История изменений программы Wireshark

Изменения в программе Wireshark 4.0.8 (23.08.2023):

• Исправлены уязвимости
• Исправлены ошибки
• Обновлена поддержка протоколов: BT SDP, CBOR, CFM, CP2179, CQL, DHCPFO, DICOM, F1AP, GSM DTAP, IEEE 802.11, IPv4, NAS-5GS, PFCP, PKT CCC, QUIC, RTP, TFTP, WebSocket, and XnAP

Изменения в программе Wireshark 3.6.16 (23.08.2023):

• Исправлены уязвимости
• Исправлены ошибки
• Обновлена поддержка протоколов: BT SDP, CP2179, CQL, DHCPFO, F1AP, GSM DTAP, IEEE 802.11, NAS-5GS, PFCP, and TFTP

Изменения в программе Wireshark 4.0.6 (24.05.2023):

• Исправлены уязвимости
• Исправлены ошибки
• Обновлена поддержка протоколов: batadv, BFCP, CommunityID, COSE, GDSDB, H.265, HTTP, ILP, ISAKMP, MSMMS, NNTP, NR RRC, NTLMSSP, QUIC, RTPS, SPNEGO, Synphasor, TCP, UDS, ULP, USB HID и XRA
• Новая и обновленная поддержка файлов захвата: BLF, Candump, NetScaler и VMS TCPIPtrace

Изменения в программе Wireshark 3.6.14 (24.05.2023):

• Исправлены уязвимости
• Исправлены ошибки
• Обновлена поддержка протоколов: batadv, BFCP, CommunityID, COSE, GDSDB, ILP, ISAKMP, MSMMS, NTLMSSP, QUIC, SPNEGO, Synphasor, TCP, UDS, ULP, USB HID и XRA
• Новая и обновленная поддержка файлов захвата: BLF, Candump, NetScaler и VMS TCPIPtrace

Изменения в программе Wireshark 4.0.5 (12.04.2023):

• Исправлены следующие уязвимости:
  • Сбой диссектора RPCoRDMA.
  • Большой цикл диссектора LISP.
  • Сбой диссектора GQUIC.
• Исправлены следующие ошибки:
  • Wireshark ITS Dissector RTCMEM неверный селектор версии протокола 2 — следует использовать 1.
  • Wireshark рассматривает букву E в SSRC как экспоненциальное представление числа.
  • Парсер VNC RRE пропускает данные.
  • sshdump coredump, когда --remote-interface оставлен пустым.
  • Выходные данные о сбое задания Fuzz: fuzz-2023-03-17-7298.pcap.
  • Выходные данные о сбое задания Fuzz: fuzz-2023-03-27-7564.pcap.
  • Поддержка RFC8925 (опция DHCP 108).
  • Рассекатель DIS показывает неверное состояние в столбце информации о списке пакетов.
  • Анализ RTP показывает неверную ошибку временной метки при переносе временной метки.
  • Сбой клавиши звездочки (*) в диалоговом окне «Конечная точка/диалог».
  • Сигнал проигрывателя RTP теперь лучше синхронизируется со звуком.
• Обновлена поддержка протоколов: DHCP, DIS, DNS, ERF, FF, genl, GQUIC, GSM A-bis OML, HL7, IEEE 802.11, ITS, LAPD, netfilter, netlink-route, netlink-sock_diag, nl80211, RLC, RPCoRDMA, RTPS, SCTP, SMB , UDS, VNC и WCP

Изменения в программе Wireshark 4.0.4 (02.03.2023):

• Исправлены следующие уязвимости:
  • Сбой диссектора ISO 15765 и ISO 10681.
• Исправлены следующие ошибки:
  • Символы UTF-8 в конечном итоге экранируются в выводе PSML.
  • Экспорт отфильтрованных отображаемых пакетов не сохраняет фрагменты IP-адресов фрагментов SCTP, необходимых для повторной сборки отображаемого кадра.
  • Рассечение DICOM в повторно собранном PDV идет не так, как надо.
  • «Экспорт объектов — IMF» создает неправильный файл, повторная сборка TCP завершается с ошибкой при повторных передачах с дополнительными данными.
  • Интеллектуальная полоса прокрутки или мини-карта непредсказуемы при поиске и прокрутке.
  • Если вы отметите (или снимите отметку) текущий выбранный кадр, в сведениях о пакете все равно будет указано, что он не отмечен (или отмечен)
  • Пакет с нарушением порядка неправильно обнаружен, так как повторная передача нарушает десегментацию потока TCP.
  • Столбец сортировки потери пакетов сортируется неправильно.
  • Некоторые пакеты HTTPS не могут быть расшифрованы.
  • Регресс декодирования SIP TCP от Wireshark 1.99.0 до 3.6.8.
  • Комментарии кадра не сохраняются при использовании фильтра для записи нового pcap из tshark.
  • ChmodBPF не работает на macOS Ventura 13.1.
  • Графический интерфейс Wireshark и диспетчер окон зависают после настройки фильтра отображения.
  • Ошибка диссектора, протокол H.261.
  • Эвристика расширения файла чувствительна к регистру.
  • Символические ссылки на пакеты в macOS dmg нельзя установить двойным щелчком для установки в macOS 13.2.
  • Потенциальная утечка памяти в tshark.c.
  • Выходные данные о сбое задания Fuzz: fuzz-2023-02-05-7303.pcap.
  • f5fileinfo: Отсутствуют описания аппаратных платформ.
  • Строки в интеллектуальной полосе прокрутки сдвинуты на одну.
  • Wireshark аварийно завершает работу из-за недопустимого пакета UDS в контексте Lua.
  • Диссектор TECMP показывает неправильное напряжение в данных поставщика.
  • UDS: имена подфункций RDTCI 0x0b …​ 0x0e неверны.
• Обновлена поддержка протоколов: ASTERIX, BEEP, BGP, BPv6, CoAP, EAP, GNW, GSM A-bis P-GSL, iSCSI, ISUP, LwM2M-TLV, MBIM, NBAP, NFS, OBD-II, OPUS, ProtoBuf, RLC, ROHC, RTPS, Telnet, TIPC, and USB

Изменения в программе Wireshark 4.0.3 (18.01.2023):

• Исправлены следующие уязвимости:
  • Сбой диссектора ISO 15765 и ISO 10681
• Исправлены следующие ошибки:
  • После изменения правил окраски правило окраски, примененное к первому пакету, отражает ранее действовавшие правила окраски.
  • Файл справки не отображается для интерфейсов extcap.
  • Для USB-трафика на интерфейсе XHC20 местом назначения всегда является Host.
  • Wireshark Expert Info — невозможно снять флажок ограничения отображения фильтра.
  • Неправильное преобразование указателя в get_data_source_tvb_by_name()
  • Неверное количество битов пропущено при декодировании пустой строки UTF8String в пакете UPER.
  • Сбой при анализе пакетов protobuf.
  • Неинициализированные значения в различных диссекторах.
  • Порядок строк (страна/город GeoIP) не работает в конечных точках.
  • Wireshark аварийно завершает работу из-за ошибки утверждения при отклонении минуса в фильтре.
  • График ввода-вывода: добавление нового графика работает только до 10-го графика.
  • Выходные данные о сбое задания Fuzz: fuzz-2022-12-30-11007.pcap.
  • Q.850 - ошибка в метке причины 0x7F.
  • Неинициализированные значения в диссекторах CoAP и RTPS.
  • Скриншоты в файле метаинформации AppStream.xml недоступны.

  Изменения в программе Wireshark 3.6.6 (15.06.2022):

  Обновлена поддержка протоколов: ASTERIX, BEEP, BGP, BPv6, CoAP, EAP, GNW, GSM A-bis P-GSL, iSCSI, ISUP, LwM2M-TLV, MBIM, NBAP, NFS, OBD-II, OPUS, ProtoBuf, RLC, ROHC, RTPS, Telnet, TIPC, and USB

  Изменения в программе Wireshark 3.6.6 (15.06.2022):

  • Установщики Windows теперь поставляются с Npcap 1.60. Ранее они поставлялись с Npcap 1.55.
  • Исправлены следующие ошибки:
    • TLS: расшифровка RSA завершается с ошибкой с расширенным главным секретом и повторным согласованием.
    • Файл «dfilter» в Windows добавляет возврат каретки и требует перевода строки Проблема.
    • Комплектная версия Npcap нуждается в обновлении до версии 1.60 для проблемы совместимости с Windows 11.
    • Кнопка «Обзор» в Prefs/Name Resolution/MaxMind приводит к сбою Wireshark в macOS Issue.
    • TFTP: некоторые пакеты не распознаются как пакеты TFTP с 3.6.5 Issue .
  • Обновленная поддержка протоколов: DTLS, F5 Capture Information, F5 Ethernet Trailer, FlexRay, MBIM, TFTP, TLS и ZigBee ZCL
  
  

  Изменения в программе Wireshark 3.6.5 (05.05.2022):

  • Это последняя ветка релиза с поддержкой 32-битной Windows. Обновления больше не будут доступны после 22 мая 2024 года для этой платформы.
  • В этом выпуске исправлена проблема установки в Windows, появившаяся в выпуске 3.6.4.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.6.3 (23.03.2022):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.6.2 (10.02.2022):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.6.1 (29.12.2021):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.4.0 (29.10.2020):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.2.5 (01.07.2020):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.2.3 (09.04.2020):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.2.2 (26.02.2020):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.2.1 (20.09.2019):

  • Исправлены уязвимости.
  • Исправлены ошибки.
  • Обновленная поддержка протоколов
  
  

  Изменения в программе Wireshark 3.0.5 (20.09.2019):

  • Установщики Windows теперь поставляются с Qt 5.12.5. Ранее они поставлялись с Qt 5.12.4.
  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 3.0.4 (11.09.2019):

  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 3.0.3 (22.05.2019):

  • Установщики Windows теперь поставляются с Qt 5.12.4. Ранее они поставлялись с Qt 5.12.3.
  • Установщики Windows теперь поставляются с Npcap 0.996. Ранее они поставлялись с Npcap 0,995.
  • Установщик macOS теперь поставляется с Qt 5.12.4. Ранее он поставлялся с Qt 5.12.1.
  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 3.0.2 (22.05.2019):

  • Установщики Windows теперь поставляются с Qt 5.12.3. Ранее они поставлялись с Qt 5.12.1.
  • Установщики Windows теперь поставляются с Npcap 0.995. Ранее они поставлялись с Npcap 0.992.
  • Пакеты macOS теперь нотариально заверены.
  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 3.0.1 (08.04.2019):

  • Исправлены найденые уязвимости.
  • Исправлены ошибки.
  • Обновлена поддержка протоколов.
  
  

  Изменения в программе Wireshark 2.6.7 (26.02.2019):

  • Исправлены найденые уязвимости.
  • Исправлены ошибки.
  • Обновлена поддержка протоколов.
  • Изменения API.
  
  

  Изменения в программе Wireshark 2.6.6 (08.01.2019):

  • Исправлены ошибки.
  • Обновлена поддержка протоколов.
  
  

  Изменения в программе Wireshark 2.6.5 (28.11.2018):

  • Исправлены ошибки.
  • Обновлена поддержка протоколов.
  
  

  Изменения в программе Wireshark 2.6.4 (11.10.2018):

  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 2.6.3 (29.08.2018):

  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 2.6.1 (22.05.2018):

  • Установщики Windows теперь поставляются с Qt 5.9.5. Ранее они поставлялись с Qt 5.9.4.
  • Обновленная поддержка протоколов.
  • Новая и обновленная поддержка файлов захвата.
  • 3GPP TS 32.423 Trace и Android Logcat.
  • Поддержка новых и обновленных интерфейсов захвата.
  • Исправлены ошибки.
  
  

  Изменения в программе Wireshark 2.2.7:

  • DICOM dissection error. (Bug 13164)
  • Qt: drag & drop of one column header in PacketList moves other columns. (Bug 13183)
  • Can not export captured DICOM objects in version 2.2.5. (Bug 13570)
  • False complain about bad checksum of ICMP extension header. (Bug 13586)
  • LibFuzzer: ISUP dissector bug (isup.number_different_meaning). (Bug 13588)
  • Dissector Bug, protocol BT ATT. (Bug 13590)
  • Wireshark dispalys RRCConnectionReestablishmentRejectRRCConnectionReestablishmentReject in Info column. (Bug 13595)
  • [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type int in packet-ositp.c:551:79. (Bug 13606)
  • [oss-fuzz] UBSAN: shift exponent -77 is negative in packet-netflow.c:7717:23. (Bug 13607)
  • [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type int in packet-sigcomp.c:2128:28. (Bug 13610)
  • [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type guint32 (aka unsigned int) in packet-rtcp.c:917:24. (Bug 13611)
  • [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type guint64 (aka unsigned long) in dwarf.c:42:43. (Bug 13616)
  • [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-xot.c:260:23. (Bug 13618)
  • [oss-fuzz] UBSAN: shift exponent -5 is negative in packet-sigcomp.c:1722:36. (Bug 13619)
  • [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in packet-quakeworld.c:134:5. (Bug 13624)
  • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-netsync.c:467:25. (Bug 13639)
  • [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-sigcomp.c:3857:24. (Bug 13641)
  • [oss-fuzz] ASAN: stack-use-after-return epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field. (Bug 13662)
  • Welcome screen invalid capture filter wihtout WinPcap installed causes runtime error. (Bug 13672)
  • SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY (0x33) command correctly. (Bug 13690)
  • SIP packets with SDP marked as malformed. (Bug 13698)
  • [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8] in packet-ieee80211-radiotap.c:1836:12. (Bug 13713)
  • Crash on "Show packet bytes…" context menu item click. (Bug 13723)
  • DNP3 dissector does not properly decode packed variations with prefixed qualifiers. (Bug 13733)
  
  

  Изменения в программе Wireshark 2.2.6:

  • T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
  • Wireshark gives decoding error during rnsap message dissection(SCCP reassembly). (Bug 3360)
  • Added IEEE 802.15.4-2003 AES-CCM security modes (packet-ieee802154). (Bug 4912)
  • Payload in 2 SCCP DT1 messages in the same frame isn’t (sub)dissected. (Bug 11130)
  • IEEE 802.15.4: an area of Payload IEs is dissected twice. (Bug 13068)
  • Qt UI: Wireshark crash when deleting IO graph string while it’s in editing mode. (Bug 13234)
  • Crash on exit due to an invalid frame data sequence state. (Bug 13433)
  • Access Violation using Lua dissector. (Bug 13457)
  • Some bytes ignored in every packet in NetScaler packet trace when vmnames are included in packet headers. (Bug 13459)
  • VOIP RTP stream Find Reverse button doesn’t work. (Bug 13462)
  • Lua dissector: ProtoField int&42; do not allow FT_HEX or FT_OCT, crash when set to FT_HEX_DEC or FT_DEC_HEX. (Bug 13484)
  • GIOP LocateRequest v1.0 is improperly indicated as "malformed". (Bug 13488)
  • Bug in ZigBee - Zone Status Change Notification. (Bug 13493)
  • Packet exception in packet-ua3g and incomplete strings in packet-noe. (Bug 13502)
  • Wrong BGP capability dissect. (Bug 13521)
  • Endpoint statistics column labels seem incorrect. (Bug 13526)
  • Strange automatic jump in packet details for a certain DNS response packet. (Bug 13533)
  • When a Lua enum or bool preference is changed via context menu, prefs_changed isn’t called with Qt Wireshark. (Bug 13536)
  • IO Graph selects wrong packet or displays "Packet number x isn’t displayed". (Bug 13537)
  • tshark’s -z endpoints,ip ignores optional filter. (Bug 13538)
  • SSL: Handshake type in Info column not always separated by comma. (Bug 13539)
  • libfuzzer: PEEKREMOTE dissector bug. (Bug 13544)
  • libfuzzer: packetBB dissector bug (packetbb.msg.addr.valuecustom). (Bug 13545)
  • libfuzzer: WSP dissector bug (wsp.header.x_wap_tod). (Bug 13546)
  • libfuzzer: MIH dissector bug. (Bug 13547)
  • libfuzzer: DNS dissector bug. (Bug 13548)
  • libfuzzer: WLCCP dissector bug. (Bug 13549)
  • libfuzzer: TAPA dissector bug. (Bug 13553)
  • libfuzzer: lapsat dissector bug. (Bug 13554)
  • libfuzzer: wassp dissector bug. (Bug 13555)
  • Illegal reassembly of GSM SMS packets. (Bug 13572)
  • SSH Dissector uses incorrect length for protocol field (ssh.protocol). (Bug 13574)
  • NBAP malformed packet for short Binding ID. (Bug 13577)
  • libfuzzer: WSP dissector bug (wsp.header.x_up_1.x_up_proxy_tod). (Bug 13579)
  • libfuzzer: asterix dissector bug (asterix.021_230_RA). (Bug 13580)
  • RTPproxy dissector adds multi lines to info column. (Bug 13582)
  
  

  Изменения в программе Wireshark 2.2.5:

  • Display filter textbox loses focus during live capturing. (Bug 11890)
  • Wireshark crashes when saving pcaps, opening pcaps, and exporting specified packets. (Bug 12036)
  • tshark stalls on FreeBSD if androiddump is present. (Bug 13104)
  • UTF-8 characters in packet list column title. (Bug 13342)
  • Recent capture file list should appear immediately on startup. (Bug 13352)
  • editcap segfault if a packet length is shorter than ignore bytes parameter. (Bug 13378)
  • dftest segfault with automated build of 2.2.5. (Bug 13387)
  • UMTS MAC Dissector shows Packet size limited for BCCH payload. (Bug 13392)
  • VS2010 win32 编译失败. (Bug 13398)
  • EAP AKA not being decoded properly. (Bug 13411)
  • Dumpcap crashes during rpcap setup. (Bug 13418)
  • Crash on closing SNMP capture file if snmp credentials are present. (Bug 13420)
  • GPRS-NS message PDU type displayed in octal instead of hexadecimal. (Bug 13428)
  
  

  Изменения в программе Wireshark 2.2.4:

  • TCP reassembly: tcp.reassembled_in is not set in first packet. (Bug 3264)
  • Duplicated Interfaces instances while refreshing. (Bug 11553)
  • Time zone name needs to be converted to UTF-8 on Windows. (Bug 11785)
  • Crash on fast local interface changes. (Bug 12263)
  • Please align columns in tshark’s output. (Bug 12502)
  • Display data rate fields for VHT rates invalid with BCC modulation. (Bug 12859)
  • plugin_if_get_ws_info causes Access Violation if called during rescan. (Bug 12973)
  • SMTP BDAT dissector not reverting to command-code after DATA. (Bug 13030)
  • Wireshark fails to recognize V6 DBS Etherwatch capture files. (Bug 13093)
  • Runtime Error when try to merge .pcap files (Wireshark crashes). (Bug 13175)
  • PPP BCP BPDU size reports not header size, but all data underneath and its header size in UI. (Bug 13188)
  • In-line UDP checksum bytes in 6LoWPAN IPHC are swapped. (Bug 13233)
  • Uninitialized memcmp on data in daintree-sna.c. (Bug 13246)
  • Crash when dissect WDBRPC Version 2 protocol with Dissect unknown program numbers enabled. (Bug 13266)
  • Contents/Resources/bin directory isn’t in the app bundle after installation. (Bug 13270)
  • Regression: IEEE17221 (AVDECC) decoded as IEEE1722 (AVB Transportation Protocol). (Bug 13274)
  • Can’t decode packets captured with OpenBSD enc(4) encapsulating. (Bug 13279)
  • UDLD flags are at other end of octet. (Bug 13280)
  • MS-WSP dissector no longer works since commit 8c2fa5b5cf789e6d0d19cd0dd34479d0203d177a. (Bug 13299)
  • TBCD string decoded wrongly in MAP ATI message. (Bug 13316)
  • Filter Documentation: The tilde (~) operator is not documented. (Bug 13320)
  • VoIP Flow Sequence Causes Application Crash. (Bug 13329)
  
  

  Изменения в программе Wireshark 2.2.3:

  • Saving all exported objects (SMB/SMB2) results in out of physical memory. (Bug 11133)
  • Export HTTP Objects - Single file shows as multiple files in 2.0.2. (Bug 12230)
  • Follow Stream and graph buttons remain greyed out in conversation window. (Bug 12893)
  • Dicom list of tags in element of VR=AT not properly decoded. (Bug 13077)
  • Malformed Packet: BGP Update (withdraw) message. (Bug 13146)
  • Install fail on macOS Sierra (error PKInstallErrorDomain Code=112). (Bug 13152)
  • GTP: "Create PDP Context response" message shows back-off timer as malformed when included in the response. (Bug 13153)
  • ICMP dissector fails to properly detect timestamps. (Bug 13161) RLC misdissection. (Bug 13162)
  • Text2pcap on Windows produces corrupt output when writing the capture file to the standard output. (Bug 13165)
  • HTML escaping of quotes in error message. (Bug 13178)
  • TShark doesn’t respect protocols.display_hidden_proto_items setting. (Bug 13192)
  • RPC/RDMA dissector should exit when frame is not RPC-over-RDMA. (Bug 13195)
  • Some RPC-over-RDMA frames are not recognized as RPC-over-RDMA. (Bug 13196)
  • RPC-over-RDMA frames with chunk lists are "Malformed". (Bug 13197)
  • TShark fails to pass RPC-over-RDMA frames to RPC subdissector. (Bug 13198)
  • Adding a DOF DPS Identity Secret, session Key, or Mode Template causes Wireshark to crash. (Bug 13209)
  • Wireshark shows "MS Video Source Request" in a RTCP packet as "Malformed". (Bug 13212)
  
  

  Изменения в программе Wireshark 2.2.2:

  • TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN true. (Bug 12579)
  • SMPP schedule_delivery_time displayed wrong in Wireshark 2.1.0. (Bug 12632)
  • Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712) dmg for OS X does not install man pages. (Bug 12746)
  • Fails to compile against Heimdal 1.5.3. (Bug 12831)
  • TCP: Next sequence number off by one when sending payload in SYN packet (e.g. TFO). (Bug 12838)
  • Follow TCP Stream shows duplicate stream data. (Bug 12855)
  • Dissection engine falsely asserts that EIGRP packet’s checksum is incorrect. (Bug 12982)
  • IEEE 802.15.4 frames erroneously handed over to ZigBee dissector. (Bug 12984)
  • Capture Filter Bookmark Inactive in Capture Options page. (Bug 12986)
  • CLNP dissector does not parse ER NPDU properly. (Bug 12993)
  • SNMP trap bindings for NON scalar OIDs. (Bug 13013)
  • BGP LS Link Protection Type TLV (1093) decoding. (Bug 13021)
  • Application crash sorting column for tcp.window_size_scalefactor up and down. (Bug 13023)
  • ZigBee Green Power add key during execution. (Bug 13031)
  • Malformed AMPQ packets for session.expected and session.confirmed fields. (Bug 13037)
  • Wireshark 2.2.1 crashes when attempting to merge pcap files. (Bug 13060)
  • [IS-637A] SMS - Teleservice layer parameter -→ IA5 encoded text is not correctly displayed. (Bug 13065)
  
  

  Изменения в программе Wireshark 2.2.1:

  • The Windows installers now ship with Qt 5.6. Previously they shipped with Qt 5.3.
  
  

  Изменения в программе Wireshark 2.2.0:

  • Upgrading to latest version uninstalls Microsoft Visual C++ redistributable. (Bug 12712)
  • Extcap errors not reported back to UI.
  
  

  Изменения в программе Wireshark 2.0.5:

  • T30 FCF byte decoding masks DTC, CIG and NCS. (Bug 1918)
  • TShark crashes with option "-z io,stat,…" in the presence of negative relative packet timestamps. (Bug 9014)
  • Packet size limited during capture msg is repeated in the Info column. (Bug 9826)
  • Wireshark loses windows decorations on second screen when restarting maximized using GNOME. (Bug 11303)
  • Cannot launch GTK+ version of wireshark as a normal user. (Bug 11400)
  • Restart current capture fails with "no interface selected" error when capturing in promiscuous mode. (Bug 11834)
  • Add field completion suggestions when adding a Display filter or Y Field to the IO Graph. (Bug 11899)
  • Wireshark Qt always indicates locale as "C". (Bug 11960)
  • Wireshark crashes every time open Statistics → Conversations | Endpoints. (Bug 12288)
  • Find function within the conversations window does not work. (Bug 12363)
  • Invalid values for USB SET_REQUEST packets. (Bug 12511)
  • Display filter dropdown hides cursor. (Bug 12520)
  • Filter for field name tcp.options.wscale.multiplier cannot exceed 255. (Bug 12525)
  • Ctrl+ shortcuts that are not text-related do not work when focus is on display filter field. (Bug 12533)
  • Closing Statistics window results in black screen. (Bug 12544)
  • OSPF: Incorrect description of N/P-bit in NSSA LSA. (Bug 12555)
  • Inconsistent VHT data rate. (Bug 12558)
  • DCE/RPC malformed error when stub-data is missing but a sub-dissector has been registered. (Bug 12561)
  • Wireshark is marking BGP FlowSpec NLRI as malformed if NLRI length is larger than 239 bytes. (Bug 12568)
  • "Edit Resolved Name" is not saved in current pcapng file. (Bug 12629)
  • MPTCP: MP_JOIN B bit not decoded correctly. (Bug 12635)
  • MPTCP MP_PRIO header with AddrID: incorrect AddrID. (Bug 12641)
  
  

  Изменения в программе Wireshark 2.0.4:

  • Saving pcap capture file with ERF encapsulation creates an invalid pcap file. (Bug 3606)
  • Questionable calling of Ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
  • Wireshark 1.12.0 does not dissect HTTP correctly. (Bug 10335)
  • Don’t copy details of hidden columns. (Bug 11788)
  • RTP audio player crashes. (Bug 12166)
  • Crash when saving RTP audio Telephony→RTP→RTP Streams→Analyze→Save→Audio. (Bug 12211)
  • Edit - preferences - add column field not showing dropdown for choices. (Bug 12321)
  • Using _ws.expert in a filter can cause a crash. (Bug 12335)
  • Crash in SCCP dissector UAT (Qt UI only). (Bug 12364)
  • J1939 frame without data = malformed packet ? (Bug 12366)
  • The stream number in tshark’s "-z follow,tcp," option is 0-origin rather than 1-origin.
  
  

  Изменения в программе Wireshark 2.0.2:

  • HTTP 302 decoded as TCP when "Allow subdissector to reassemble TCP streams" option is enabled. (Bug 9848)
  • Questionable calling of ethernet dissector by encapsulating protocol dissectors. (Bug 9933)
  • [Qt & Legacy & probably TShark too] Delta Time Conversation column is empty. (Bug 11559)
  • extcap: abort when validating capture filter for DLT 147. (Bug 11656)
  • Missing columns in Qt Flow Graph. (Bug 11710) Interface list doesn’t show well when the list is very long. (Bug 11733) Unable to use saved Capture Filters in Qt UI. (Bug 11836) extcap: Capture interface options snaplen, buffer and promiscuous not being used. (Bug 11865) Improper RPC reassembly (Bug 11913) GTPv1 Dual Stack with one static and one Dynamic IP. (Bug 11945) Wireshark 2.0.1 MPLS dissector not decoding payload when control word is present in pseudowire. (Bug 11949) "…using this filter" turns white (not green or red). Plus dropdown arrow does nothing. (Bug 11950) EIGRP field eigrp.ipv4.destination does not show the correct destination. (Bug 11953) tshark -z conv,type[,filter] swapped frame / byte values from / to columns. (Bug 11959) The field name nstrace.tcpdbg.tcpack should be nstrace.tcpdbg.tcprtt. (Bug 11964) 6LoWPAN IPHC traffic class not decompressed correctly. (Bug 11971) Crash with snooping NFS file handles. (Bug 11972) 802.11 dissector fails to decrypt some broadcast messages. (Bug 11973) Wireshark hangs when adding a new profile. (Bug 11979) Issues when closing the application with a running capture without packets. (Bug 11981) New Qt UI lacks ability to step through multiple TCP streams with Analyze > Follow > TCP Stream. (Bug 11987) GTK: plugin_if_goto_frame causes Access Violation if called before capture file is loaded. (Bug 11989) Wireshark 2.0.1 crash on start. (Bug 11992) Wi-Fi 4-way handshake 4/4 is displayed as 2/4. (Bug 11994) ACN: acn.dmx.data has incorrect type. (Bug 11999) editcap packet comment won’t add multiple comments. (Bug 12007) DICOM Sequences no longer able to be expanded. (Bug 12011) Wrong TCP stream when port numbers are reused. (Bug 12022) SSL decryption fails in presence of a Client certificate. (Bug 12042)
  • LUA: TVBs backing a data source is freed too early. (Bug 12050)
  • PIM: pim.group filter have the same name for IPv4 and IPv6. (Bug 12061)
  • Failed to parse M3AP IE (TNL information). (Bug 12070)
  • Wrong interpretation of Instance ID value in OSPFv3 packet. (Bug 12072)
  • MP2T Dissector does parse RTP properly in 2.0.1. (Bug 12099)
  • editcap does not adjust time for frames with absolute timestamp 0 < t < 1 secs. (Bug 12116)
  • Guard Interval is not consistent between Radiotap & wlan_radio. (Bug 12123)
  • Calling dumpcap -i- results in access violation. (Bug 12143)
  • Qt: Friendly Name and Interface Name columns should not be editable. (Bug 12146)
  • PPTP GRE call ID not always decoded. (Bug 12149)
  • Interface list does not show device description anymore. (Bug 12156)
  • Find Packet does not highlight the matching tree item or packet bytes. (Bug 12157)
  • "total block length … is too large" error when opening pcapng file with multiple SHB sections. (Bug 12167)
  • http.request.full_uri is malformed if an HTTP Proxy is used. (Bug 12176)
  • SNMP dissector fails at msgSecurityParameters with long length encoding. (Bug 12181)
  
  

  Изменения в программе Wireshark 2.0.1:

  • Zooming out (Ctrl+-) too far crashes Wireshark.
  • IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly.
  • About → Plugins should be a scrollable.
  • Profile change leaves prior profile residue.
  • Wireshark crashes when using the VoIP player.
  • Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242).
  • Not possible to stop a capture with invalid filter.
  • "No interface selected" when having a valid capture filter.
  • Malformed packet with IPv6 mobility header.
  • Wireshark crashes dissecting Profinet NRT (DCE-RPC) packet.
  • All fields in the packet detail pane of a "new packet" window are expanded by default.
  • Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding.
  • Display filters arranges columns incorrectly.
  • Scrolling and navigating using the trackpad on Mac OS X could be much better.
  • Lua Proto() does not validate arguments.
  • Pointers to deallocated memory when redissecting.
  • Suggestion for re-phrasing the TCP Window Full message.
  • Can’t parse MPEG-2 Transport Streams generated by the Logik L26DIGB21 TV.
  • Qt UI on Windows crashes when changing to next capture file.
  • First displayed frame not updated when changing profile.
  • LDAP decode shows invalid number of results for searchResEntry packets.
  • Crash when escape to Follow TCP → Save.
  • USBPcap prevents mouse and keyboard from working.
  • Y-axis in RTP graph is in microseconds.
  • "Delta time displayed" column in Wireshark doesn’t work well, but Wireshark-gtk does.
  • UDP 12001 SNA Data no longer shown in EBCDIC.
  • Wireshark Portable is not starting (no messages at all).
  • IPv6 RPL Routing Header with length of 8 bytes still reads an address.
  • g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2.
  • Calling plugin_if_goto_frame when there is no file loaded causes a Protection Exception.
  • Qt UI SIGSEGV before main() in initializer for colors_.
  • Unable to add a directory to "GeoIP Database Paths".
  • C++ Run time error when filtering on Expert limit to display filter.
  • Widening the window doesn’t correctly widen the rightmost column.
  • SSL V2 Client Hello no longer dissected in Wireshark 2.0.
  • PacketBB (RFC5444) dissector displays IPv4 addresses incorrectly.
  • SMTP over port 587 shows identical content for fields "Username" and "Password" when not decoding base-64-encoded authentication information.
  • Converting of EUI64 address to string does not take offset into account.
  • CIP segment dissection causes PDML assertion/failure.
  • In Import from Hex Dump, an attempt to enter the timestamp format manually crashes the application.
  • Follow Stream directional selector not readable.
  • Coloring rule custom colors not saved.
  • Total number of streams not correct in Follow TCP Stream dialog.
  • Command line switch -Y for display filter does not work.
  • Creating Debian package doesn’t work.
  • Visual C++ Runtime Library Error "The application has requested the Runtime to terminate it in an unusual way." when you do not wait until Conversations is completely updated before applying "Limit to display filter". (Bug 11900)
  • dpkg-buildpackage relocation R_X86_64_PC32 against symbol.
  • Bits view in Packet Bytes pane is not persistent.
  • ICMP Timestamp days, hours, minutes, seconds is incorrect.
  • MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong.
  
  

  Изменения в программе Wireshark 1.12.8:

  • Last Address field for IPv6 RPL routing header is interpreted incorrectly. (Bug 10560)
  • Comparing two capture files crashes Wireshark when navigating the results. (Bug 11098)
  • 802.11 frame is not correctly dissected if it contains HT Control. (Bug 11351)
  • GVCP bit-fields not updated. (Bug 11442)
  • Tshark crash when specifying ssl.keys_list on CLI. (Bug 11443)
  • pcapng: SPB capture length is incorrectly truncated if IDB snaplen = 0. (Bug 11483)
  • pcapng: NRB IPv4 address is endian swapped but shouldn’t be. (Bug 11484)
  • pcapng: NRB with options causes file read failure. (Bug 11485)
  • pcapng: ISB without if_drop option is shown as max value. (Bug 11489)
  • UNISTIM dissector - Message length not included in offset for "Select Adjustable Rx Volume". (Bug 11497)
  
  

  Изменения в программе Wireshark 1.12.7:

  • DCE RPC "Decode As" capability is missing. (Bug 10368)
  • Mergecap turns nanosecond-resolution time stamps into microsecond-resolution time stamps. (Bug 11202)
  • The Aruba ERM Type 1 Dissector inconsistent with Type 0 and Type 3. (Bug 11204)
  • Parse CFM Type Test signal (TST) without CRC. (Bug 11286)
  • Tshark: output format of rpc.xid changed from Hex to Integer. (Bug 11292)
  • Not stop -a filecount . (Bug 11305)
  • lldp.ieee.802_3.mdi_power_class display is wrong. (Bug 11330)
  • Powerlink (EPL) SDO packages interpreted as frame dublication. (Bug 11341)
  • Mysql dissector adds packet content to INFO column without scrubbing it. (Bug 11344)
  • PIM null-register according to rfc4601 is incorrectly parsed. (Bug 11354)
  • Wireshark Lua dissectors: both expand together. (Bug 11356)
  • Link-type not retrieved for rpcap interfaces configured with authentication. (Bug 11366)
  • SSL Decryption (RSA private key with p smaller than q) failing on the Windows 7 buildbot. (Bug 11372)
  • [gtpv2]PCSCF ip in the Protocol configuration of update bearer request is not getting populated. (Bug 11378)
  • wpan.src64 (and dst64) filter always gives "is not a valid EUI64 Address" error. (Bug 11380)
  • Websphere MQ Work Information Header incorrectly showing "Reserved". (Bug 11384)
  • DUP ACK Counter resetting after Window Update. (Bug 11397)
  • CSV values missing when using tshark -2 option. (Bug 11401)
  • Ethernet PAUSE frames are decoded incorrectly as PFC. (Bug 11403)
  • SOCKS decoder giving strange values for seemingly normal SOCKS connection. (Bug 11417)
  • 802.11ad decoding error. (Bug 11419)
  
  

  Изменения в программе Wireshark 1.12.6:

  • Wireshark 1.12.1 crashes on startup on Mac OS X 10.10 (Yosemite). (Bug 10640)
  • Wireshark does not display X.400 addresses correctly. (Bug 11210)
  • Reproducible crash in "Edit column details" dialog. (Bug 11245)
  • Subnet name resolution doesn’t always work. (Bug 11247)
  • SIP MIME body containing ISUP does not decode properly. (Bug 11249)
  • iSCSI: Read(10): shows incorrect "Data In" & "Response" frame number. (Bug 11250)
  • tshark -z io,stat,1,SUM(ip.len) reports invalid stats, triggers ASAN buffer overrun. (Bug 11262)
  • Port Control Protocol packet dissection decodes R bit incorrectly. (Bug 11278)
  
  

  Изменения в программе Wireshark 1.12.5:

  • Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)
  • EAPOL 4-way handshake information wrong. (Bug 10557)
  • RPC NULL calls incorrectly flagged as malformed. (Bug 10646)
  • Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)
  • Buffer overrun in encryption code. (Bug 10849)
  • Crash when use Telephony / Voip calls. (Bug 10885)
  • ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)
  • ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)
  • Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)
  • Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)
  • Possible infinite loop DoS in ForCES dissector. (Bug 11037)
  • "Decode As…" crashes when a packet dialog is open. (Bug 11043)
  • Interface Identifier incorrectly represented by Wireshark. (Bug 11053)
  • "Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)
  • Annoying popup when trying to capture on bonds. (Bug 11058)
  • Request-response cross-reference in USB URB packets incorrect. (Bug 11072)
  • Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)
  • CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
  • Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
  • packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)
  • Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)
  • Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)
  • Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)
  
  

  Изменения в программе Wireshark 1.12.4:

  • RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630)
  • "Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849)
  • IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006)
  • DNS NXT RR is parsed incorrectly. (Bug 10615)
  • IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
  • IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
  • HTTP chunked response includes data beyond the chunked response. (Bug 10707)
  • DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)
  • Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837)
  • Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)
  • X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)
  • Malformed Packet on rsync-version with length 2. (Bug 10863)
  • ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872)
  • BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873)
  • Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877)
  • "ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879)
  • Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)
  • MEGACO wrong decoding on media port. (Bug 10898)
  • Wrong media format. (Bug 10899)
  • BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)
  • DNS LOC Precision missing units. (Bug 10940)
  • Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)
  • Display Filter Macro unable to edit. (Bug 10957)
  • IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)
  • SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964)
  • Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)
  • NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998)
  
  

  Изменения в программе Wireshark 1.12.3:

  • WebSocket dissector: empty payload causes DISSECTOR_ASSERT_NOT_REACHED. (Bug 9332)
  • Wireshark crashes if Lua heuristic dissector returns true. (Bug 10233)
  • Display MEP ID in decimal in OAM Y.1731 Synthetic Loss Message and Reply PDU. (Bug 10500)
  • TCP Window Size incorrectly reported in Packet List. (Bug 10514)
  • Status bar "creeps" to the left a few pixels every time Wireshark is opened. (Bug 10518)
  • E-LMI Message type. (Bug 10531)
  • SMTP decoder can dump binary data to terminal in TShark. (Bug 10536)
  • PTPoE dissector gets confused by packets that include an FCS. (Bug 10611)
  • IPv6 Vendor Specific Mobility Option includes the next mobility option type. (Bug 10618)
  • Save PCAP to PCAPng with commentary fails. (Bug 10656)
  • Display filter "frame contains bytes [2342]" causes a crash. (Bug 10690)
  • Multipath TCP: checksum displayed when it’s not there. (Bug 10692)
  • LTE APN-AMBR is decoded incorrectly. (Bug 10699)
  • DNS NAPTR RR Replacement Length is incorrect. (Bug 10700)
  • IPv6 Experimental mobility header data is interpreted as options. (Bug 10703)
  • Dissector bug, protocol SPDY: tvbuff.c:610: failed assertion "tvb && tvb→initialized". (Bug 10704)
  • BGP: Incorrect decoding AS numbers when mixed AS size. (Bug 10742)
  • BGP update community - incorrect decoding. (Bug 10746)
  • Setting a 6LoWPAN context generates a Wireshark crash. (Bug 10747)
  • FC is not dissected (protocol UNKNOWN). (Bug 10751)
  • Crash when displaying several times INFO column. (Bug 10755)
  • Decoding of longitude value in LCSAP (3GPP TS 29.171) is incorrect. (Bug 10767)
  • Crash when enabling FCoIB manual settings without filling address field. (Bug 10796)
  • RSVP RECORD_ROUTE IPv4 Subobject Flags field incorrect decoding. (Bug 10799)
  • Wireshark Lua engine can’t access protocol field type. (Bug 10801)
  • Field Analysis of OpenFlow v1.4 OFPT_SET_ASYNC. (Bug 10808)
  • Lua: getting fieldinfo.value for FT_NONE causes assert. (Bug 10815)
  
  

  Изменения в программе Wireshark 1.12.2:

  • Wireshark determine packets of MMS protocol as a packets of T.125 protocol. (Bug 10350)
  • 6LoWPAN Mesh headers not treated as encapsulating address. (Bug 10462)
  • UCP dissector bug of operation 31 - PID 0639 not recognized. (Bug 10463)
  • iSCSI dissector rejects PDUs with "expected data transfer length" > 16M. (Bug 10469)
  • GTPv2: trigging_tree under Trace information has wrong length. (Bug 10470)
  • openflow_v1 OFPT_FEATURES_REPLY parsed incorrectly. (Bug 10493)
  • Capture files from a remote virtual interface on MacOS X 10.9.5 aren’t dissected correctly. (Bug 10502)
  • Problem specifying protocol name for filtering. (Bug 10509)
  • LLDP TIA Network Policy Unknown Policy Flag Decode is not correct. (Bug 10512)
  • Decryption of DCERPC with Kerberos encryption fails. (Bug 10538)
  • Dissection of DECRPC NT sid28 shouldn’t show expert info if tree is null. (Bug 10542)
  • Attempt to render an SMS-DELIVER-REPORT instead of an SMS-DELIVER. (Bug 10547)
  • IPv6 Calipso option length is not used properly. (Bug 10561)
  • The SPDY dissector couldn’t dissecting packet correctly. (Bug 10566)
  • IPv6 QuickStart option Nonce is read incorrectly. (Bug 10575)
  • IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field. (Bug 10576)
  • IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data. (Bug 10577)
  • IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data. (Bug 10578)
  • Wrong offset for hf_mq_id_icf1 in packet-mq.c. (Bug 10597)
  • Malformed PTPoE announce packet. (Bug 10611)
  • IPv6 Permanent Home Keygen Token mobility option includes too many bytes for the token field. (Bug 10619)
  • IPv6 Redirect Mobility Option K and N bits are parsed incorrectly. (Bug 10622)
  • IPv6 Care Of Test mobility option includes too many bytes for the Keygen Token field. (Bug 10624)
  • IPv6 MESG-ID mobility option is parsed incorrectly. (Bug 10625)
  • IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
  • IPv6 DNS-UPDATE-TYPE mobility option includes too many bytes for the MD identity field. (Bug 10629)
  • IPv6 Local Mobility Anchor Address mobility option’s code and reserved fields are parsed as 2 bytes instead of 1. (Bug 10630)
  • WCCP v.2.01 extended assignment data element parsed wrong. (Bug 10641)
  • DNS ISDN RR Sub Address field is read one byte early. (Bug 10650)
  • TShark crashes when running with PDML on a specific packet. (Bug 10651)
  • DNS A6 Address Suffix field is parsed incorrectly. (Bug 10652)
  • DNS response time: calculation incorrect. (Bug 10657)
  • SMPP does not display properly the hour field in the Submit_sm Validity Period field. (Bug 10672)
  • DNS Name Length for Zone RR on root is 6 and Label Count is 1. (Bug 10674)
  • DNS WKS RR Protocol field is read as 4 bytes instead of 1. (Bug 10675)
  • IPv6 Mobility Option Context Request reads an extra request. (Bug 10676)
  
  

  Изменения в программе Wireshark 1.12.1:

  • Wireshark can crash during remote capture (rpcap) configuration. (Bug 3554, Bug 6922, ws-buglink:7021)
  • 802.11 capture does not decrypt/decode DHCP response. (Bug 8734)
  • Extra quotes around date fields (FT_ABSOLUTE_TIME) when using -E quote=d or s. (Bug 10213)
  • No progress line in "VOIP RTP Player". (Bug 10307)
  • MIPv6 Service Selection Identifier parse error. (Bug 10323)
  • Probably wrong length check in proto_item_set_end. (Bug 10329)
  • 802.11 BA sequence number decode is broken. (Bug 10334) wmem_alloc_array() "succeeds" (and clobbers memory) when requested to allocate 0xaaaaaaaa items of size 12. (Bug 10343)
  • Different dissection results for same file. (Bug 10348)
  • Mergecap wildcard breaks in version 1.12.0. (Bug 10354)
  • Diameter TCP reassemble. (Bug 10362)
  • TRILL NLPID 0xc0 unknown to Wireshark. (Bug 10382)
  • BTLE advertising header flags (RxAdd/TxAdd) dissected incorrectly. (Bug 10384)
  • Ethernet OAM (CFM) frames including TLV’s are wrongly decoded as malformed. (Bug 10385)
  • BGP4: Wireshark skipped some potion of AS_PATH. (Bug 10399)
  • MAC address name resolution is broken. (Bug 10344)
  • Wrong decoding of RPKI RTR End of Data PDU. (Bug 10411)
  • SSL/TLS dissector incorrectly interprets length for status_request_v2 hello extension. (Bug 10416)
  • Misparsed NTP control assignments with empty values. (Bug 10417)
  • 6LoWPAN multicast address decompression problems. (Bug 10426)
  • Netflow v9 flowset not decoded if options template has zero-length scope section. (Bug 10432)
  • GUI Hangs when Selecting Path to GeoIP Files. (Bug 10434)
  • AX.25 dissector prints unprintable characters. (Bug 10439)
  • 6LoWPAN context handling not working. (Bug 10443)
  • SIP: When export to a CSV, Info is changed to differ. (Bug 10453)
  • Typo in packet-netflow.c. (Bug 10458)
  • Incorrect MPEG-TS decoding (OPCR field). (Bug 10446)
  
  

  Изменения в программе Wireshark 1.12.0:

  • "On-the-wire" packet lengths are limited to 65535 bytes.
  • "Follow TCP Stream" shows only the first HTTP request and response.
  • Files with pcap-ng Simple Packet Blocks can’t be read.
  • MPLS-over-PPP isn’t recognized.
  
  

  Изменения в программе Wireshark 1.10.8:

  • VoIP flow graph crash upon opening.
  • Tshark with "-F pcap" still generates a pcapng file.
  • IPv6 Next Header 0x3d recognized as SHIM6.
  • Failed to export pdml on large pcap.
  • TCAP: set a fence on info column after calling sub dissector
  • Dissector bug in JSON protocol.
  • GSM RLC MAC: do not skip too many lines of the CSN_DESCR when the field is missing
  • Wireshark PEEKREMOTE incorrectly decoding QoS data packets from Cisco Sniffer APs.
  • IEEE 802.11: fix dissection of HT Capabilities
  
  

  Изменения в программе Wireshark 1.10.7:

  • RTP not decoded inside the conversation in v.1.10.1
  • SIP/SDP: disabled second media stream disables all media streams
  • Lua: trying to get/access a Preference before its registered causes a segfault
  • Some value_string strings contain newlines.
  • Tighten the NO_MORE_DATA_CHECK macros
  • Fix crash when calling "MAP Summary" dialog when no file is open
  • Fix comparing a sequence number of TCP fragment when its value wraps over uint32_t limit
  • Cstomized OUI is not recognized correctly during dissection.
  
  

  Изменения в программе Wireshark 1.10.6:

  • Customized OUI is not recognized correctly during dissection.
  • Properly decode CAPWAP Data Keep-Alives.
  • Build failure with GTK 3.10 - GTK developers have gone insane.
  • SIGSEGV/SIGABRT during free of TvbRange using a chained dissector in lua.
  • MPLS dissector no longer registers itself in "ppp.protocol" table.
  • Tshark doesn’t display the longer data fields (mbtcp).
  • DMX-CHAN disector does not clear strbuf between rows.
  • Dissector bug, protocol SDP: proto.c:4214: failed assertion "length >= 0".
  • False error: capture file appears to be damaged or corrupt.
  • SMPP field source_telematics_id field length different from spec.
  • Lua: bitop library is missing in Lua 5.2.
  • GTPv1-C / MM Context / Authentication quintuplet / RAND is not correct.
  • Lua: ProtoField.new() is buggy.
  • Lua: ProtoField.bool() VALUESTRING argument is not optional but was supposed to be.
  • Problem with CAPWAP Wireshark Dissector.
  • nas-eps dissector: CS Service notification dissection stops after Paging identity IE.
  
  

  Изменения в программе Wireshark 1.10.5:

  • Wireshark stops showing new packets but dumpcap keeps writing them to the temp file.
  • Wireshark 1.10.4 shuts down when promiscuous mode is unchecked.
  • Homeplug dissector bug: STATUS_ACCESS_VIOLATION: dissector accessed an invalid memory address.
  
  

  Изменения в программе Wireshark 1.10.3:

  • new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (Bug 5349)
  • TLS decryption fails with XMPP start_tls. (Bug 8871)
  • Wrong Interpretation of GTS starting slot. (Bug 8946)
  • "Follow TCP Stream" shows only the first HTTP req+res. (Bug 9044)
  • The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (Bug 9126)
  • Crash then try to delete the same entry (length range) twice. (Bug 9129)
  • Crash if wrong "packet lengths range" entered. (Bug 9130)
  • Bssgp ⇒ SGSN-INVOKE-TRACE use the wrong function… (Bug 9157)
  • Minor correction to dissection of DLR frames in Ethernet/IP dissector. (Bug 9186)
  • WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC. (Bug 9198)
  • EDNS0 "Higher bits in extended RCODE" incorrectly decoded in packet-dns.c. (Bug 9199)
  • Files with pcap-ng Simple Packet Blocks can’t be read. (Bug 9200)
  • Bug in RTP dissector if RTP extension is present. (Bug 9204)
  • Improve "eHRPD Indicator" NVSE dissection in 3GPP2 A11 Registration Request. (Bug 9206)
  • "make debian-package" fails, missing wsicon32.xpm. (Bug 9209)
  • Fix typo in MODCOD list of DVB-S2 dissector. (Bug 9218)
  • Ring buffer crash when tshark gets too far behind dumpcap. (Bug 9258)
  • PTP Dissector Wrongfully Reports Malformed Packet. (Bug 9262)
  • Wireshark lua dissector unable to load for media_type=application/octet-stream. (Bug 9296)
  • Wireshark crash when dissecting packet with NTLMSSP. (Bug 9299)
  • Padding in uint64 field in DCERPC protocol wrongly reported. (Bug 9300)
  • DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (Bug 9301)
  • Multiple PDUs in the same DCERPC packet are not correctly decrypted. (Bug 9302)
  • The tshark summary line doesn’t display the frame number or displays it sporadically. (Bug 9317)
  • Bluetooth: SDP improvements and minor fixes. (Bug 9327)
  • Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (Bug 9360)
  
  

  Изменения в программе Wireshark 1.10.2:

  • Lua ByteArray:append() causes wireshark crash.
  • Lua script can not get "data-text-lines" protocol data.
  • Lua: Trying to use Field.new("tcp.segments") to get reassembled TCP data is failed.
  • "Edit Interface Settings": "Capture Filter" combo box is not populated across Wireshark sessions.
  • PER normally small non-negative whole number decoding is wrong when >= 64.
  • Strange behavior of tree expand/collapse in packet details.
  • Incorrect parsing of IPFIX *IpTotalLength elements.
  • IO graph/advanced, max/min/summ error on frames with multiple Diameter messages
  • pod2man error on reordercap.pod.
  • SGI Nsym disambiguation is unconditionally displayed when dissecting VHT.
  • The Wireshark icon doesn’t show up in OS X 10.5.
  • Build fails if system Python is version 3+.
  • SCSI dissector does not parse PERSISTENT RESERVE commands correctly.
  • SDP messages throws an assert.
  • Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses.
  • PN_MRP LinkUp Message is shown as LinkDown in info.
  • Dissector for EtherCAT: ADS highlighting in the Packet Bytes Pane is incorrect.
  • 802.11 HT Extended Capabilities B10 decode incorrect.
  • Wrong dissection of MSTI Root Identifiers for all MSTIs.
  • Weird malformed HTTP error.
  • Warning for attempting to install 64-bit Wireshark on a 32-bit machine has an embedded " ".
  • Wireshark crashes when using "Export Specified Packets" > "Displayed".
  
  

  Изменения в программе Wireshark 1.10.1:

  • Wireshark on 32- and 64-bit Windows supports automatic updates.
  • The packet bytes view is faster.
  • You can now display a list of resolved host names in "hosts" format within Wireshark.
  • The wireless toolbar has been updated.
  • Wireshark on Linux does a better job of detecting interface addition and removal.
  • It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work.
  • The Windows installers ship with WinPcap 4.1.3, which supports Windows 8.
  • USB type and product name support has been improved.
  • All Bluetooth profiles and protocols are now supported.
  • Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added.
  • The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes.
  • Capinfos now prints human-readable statistics with SI suffixes by default.
  • It is now possible to open a referenced packet (such as the matched request or response packet) in a new window.
  • Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x.
  • Wireshark can be compiled using GTK+ 3.
  • The Wireshark application icon, capture toolbar icons, and other icons have been updated.
  • Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y.
  • Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway.
  • Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini).
  • Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules.
  • The LOAD() metric in the IO-graph now shows the load in IO units instead of thousands of IO units.
  
  

  Изменения в программе Wireshark 1.8.3:

  • The following vulnerabilities have been fixed.
  • The HSRP dissector could go into an infinite loop. (Bug 7581)
  • The PPP dissector could abort. (Bug 7316, bug 7668)
  • Martin Wilck discovered an infinite loop in the DRDA dissector. (Bug 7666)
  • Laurent Butti discovered a buffer overflow in the LDP dissector. (Bug 7567)
  • The following bugs have been fixed:
  • The HTTP dissector does not reassemble headers when the first TCP segment does not contain a full header line.
  • HDCP2 uses the wrong protocol id.
  • Several I/O graph problems have been fixed.
  • No markers show up when maps are displayed. (Bug 5016)
  • Assertion when using tshark/wireshark on large captures. (Bug 5699)
  • Volume label field of "SMB/TRANS2-QUERY_FS_INFO/InfoVolume level" reply packet is not displayed correctly due alignment issue. (Bug 5778)
  • 64-bit Wireshark appears to hit 2-Gbyte memory limit on 64-bit Windows. (Bug 5979)
  • Truncated/partial JPEG files are not dissected. (Bug 6230)
  • Support for MPLS Packet Loss and Delay Measurement, RFC 6374. (Bug 6881)
  • Memory leak in voip_calls.c. (Bug 7320)
  • When listing protocols available for "Decode As", plugins are sorted after built-ins. (Bug 7348)
  • Hidden columns should not be printed when printing packet summary line. (Bug 7356)
  • Size wrong in "File Set List" for just-finished captures. (Bug 7370)
  • Error: no dependency information found for debian/wireshark-common/usr/lib/wireshark/libwsutil.so.2 (used by debian/wireshark/usr/bin/wireshark). (Bug 7408)
  • Parse and properly display LTE RADIUS AVP 3GPP-User-Location-Info. (Bug 7474)
  • [PATCH] HomeplugAV dissector: decode device id. (Bug 7548)
  • BACnet GetEnrollmentSummary-ACK does not decode correctly. (Bug 7556)
  • epan/dissectors/packet-per.c dissect_per_constrained_integer_64b fails for 64 bits. (Bug 7624)
  • New SCTP PPID 48. (Bug 7635)
  • dissector of Qos attribute "Reliability Class" in GMM/SM message. (Bug 7670)
  • Performance regression in tshark -z io,stat. (Bug 7674)
  • Incorrect io-stat table format when unsupported "-t" operand is specified and when using AVG of relative_time fields. (Bug 7685)
  • IEEE 802.11 TKIP dissection : wrong IS_TKIP macro. (Bug 7691)
  • Homeplug AV dissectors does not properly dissect short frames. (Bug 7707)
  • mm_context_nas_dl_cnt and mm_context_nas_ul_cnt are not dissected properly in ContextResponse message in Gtpv2. (Bug 7718)
  • This trace causes Wireshark to crash when VoIP Calls selected. (Bug 7724)
  • Some diameter Gx enumerations are missing values or value is incorrect. (Bug 7727)
  • Wireshark 1.8.2 is only displaying 2 filters from the drop-down menu even when preferences are set to higher integer. (Bug 7731)
  • BGP bad decoding for Graceful Restart Capability with only helper support & for Enhanced Route Refresh Capability. (Bug 7734)
  • Dissection error of D-RELEASE and D-CONNECT in TETRA dissector. (Bug 7736)
  • DND can cause Wireshark to crash. (Bug 7744)
  • SCSI: WRITE BUFFER fields always display as zero. (Bug 7753)
  
  

  Изменения в программе Wireshark 1.8.2:

  • The following bugs have been fixed:
  • Move Y.1711 out of MPLS dissector.
  • Patch: Add frame.interface_id support for ERF file format.
  • Freeze when Resizing or Moving while capturing.
  • Wireshark crashes when using multiple files.
  • Wireshark crashes on opening very short NFS pcap file.
  • Analyze->Apply as Filter and Analyze->Prepare a Filter cause crashes.
  • crashes in interface list, pipe handling.
  • ISDN LAPD X.31 packet traffic can not be decoded.
  • GIOP request_id used for sub dissectors is not assigned when decoding GIOP 1.2 Request message.
  • pcap-ng -ISB always writes 0 for isb_ifrecv option.
  • GSM classmark3 decode wrong.
  • mem corruptionheap corruptiondiv0 bugs.
  • DNS AD flag not shown properly.
  • Wireshark and TShark crash at start with invalid color filter on SPARC.
  
  

  Изменения в программе Wireshark 1.8.1:

  Bug Fixes

  • The following vulnerabilities have been fixed.
  
  

  Изменения в программе Wireshark 1.8.0:

  Bug Fixes

  • The following bugs have been fixed:
  • When saving the displayed packets, packets which are dependencies (e.g., due to reassembly) of the displayed packets are included in the list of saved packets (Bug 3315).
  • Rearranging columns in preferences doesn`t work on 64-bit Windows. (Bug 6077)

    New and Updated Features

  • The following features are new (or have been significantly updated) since version 1.6:
  • Wireshark supports capturing from multiple interfaces at once.
  • You can now add, edit, and save packet and capture file annotations.
  • Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.)
  • Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier.
  • OID resolution is now supported on 64-bit Windows.
  • The "Save As" menu item has been split into "Save As", which lets you save a file using a different filename and "Export Specified Packets", which lets you have more control over which packets are saved.
  • TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are.
  • TCP window updates are no longer colorized as "Bad TCP".
  • TShark`s command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets.
  • GeoIP IPv6 databases are now supported.
  
  

  Изменения в программе Wireshark 1.6.8:

  • Infinite and large loops in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti.
  • The DIAMETER dissector could try to allocate memory improperly and crash.
  • Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann.
  • User-Password - PAP decoding passwords longer than 16 bytes.
  • The MSISDN is not seen correctly in GTP packet.
  • Wireshark doesn`t calculate the right IPv4 destination using source routing options when bad options precede them.
  • BOOTP dissector issue with DHCP option 82 - suboption 9.
  • MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW packets.
  • ANSI MAP infinite loop.
  • HCIEVT infinite loop.
  • Wireshark doesn`t decode NFSv4.1 operations.
  • LTP infinite loop.
  • Wrong values in DNS CERT RR.
  • Megaco parser problem with LF in header.
  • OPC UA bytestring node id decoding is wrong.
  
  

  Изменения в программе Wireshark 1.6.7:

  • Wireshark could crash while reading SSL decryption keys on 64-bit Windows.
  • Malformed Packets H263-1996 (RFC2190).
  • Wireshark could crash while trying to open an rpcap: URL.
  
  

  Изменения в программе Wireshark 1.6.5:

  • The following vulnerabilities have been fixed.
  
  
  Перейти к описанию программы Wireshark