Wireshark 0.99.5 released

Gerald Combs, the creator of Ethereal®, has initiated the Wireshark network protocol analyzer project, a successor to Ethereal®. The Ethereal® core developer team has moved with Gerald to the Wireshark project

What’s New
Bug Fixes
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The TCP dissector could hang or crash while reassembling HTTP packets. (Bug 1200) Versions affected: 0.99.2 to 0.99.4
  • The HTTP dissector could crash.
    Versions affected: 0.99.3 to 0.99.4
  • On some systems, the IEEE 802.11 dissector could crash.
    Versions affected: 0.10.14 to 0.99.4
  • On some systems, the LLT dissector could crash.
    Versions affected: 0.99.3 to 0.99.4

The following bugs have been fixed:

  • On Windows systems the packet list scroll bar could sometimes disappear or become unusable. (Bug 220)
  • The end of HTTP chunked encoding wasn’t being displayed. (Bug 646)
  • The Follow TCP Stream window could omit characters. (Bug 1043)
  • Opening a flow graph could crash Wireshark. (Bug 1117)
  • Follow TCP Stream would sometimes get the direction wrong. (Bug 1138)
  • The foreground text in the coloring rules editor was always black. (Bug 1164)
  • The CSV export format was incorrect. (Bug 1173)
  • On some Windows systems Wireshark could take a long time to start up.
  • Malformed UDLD packets could cause an exception.
  • The ISUP statistics report could overflow a buffer and crash when displaying IPv6 addresses.

New and Updated Features
The following features are new (or have been significantly updated) since the last release:

  • We are now offering Wireshark as a U3 package for Windows. U3 packages are suitable for using on USB drives and CD-ROMs. It’s still experimental, but you’re welcome to try it out and report any problems or successes.
  • Decryption support for WPA/WPA2 and SNMPv3 has been added. The TDS / MS SQL dissector now de-obfuscates passwords.
  • 64-bit file handling has been improved.
  • The Find function now selects the corresponding packet detail item. Find functionality has been added to the TCP and SSL stream dialogs.
  • Main window keyboard navigation has been improved.
  • Windows file dialogs now show the "places" bar (Desktop, My Documents, My Computer, My Network Places, etc). File dialogs now default to "My Documents" in accordance with Microsoft’s HIG.
  • AirPcap support (which provides raw mode capture under Windows) has been enhanced to allow capturing on multiple AirPcap adapters simultaneously.
  • You can no longer install Wireshark on Windows 95, 98, or ME. (OK, so it’s not a feature per se, but it’s an important change). The last version known to work on these systems is Ethereal 0.99.0.
  • ASN.1 BER-encoded files can now be dissected according to a user-specified syntax.

Post scriptum


Related Articles

Data Sniffer
WireShark - Ethereal