Official certification from the Wireshark Foundation is available! Learn about becoming a Wireshark Certified Analyst.

Wireshark 2.0.13 Release Notes

Table of Contents

1. What is Wireshark?
2. What’s New
2.1. Bug Fixes
2.2. New and Updated Features
2.3. New File Format Decoding Support
2.4. New Protocol Support
2.5. Updated Protocol Support
2.6. New and Updated Capture File Support
2.7. New and Updated Capture Interfaces support
3. Getting Wireshark
3.1. Vendor-supplied Packages
4. File Locations
5. Known Problems
6. Getting Help
7. Frequently Asked Questions

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed:

The following bugs have been fixed:

  • DICOM dissection error. (Bug 13164)
  • Can not export captured DICOM objects in version 2.2.5. (Bug 13570)
  • LibFuzzer: ISUP dissector bug (isup.number_different_meaning). (Bug 13588)
  • Dissector Bug, protocol BT ATT. (Bug 13590)
  • [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type int in packet-ositp.c:551:79. (Bug 13606)
  • [oss-fuzz] UBSAN: shift exponent -77 is negative in packet-netflow.c:7717:23. (Bug 13607)
  • [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type int in packet-sigcomp.c:2128:28. (Bug 13610)
  • [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type guint32 (aka unsigned int) in packet-rtcp.c:917:24. (Bug 13611)
  • [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type guint64 (aka unsigned long) in dwarf.c:42:43. (Bug 13616)
  • [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-xot.c:260:23. (Bug 13618)
  • [oss-fuzz] UBSAN: shift exponent -5 is negative in packet-sigcomp.c:1722:36. (Bug 13619)
  • [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in packet-quakeworld.c:134:5. (Bug 13624)
  • [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-netsync.c:467:25. (Bug 13639)
  • [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-sigcomp.c:3857:24. (Bug 13641)
  • [oss-fuzz] ASAN: stack-use-after-return epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field. (Bug 13662)
  • Welcome screen invalid capture filter wihtout WinPcap installed causes runtime error. (Bug 13672)
  • SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY (0x33) command correctly. (Bug 13690)

2.2. New and Updated Features

There are no new features in this release.

2.3. New File Format Decoding Support

There are no new file formats in this release.

2.4. New Protocol Support

There are no new protocols in this release.

2.5. Updated Protocol Support

Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNS, DWARF, IEEE 802.11, ISUP, MSNIP, Netflow, Netsync, openSAFETY, OSITP, QUAKEWORLD, RGMP, RTCP, SIGCOMP, SMB, SoulSeek, and XOT

2.6. New and Updated Capture File Support

There is no new or updated capture file support in this release.

2.7. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

3. Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

Application crash when changing real-time option. (Bug 4035)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

Wireshark should let you work with multiple capture files. (Bug 10488)

Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

6. Getting Help

Community support is available on Wireshark’s Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark’s mailing lists can be found on the web site.

Official Wireshark training and certification are available from Wireshark University.

7. Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.