Wireshark 0.99.5 Release Notes


What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The TCP dissector could hang or crash while reassembling HTTP packets. (Bug 1200)

    Versions affected: 0.99.2 to 0.99.4

    CVE-2007-0459

  • The HTTP dissector could crash.

    Versions affected: 0.99.3 to 0.99.4

    CVE-2007-0458

  • On some systems, the IEEE 802.11 dissector could crash.

    Versions affected: 0.10.14 to 0.99.4

    CVE-2007-0457

  • On some systems, the LLT dissector could crash.

    Versions affected: 0.99.3 to 0.99.4

    CVE-2007-0456

The following bugs have been fixed:

  • On Windows systems the packet list scroll bar could sometimes disappear or become unusable. (Bug 220)

  • The end of HTTP chunked encoding wasn't being displayed. (Bug 646)

  • The Follow TCP Stream window could omit characters. (Bug 1043)

  • Opening a flow graph could crash Wireshark. (Bug 1117)

  • Follow TCP Stream would sometimes get the direction wrong. (Bug 1138)

  • The foreground text in the coloring rules editor was always black. (Bug 1164)

  • The CSV export format was incorrect. (Bug 1173)

  • On some Windows systems Wireshark could take a long time to start up.

  • Malformed UDLD packets could cause an exception.

  • The ISUP statistics report could overflow a buffer and crash when displaying IPv6 addresses.

New and Updated Features

The following features are new (or have been significantly updated) since the last release:

  • We are now offering Wireshark as a U3 package for Windows. U3 packages are suitable for using on USB drives and CD-ROMs. It's still experimental, but you're welcome to try it out and report any problems or successes.

  • Decryption support for WPA/WPA2 and SNMPv3 has been added. The TDS / MS SQL dissector now de-obfuscates passwords.

  • 64-bit file handling has been improved.

  • The Find function now selects the corresponding packet detail item. Find functionality has been added to the TCP and SSL stream dialogs.

  • Main window keyboard navigation has been improved.

  • Windows file dialogs now show the "places" bar (Desktop, My Documents, My Computer, My Network Places, etc). File dialogs now default to "My Documents" in accordance with Microsoft's HIG.

  • AirPcap support (which provides raw mode capture under Windows) has been enhanced to allow capturing on multiple AirPcap adapters simultaneously.

  • You can no longer install Wireshark on Windows 95, 98, or ME. (OK, so it's not a feature per se, but it's an important change). The last version known to work on these systems is Ethereal 0.99.0.

  • ASN.1 BER-encoded files can now be dissected according to a user-specified syntax.

New Protocol Support

DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN v2

Updated Protocol Support

2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1 BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS, EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP, DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248, HPSW, HTTP, ICMP, ICMPv6, IEEE 802.11, IMAP, INAP, IPMI, IPsec, IRC, ISAKMP, iSCSI, ISIS LSP, IuUP, K12, Kerberos, LDAP, LLDP, MEGACO, MGCP, MIME Multipart, MMS, MMSE, MSRP, MySQL, NetFlow, NFS, NTLMSSP, NTP, OSPF, PN-PTCP, PPPoE, Q.931, Radiotap, RADIUS, RPC, RSVP, RTCP, S4406, SCCP, SCSI, SDP, SES, sFlow, SIGCOMP, SIP, SIR, Skinny, SMB (SMB, NETLOGON), SMTP, SNMP, SPNEGO, SSL, T.38, TCP, TDS, text/media, TIPC, UDLD, UDP Lite, UDP, UMA, UMTS FP, USB, VNC, WBXML, WLCCP, WSP, X.411, X.420, XML, XOT, YMSG

New and Updated Capture File Support

Catapult DCT2000, Netttl, Windows Sniffer / NetXray

Getting Wireshark

Wireshark source code and installation packages are available from the download page on the main web site.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

Known Problems

The Filter button is nonfunctional in the file dialogs under Windows. (Bug 942)

Getting Help

Community support is available on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.

Commercial support, training, and development services are available from CACE Technologies.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Troubleshoot your Network

Free 30 day trial

Free 30 day trial

  • Save hours on network and application issue diagnoses
  • Monitor physical and virtual environments
  • GUI packet capture and analysis
  • Fully integrated with Wireshark

Try Cascade Shark VE & Cascade Pilot Free for 30 Days

802.11 Packet Capture

Riverbed AirPcap
  • WLAN packet capture and transmission
  • Full 802.11 a/b/g/n support
  • View management, control and data frames
  • Multi-channel aggregation (with multiple adapters)

Learn More

Buy Now

Packet Analysis Made Easy

    Cascade Pilot Personal Edition graphs
  • Visually rich, powerful LAN analyzer
  • Quickly access very large pcap files
  • Professional, customizable reports
  • Advanced triggers and alerts
  • Fully integrated with Wireshark

Try Cascade Pilot PE FREE for 10 days

Buy Now