Table of Contents
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
The following bugs have been fixed:
Multiple dissectors could crash. (Bug 14253) CVE-2018-5336
The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334
The WCP dissector could crash. (Bug 14251) CVE-2018-5335
Prior to this release dumpcap enabled the Linux kernel’s BPF JIT
compiler via the net.core.bpf_jit_enable
sysctl. This could make
systems more vulnerable to Spectre variant 1 (CVE-2017-5753)
and this feature has been removed (Bug 14313).
- Some keyboard shortcut mix-up has been resolved by assigning new shortcuts to Edit → Copy methods.
- Remote interfaces are not saved. (Bug 8557)
- Additional grouping in Expert Information dialog. (Bug 11753)
- First start with non-empty extcap folder after install or reboot hangs at "initializing tap listeners". (Bug 12845)
- Can’t hide expert categories in Expert Information. (Bug 13831)
- Expert info dialog should have "Collapse All"/"Expand All" options. (Bug 13842)
- SIP Statistics extract does not work. (Bug 13942)
- Service Response Time - SCSI dialog crashes. (Bug 14144)
- Wireshark & Tshark 2.4.2 core dumps with segmentation fault. (Bug 14194)
- SSH remote capture promiscuous mode. (Bug 14237)
- SOCKS pseudo header displays incorrect Version value. (Bug 14262)
- Only first variable of list is dissected in NTP Control request message. (Bug 14268)
- NTP Authenticator field dissection fails if padding is used. (Bug 14269)
- BSSAP packet dissector issue - BSSAP_UPLINK_TUNNEL_REQUEST message. (Bug 14289)
- "[Malformed Packet]" for Mobile IP (MIP) protocol. (Bug 14292)
- There is a potential buffer underflow in File_read_line function in epan/wslua/wslua_file.c file. (Bug 14295)
- Saving a temporary capture file may not result in the temporary file being removed. (Bug 14298)
Bluetooth, BSSAP, BT ATT, BT HCI, BT SMP, MIP, NTP, SCTP, SOCKS, UDS, and WCP
Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.
Official Wireshark training and certification are available from Wireshark University.
A complete FAQ is available on the Wireshark web site.