Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Wireshark 1.12.9 Release Notes

Table of Contents

1. What is Wireshark?
2. What’s New
2.1. Bug Fixes
2.2. New and Updated Features
2.3. New Protocol Support
2.4. Updated Protocol Support
2.5. New and Updated Capture File Support
3. Getting Wireshark
3.1. Vendor-supplied Packages
4. File Locations
5. Known Problems
6. Getting Help
7. Frequently Asked Questions

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed:

The Windows installers are now built using NSIS 2.50 in order to avoid DLL hijacking flaws.

The following bugs have been fixed:

  • Zooming out (Ctrl+-) too far crashes Wireshark. (Bug 8854)
  • IPv6 Next Header is Unknown yet Wireshark tries parsing an IPv6 Extension Header. (Bug 9996)
  • IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
  • Windows Wireshark Installer does not detect WinPcap which is already installed. (Bug 10867)
  • SSL Decrypted Packet Not Decoded As HTTP. (Bug 10984)
  • Wireshark crashes when using the VoIP player. (Bug 11596)
  • [GSMTAP] Incorrect decoding of MS Radio Access Capability using alternative coding. (Bug 11599)
  • TCP sequence analysis (expert info) does not work in 802.1ah frames. (Bug 11629)
  • No correct GVCP info message for READREG_ACK command. (Bug 11639)
  • Bug in EtherCAT dissector with mailbox response. (Bug 11652)
  • NLM v4 statistics crash. (Bug 11654)
  • Malformed packet with IPv6 mobility header. (Bug 11728)
  • LDAP decode shows invalid number of results for searchResEntry packets. (Bug 11761)
  • IPv6 RPL Routing Header with length of 8 bytes still reads an address. (Bug 11803)
  • g_utf8_validate assertion when reassembling GSM SMS messages encoded in UCS2. (Bug 11809)
  • MPEG2TS NULL pkt: AFC: "Should be 0 for NULL packets" wrong. (Bug 11921)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

6LoWPAN, 802.1ah, AllJoyn, ANSI A, ASN.1 BER, CLNP, CMS, DCOM, DIAMETER, DNS, ERF, GSM A, GSM SMS, GTP, GVCP, HiSLIP, IEEE 802.11, IPv4, IPv6, L2TP, LDAP, MIP6, MP2T, NBAP, NLM, ONC RPC, PCP, RSL, RSVP, SCTP, SDP, SIGCOMP, SNMP, SPDY, T.38, UMTS FP, and ZigBee ZCL

2.5. New and Updated Capture File Support

Ascend, ERF, Sniffer, and VeriWave

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.