. (Bug 927)

  • The SNMP dissector was not handling 64-bit counters properly. (Bug 1047)

  • Wireshark and TShark would fail to start under Windows while trying to acquire a crypto context. (Bug 1096)

  • The HTTP content-length field was a string instead of an integer. (Bug 1109)

  • Invalid characters could show up in PDML output. (Bug 1110)

New and Updated Features

The following features are new (or have been significantly updated) since the last release:

  • AirPcap, support (which provides raw mode capture under Windows) has been enhanced to allow capturing on multiple AirPcap adapters simultaneously using the Multi-Channel Aggregator.

  • VoIP call playback has been enhanced. If Wireshark is linked with the PortAudio library, you can play back G.711 conversations. This feature is present in the standard Windows installer.

  • The capture interface dialog display has been enhanced.

  • The "Save" button has been removed from the "Ok" / "Apply" / "Cancel" button group in the following dialogs:

    • Edit/Preferences

    • View/Coloring Rules

    • Capture/Capture Filters

    • Analyze/Display Filters

    • Analyze/Enabled Protocols

    If you're fond of the "Save" button it can be resurrected in the User Interface preferences.

  • Reading from stdin ("-i -") now works under Windows.

  • Expert analysis has been improved.

  • Wireshark now supports USB as a media type. If you're running a Linux distribution with version 2.6.11 of the kernel or greater and you have the usbmon module enabled and you have a recent CVS version of libpcap (post-0.9.5) installed you can also do live captures. More details can be found at the USB capture setup page on the wiki.

  • The number of WEP keys that the user can specify in the IEEE 802.11 protocol preferences has been increased from 4 to 64.

New Protocol Support

Enea LINX, Ethernet Powerlink (v1 and v2), H.248 Q.1950 Annex A, Linux pktgen, MP2T, NEWMAIL, PNG, SCSI OSD, UDLD, UMTS FP, USB, WLCCP, WZCSVC

Updated Protocol Support

3Com NJACK, 802.11, ACSE, AH, ALCAP, ANSI MAP, ATM, ASN.1, BACapp, BER, BGP, BSSAP, Camel, Catapult DCT2000, CFlow, CLNP, Common Windows networking, DAP, DCERPC (DCERPC, ATSVC, DFS, EFS, EPM, EVENTLOG, INITSHUTDOWN, MAPI, NT, PIPE, SAMR, SPOOLSS, SRVSVC, SVCCTL, WINREG), DCOM (DCOM, CBA-ACCO, SYSACT), DIAMETER, DISP, DNS, DOP, DSP, ESP, Ethernet, FC, FCP, GSM A, GSM MAP, GSM SMS, GSSAPI, GTP, H.225, H.245, H.248, HTTP, ICQ, IKE, ISAKMP, iSCSI, ISUP, IUUP, Kerberos 4, LAP-D, LDAP, LLC, LogotypeCertExtn, MEGACO, MIME Multipart, MIP6, MMS, MSRP, MTP3, NCP, NDMP, NDPS, NFS, NTP, OSI, PER, PN-MRP, PPP, 19154Q.931, RADIUS, Redback, RPC, RTCP, RTP, SCCP, SCSI, SDP, SIP, SMB, SMRSE, SNMP, SSL, STANAG 5066, STP, TCAP, TCP, TFTP, TIPC, UDP, UMA, VLAN, VNC, VRRP, X.509ce X11, YMSG, WTLS

Removed Protocols

The CISCOWL dissector has been superseded by WLCCP.

New and Updated Capture File Support

Catapult DCT2000, EyeSDN, iSeries

Getting Wireshark

Wireshark source code and installation packages are available from the download page on the main web site.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

Known Problems

On Windows systems the packet list scroll bar can sometimes disappear or become unusable. Until the problem is fixed you can work around it by resizing the packet list or the main window. (Bug 220)

The Filter button is nonfunctional in the file dialogs under Windows. (Bug 942)

Getting Help

Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.

Commercial support, training, and development services are available from CACE Technologies.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Packet Analysis Made Easy

    SteelCentral Packet Analyzer Personal Edition graphs
  • Visually rich, powerful LAN analyzer
  • Quickly access very large pcap files
  • Professional, customizable reports
  • Advanced triggers and alerts
  • Fully integrated with Wireshark

Try Packet Analyzer PE FREE for 10 days