Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following vulnerabilities have been fixed:
NLM dissector crash.
BER dissector crash.
Zlib decompression crash. (Bug 11548)
SCTP dissector crash. (Bug 11767)
DIAMETER dissector crash. (Bug 11792)
RSVP dissector crash. (Bug 11793)
ANSI A & GSM A dissector crashes. (Bug 11797)
Ascend file parser crash. (Bug 11794)
NBAP dissector crash. (Bug 11815)
RSL dissector crash. (Bug 11829)
ZigBee ZCL dissector crash. (Bug 11830)
Sniffer file parser crash. (Bug 11827)
NWP dissector crash. (Bug 11726)
BT ATT dissector crash. (Bug 11817)
MP2T file parser crash. (Bug 11820)
MP2T file parser crash. (Bug 11821)
S7COMM dissector crash. (Bug 11823)
IPMI dissector crash. (Bug 11831)
TDS dissector crash. (Bug 11846)
PPI dissector crash. (Bug 11876)
MS-WSP dissector crash. (Bug 11931)
The Windows installers are now built using NSIS 2.50 in order to avoid DLL hijacking flaws.
The following bugs have been fixed:
- Zooming out (Ctrl+-) too far crashes Wireshark. (Bug 8854)
- IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
- About → Plugins should be a scrollable. (Bug 11427)
- Profile change leaves prior profile residue. (Bug 11493)
- Wireshark crashes when using the VoIP player. (Bug 11596)
- Incorrect presentation of Ascend-Data-Filter (RADIUS attribute 242). (Bug 11630)
- Not possible to stop a capture with invalid filter. (Bug 11667)
- "No interface selected" when having a valid capture filter. (Bug 11671)
- Malformed packet with IPv6 mobility header. (Bug 11728)
- Wireshark crashes dissecting Profinet NRT (DCE-RPC) packet. (Bug 11730)
- All fields in the packet detail pane of a "new packet" window are expanded by default. (Bug 11731)
- Malformed packets with SET_CUR in the USBVIDEO (UVC) decoding. (Bug 11736)
- Display filters arranges columns incorrectly. (Bug 11737)
- Scrolling and navigating using the trackpad on Mac OS X could be much better. (Bug 11738)
- Lua Proto() does not validate arguments. (Bug 11739)
- Pointers to deallocated memory when redissecting. (Bug 11740)
- Suggestion for re-phrasing the TCP Window Full message. (Bug 11741)
- Can’t parse MPEG-2 Transport Streams generated by the Logik L26DIGB21 TV. (Bug 11749)
- Qt UI on Windows crashes when changing to next capture file. (Bug 11756)
- First displayed frame not updated when changing profile. (Bug 11757)
- LDAP decode shows invalid number of results for searchResEntry packets. (Bug 11761)
- Crash when escape to Follow TCP → Save. (Bug 11763)
- USBPcap prevents mouse and keyboard from working. (Bug 11766)
- Y-axis in RTP graph is in microseconds. (Bug 11784)
- "Delta time displayed" column in Wireshark doesn’t work well, but Wireshark-gtk does. (Bug 11786)
- UDP 12001 SNA Data no longer shown in EBCDIC. (Bug 11787)
- Wireshark Portable is not starting (no messages at all). (Bug 11800)
- IPv6 RPL Routing Header with length of 8 bytes still reads an address. (Bug 11803)
- g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2. (Bug 11809)
- Calling plugin_if_goto_frame when there is no file loaded causes a Protection Exception. (Bug 11810)
- Qt UI SIGSEGV before main() in initializer for colors_. (Bug 11833)
- Unable to add a directory to "GeoIP Database Paths". (Bug 11842)
- C++ Run time error when filtering on Expert limit to display filter. (Bug 11848)
- Widening the window doesn’t correctly widen the rightmost column. (Bug 11849)
- SSL V2 Client Hello no longer dissected in Wireshark 2.0. (Bug 11851)
- PacketBB (RFC5444) dissector displays IPv4 addresses incorrectly. (Bug 11852)
- SMTP over port 587 shows identical content for fields "Username" and "Password" when not decoding base-64-encoded authentication information. (Bug 11853)
- Converting of EUI64 address to string does not take offset into account. (Bug 11856)
- CIP segment dissection causes PDML assertion/failure. (Bug 11863)
- In Import from Hex Dump, an attempt to enter the timestamp format manually crashes the application. (Bug 11873)
- Follow Stream directional selector not readable. (Bug 11887)
- Coloring rule custom colors not saved. (Bug 11888)
- Total number of streams not correct in Follow TCP Stream dialog. (Bug 11889)
- Command line switch -Y for display filter does not work. (Bug 11891)
- Creating Debian package doesn’t work. (Bug 11893)
- Visual C++ Runtime Library Error "The application has requested the Runtime to terminate it in an unusual way." when you do not wait until Conversations is completely updated before applying "Limit to display filter". (Bug 11900)
- dpkg-buildpackage relocation R_X86_64_PC32 against symbol. (Bug 11901)
- Bits view in Packet Bytes pane is not persistent. (Bug 11903)
- ICMP Timestamp days, hours, minutes, seconds is incorrect. (Bug 11910)
- MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong. (Bug 11921)
6LoWPAN, ANSI A, ASN.1 BER, BT ATT, CIP, CLNP, DIAMETER, DNS, ENIP, ERF, GSM A, GSM SMS, HiSLIP, ICMP, IEEE 802.11, IEEE 802.11 Radio, IPMI, IPv4, IPv6, ISUP, L2TP, LDAP, Link (ethertype), MIP6, MP2T, MS-WSP, NBAP, NWP, PacketBB, PPI, QUIC, RADIUS, RSL, RSVP, S7COMM, SCSI, SCTP, SMTP, SSL, TCP, TDS, USB, VRT, and ZigBee ZCL
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.
Application crash when changing real-time option. (Bug 4035)
Hex pane display issue after startup. (Bug 4056)
Packet list rows are oversized. (Bug 4357)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
The 64-bit version of Wireshark will leak memory on Windows when the display depth is set to 16 bits (Bug 9914)
Wireshark should let you work with multiple capture files. (Bug 10488)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.