Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following bugs have been fixed:
BT ATT dissector crash (Bug 14049) CVE-2017-15192
MBIM dissector crash (Bug 14056) CVE-2017-15193
DMP dissector crash (Bug 14068) CVE-2017-15191
RTSP dissector crash (Bug 14077) CVE-2017-15190
DOCSIS infinite loop (Bug 14080) CVE-2017-15189
- Wireshark crash when end capturing with "Update list of packets in real-time" option off. (Bug 13024)
- Diameter service response time statistics broken in 2.2.4. (Bug 13442)
- Sequence number isn’t shown as the X axis in TCP Stream Graph - RTT. (Bug 13740)
- Using an SSL subdissector will cause SSL data to not be decoded (related to reassembly of application data). (Bug 13885)
- Wireshark 2.4.0 doesn’t build with Qt 4.8. (Bug 13909)
- Some Infiniband Connect Req fields are not decoded correctly. (Bug 13997)
- Voip Flow Sequence button crash. (Bug 14010)
- wireshark-2.4.1/epan/dissectors/packet-dmp.c:1034: sanity check in wrong place ?. (Bug 14016)
- wireshark-2.4.1/ui/qt/tcp_stream_dialog.cpp:1206: sanity check in odd place ?. (Bug 14017)
- [oss-fuzz] ASAN: 232 byte(s) leaked in 4 allocation(s). (Bug 14025)
- [oss-fuzz] ASAN: 47 byte(s) leaked in 1 allocation(s). (Bug 14032)
- Own interface toolbar logger dialog for each log command. (Bug 14033)
- Wireshark crashes when dissecting DOCSIS REGRSPMP which contains UCD. (Bug 14038)
- Broken installation instructions for Visual Studio Community Edition. (Bug 14039)
- RTP Analysis "save as CSV" saves twice the forward stream, if two streams are selected. (Bug 14040)
- VWR file read ends early with vwr: Invalid data length 0. (Bug 14051)
- reordercap fails with segmentation fault 11 on MacOS. (Bug 14055)
- Cannot Apply Bitmask to Long Unsigned. (Bug 14063)
- text2pcap since version 2.4 aborts when there are no arguments. (Bug 14082)
- gtpprime: Missing in frame.protocols. (Bug 14083)
- HTTP dissector believes ICY response is a request. (Bug 14091)
6LoWPAN, Bluetooth, BOOTP/DHCP, BT ATT, BT LE, DCERPC, DMP, DOCSIS, EPL, GTP, H.248, HTTP, InfiniBand, MBIM, RPC, RTSP, SSL, and WSP
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.