Wireshark 1.4.1 Release Notes


What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security advisory for details and a workaround.

  • The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230)

    Versions affected: All previous versions up to and including 1.2.11 and 1.4.0.

    CVE-2010-3445

The following bugs have been fixed:

  • Wireshark may appear offscreen on multi-monitor Windows systems. (Bug 553)

  • Incorrect behavior using sorting in the packet list. (Bug 2225)

  • Cooked-capture dissector should omit the source address field if empty. (Bug 2519)

  • MySQL dissector doesn't dissect MySQL stream. (Bug 2691)

  • Wireshark crashes if active display filter macro is renamed. (Bug 5002)

  • Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)

  • TCP bytes_in_flight becomes inflated with lost packets. (Bug 5132)

  • Wireshark fails to start on Windows XP 64bit. (Bug 5160)

  • GTP header is exported in PDML with an incorrect size. (Bug 5162)

  • Packet list hidden columns will not be parsed correctly from preferences file. (Bug 5163)

  • Wireshark does not display the t.38 graph. (Bug 5165)

  • Wireshark don't show mgcp calls in "Telephony → VoIP calls". (Bug 5167)

  • Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug 5172)

  • GTPv2: IMSI is decoded improperly. (Bug 5179)

  • [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug 5186)

  • Wireshark mistakenly writes "not all data available" for IPv4 checksum. (Bug 5194)

  • GSM: Cell Channel Description, range 1024 format. (Bug 5214)

  • Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)

  • The CLDAP attribute value on a CLDAP reply is no longer being decoded. (Bug 5239)

  • [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)

  • [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug 5246)

  • NTLMSSP_AUTH domain and username truncated to first letter with IE8/Windows7 (generating the NTLM packet). (Bug 5251)

  • IPv6 RH0: dest addr is to be used i.s.o. last RH address when 0 segments remain. (Bug 5252)

  • EIGRP dissection error in Flags field in external route TLVs. (Bug 5261)

  • MRP packet is not correctly parsed in PROFINET multiple write record request. (Bug 5267)

  • MySQL Enhancement: support of Show Fields and bug fix. (Bug 5271)

  • [NAS EPS] Fix TFT decoding when having several Packet Filters defined. (Bug 5274)

  • Crash if using ssl.debug.file with no password for ssl.keys_list. (Bug 5277)

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP, GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL, NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP

New and Updated Capture File Support

There are no new or updated capture file formats in this release.

Getting Wireshark

Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About->Folders to find the default locations on your system.

Known Problems

Wireshark might make your system disassociate from a wireless network on OS X 10.4. (Bug 1315)

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren't applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with display filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not ship with the same libraries as the 32-bit installer. (Bug 3610)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Summary pane selected frame highlighting not maintained. (Bug 4445)

Getting Help

Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the web site.

Training is available from Wireshark University.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.

Enhance Wireshark

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products.

Troubleshoot your Network

Free 30 day trial

Free 30 day trial

  • Save hours on network and application issue diagnoses
  • Monitor physical and virtual environments
  • GUI packet capture and analysis
  • Fully integrated with Wireshark

Try Cascade Shark VE & Cascade Pilot Free for 30 Days

802.11 Packet Capture

Riverbed AirPcap
  • WLAN packet capture and transmission
  • Full 802.11 a/b/g/n support
  • View management, control and data frames
  • Multi-channel aggregation (with multiple adapters)

Learn More

Buy Now

Packet Analysis Made Easy

    Cascade Pilot Personal Edition graphs
  • Visually rich, powerful LAN analyzer
  • Quickly access very large pcap files
  • Professional, customizable reports
  • Advanced triggers and alerts
  • Fully integrated with Wireshark

Try Cascade Pilot PE FREE for 10 days

Buy Now