Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark 1.12.2 Release Notes


1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed.

The following bugs have been fixed:

  • Wireshark determine packets of MMS protocol as a packets of T.125 protocol. (Bug 10350)
  • 6LoWPAN Mesh headers not treated as encapsulating address. (Bug 10462)
  • UCP dissector bug of operation 31 - PID 0639 not recognized. (Bug 10463)
  • iSCSI dissector rejects PDUs with "expected data transfer length" > 16M. (Bug 10469)
  • GTPv2: trigging_tree under Trace information has wrong length. (Bug 10470)
  • openflow_v1 OFPT_FEATURES_REPLY parsed incorrectly. (Bug 10493)
  • Capture files from a remote virtual interface on MacOS X 10.9.5 aren’t dissected correctly. (Bug 10502)
  • Problem specifying protocol name for filtering. (Bug 10509)
  • LLDP TIA Network Policy Unknown Policy Flag Decode is not correct. (Bug 10512)
  • Decryption of DCERPC with Kerberos encryption fails. (Bug 10538)
  • Dissection of DECRPC NT sid28 shouldn’t show expert info if tree is null. (Bug 10542)
  • Attempt to render an SMS-DELIVER-REPORT instead of an SMS-DELIVER. (Bug 10547)
  • IPv6 Calipso option length is not used properly. (Bug 10561)
  • The SPDY dissector couldn’t dissecting packet correctly. (Bug 10566)
  • IPv6 QuickStart option Nonce is read incorrectly. (Bug 10575)
  • IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field. (Bug 10576)
  • IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data. (Bug 10577)
  • IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data. (Bug 10578)
  • Wrong offset for hf_mq_id_icf1 in packet-mq.c. (Bug 10597)
  • Malformed PTPoE announce packet. (Bug 10611)
  • IPv6 Permanent Home Keygen Token mobility option includes too many bytes for the token field. (Bug 10619)
  • IPv6 Redirect Mobility Option K and N bits are parsed incorrectly. (Bug 10622)
  • IPv6 Care Of Test mobility option includes too many bytes for the Keygen Token field. (Bug 10624)
  • IPv6 MESG-ID mobility option is parsed incorrectly. (Bug 10625)
  • IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
  • IPv6 DNS-UPDATE-TYPE mobility option includes too many bytes for the MD identity field. (Bug 10629)
  • IPv6 Local Mobility Anchor Address mobility option’s code and reserved fields are parsed as 2 bytes instead of 1. (Bug 10630)
  • WCCP v.2.01 extended assignment data element parsed wrong. (Bug 10641)
  • DNS ISDN RR Sub Address field is read one byte early. (Bug 10650)
  • TShark crashes when running with PDML on a specific packet. (Bug 10651)
  • DNS A6 Address Suffix field is parsed incorrectly. (Bug 10652)
  • DNS response time: calculation incorrect. (Bug 10657)
  • SMPP does not display properly the hour field in the Submit_sm Validity Period field. (Bug 10672)
  • DNS Name Length for Zone RR on root is 6 and Label Count is 1. (Bug 10674)
  • DNS WKS RR Protocol field is read as 4 bytes instead of 1. (Bug 10675)
  • IPv6 Mobility Option Context Request reads an extra request. (Bug 10676)

2.2. New and Updated Features

There are no new features in this release.

The Windows installers no longer include previews of Wireshark 2. If you want to try the new user interface, please download a development (1.99) installer.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

6LoWPAN, AMQP, ANSI IS-637-A, Bluetooth HCI, CoAP, DCERPC (all), DCERPC NT, DNS, GSM MAP, GTPv2, H.223, HPSW, HTTP2, IEEE 802.11, IPv6, iSCSI, Kerberos, LBT-RM, LLDP, MIH, Mobile IPv6, MQ, NCP, OpcUa, OpenFlow, PKTAP, PTPoE, SigComp, SMB2, SMPP, SPDY, Stanag 4607, T.125, UCP, USB CCID, and WCCP

2.5. New and Updated Capture File Support

Catapult DCT2000, HP-UX nettl, Ixia IxVeriWave, pcap, pcap-ng, RADCOM, and Sniffer (DOS)

3. Getting Wireshark

Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.