Wireshark 0.99.3 Release Notes


What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The SCSI dissector could crash. Versions affected: 0.99.2. CVE-2006-4330

  • If Wireshark was compiled with ESP decryption support, the IPsec ESP preference parser was susceptible to off-by-one errors. Versions affected: 0.99.2. CVE-2006-4331

  • The DHCP dissector (and possibly others) in the Windows version of Wireshark could trigger a bug in Glib and crash. Versions affected: 0.10.13 - 0.99.2. CVE-2006-4332

  • If the SSCOP dissector has a port range configured and the SSCOP payload protocol is Q.2931, a malformed packet could make the Q.2931 dissector use up available memory. No port range is configured by default. Versions affected: 0.7.9 - 0.99.2. CVE-2006-4333

The following bugs have been fixed:

  • The VOIP call analysis feature could cause an assertion.

  • The RTP analysis feature could freeze for an extended period.

  • Selecting "Apply as Filter" wouldn't work for some tree items.

New and Updated Features

The following features are new (or have been significantly updated) since the last release:

  • ESP, Kerberos, and SSL decryption are now supported in the Windows installer. (As as result, Wireshark is now subject to United States export controls.)

  • The packet list context menu now includes a conversation filter.

  • Wireshark can now generate ACL rules for several popular firewall products.

  • Wireshark now supports AirPcap, including raw 802.11 captures under Windows.

New Protocol Support

Daytime, JPEG (RTP payload), Pegasus Lightweight Stream Control, Pro-MPEG FEC, UMTS RRC, Veritas Low Latency Transport

Updated Protocol Support

All ASN.1 dissectors, 3G A11, 802.11, AIM SST, AJP13, ANSI 637, AVS WLAN, BACapp, BFD, CDP, Cisco WIDS, DCERPC (DCERPC, CONV, DFS, EPM, FLDB, NETLOGON, NT, PN-IO, RS_PGO), DCOM, DHCP, DIAMETER, DTLS, EAPOL, ESP, H.225, H.245, H.450, HTTP, IPv6, ISAKMP, Juniper, Kerberos, L2TP, LDAP, MSRP, NTLMSSP, PN-CBA, PN-RT, Prism, RSVP, RTCP, RUDP, SCSI, SCTP, SDP, SIP, SIPFRAG, Skinny, SMB, SSL, TCP, text/media, Time, XML

New and Updated Capture File Support

Catapult DCT2000, nettl

Getting Wireshark

Wireshark source code and installation packages are available from the download page on the main web site.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

Known Problems

On Windows systems the packet list scroll bar can sometimes disappear or become unusable. Until the problem is fixed you can work around it by resizing the packet list or the main window. (Bug 220)

The Filter button is nonfunctional in the file dialogs under Windows. (Bug 942)

Trying to save flow data may crash Wireshark. (Bug 396)

It may not be possible to re-order coloring rules under Windows. (Bug 699)

Multiple tap interfaces may cause a crash under FreeBSD. (Bug 757)

Wireshark may crash while viewing TCP streams. (Bug 852)

Getting Help

Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.

Commercial support, training, and development services are available from CACE Technologies.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Troubleshoot your Network

Free 30 day trial

Free 30 day trial

  • Save hours on network and application issue diagnoses
  • Monitor physical and virtual environments
  • GUI packet capture and analysis
  • Fully integrated with Wireshark

Try Cascade Shark VE & Cascade Pilot Free for 30 Days

802.11 Packet Capture

Riverbed AirPcap
  • WLAN packet capture and transmission
  • Full 802.11 a/b/g/n support
  • View management, control and data frames
  • Multi-channel aggregation (with multiple adapters)

Learn More

Buy Now

Packet Analysis Made Easy

    Cascade Pilot Personal Edition graphs
  • Visually rich, powerful LAN analyzer
  • Quickly access very large pcap files
  • Professional, customizable reports
  • Advanced triggers and alerts
  • Fully integrated with Wireshark

Try Cascade Pilot PE FREE for 10 days

Buy Now