Wireshark / News: Recent posts

Wireshark 1.10.0rc2 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0. New and Updated Features The following features are new (or have been significantly updated) since version 1.8: Wireshark on 32- and 64-bit Windows supports automatic updates. The packet bytes view is faster. You can now display a list of resolved host names in "hosts" format within Wireshark. The wireless toolbar has been updated. Wireshark on Linux does a better job of detecting interface addition and removal. It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work. The Windows installers ship with WinPcap 4.1.3, which supports Windows 8. USB type and product name support has been improved. All Bluetooth profiles and protocols are now supported. Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added. The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes. Capinfos now prints human-readable statistics with SI suffixes by default. It is now possible to open a referenced packet (such as the matched request or response packet) in a new window. Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x. Wireshark can be compiled using GTK+ 3. The Wireshark application icon, capture toolbar icons, and other icons have been updated. Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y. Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway. Wireshark dropped the left-handed settings from the preferences. This is still configurable via the GTK settings (add "gtk-scrolled-window-placement = top-right" in the config file, which might be called /.gtkrc-2.0 or /.config/gtk-3.0/settings.ini). Wireshark now ships with two global configuration files: Bluetooth, which contains coloring rules for Bluetooth and Classic, which contains the old-style coloring rules. Official releases are available right now from the download page.
link

Wireshark 1.8.7 and 1.6.15 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.7 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.7 release notes. In 1.6.15 An ASN.1 BER vulnerability has been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.15 release notes. Official releases are available right now from the download page.
link

Wireshark 1.10.0rc1 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.10.0. New and Updated Features The following features are new (or have been significantly updated) since version 1.8: Wireshark on 32- and 64-bit Windows supports automatic updates. The packet bytes view is faster. You can now display a list of resolved host names in "hosts" format within Wireshark. The wireless toolbar has been updated. Wireshark on Linux does a better job of detecting interface addition and removal. It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work. The Windows installers ship with WinPcap 4.1.3, which supports Windows 8. USB type and product name support has been improved. All Bluetooth profiles and protocols are now supported. Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added. The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes. Capinfos now prints human-readable statistics with SI suffixes by default. It is now possible to open a referenced packet (such as the matched request or response packet) in a new window. Tshark can now display only the hex/ascii packet data without requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x. Wireshark can be compiled using GTK+ 3. The Wireshark application icon, capture toolbar icons, and other icons have been updated. Tshark’s filtering and multi-pass analysis have been reworked for consistency and in order to support dependent frame calculations during reassembly. See the man page descriptions for -2, -R, and -Y. Tshark’s -G fields2 and -G fields3 options have been eliminated. The -G fields option now includes the 2 extra fields that -G fields3 previously provided, and the blurb information has been relegated to the last column since in many cases it is blank anyway. Official releases are available right now from the download page.
link

Wireshark 1.9.0 has been released. This is an experimental release intended to test features that will go into Wireshark 1.10. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new (or have been significantly updated) since version 1.8: Wireshark on 32- and 64-bit Windows supports automatic updates. The packet bytes view is faster. You can now display a list of resolved host names in "hosts" format within Wireshark. The wireless toolbar has been updated. Wireshark on Linux does a better job of detecting interface addition and removal. It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work. The Windows installers ship with WinPcap 4.1.3, which supports Windows 8. USB type and product name support has been improved. Wireshark now calculates HTTP response times and presents the result in a new field in the HTTP response. Links from the request’s frame to the response’s frame and vice-versa are also added. The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes. Capinfos now prints human-readable statistics with SI suffixes by default. It is now possible to open a referenced packet (such as the matched request or response packet) in a new window. It is now possible for tshark to display only the hex/ascii packet data without also requiring that the packet summary and/or packet details are also displayed. If you want the old behavior, use -Px instead of just -x. The Wireshark application icon, capture toolbar icons, and other icons have been updated. Official releases are available right now from the download page.
link

Wireshark 1.8.6 and 1.6.14 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.6 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.6 release notes. In 1.6.14 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.14 release notes. Official releases are available right now from the download page.
link

Wireshark 1.9.0 has been released. This is an experimental release intended to test features that will go into Wireshark 1.10. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new (or have been significantly updated) since version 1.8: Wireshark on 32- and 64-bit Windows supports automatic updates. The main welcome screen and status bar now display file sizes using strict SI prefixes instead of old-style binary prefixes. It is now possible to compare two fields in a display filter (for example: udp.srcport != udp.dstport). The two fields must be of the same type for this to work. Official releases are available right now from the download page.
link

Wireshark 1.8.5 and 1.6.13 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.5 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.5 release notes. In 1.6.13 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.13 release notes. Official releases are available right now from the download page.
link

On July 25, 2012 an intruder gained access to the server that hosts wiki.wireshark.org, blog.wireshark.org, and ask.wireshark.org. This intrusion went undetected until January 8, 2013. What was affected? As far as we can tell the only service affected was wiki.wireshark.org. The Wireshark source code repository, bug tracker, mailing lists, and other services reside on other hosts and do not appear to be impacted. What are you doing? Wiki.wireshark.org is down and is being rebuilt from scratch. Even though ask.wireshark.org and blog.wireshark.org don't appear to be impacted they were on the same host and are being rebuilt from scratch as well. We are still conducting an investigation into the full extent of the breach and will update this page with any new information. What should I do? Your password on wiki.wireshark.org will be reset. If you used that password anywhere else you should change that password immediately. Update: January 9, 2013 wiki.wireshark.org is back online. All passwords have been reset. Update: January 10, 2013 ask.wireshark.org and blog.wireshark.org are back online. Update: January 11, 2013 As an added precaution all passwords on ask.wireshark.org and blog.wireshark.org have been reset. More Information Debian Wiki Security Incident 2012 wiki.python.org Compromised
link

Wireshark 1.8.4 and 1.6.12 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.4 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.4 release notes. In 1.6.12 A vulnerability in the DRDA dissector has been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.12 release notes. Official releases are available right now from the download page.
link

Wireshark 1.8.3 and 1.6.11 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.3 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.3 release notes. In 1.6.11 A vulnerability in the DRDA dissector has been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.11 release notes. Official releases are available right now from the download page.
link

Wireshark 1.8.2 and 1.6.10 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.2 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.2 release notes. In 1.6.10 Multiple vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.10 release notes. Official releases are available right now from the download page.
link

Wireshark 1.4.14 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.4.14 Vulnerabilities in the PPP and NFS dissectors have been fixes. Several other bugs have been fixed. See the release notes for details. For a complete list of changes, please refer to the 1.4.14 release notes.
link

Wireshark 1.8.1 and 1.6.9 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.8.1 Vulnerabilities in the PPP and NFS dissectors have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.8.1 release notes. In 1.6.9 Vulnerabilities in the PPP and NFS dissectors have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.9 release notes. Official releases are available right now from the download page.
link

Wireshark 1.8.0 has been released. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new (or have been significantly updated) since version 1.6: Wireshark supports capturing from multiple interfaces at once. You can now add, edit, and save packet and capture file annotations. Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.) Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier. OID resolution is now supported on 64-bit Windows. The "Save As" menu item has been split into "Save As", which lets you save a file using a different filename and "Export Specified Packets", which lets you have more control over which packets are saved. TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are. TCP window updates are no longer colorized as "Bad TCP". TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets. GeoIP IPv6 databases are now supported. Official releases are available right now from the download page.
link

Wireshark 1.8.0rc2 has been released. Installers for Windows, OS X, and source code are now available. This is the second release candidate for Wireshark 1.8.0. New and Updated Features The following features are new (or have been significantly updated) since version 1.6: Wireshark supports capturing from multiple interfaces at once. You can now add, edit, and save packet annotations. Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.) Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier. OID resolution is now supported on 64-bit Windows. When saving packets, the default choice is now to save only the displayed packets rather than all packets. TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are. TCP window updates are no longer colorized as "Bad TCP". TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets. GeoIP IPv6 databases are now supported. Official releases are available right now from the download page.
link

Wireshark 1.8.0rc1 has been released. Installers for Windows, OS X, and source code are now available. This is the first release candidate for Wireshark 1.8.0. New and Updated Features The following features are new (or have been significantly updated) since version 1.6: Wireshark supports capturing from multiple interfaces at once. You can now add, edit, and save packet annotations. Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.) Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier. OID resolution is now supported on 64-bit Windows. When saving packets, the default choice is now to save only the displayed packets rather than all packets. TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are. TCP window updates are no longer colorized as "Bad TCP". TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets. GeoIP IPv6 databases are now supported. Official releases are available right now from the download page.
link

Wireshark 1.6.8 and 1.4.13 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.6.8 Several vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.6.8 release notes. In 1.4.13 Several vulnerabilities have been fixed. See the release notes for details. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.4.13 release notes. Official releases are available right now from the download page.
link

Wireshark 1.6.7 has been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available. In 1.6.7 Bugs which could cause crashes on Windows while trying to load SSL key preferences or capture using rpcap have been fixed. A bug in the H.263 dissector has been fixed. For a complete list of changes, please refer to the 1.6.7 release notes.
link

Wireshark 1.7.1 has been released. Installers for Windows, OS X, and source code are now available. This is a development release intended to test new features and functionality for Wireshark 1.8.0. New and Updated Features The following features are new (or have been significantly updated) since version 1.6: Wireshark supports capturing from multiple interfaces at once. You can now add, edit, and save packet annotations. Wireshark, TShark, and their associated utilities now save files using the pcap-ng file format by default. (Your copy of Wireshark might still use the pcap file format if pcap-ng is disabled in your preferences.) Decryption key management for IEEE 802.11, IPsec, and ISAKMP is easier. OID resolution is now supported on 64-bit Windows. When saving packets, the default choice is now to save only the displayed packets rather than all packets. TCP fast retransmissions are now indicated as an expert info note, rather than a warning, just as TCP retransmissions are. TCP window updates are no longer colorized as "Bad TCP". TShark's command-line options have changed. The previously undocumented -P option is now -2 option for performing a two-pass analysis; the former -S option is now the -P option for printing packets even if writing to a file, and the -S option is now used to specify a different line separator between packets. GeoIP IPv6 databases are now supported. Official releases are available right now from the download page.
link

Wireshark University was launched in March 2007 to provide training on network troubleshooting and network security using Wireshark. Collaborating with Laura Chappell of the Protocol Analysis Institute, we now have a set of four self-paced and instructor-led courses that focus on Wireshark functionality, TCP/IP communications, troubleshooting network performance, network forensics and security. For more information, visit http://www.wiresharkU.com.