Portable Wireshark 1.7.1 Development / 1.6.8 - Changelog

What's new in Portable Wireshark 1.6.8:

May 23rd, 2012

Bug Fixes:
· wnpa-sec-2012-08
· Infinite and large loops in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti. (Bugs 6805, 7118, 7119, 7120, 7121, 7122, 7124, 7125)
· Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

· wnpa-sec-2012-09
· The DIAMETER dissector could try to allocate memory improperly and crash. (Bug 7138)
· Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

· wnpa-sec-2012-10
· Wireshark could crash on SPARC processors due to misaligned memory. Discovered by Klaus Heckelmann. (Bug 7221)
· Versions affected: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7.

The following bugs have been fixed:
· User-Password - PAP decoding passwords longer than 16 bytes. (Bug 6779)
· The MSISDN is not seen correctly in GTP packet. (Bug 7042)
· Wireshark doesn't calculate the right IPv4 destination using source routing options when bad options precede them. (Bug 7043)
· BOOTP dissector issue with DHCP option 82 - suboption 9. (Bug 7047)
· MPLS dissector in 1.6.7 and 1.7.1 misdecodes some MPLS CW packets. (Bug 7089)
· ANSI MAP infinite loop. (Bug 7119)
· HCIEVT infinite loop. (Bug 7122)
· Wireshark doesn't decode NFSv4.1 operations. (Bug 7127)
· LTP infinite loop. (Bug 7124)
· Wrong values in DNS CERT RR. (Bug 7130)
· Megaco parser problem with LF in header. (Bug 7198)
· OPC UA bytestring node id decoding is wrong. (Bug 7226)

Updated Protocol Support:
· ANSI MAP, ASF, BACapp, Bluetooth HCI, DHCP, DIAMETER, DNS, GTP, IEEE 802.11, IEEE 802.3, IPv4, LTP, Megaco, MPLS, NFS, OPC UA, RADIUS

New and Updated Capture File Support:
· 5View, CSIDS, pcap, pcap-ng

What's new in Portable Wireshark 1.6.7:

April 7th, 2012

Bug Fixes:
The following bugs have been fixed:
· Wireshark could crash while reading SSL decryption keys on 64-bit Windows.
· Malformed Packets H263-1996 (RFC2190). (Bug 6996)
· Wireshark could crash while trying to open an rpcap: URL. (Bug 6922)

Updated Protocol Support:
· H.263
Getting Wireshark:
· Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
Vendor-supplied Packages:
· Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
File Locations:
· Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

What's new in Portable Wireshark 1.6.4:

November 19th, 2011

Bug Fixes:
· Patch to fix memory leaks/errors in Lua plugin. (Bug 5575)
· Wireshark crashes if a field of type BASE_CUSTOM is applied as a column. (Bug 6503)
· Filter Expression dialog can only be opened once. (Bug 6537)
· Wireshark crashes if compiled without GLib thread support. (Bug 6540)
· 80211 QoS Control: Add Raw TID. (Bug 6548)
· SNMP length check error. (Bug 6564)
· UCP dissector bug of operation 61. (Bug 6570)

What's new in Portable Wireshark 1.6.3:

November 2nd, 2011

The following vulnerabilities have been fixed:

· wnpa-sec-2011-17

· The CSN.1 dissector could crash. (Bug 6351)

· Versions affected: 1.6.0 to 1.6.2.

· wnpa-sec-2011-18

· Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL pointer. (Bug 6476)

· Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.

· wnpa-sec-2011-19

· Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a buffer overflow in the ERF file reader. (Bug 6479)

· Versions affected: 1.4.0 to 1.4.9, 1.6.0 to 1.6.2.

The following bugs have been fixed:

· Assertion failed when doing File->Quit->Save during live capture. (Bug 1710)

· Wrong PCEP XRO sub-object decoding. (Bug 3778)

· Wireshark window takes very long time to show up if invalid network file path is at recent file list (Bug 3810)

· Decoding [Status Records] Timestamp Sequence Field in Bundle Protocol fails if over 32 bits. (Bug 4109)

· ISUP party number dissection. (Bug 5221)

· wireshark-1.4.2 crashes when testing the example python dissector because of a dissector count assertion. (Bug 5431)

· Ethernet packets with both VLAN tag and LLC header no longer displayed correctly. (Bug 5645)

· SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680)

· Wireshark crashes when attempting to open a file via drag & drop when there's already a file open. (Bug 5987)

· Adding and removing custom HTTP headers requires a restart. (Bug 6241)

· Can't read full 64-bit SNMP values. (Bug 6295)

· Dissection fails for frames with Gigamon Header and VLAN. (Bug 6305)

· RTP Stream Analysis does not work for TURN-encapsulated RTP. (Bug 6322)

· packet-csn1.c doesn't process CSN_CHOICE entries properly. (Bug 6328)

· BACnet property time-synchronization-interval (204) name shown incorrectly as time-synchronization-recipients. (Bug 6336)

· GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345)

· [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347)

· ICMPv6 router advertisement Prefix Information Flag R "Router Address" missing. (Bug 6350)

· Export -> Object -> HTTP -> save all: Error on saving files. (Bug 6362)

· Inner tag of 802.1ad frames not parsed properly. (Bug 6366)

· Added cursor type decoding to MySQL dissector. (Bug 6396)

· Incorrect identification of UDP-encapsulated NAT-keepalive packets. (Bug 6414)

· WPA IE pairwise cipher suite dissector uses incorrect value_string list. (Bug 6420)

· S1AP protocol can't decode IPv6 transportLayerAddress. (Bug 6435)

· RTPS2 dissector doesn't handle 0 in the octestToNextHeader field. (Bug 6449)

· packet-ajp13 fix, cleanup, and enhancement. (Bug 6452)

· Network Instruments Observer file format bugs. (Bug 6453)

· Wireshark crashes when using "Open Recent" 2 times in a row. (Bug 6457)

· Wireshark packet_gsm-sms, display bug: Filler bits in TP-User Data Header. (Bug 6469)

· wireshark unable to decode NetFlow options which have system scope size != 4 bytes. (Bug 6471)

· Display filter Expression Dialog Box Error. (Bug 6472)

· text_import_scanner.l missing. (Bug 6531)

Updated Protocol Support:
· AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE 802.11, IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP, S1AP, SSL

New and Updated Capture File Support:
· Endace ERF.

What's new in Portable Wireshark 1.6.2:

September 9th, 2011

The following vulnerabilities have been fixed. :

· A large loop in the OpenSafety dissector could cause a crash. (Bug 6138)
· A malformed IKE packet could consume excessive resources.
· A malformed capture file could result in an invalid root tvbuff and cause a crash. (Bug 6135)
· Wireshark could run arbitrary Lua scripts. (Bug 6136)
· The CSN.1 dissector could crash. (Bug 6139)
· Versions affected: 1.6.0 to 1.6.1.
The following bugs have been fixed:
· configure ignores (partially) LDFLAGS. (Bug 5607)
· Build fails when it tries to #include , not present in Solaris 9. (Bug 5608)
· Unable to configure zero length SNMP Engine ID. (Bug 5731)
· BACnet who-is request device range values are not decoded correctly in the packet details window. (Bug 5769)
· H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call. (Bug 5848)
· Wireshark crashes if sercosiii module isn't installed. (Bug 6006)
· Editcap could create invalid pcap files when converting from JPEG. (Bug 6010)
· Timestamp is incorrectly decoded for ICMP Timestamp Response packets from MS Windows. (Bug 6114)
· Malformed Packet in decode for BGP-AD update. (Bug 6122)
· Wrong display of CSN_BIT in CSN.1. (Bug 6151)
· Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c. (Bug 6166)
· Wireshark cannot display Reachable time & Retrans timer in IPv6 RA messages. (Bug 6168)
· ReadPropertyMultiple-ACK not correctly dissected. (Bug 6178)
· GTPv2 dissectors should treat gtpv2_ccrsi as optional. (Bug 6183)
· BGP : AS_PATH attribute was decode wrong. (Bug 6188)
· Fixes for SCPS TCP option. (Bug 6194)
· Offset calculated incorrectly for sFlow extended data. (Bug 6219)
· Enter] key behavior varies when manually typing display filters. (Bug 6228)
· Contents of pcapng EnhancedPacketBlocks with comments aren't displayed. (Bug 6229)
· Misdecoding 3G Neighbour Cell Information Element in SI2quater message due to a coding typo. (Bug 6237)
· Mis-spelled word "unknown" in assorted files. (Bug 6244)
· tshark run with -Tpdml makes a seg fault. (Bug 6245)
· btl2cap extended window shows wrong bit. (Bug 6257)
· NDMP dissector incorrectly represents "ndmp.bytes_left_to_read" as signed. (Bug 6262)
· TShark/dumpcap skips capture duration flag occasionally. (Bug 6280)
· File types with no snaplen written out with a zero snaplen in pcap-ng files. (Bug 6289)
· Wireshark improperly parsing 802.11 Beacon Country Information tag. (Bug 6264)
· ERF records with extension headers not written out correctly to pcap or pcap-ng files. (Bug 6265)
· RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276)
· Copying from RTP stream analysis copies 1st line many times. (Bug 6279)
· Wrong display of CSN_BIT under CSN_UNION. (Bug 6287)
· MEGACO context tracking fix - context id reuse. (Bug 6311)

Updated Protocol Support:
· BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP

New and Updated Capture File Support:
· CommView, pcap-ng, JPEG.

What's new in Portable Wireshark 1.6.1:

July 19th, 2011

The following vulnerabilities have been fixed:

· The Lucent/Ascend file parser was susceptible to an infinite loop.

· Versions affected: 1.2.0 to 1.2.17, 1.4.0 to 1.4.7, and 1.6.0.

· CVE-2011-2597

· The ANSI MAP dissector was susceptible to an infinite loop.

· Versions affected: 1.4.0 to 1.4.7, and 1.6.0.

The following bugs have been fixed:

· TCP dissector doesn't decode TCP segments of length 1.

· wireshark 1.4.0rc1 and python - spurious message.

· Missing LUA function.

· Lua API description about creating a new Tvb from a bytearray is not correct in wireshark's user guide.

· Character echo pauses in Capture Filter field in Capture Options.

· White space in protocol field abbreviation causes runtime failure while registering Lua dissector.

· "File not found" box uses wrong filename encoding.

· capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too many .

· Wireshark crashes if Lua contains "Pref.range()" with missing arguments.

· The "range" field in Lua's "Pref.range()" serves as default while the "default" field does nothing .

· Wireshark crashes when calling TreeItem:set_len() on TreeItem without tvb.

· TvbRange_string(lua_State* L) call a wrong function.

· VoIP call flow graph displays BICC APM as a BICC ANM.

· Cannot Live-capture VirtualBox network packets with Wireshark; pipe problem.

· Interface list in Capture Options isn't cleared when selecting other host.

· H323 rate multiplier wrong.

· Inclusion of config.h is too late in lex-files resulting in wrong definition of _FILE_OFFSET_BITS.

· tshark crashes when loading Lua script that contains GUI function.

· 802.11 Disassociation Packet's "Reason Code" field is imprecisely decoded/described.

· Wireshark crashes when setting custom column's field name with conditional.

· Crash after applying "expert.severity" field as column.

· GTS Descriptor count limited to 3 instead of 7.

· The SSL dissector can not resemble correctly the frames after TCP zero window probe packet.

· Packet parser takes too long for this trace.

· The SSL dissector can not resemble correctly the frames after TCP zero window probe packet.

· Wireshark crashes after repeating "File -> Import -> Cancel". (Bug 6080)

· Decoding of MQ ASCII and EBCDIC Traffic Flow - ASCII shows fine, EBCDIC does not.

· 802.11 Association Response Packet's "Status Code" field is imprecisely decoded/described.

· Abis interface not correctly handled in gsmtap dissector.

· Wrong decoding of RLC/MAC EGPRS Packet Downlink Ack/Nack (3GPP TS 44.060).

· CSN Ack/Nack Description wrongly handled in gsm_rlcmac_dl dissector (3GPP TS 44.060).

· wireshark 1.6.0 and python support: installer fails to create the wspy_dissectors subdirectory and .

· Wireshark crash during RTP stream analysis.

What's new in Portable Wireshark 1.5.1:

May 17th, 2011

Bug Fixes:
· Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
· Ring buffers are no longer turned on by default when using multiple capture files.

New and Updated Features:
· Wireshark can import text dumps, similar to text2pcap.
· You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
· TShark can show a specific occurrence of a field when using '-T fields'.
· Custom columns can show a specific occurrence of a field.
· You can hide columns in the packet list.
· Wireshark can now export SMB objects.
· dftest and randpkt now have manual pages.
· TShark can now display iSCSI service response times.
· Dumpcap can now save files with a user-specified group id.
· Syntax checking is done for capture filters.
· You can display the compiled BPF code for capture filters in the Capture Options dialog.
· You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
· Packet length is (finally) a default column.
· TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
· 802.1q VLAN tags are now shown by the Ethernet II dissector.
· Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
· The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
· The RTP player now shows why media interruptions occur.
· Graphs now save as PNG images by default.
· TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via
· [-z hosts]
· .

· The tshark -z option now uses the
· [-z ,srt]
· syntax instead of
· [-z ,rtt]
· for all protocols that support service response time statistics. This syntax now matches Wireshark's syntax for this option.

New Protocol Support:
· ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, Constrained Application Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol, Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol (SDP), JSON, LISP Data, MikroTik MAC-Telnet, Mongo Wire Protocol, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, RSIP, SAMETIME, SCoP, SGSAP, Tektronix Teklink, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)

New and Updated Capture File Support:
· Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView

What's new in Portable Wireshark 1.6.0 RC1:

May 17th, 2011

The following bugs have been fixed:
· Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
· Ring buffers are no longer turned on by default when using multiple capture files.

New and Updated Features:
· Wireshark can import text dumps, similar to text2pcap.
· You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
· TShark can show a specific occurrence of a field when using '-T fields'.
· Custom columns can show a specific occurrence of a field.
· You can hide columns in the packet list.
· Wireshark can now export SMB objects.
· dftest and randpkt now have manual pages.
· TShark can now display iSCSI, ICMP and ICMPv6 service response times.
· Dumpcap can now save files with a user-specified group id.
· Syntax checking is done for capture filters.
· You can display the compiled BPF code for capture filters in the Capture Options dialog.
· You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
· Packet length is (finally) a default column.
· TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
· 802.1q VLAN tags are now shown by the Ethernet II dissector.
· Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
· The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
· The RTP player now shows why media interruptions occur.
· Graphs now save as PNG images by default.
· TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via [-z hosts]
· The tshark -z option now uses the [-z ,srt] syntax instead of [-z ,rtt] for all protocols that support service response time statistics. This syntax now matches Wireshark's syntax for this option.

New Protocol Support:
· ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, Broadcast/Multicast Control, Constrained Application Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol, Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol (SDP), JSON, LISP Control, LISP Data, LISP, MikroTik MAC-Telnet, MRP Multiple Mac Registration Protocol (MMRP) Mongo Wire Protocol, MUX27010, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, GPPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, RObust Header Compression (ROHC), RSIP, SAMETIME, SCoP, SGSAP, Tektronix Teklink, USB/AT Commands, uTorrent Transport Protocol, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)

New and Updated Capture File Support:
· Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView

What's new in Portable Wireshark 1.4.6:

April 19th, 2011

Bug Fixes:
· Wireshark and TShark can crash while analyzing TCP packets. (Bug 5837)

What's new in Portable Wireshark 1.4.5:

April 16th, 2011

The following vulnerabilities have been fixed:
· The NFS dissector could crash on Windows. (Bug 5209)
· The X.509if dissector could crash. (Bug 5754, Bug 5793)
· Paul Makowski from SEI/CERT discovered that the DECT dissector could overflow a buffer. He verified that this could allow remote code execution on many platforms.

The following bugs have been fixed:
· Cygwin make fails after updating to bash v 4.1.9.2
· Export HTTP > All - System Appears Hung (but isn't). (Bug 1671)
· Some HTTP responses don't decode with TCP reassembly on. (Bug 3785)
· Wireshark crashes when cancelling a large sort operation. (Bug 5189)
· Wireshark crashes if SSL preferences RSA key is actually a DSA key. (Bug 5662)
· tshark incorrectly calculates TCP stream for some syn packets. (Bug 5743)
· Wireshark not able to decode the PPP frame in a sflow (RFC3176) flow sample packet because Wireshark incorrectly read the protocol in PPP frame header. (Bug 5746)
· Mysql protocol dissector: all fields should be little endian. (Bug 5759)
· Error when opening snoop from Juniper SSG-140. (Bug 5762)
· svnversion: command not found. (Bug 5798)
· capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too many. (Bug 5803)
· Value of TCP segment data cannot be copied. (Bug 5811)
· proto_field_is_referenced() is not exported in libwireshark.dll. (Bug 5816)
· Wireshark ver. 1.4.4 not displayed "Granted QoS" field in a A11 packet. (Bug 5822)

What's new in Portable Wireshark 1.5.1 Development:

April 12th, 2011

Bug Fixes:
· Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
· Ring buffers are no longer turned on by default when using multiple capture files.

What's new in Portable Wireshark 1.4.4:

March 2nd, 2011

The following bugs have been fixed:
· A TCP stream would not always be recognized as the same stream. (Bug 2907)
· Wireshark Crashing by pressing 2 Buttons. (Bug 4645)
· A crash can occur in the NTLMSSP dissector. (Bug 5157)
· The column texts from a Lua dissector could be mangled. (Bug 5326) (Bug 5630)
· Corrections to ANSI MAP ASN.1 specifications. (Bug 5584)
· When searching in packet bytes, the field and bytes are not immediately shown. (Bug 5585)
· Malformed Packet: ULP reported when dissecting ULP SessionID PDU. (Bug 5593)
· Wrong IEI in container of decode_gtp_mm_cntxt. (Bug 5598)
· Display filter does not work for expressions of type BASE_DEC, BASE_DEC_HEX and BASE_HEX_DEC. (Bug 5606)
· NTLMSSP dissector may fail to compile due to space embedded in C comment delimiters. (Bug 5614)
· Allow for name resolution of link-scope and multicast IPv6 addresses from local host file. (Bug 5615)
· DHCPv6 dissector formats DUID_LLT time incorrectly. (Bug 5627)
· Allow for IEEE 802.3bc-2009 style PoE TLVs. (Bug 5639)
· Various fixes to the HIP packet dissector. (Bug 5646)
· Display "Day of Year" for January 1 as 1, not 0. (Bug 5653)
· Accommodate the CMake build on Ubuntu 10.10. (Bug 5665)
· E.212 MCC 260 Poland update according to local national regulatory. (Bug 5668)
· IPP on ports other than 631 not recognized. (Bug 5677)
· Potential access violation when writing to LANalyzer files. (Bug 5698)
· IEEE 802.15.4 Superframe Specification - Final CAP Slot always 0. (Bug 5700)
· Peer SRC and DST AS numbers are swapped for cflow. (Bug 5702)
· dumpcap: -q option behavior doesn't match documentation. (Bug 5716)

Updated Protocol Support:
· ANSI MAP, BitTorrent, DCM, DHCPv6, DTAP, DTPT, E.212, GSM Management, GTP, HIP, IEEE 802.15.4, IPP, LDAP, LLDP, Netflow, NTLMSSP, P_Mul, Quake, Skinny, SMB, SNMP, ULP

New and Updated Capture File Support:
· LANalyzer, Nokia DCT3, Pcap-ng

What's new in Portable Wireshark 1.5.0 Development:

January 25th, 2011

New and Updated Features:
· Wireshark can import text dumps, similar to text2pcap.
· You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window.
· TShark can show a specific occurrence of a field when using '-T fields'.
· Custom columns can show a specific occurrence of a field.
· You can hide columns in the packet list.
· Wireshark can now export SMB objects.
· dftest and randpkt now have manual pages.
· TShark can now display iSCSI service response times.
· Dumpcap can now save files with a user-specified group id.
· Syntax checking is done for capture filters.
· You can display the compiled BPF code for capture filters in the Capture Options dialog.
· You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. .
· Packet length is (finally) a default column.
· TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI.
· 802.1q VLAN tags are now shown by the Ethernet II dissector.
· Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors.
· The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture.
· The RTP player now shows why media interruptions occur.
· Graphs now save as PNG images by default.

New Protocol Support:
· ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Constrained Application Protocol (COAP), Digium TDMoE, Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol (SDP), JSON, LISP Data, MikroTik MAC-Telnet, Mongo Wire Protocol, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, SAMETIME, SCoP, SGSAP, Tektronix Teklink, WAI authentication, Wi-Fi P2P (Wi-Fi Direct)

New and Updated Capture File Support:
· Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView

What's new in Portable Wireshark 1.4.3:

January 12th, 2011

Bug Fixes:
· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
· FRAsse discovered that the MAC-LTE dissector could overflow a buffer. (Bug 5530)
· Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
· FRAsse discovered that the ENTTEC dissector could overflow a buffer. (Bug 5539)
· Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.
· CVE-2010-4538
· The ASN.1 BER dissector could assert and make Wireshark exit prematurely. (Bug 5537)
· Versions affected: 1.4.0 to 1.4.2.

The following bugs have been fixed:
· AMQP failed assertion. (Bug 4048)
· Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)
· Fuzz testing reports possible dissector bug: TCP. (Bug 4211)
· Wrong length calculation in new_octet_aligned_subset_bits() (PER dissector). (Bug 5393)
· Function dissect_per_bit_string_display might read more bytes than available (PER dissector). (Bug 5394)
· Cannot load wpcap.dll & packet.dll from Wireshark program directory. (Bug 5420)
· Wireshark crashes with Copy -> Description on date/time fields. (Bug 5421)
· DHCPv6 OPTION_CLIENT_FQDN parse error. (Bug 5426)
· Information element Error for supported channels. (Bug 5430)
· Assert when using ASN.1 dissector with loading a 'type table'. (Bug 5447)
· Bug with RWH parsing in Infiniband dissector. (Bug 5444)
· Help->About Wireshark mis-reports OS. (Bug 5453)
· Delegated-IPv6-Prefix(123) is shown incorrect as X-Ascend-Call-Attempt-Limit(123). (Bug 5455)
· "tshark -r file -T fields" is truncating exported data. (Bug 5463)
· gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet Flow Identifier. (Bug 5475)
· Improper decode of TLS 1.2 packet containing both CertificateRequest and ServerHelloDone messages. (Bug 5485)
· LTE-PDCP UL and DL problem. (Bug 5505)
· CIGI 3.2/3.3 support broken. (Bug 5510)
· Prepare Filter in RTP Streams dialog does not work correctly. (Bug 5513)
· Wrong decode at ethernet OAM Y.1731 ETH-CC. (Bug 5517)
· WPS: RF bands decryption. (Bug 5523)
· Incorrect LTP SDNV value handling. (Bug 5521)
· LTP bug found by randpkt. (Bug 5323)
· Buffer overflow in SNMP EngineID preferences. (Bug 5530)
· New and Updated Features
· There are no new features in this release.
· New Protocol Support
· There are no new protocols in this release.
· Updated Protocol Support
· AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC, GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T, RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM, WPS
· New and Updated Capture File Support
· Endace ERF, Microsoft Network Monitor, VMS TCPtrace.

What's new in Portable Wireshark 1.4.2:

November 20th, 2010

· File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
· Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the end of the line" if click on last PDU. (Bug 5285)
· GTK-ERROR can occur in packets when there are multiple Netbios/SMB headers in a single frame. (Bug 5289)
· "Tshark -G values" crashes on Windows. (Bug 5296)
· PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
· PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
· [lua] Dumper:close() will cause a segfault due later GC of the Dumper. (Bug 5320)
· Network Instruments' trace files sometimes cannot be read with an error message of "Observer: bad record: Invalid magic number". (Bug 5330)
· IO Graph Time of Day times incorrect for filtered data. (Bug 5340)
· Wireshark tools do not detect and read some ERF files correctly. (Bug 5344)
· "editcap -h" sends some lines to stderr and others to stdout. (Bug 5353)
· IP Timestamp Option: "flag=3" variant (prespecified) not displayed correctly. (Bug 5357)
· AgentX PDU Header 'hex field highlighting' incorrectly spans extra bytes. (Bug 5364)
· AgentX dissector cannot handle null OID in Open-PDU. (Bug 5368)
· Crash with "Gtk-ERROR **: Byte index 6 is off the end of the line". (Bug 5374)
· ANCP Portmanagment TLV wrong decoded. (Bug 5388)
· Crash during startup because of Python SyntaxError in wspy_libws.py. (Bug 5389)

What's new in Portable Wireshark 1.4.1:

October 12th, 2010

Bug Fixes:
· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
· The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230)
· Versions affected: All previous versions up to and including 1.2.11 and 1.4.0.

The following bugs have been fixed:
· Wireshark may appear offscreen on multi-monitor Windows systems. (Bug 553)
· Incorrect behavior using sorting in the packet list. (Bug 2225)
· Cooked-capture dissector should omit the source address field if empty. (Bug 2519)
· MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
· Wireshark crashes if active display filter macro is renamed. (Bug 5002)
· Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
· TCP bytes_in_flight becomes inflated with lost packets. (Bug 5132)
· Wireshark fails to start on Windows XP 64bit. (Bug 5160)
· GTP header is exported in PDML with an incorrect size. (Bug 5162)
· Packet list hidden columns will not be parsed correctly from preferences file. (Bug 5163)
· Wireshark does not display the t.38 graph. (Bug 5165)
· Wireshark don't show mgcp calls in "Telephony → VoIP calls". (Bug 5167)
· Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug 5172)
· GTPv2: IMSI is decoded improperly. (Bug 5179)
· [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug 5186)
· Wireshark mistakenly writes "not all data available" for IPv4 checksum. (Bug 5194)
· GSM: Cell Channel Description, range 1024 format. (Bug 5214)
· Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
· The CLDAP attribute value on a CLDAP reply is no longer being decoded. (Bug 5239)
· [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
· [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug 5246)
· NTLMSSP_AUTH domain and username truncated to first letter with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
· IPv6 RH0: dest addr is to be used i.s.o. last RH address when 0 segments remain. (Bug 5252)
· EIGRP dissection error in Flags field in external route TLVs. (Bug 5261)
· MRP packet is not correctly parsed in PROFINET multiple write record request. (Bug 5267)
· MySQL Enhancement: support of Show Fields and bug fix. (Bug 5271)
· [NAS EPS] Fix TFT decoding when having several Packet Filters defined. (Bug 5274)
· Crash if using ssl.debug.file with no password for ssl.keys_list. (Bug 5277)

Updated Protocol Support:
· ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP, GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL, NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP.

What's new in Portable Wireshark 1.4.0:

August 31st, 2010

Bug Fixes:
· Update time display in background. (Bug 1275)
· Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759)
· Tshark returns 0 even with an invalid interface or capture filter. (Bug 4735)

New and Updated Features:
· The packet list internals have been rewritten and are now more efficient.
· Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header.
· Preliminary Python scripting support has been added.
· Many memory leaks have been fixed.
· Wireshark 1.4 does not support Windows 2000. Please use Wireshark 1.2 or 1.0 on those systems.
· Packets can now be ignored (excluded from dissection), similar to the way they can be marked.
· Manual IP address resolution is now supported.
· Columns with seconds can now be displayed as hours, minutes and seconds.
· You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater.
· TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now.
· Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater.
· You can play RTP streams directly from the RTP Analysis window.
· Capinfos and editcap now respectively support time order checking and forcing.
· Wireshark now has a "jump to timestamp" command-line option.
· You can open JPEG files directly in Wireshark.

New Protocol Support:
· 3GPP Nb Interface RTP Multiplex, Access Node Control Protocol, Apple Network-MIDI Session Protocol, ARUBA encapsulated remote mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N. Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle Protocol, CIP Class Generic, CIP Connection Configuration Object, CIP Connection Manager, CIP Message Router, collectd network data, Control And Provisioning of Wireless Access Points, Controller Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch Link, Fibre Channel Delimiters, File Replication Service DFS-R, Gateway Load Balancing Protocol, Gigamon Header, GigE Vision Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM sub-protocol, GSM over IP protocol as used by ip.access, GSM Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol, IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless Association Control Service, ISO 9548-1 OSI Connectionless Session Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol, ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word, MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS Protocol, packetbb Protocol, Peer Network Resolution Protocol, PKIX Attribute Certificate, Pseudowire Padding, Server/Application State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol, TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN Iuh interface RUA signalling, V5.2, Vendor Specific Control Protocol, Vendor Specific Network Protocol, VMware Lab Manager, VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt, X.411 Message Access Service, ZigBee Cluster Library

New and Updated Capture File Support:
· Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000, Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries, JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler, PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian OS btsnoop, Visual Networks

What's new in Portable Wireshark 1.2.10:

July 30th, 2010

Bug Fixes:
· The SigComp Universal Decompressor Virtual Machine could overrun a buffer. The GSM A RR dissector could crash.
· Due to a regression the ASN.1 BER dissector could overrun the stack.
· The IPMI dissector could go into an infinite loop.
· Wireshark crashes after configuring new Information column.
· Crash triggered when changing display filter from right-mouse pop-up menu via packet-list.
· Wireshark crash selecting Inter-Asterisk exchange v2 packet data.
· zlib-1.2.5 cause tshark to stop live capture.
· Crash when adding SNMP users.
· Wireshark via ssh -X on ipv6 link-local address fails to allow capture.
· OMAPI dissector fails to parse combined initialization messages.
· QUERY_FS_INFO for Macintosh level 0x301 - MacSupportFlags decodes wrong.
· SCSI dissector misidentifies ATA PASSTHROUGH command as ACCESS CONTROL IN.
· Wrong decoding of GTP Prime (GTP') packets.

Updated Protocol Support:
· ASN.1 BER, GSM A RR, GTP, IAX2, IPMI, OMAPI, PRES, SCSI, SMB, UNISTIM

What's new in Portable Wireshark 1.2.8:

May 6th, 2010

Bug Fixes:
· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
· The DOCSIS dissector could crash. (Bug 4644), (bug 4646)
· Versions affected: 0.9.6 to 1.0.12, 1.2.0 to 1.2.7

The following bugs have been fixed:
· HTTP parser limits with Content-Length. (Bug 1958)
· MATE dissector bug with GOGs. (Bug 3010)
· Changing fonts and deleting system time from preferences, results in wireshark crash. (Bug 3387)
· ERF file starting with record with timestamp=0,1 or 2 not recognized as ERF file. (Bug 4503)
· The SSL dissector can not correctly resemple SSL records when the record header is spit between packets. (Bug 4535)
· TCP reassembly can call subdissector with incorrect TCP sequence number. (Bug 4624)
· PTP dissector displays big correction field values wrong. (Bug 4635)
· MSF is at Anthorn, not Rugby. (Bug 4678)
· ProtoField __tostring() description is missing in Wireshark's Lua API Reference Manual. (Bug 4695)
· EVRC packet bundling not handled correctly. (Bug 4718)
· Completely unresponsive when run very first time by root user. (Bug 4308)

New and Updated Features:
· There are no new features in this release.

New Protocol Support:
· There are no new protocols in this release.

Updated Protocol Support:
· DOCSIS, HTTP, SSL

Updated Capture File Support:
· ERF, PacketLogger.

Vendor-supplied Packages:
· Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations:
· Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

What's new in Portable Wireshark 1.2.7:

April 1st, 2010

Bug Fixes:
· SNMPv3 Engine ID registration. (Bug 2426)
· Open file dialog always displayed when clicking anywhere on Wireshark. (Bug 2478)
· tshark reports wrong number of bytes on big dumpfiles with -z io,stat. (Bug 3205)
· Negative INTEGER number displayed as positive number in SNMP dissector. (Bug 3230)
· Add support for FT_BOOLEAN fields to wslua FieldInfo. (Bug 4049)
· Wireshark crashes w/ GLib error when trying to play RTP stream. (Bug 4119)
· Windows 2000 support has been restored. (Bug 4176)
· Wrong dissection on be_cell_id_list for bssmap. (Bug 4437)
· I/O Graph dropdown boxes not working correctly. (Bug 4487)
· Runtime Error when right-clicking field and selecting "Filter Field Reference". (Bug 4522)
· In GSM SMS PDU TPVPF showing wrong. (Bug 4524)
· Profinet: May be wrong defined byte meaning. (Bug 4525)
· GLib-CRITICAL ** Message. (Bug 4547)
· Certain EDP display filters trigger Wireshark/tshark runtime error. (Bug 4563)
· Some NCP frames trigger "Dissector bug, protocol NCP". (Bug 4565)
· The encapsulation abbreviation "bluetooth-h4" is ambiguous. (Bug 4613)

Updated Protocol Support:
· BSSMAP, DMP, GSM SMS, LDSS, NCP, PN/IO, PPP, SIP, SNMP

Updated Capture File Support:
· There are no updated capture file formats in this release.

What's new in Portable Wireshark 1.3.3 Beta:

February 12th, 2010

· The rewritten packet list internals have been greatly improved.
· You can now ignore packets, similar to the way you can mark them.

What's new in Portable Wireshark 1.2.6:

January 28th, 2010

The following bugs have been fixed:
· Wireshark could crash while decrypting Kerberos data.
· Address display filters hang Wireshark. (Bug 658)
· PSML - structure context node missing. (Bug 1564)
· Wireshark doesn't dynamically update the packet list. (Bug 1605)
· LUA: There's no tvb_get_stringz() equivalent. (Bug 2244)
· tvb_new_real_data is prone to memory leak. (Bug 3917)
· Malformed OPC UA traffic makes Wireshark "freeze". (Bug 3986)
· Analyze→Expert... doesn't show IP "Bad Checksum" errors. (Bug 4177)
· Wireshark can't decrypt WPA(2)-PSK when passphrase is 63 bytes. (Bug 4183)
· RTP stream analysis: Wrong jitter values after clicking the refresh button. (Bug 4340)
· Wireshark decodes bootp option 2 incorrectly. (Bug 4342)
· Deleting SMI modules causes Wireshark to crash. (Bug 4354)
· Wireshark decodes kerberos AS-REQ PADATA incorrect. (Bug 4363)
· PDML output from TShark includes invalid characters. (Bug 4402)
· Empty GPRS LLC S frames cause truncated data exception. (Bug 4417)

New and Updated Features:
· Feature parity between the 64- and 32-bit Windows installer has been improved. The 64-bit installer now supports the "matches" operator, GeoIP location, and most types of decryption. Kerberos decryption and OID resolution are still not supported.

New Protocol Support:
· There are no new protocols in this release.

Updated Protocol Support:
· BJNP, BOOTP/DHCP, DHCPv6, FIP, GPRS LLC, IEEE 802.11, IP, Kerberos, OPCUA, SCTP, SSL, ZRTP

Updated Capture File Support:
· There are no updated capture file formats in this release.

What's new in Portable Wireshark 1.2.3 Stable:

October 28th, 2009

· What's New
· Bug Fixes
· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
· The Paltalk dissector could crash on alignment-sensitive processors. (Bug 3689)
· Versions affected: 1.2.0 to 1.2.2
· The DCERPC/NT dissector could crash.
· Versions affected: 0.10.10 to 1.2.2
· The SMB dissector could crash.
· Versions affected: 1.2.0 to 1.2.2
The following bugs have been fixed:
· Wireshark memory leak with each file open and/or display filter change. (Bug 2375)
· DHCP Dissector displays negative lease time. (Bug 2733)
· Invalid advertised window line on tcptrace style graph. (Bug 3417)
· SMB get_dfs_referral referral entry is not dissected correctly. (Bug 3542)
· Error dissecting eMule sourceOBFU message. (Bug 3848)
· Typos in Diameter XML files. (Bug 3878)
· RSL dissector for MS Power IE is broken. (Bug 4017)
· Manifest problem in 1.2.2 Win64 build. (Bug 4024)
· FIP dissector throws assertion. (Bug 4046)
· TCAP problem with indefinite length 'components' SEQ OF. (Bug 4053)
· GSM MAP: an-APDU not decoded. (Bug 4095)
· Add "Drag and Drop entries..." message on Columns preferences page. (Bug 4099)
· Editcap -t and -w option parses fractional digits incorrectly. (Bug 4162)
· New and Updated Features
· The 32-bit and 64-bit Windows packages now include WinPcap 4.1.1. .
· New Protocol Support
· There are no new protocols in this release.
· Updated Protocol Support
· DCERPC NT, DHCP, Diameter, E.212, eDonkey, FIP, IPsec, MGCP, NCP, Paltalk, RADIUS, RSL, SBus, SMB, SNMP, SSL, TCP, Teamspeak2, WPS
· Updated Capture File Support
· Capture file support is unchanged in this release.

What's new in Portable Wireshark 1.2.2 Stable:

September 15th, 2009

· Bug Fixes
· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

· The GSM A RR dissector could crash. (Bug 3893)

· Versions affected: 1.2.0 to 1.2.1

· The OpcUa dissector could use excessive CPU and memory. (Bug 3986)

· Versions affected: 0.99.6 to 1.0.8, 1.2.0 to 1.2.1

· The TLS dissector could crash on some platforms. (Bug 4008)

· Versions affected: 1.2.0 to 1.2.1


The following bugs have been fixed:

· The "Capture->Interfaces" window can't be closed. (Bug 1740)

· tshark-1.0.2 (dumpcap) signal abort core saved. (Bug 2767)

· Memory leak fixes. (Bug 3330)

· Display filter autocompletion doesn't work for some RADIUS and WiMAX ASNCP fields. (Bug 3538)

· Wireshark Portable includes wrong WinPcap installer. (Bug 3547)

· Crash when loading a profile. (Bug 3640)

· The proto,colinfo tap doesn't work if the INFO column isn't being printed. (Bug 3675)

· Flow Graph adds too much unnecessary garbage. (Bug 3693)

· The EAP Diameter dictionary file was missing in the distribution. (Bug 3761)

· Graph analysis window is behind other window. (Bug 3773)

· IKEv2 Cert Request payload dissection error. (Bug 3782)

· DNS NAPTR RR (RFC 3403) replacement MUST be a fully qualified domain-name. (Bug 3792)

· Malformed RTCP Packet error while sending Payload specific RTCP feedback packet( as per RFC 4585). (Bug 3800)

· 802.11n Block Ack packet Bitmap field missing. (Bug 3806)

· Wireshark doesn't decode WBXML/ActiveSync information correctly. (Bug 3811)

· Malformed packet when IPv6 packet has Next Header == 59. (Bug 3820)

· Wireshark could crash while reading an ERF file. (Bug 3849)

· Minor errors in gsm rr dissectors. (Bug 3889)

· WPA Decryption Issues. (Bug 3890)

· GSM A RR sys info dissection problem. (Bug 3901)

· GSM A RR inverts MEAS-VALID values. (Bug 3915)

· PDML output leaks ~300 bytes / packet. (Bug 3913)

· Incorrect station identifier parsing in Kingfisher dissector. (Bug 3946)

· DHCPv6, Vendor-Specific Informantion, SubOption"Option Request" parser incorrect. (Bug 3987)

· Wireshark could leak memory while analyzing SSL.

· Wireshark could crash while updating menu items after reading a file in some cases.

· The Mac OS X ChmodBPF script now works correctly under Snow Leopard.


· New and Updated Features
· There are no new or updated features in this release.

· New Protocol Support
· There are no new protocols in this release.

· Updated Protocol Support
· DCERPC, DHCPv6, DNS, E.212, GSM A RR, GTPv2, H.248, IEEE 802.11, IPMI, ISAKMP/IKE, ISUP, Kingfisher, LDAP, OpcUA, RTCP, SCTP, SIP, SSL, TCP, WBXML, ZRTP

· Updated Capture File Support
· ERF

What's new in Portable Wireshark 1.2.1 Stable:

July 21st, 2009

The following vulnerabilities have been fixed:
· The IPMI dissector could overrun a buffer.
· Versions affected: 1.2.0
· The AFS dissector could crash.
· Versions affected: 0.9.2 to 1.2.0
· The Infiniband dissector could crash on some platforms.
· Versions affected: 1.0.6 to 1.2.0
· The Bluetooth L2CAP dissector could crash.
· Versions affected: 1.2.0
· The RADIUS dissector could crash.
· Versions affected: 1.2.0
· The MIOP dissector could crash.
· Versions affected: 1.2.0
· The sFlow dissector could use excessive CPU and memory.
· Versions affected: 1.2.0

The following bugs have been fixed:
· Wireshark could crash while reading a pcap-ng file.
· Wireshark could crash while reading a PacketLogger file.
· CFLOW decoding is wrong for IPv6 fields (Bug 3328)
· Buildbot crash output: fuzz-2009-04-24-2891.pcap (Bug 3438)
· packet-dcm, corrupt DICOM export files (Bug 3493)
· GeoIP map should use random temporary file name (Bug 3530)
· Wireshark crashes when range_string is the data type (Bug 3536)
· Pcap-ng breaks VoIP call data (Bug 3539)
· ANSI MAP legInformation BER Error (Bug 3541)
· Starting Wireshark Portable 1.2.0 gives error message. (Bug 3547)
· On Windows, Wireshark could crash on startup. (Bug 3555)
· The title in the TCP sequence graphs is too short. (Bug 3556)
· USB Packets in pcap-ng Files Not Dissected Properly (Bug 3560)
· 802.11 decryption is broken (Bug 3590)
· SMB2 Error Response doesn't decode properly (Bug 3609)
· configure.in uses deprecated autoconf test for gnutls detection (Bug 3627)
· Radius Malformed Packet error message (Bug 3635)
· Wireshark could crash when loading a profile. (Bug 3640)
· Analyze->Decode as... menu item becomes unavailable (Bug 3642)
· btsnoop: Incorrect error message for not supported datalink type (Bug 3645)
· Decode error for network-id in BICC BCU-ID (Bug 3648)
· IEC 60870-5-104 dissector decodes nothing (Bug 3650)
· radius_register_avp_dissector() can stop RADIUS dissector from working correctly (Bug 3651)
· ANSI ISUP Cause indicators with coding standard=ANSI fail to dissect. (Bug 3654)
· Wrong field position in PacketCable Multimedia Extended Classifier (Bug 3656)
· FF Protocol "FMS Initiate - Version OD Calling" field packet data not unpacked properly (Bug 3694)
· hci_h4: Optimize column/field handling (Bug 3703)
· BSSLAP Protocol Not Decoded In BSSMAP-LE Messages (Bug 3711)
· Description of tshark -t dd missing from tshark.pod (Bug 3723)
· Problem in packet-per.c for ASN.1 PER Encoding (Bug 3733)
· [SNMP] Crash when dissecting packet (custom MIB) (Bug 3746)

Updated Protocol Support:
· AFS, ANSI ISUP, ANSI MAP, ASN.1 PER, Bluetooth HCI H4, Bluetooth L2CAP, BSS CFLOW, COPS, Diameter, DICOM, FF-HSE, ICMPv6, IEC-60870-5-104, IEEE 802.11, Infiniband, IPMI, MIOP, RADIUS, RSVP, sFlow, SNMP, SMB2, ZIOP

New Capture File Support:
· Btsnoop, DCT3, Packetlogger, pcap-ng.

What's new in Portable Wireshark 1.2.0 Stable:

June 16th, 2009

Bug Fixes:
· Type-ahead search now works properly.
· Several bugs that affected capture from pipes have been fixed.
· Many Lua-related bugs have been fixed.
· Several memory leaks have been found and fixed.
· The "Follow TCP Stream" feature could show two streams at the same time The hex dump view has been narrowed.
· WPA and SSL decryption bugs have been fixed.
· Readability problems on 256-color displays on Windows have been fixed.

New and Updated Features:
· Wireshark has a spiffy new start page.
· Display filters now autocomplete.
· A 64-bit Windows (x64) installer is now provided.
· Support for the c-ares resolver library has been added. It has many advantages over ADNS.
· Many new protocol dissectors and capture file formats have been added (see below for a complete list).
· Macintosh OS X support has been improved.
· GeoIP database lookups.
· OpenStreetMap + GeoIP integration.
· Improved Postscript print output.
· The preference handling code is now much smarter about changes.
· Support for Pcap-ng, the next-generation capture file format.
· Support for process information correlation via IPFIX.
· Column widths are now saved.
· The last used configuration profile is now saved.
· Protocol preferences are changeable from the packet details context menu.
· Support for IP packet comparison.
· Capinfos now shows the average packet rate.
· GTK1 is no longer supported. (Yes, this is a feature.)
· Official Windows packages are now built using Microsoft Visual C++ 2008 SP1.

New Protocol Support:
· Anything in Anything Protocol, ATM PW, N-to-one Cell Mode, B.A.T.M.A.N. Layer 3 Protocol, BACnet MS/TP, BSS LCS Assistance Protocol, Canon BJNP, CESoPSN basic NxDS0 mode (no RTP support), Charging ASE, Cimetrics MS/TP, DECT Protocol, Digital Private Signalling System No 1 Link Layer, DOCSIS Mac Domain Description, DOCSIS Registration Request Multipart, DOCSIS Registration Response Multipart, DOCSIS Synchronisation Message, E100 Encapsulation, EHS, Enhanced Variable Rate Codec, Ethernet Global Data, Ethernet PW, Exchange 2003 Directory Request For Response, Far End Failure Detection, FCoE Initialization Protocol, GOOSE, GPEF, GPRS Tunneling Protocol V2, GSM A-I/F COMMON, GSM A-I/F GPRS Mobility and Session Management, GSM SACCH, GSM Um Interface, HDLC PW, FR port mode (no CW), HDLC-like framing for PPP, IEC 60870-5-104,Apci, IEC 60870-5-104,Asdu, IEEE 802.15.4 Low-Rate Wireless PAN non-ASK PHY, IEEE C37.118 Synchrophasor Protocol, Intelligent Platform Management Interface (Session Wrapper), Inter-Integrated Circuit, Internal TDM, IPSICTL, ISMACryp Protocol, iWARP Direct Data Placement and Remote Direct Memory Access Protocol, iWARP Marker Protocol data unit Aligned framing, Kontiki Delivery Protocol, LANforge Traffic Generator, Layer 1 Event Messages, Lb-I/F BSSMAP LE, LeCroy VICP, Link Access Procedure, Channel Dm (LAPDm), Local Download Sharing Service, LTE Radio Resource Control (RRC) protocol, MAC-LTE, Memcache Protocol, Mesh Header, MP4V-ES, Nasdaq TotalView-ITCH, Nasdaq-SoupTCP version 2.0, NAT Port Mapping Protocol, Netdump Protocol, Non-Access-Stratum (NAS)PDU, PacketLogger, Paltalk Messenger Protocol, PDCP-LTE, PW Associated Channel Header, PW Ethernet Control Word, PW Frame Relay DLCI Control Word, PW MPLS Control Word (generic/preferred), Real-Time Publish-Subscribe Wire Protocol 2.x, Remote Packet Capture, RLC-LTE, SAToP (no RTP support), SERCOS III V1.1, SIMULCRYPT Protocol, Subnetwork Dependent Convergence Protocol XID, Teamspeak2 Protocol, TTEthernet, TTEthernet Protocol Control Frame, Turbocell Aggregate Data, Turbocell Header, TURN Channel, Unreliable Multicast Inter-ORB Protocol, VCDU, Wave Short Message Protocol(IEEE P1609.3), Wireless Access Station Session Protocol, Wireshark Expert Info, World of Warcraft, Xpress Transport Protocol, ZigBee Application Framework, ZigBee Application Support Layer, ZigBee Device Profile, ZigBee Encapsulation Protocol, ZigBee Network Layer, Zipped Inter-ORB Protocol, ZRTP

Updated Protocol Support:
· There are too many updates to list here.

New Capture File Support:
· Apple Bluetooth PacketLogger, Daintree's Sensor Network Analyzer, dct3trace, Pcap-NG, TNEF (yes, those silly winmail.dat attachments)

What's new in Portable Wireshark 1.0.8 Stable:

June 15th, 2009

· Fixed: The PCNFSD dissector could crash. Versions affected: 0.8.20 to 1.0.7

The following bugs have been fixed:
· Lua integration could crash. (Bug 2453)
· The SCCP dissector could crash when loading more than one file in a single session. (Bug 3409)
· The NDMP dissector could crash if reassembly was enabled. (Bug 3470)

· Updated Protocol Support
· All ASN.1 protocols, DICOM, NDMP, PCNFSD, RTCP, SCCP, SSL, STANAG 5066

What's new in Portable Wireshark 1.0.7 Stable:

April 9th, 2009

· The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
· The PROFINET dissector was vulnerable to a format string overflow. (Bug 3382)
· Versions affected: 0.99.6 to 1.0.6
· CVE-2009-1210
· The LDAP dissector could crash on Windows. (Bug 3262)
· Versions affected: 0.99.2 to 1.0.6
· CVE-2009-1267
· The Check Point High-Availability Protocol (CPHAP) dissector could crash. (Bug 3269)
· Versions affected: 0.9.6 to 1.0.6
· CVE-2009-1268
· Wireshark could crash while loading a Tektronix .rf5 file. (Bug 3366)
· Versions affected: 0.99.6 to 1.0.6
· CVE-2009-1269
The following bugs have been fixed:
· Correct use of proto_tree_add_int_format() (Bug 3048)
· RTP dynamic payload clock rates incorrectly determined (Bug 3067)
· TShark fails to properly close capture files when opening new ones (Bug 3172)
· ANSI MAP digits type decode and bitmask corrections (Bug 3233)
· Two small patches for ipvs-syncd dissector (Bug 3236)
· BGP capability dissection failure (Bug 3247)
· ANSI MAP fix for missing MEID/MSC ID number in RegNot (Bug 3255)
· BACnet PrivateTransferError shows malformed packet (Bug 3257)
· Windows silent installer is not that silent (Bug 3260)
· Crash in ASN.1 dissector when using 'type table' (Bug 3271)
· .11n SM Power save mode value 0x3 label is incorrect (Bug 3276)
· .11 WME ie displayed incorrectly (Bug 3284)
· "Copy as filter" from the packet list has been fixed.
· New and Updated Features
· There are no new or updated features in this release.
· New Protocol Support
· There are no new protocols in this release.
· Updated Protocol Support
· ACN, ANSI MAP, ASN.1 BACnet, BGP, CPHAP, GSM MAP, IEEE 802.11, IPVS, LDAP, NetFlow/IPFIX, PROFINET, RTP, SNMP, WSP
· New and Updated Capture File Support
· (TBD)