Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Wireshark 1.12.5 Release Notes

Table of Contents

1. What is Wireshark?
2. What’s New
2.1. Bug Fixes
2.2. New and Updated Features
2.3. New Protocol Support
2.4. Updated Protocol Support
2.5. New and Updated Capture File Support
3. Getting Wireshark
3.1. Vendor-supplied Packages
4. File Locations
5. Known Problems
6. Getting Help
7. Frequently Asked Questions

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed.

The following bugs have been fixed:

  • Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)
  • EAPOL 4-way handshake information wrong. (Bug 10557)
  • RPC NULL calls incorrectly flagged as malformed. (Bug 10646)
  • Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)
  • Buffer overrun in encryption code. (Bug 10849)
  • Crash when use Telephony / Voip calls. (Bug 10885)
  • ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)
  • ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)
  • Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)
  • Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)
  • Possible infinite loop DoS in ForCES dissector. (Bug 11037)
  • "Decode As…" crashes when a packet dialog is open. (Bug 11043)
  • Interface Identifier incorrectly represented by Wireshark. (Bug 11053)
  • "Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)
  • Annoying popup when trying to capture on bonds. (Bug 11058)
  • Request-response cross-reference in USB URB packets incorrect. (Bug 11072)
  • Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)
  • CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
  • Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
  • packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)
  • Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)
  • Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)
  • Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

AllJoyn, ASN.1 PER, ATM, CANopen, Diameter, ForCES, GSM RLC/MAC, GSMTAP, ICMP, IEC-60870-5-104, IEEE 802.11, IMF, IP, LBMC, LBMR, LDAP, LPP, MBIM, MEGACO, MP2T, PKCS-1, PPP IPv6CP, RPC, SPNEGO, SRVLOC, SSL, T.38, TCP, USB, WCP, WebSocket, X11, and ZigBee ZCL

2.5. New and Updated Capture File Support

and Android Logcat Savvius OmniPeek Visual Networks

3. Getting Wireshark

Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.