Table of Contents
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318)
Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1. CVE-2010-4300
The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
Versions affected: 1.4.0 to 1.4.1. CVE-2010-4301
The following bugs have been fixed:
File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the end of the line" if click on last PDU. (Bug 5285)
GTK-ERROR can occur in packets when there are multiple Netbios/SMB headers in a single frame. (Bug 5289)
"Tshark -G values" crashes on Windows. (Bug 5296)
PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
[lua] Dumper:close() will cause a segfault due later GC of the Dumper. (Bug 5320)
Network Instruments' trace files sometimes cannot be read with an error message of "Observer: bad record: Invalid magic number". (Bug 5330)
IO Graph Time of Day times incorrect for filtered data. (Bug 5340)
Wireshark tools do not detect and read some ERF files correctly. (Bug 5344)
"editcap -h" sends some lines to stderr and others to stdout. (Bug 5353)
IP Timestamp Option: "flag=3" variant (prespecified) not displayed correctly. (Bug 5357)
AgentX PDU Header 'hex field highlighting' incorrectly spans extra bytes. (Bug 5364)
AgentX dissector cannot handle null OID in Open-PDU. (Bug 5368)
Crash with "Gtk-ERROR **: Byte index 6 is off the end of the line". (Bug 5374)
ANCP Portmanagment TLV wrong decoded. (Bug 5388)
Crash during startup because of Python SyntaxError in wspy_libws.py. (Bug 5389)
AgentX, ANCP, DIAMETER, HTTP, IP, LDSS, MIME, NBNS, PROFINET, SIP, TCP, Telnet, ZigBee
Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.
Wireshark might make your system disassociate from a wireless network on OS X 10.4. (Bug 1315)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren't applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)
The 64-bit Windows installer does not ship with the same libraries as the 32-bit installer. (Bug 3610)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Summary pane selected frame highlighting not maintained. (Bug 4445)
Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.
Training is available from Wireshark University.
A complete FAQ is available on the Wireshark web site.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.