Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed.
The DEC DNA Routing Protocol dissector could crash. (Bug 10724) CVE-2015-0562
The SMTP dissector could crash. (Bug 10823) CVE-2015-0563
Wireshark could crash while decypting TLS/SSL sessions. Discovered by Noam Rathaus. CVE-2015-0564
The following bugs have been fixed:
- WebSocket dissector: empty payload causes DISSECTOR_ASSERT_NOT_REACHED. (Bug 9332)
- SMTP decoder can dump binary data to terminal in TShark. (Bug 10536)
- IPv6 Vendor Specific Mobility Option includes the next mobility option type. (Bug 10618)
- Save PCAP to PCAPng with commentary fails. (Bug 10656)
- Multipath TCP: checksum displayed when it’s not there. (Bug 10692)
- LTE APN-AMBR is decoded incorrectly. (Bug 10699)
- IPv6 Experimental mobility header data is interpreted as options. (Bug 10703)
- Buildbot crash output: fuzz-2014-11-15-7777.pcap. (Bug 10710)
- Buildbot crash output: fuzz-2014-11-18-30809.pcap. (Bug 10716)
- Buildbot crash output: fuzz-2014-11-22-10244.pcap. (Bug 10724)
- Decoding of longitude value in LCSAP (3GPP TS 29.171) is incorrect. (Bug 10767)
- Crash when enabling FCoIB manual settings without filling address field. (Bug 10796)
- RSVP RECORD_ROUTE IPv4 Subobject Flags field incorrect decoding. (Bug 10799)
- Wireshark Lua engine can’t access protocol field type. (Bug 10801)
- Lua: getting fieldinfo.value for FT_NONE causes assert. (Bug 10815)
- Buildbot crash output: fuzz-2015-01-01-29029.pcap. (Bug 10823)
DEC DNA, DECT, FCoIB, Infiniband, IrDA, LCSAP, MIPv6, NAS EPS, RDM, RSVP, and TCP
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)
Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.
Packet Analysis Made Easy
- Visually rich, powerful LAN analyzer
- Quickly access very large pcap files
- Professional, customizable reports
- Advanced triggers and alerts
- Fully integrated with Wireshark
