Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Changelog

What’s New

    The Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5.

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716.

    wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717.

    wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718.

    wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719.

The following bugs have been fixed:

    console.lua not found in a folder with non-ASCII characters in its name. Bug 15118.

    Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. Bug 15263.

    UDP Multicast Stream double counts. Bug 15271.

    text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. Bug 15292.

    Builds without libpcap fail if the libpcap headers aren’t installed. Bug 15317.

    TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. Bug 15350.

    macOS DMG appears to have duplicate files. Bug 15361.

    Wireshark jumps behind other windows when opening UAT dialogs. Bug 15366.

    Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. Bug 15367.

    Executing -z http,stat -r file.pcapng throws a segmentation fault. Bug 15369.

    IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. Bug 15372.

    In DNS statistics, response times > 1 sec not included. Bug 15382.

    GTPv2 APN dissect problem. Bug 15383.

New and Updated Features

There are no new features in this release.
New Protocol Support

There are no new protocols in this release.
Updated Protocol Support

6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP
New and Updated Capture File Support

There is no new or updated capture file support in this release.
New and Updated Capture Interfaces support

There is no new or updated capture file support in this release.
Major API Changes

    Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717.
    wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718.
    wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719.
    wnpa-sec-2019-05 The ISAKMP dissector could crash. Bug 14470.

The following bugs have been fixed:

    console.lua not found in a folder with non-ASCII characters in its name. Bug 15118.
    Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles. Bug 15263.
    UDP Multicast Stream double counts. Bug 15271.
    text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB. Bug 15292.
    Builds without libpcap fail if the libpcap headers aren’t installed. Bug 15317.
    TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message. Bug 15350.
    Wireshark jumps behind other windows when opening UAT dialogs. Bug 15366.
    Pathnames containing non-ASCII characters are mangled in error dialogs on Windows. Bug 15367.
    Executing -z http,stat -r file.pcapng throws a segmentation fault. Bug 15369.
    IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58. Bug 15372.
    GTPv2 APN dissect problem. Bug 15383.

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

ANSI MAP, ENIP, GSM A, GTPv2, IMF, ISAKMP, P_MUL, RTSE, and TCAP
2.5. New and Updated Capture File Support

There is no new or updated capture file support in this release.
2.6. New and Updated Capture Interfaces support

There are no new or updated capture interfaces supported in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug fixes:

Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427[1])
Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489[2]).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098[3])
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[4])

New and updated features:

Wireshark now supports the Swedish and Ukrainian languages.
Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
The build system now produces reproducible builds (Bug 15163[5]).
The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).
The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6.
TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
The “Capture Information” dialog has been added back (Bug 12004).
The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
APT-X has been renamed to aptX.
When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
Wireshark now includes a “No Reassembly” configuration profile.
Wireshark now supports the Russian language.
The build system now supports AppImage packages.
The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
The Bash test suite has been replaced by one based on Python unittest/pytest.
The custom window title can now show file path of the capture file and it has a conditional separator.
Official releases are available right now from the download page.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-06 ASN.1 BER and related dissectors crash. Bug 15447. CVE-2019-9209.

    wnpa-sec-2019-07 TCAP dissector crash. Bug 15464. CVE-2019-9208.

    wnpa-sec-2019-08 RPCAP dissector crash. Bug 15536.

The following bugs have been fixed:

    Alignment Lost after Editing Column. Bug 14177.

    Crash on applying display filters or coloring rules on capture files containing non-UTF-8 data. Bug 14905.

    tshark outputs debug information. Bug 15341.

    Feature request - HTTP, add the field "request URI" to response. Bug 15344.

    randpkt should be distributed with the Windows installer. Bug 15395.

    Memory leak with "-T ek" output format option. Bug 15406.

    Display error in negative response time stats (gint displayed as unsigned). Bug 15416.

    _epl_xdd_init not found. Bug 15419.

    Decoding of MEGACO/H.248 request shows the Remote descriptor as "Local descriptor". Bug 15430.

    Repeated NFS in Protocol Display field. Bug 15443.

    RBM file dissector adds too many items to the tree, resulting in aborting the program. Bug 15448.

    Wireshark heap out-of-bounds read in infer_pkt_encap. Bug 15463.

    Column width and hidden issues when switching profiles. Bug 15466.

    GTPv1-C SGSN Context Response / Forward Relocation Request decode GGSN address IPV6 issue. Bug 15485.

    Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser. Bug 15489.

    DICOM ASSOCIATE Accept: Protocol Version. Bug 15495.

    Multiple out-of-bounds reads in NetScaler trace handling (wiretap/netscaler.c). Bug 15497.

    Wrong endianess when dissecting the "chain offset" in SMB2 protocol header. Bug 15524.

    Memory leak in mate_grammar.lemon’s recolonize function. Bug 15525.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.
Updated Protocol Support

ASN.1 BER, BSSAP, BT Mesh, DICOM, DNP3, EPL, ETSI CAT, GTP, HTTP, IEEE 802.15.4, ISAKMP, MEGACO, MPLS Echo, RPC, RPCAP, SMB2, and TCAP

New and Updated Capture File Support

IxVeriWave, NetScaler, and Sniffer

New and Updated Capture Interfaces support

There is no new or updated capture file support in this release.

Major API Changes

    Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-06 ASN.1 BER and related dissectors crash. Bug 15447. CVE-2019-9209.
    wnpa-sec-2019-07 TCAP dissector crash. Bug 15464. CVE-2019-9208.
    wnpa-sec-2019-08 RPCAP dissector crash. Bug 15536.

The following bugs have been fixed:

    dftest should be distributed with the Windows installer. Bug 13825.
    Alignment Lost after Editing Column. Bug 14177.
    Crash on applying display filters or coloring rules on capture files containing non-UTF-8 data. Bug 14905.
    Decoding of MEGACO/H.248 request shows the Remote descriptor as "Local descriptor". Bug 15430.
    Repeated NFS in Protocol Display field. Bug 15443.
    Wireshark heap out-of-bounds read in infer_pkt_encap. Bug 15463.
    Column width and hidden issues when switching profiles. Bug 15466.
    GTPv1-C SGSN Context Response / Forward Relocation Request decode GGSN address IPV6 issue. Bug 15485.
    Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser. Bug 15489.
    Multiple out-of-bounds reads in NetScaler trace handling (wiretap/netscaler.c). Bug 15497.
    Wrong endianess when dissecting the "chain offset" in SMB2 protocol header. Bug 15524.

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

ASN.1 BER, BSSAP, DNP3, ETSI CAT, GTP, MEGACO, MPLS Echo, RPC, RPCAP, SMB2, and TCAP

2.5. New and Updated Capture File Support

NetScaler, and Sniffer

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes:

Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427)
Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The following features are new (or have been significantly updated) since version 3.0.0rc1:

The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693).

The following features are new (or have been significantly updated) since version 2.9.0:

Wireshark now supports the Swedish and Ukrainian languages.
Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys.
The build system now produces reproducible builds (Bug 15163).
The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0.

The following features are new (or have been significantly updated) since version 2.6.0:

The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver).
Conversation timestamps are supported for UDP/UDP-Lite protocols
TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file.
The “Capture Information” dialog has been added back (Bug 12004).
The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default.
The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order.
Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8).
The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release.
The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release.
Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs.
APT-X has been renamed to aptX.
When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols.
The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection.
Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
Wireshark now includes a “No Reassembly” configuration profile.
Wireshark now supports the Russian language.
The build system now supports AppImage packages.
The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7.
Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file.
A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them.
The Bash test suite has been replaced by one based on Python unittest/pytest.
The custom window title can now show file path of the capture file and it has a conditional separator.

Removed Features and Support:

The legacy (GTK+) user interface has been removed and is no longer supported.
The portaudio library is no longer needed due to the removal of GTK+.
Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
Wireshark requires GLib 2.32 or later.
Wireshark requires GnuTLS 3.2 or later as optional dependency.
Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported.
Building Wireshark requires CMake. Autotools is no longer supported.
TShark’s -z compare option was removed.
Building with Cygwin is no longer supported on Windows.
New File Format Decoding Support
Ruby Marshal format

New Protocol Support:

Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP), BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers, General Circuit Services Notification Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo Emberplus Data format, Great Britain Companion Specification (GBCS) used in the Smart Metering Equipment Technical Specifications (SMETS), GSM-R (User-to-User Information Element usage), HI3CCLinkData, Intelligent Transport Systems (ITS) application level, ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol, PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable Transport Protocol (SRT), Spirent Test Center Signature decoding for Ethernet and FibreChannel (STCSIG, disabled by default), Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information Retrieval Protocol

New and Updated Capture File Support:

RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export, and Unigraf DPA-400 DisplayPort AUX channel monitor

New and Updated Capture Interfaces support:

dpauxmon, an external capture interface (extcap) that captures DisplayPort AUX channel data from linux kernel drivers.
sdjournal, an extcap that captures systemd journal entries.

Major API Changes:

Lua: the various logging functions (debug, info, message, warn and critical) have been removed. Use the print function instead for debugging purposes.
Lua: on Windows, file-related functions such as dofile now assume UTF-8 paths instead of the local code page. This is consistent with Linux and macOS and improves compatibility on non-English systems. (Bug 15118)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.

    wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.

    wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.

    wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.

    wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.

    wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.

The following bugs have been fixed:

    Wireshark uninstaller fails to remove styles\qwindowsvistastyle.dll. Bug 15469.

    Duplicated TCP SEQ field in ICMP packets. Bug 15533.

    GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.

    Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.

    NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.

    randpkt -r causes segfault when count > 1. Bug 15627.

    Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.

    Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DCERPC SPOOLSS, DHCP, DOF, GSM A RR, GSS-API, HL7, IEEE 802.15.4, ISO 14443, LDSS, NLM, SRVLOC, TCP, and TLS

New and Updated Capture File Support

NetScaler and pcap

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
    wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
    wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
    wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
    wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
    wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.

The following bugs have been fixed:

    GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.

    Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.
    randpkt -r causes segfault when count > 1. Bug 15627.
    Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.

    Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

DCERPC SPOOLSS, DOF, GSM A RR, GSS-API, HL7, IEEE 802.15.4, ISO 14443, LDSS, SRVLOC, and TLS

2.5. New and Updated Capture File Support

NetScaler, and pcap

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

    The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.

    wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.

    wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.

    wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.

    wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.

    wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.

    wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.

    wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.

    wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.

    wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.

The following bugs have been fixed:

    [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.

    [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439.

    Duplicated TCP SEQ field in ICMP packets. Bug 15533.

    Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542.

    Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.

    GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.

    Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.

    %T not supported for timestamps. Bug 15565.

    LWM2M: resource with \r\n badly shown. Bug 15572.

    When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578.

    Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599.

    Windows console log output delay. Bug 15605.

    Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.

    NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.

    randpkt -r causes segfault when count > 1. Bug 15627.

    Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628.

    Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630.

    BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.

    Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.

    Typo: broli → brotli. Bug 15647.

    Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648.

    Windows CHM (help file) title displays quoted HTML characters. Bug 15656.

    Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BGP, BSSAP, Couchbase, DCERPC SPOOLSS, DHCP, DHCPv6, DOF, FP, GSM A RR, GSS-API, GSUP, GTP, GTPv2, H248C, HL7, IEEE 802.11, IEEE 802.15.4, ISO 14443, LDSS, LwM2M-TLV, NLM, Rbm, SIP, SRVLOC, Syslog, TCP, TLS, and TSDNS
New and Updated Capture File Support


NetScaler and pcap

[close]

http://www.wireshark.org/

[SiLæncer]

Termshark is a network protocol analyzer that acts as a network sniffer. To be more precise, it allows you to capture packets from live networks or read them from a previously saved file. Therefore, it can be a powerful tool for anyone interested in analyzing the network traffic in real-time or learn minute details about the connection that enables the detection of anomalies, problems and trends.

MIT License

https://termshark.io/

[SiLæncer]

Changelog

What’s New:

The Windows installers now ship with Qt 5.12.3. They previously shipped with Qt 5.12.1.
The Windows installers now ship with Npcap 0.995. They previously shipped with Npcap 0.992.
The macOS packages are now notarized.

Bug Fixes:

wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.
Add (IETF) QUIC Dissector. Bug 13881.
Wireshark Hangs on startup initializing external capture plugins. Bug 14657.
[oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree — possible infinite loop. Bug 14978.
Wireshark can call extcap with empty multicheck argument. Bug 15065.
CMPv2 KUR message disection gives unexpected value for serialNumber under OldCertId fields. Bug 15154.
"(Git Rev Unknown from unknown)" in version string for official tarball. Bug 15544.
External extcap does not get all arguments sometimes. Bug 15586.
Help file doesn’t display for extcap interfaces. Bug 15592.
Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug 15604.
Building only libraries on windows fails due to CLEAN_C_FILES empty. Bug 15662.
Statistics→Conversations→TCP→Follow Stream - incorrect behavior. Bug 15672.
Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field). Bug 15687.
ws_pipe: leaks pipe handles on errors. Bug 15689.
Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706.
ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie. Bug 15709.
extcap: non-boolean call arguments can be appended without value on selector Reload. Bug 15725.
Incorrectly interpreted format of MQTT PUBLISH payload data. Bug 15738.
print.c: Memory leak in ek_check_protocolfilter. Bug 15758.
IETF QUIC dissector incorrectly parses retry packet. Bug 15764.
Bacnet(app): fix wrong value for id 183 (logging-device → logging-object). Bug 15767.
The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine. Bug 15772.
tshark -G folders leaves mmdbresolve process behind. Bug 15777.
Dissector bug, protocol TLS - failed assertion "data". Bug 15780.
WSMP : header_opt_ind field is not correctly set. Bug 15786.

Updated Protocol Support:

BACapp, DDP, EPL, Frame, IEEE 802.11, IS-IS CLV, ISAKMP, K12, KNXIP, MQTT, PNIO, QUIC, RTCP XR RR, SCTP, SMB2, TDS, TLS, WSMP, and ZEBRA

New and Updated Capture File Support:

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778.

The following bugs have been fixed:

    [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more than 1000000 items in the tree — possible infinite loop. Bug 14978.

    Help file doesn’t display for extcap interfaces. Bug 15592.

    Statistics→Conversations→TCP→Follow Stream - incorrect behavior. Bug 15672.

    Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp field). Bug 15687.

    ws_pipe: leaks pipe handles on errors. Bug 15689.

    ISAKMP: Segmentation fault with non-hex string for IKEv1 Decryption Table Initiator Cookie. Bug 15709.

    print.c: Memory leak in ek_check_protocolfilter. Bug 15758.

    Bacnet(app): fix wrong value for id 183 (logging-device → logging-object). Bug 15767.

    The SMB2 code to look up decryption keys by session ID assumes it’s running on a little-endian machine. Bug 15772.

    tshark -G folders leaves mmdbresolve process behind. Bug 15777.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BACapp, DDP, Frame, IEEE 802.11, IS-IS CLV, RTCP XR RR, and SMB2

New and Updated Capture File Support

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

    The Windows installers now ship with Qt 5.12.4. They previously shipped with Qt 5.12.3.

    The Windows installers now ship with Npcap 0.996. They previously shipped with Npcap 0.995.

    The macOS installer now ships with Qt 5.12.4. It previously shipped with Qt 5.12.1.

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619.

The following bugs have been fixed:

    "ninja install" installs help/faq.py instead of help/faq.txt. Bug 15543.

    In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match the filter "eth.dst". Bug 15731.

    Developer’s Guide section 3.9 "Contribute your changes" should incorporate or link "Writing a good commit message" from the Wiki. Bug 15752.

    RSL dissector bugs in presence of optional IEs. Bug 15789.

    The "Media Attribute Value" field is missed in rtcp SDP dissection (packet-sdp.c). Bug 15791.

    BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug 15807.

    Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are swapped. Bug 15821.

    tshark: Display filter error message references "-d" when it should reference "-Y". Bug 15825.

    Open "protocol" preferences …​ does not work for protocol in subtree. Bug 15836.

    Problems with sshdump "Error by extcap pipe: sh: sudo: command not found". Bug 15845.

    editcap won’t change encapsulation type when writing pcap format. Bug 15873.

    ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in the 3.0.2. Bug 15887.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet, ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL, SDP, SMB, TNEF, and Wi-SUN
New and Updated Capture File Support

Ascend

New and Updated Capture Interfaces support

There is no new or updated capture file support in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619.

The following bugs have been fixed:

    Wireshark 2.6.3 crashes in QIcon destructor on closing the main window on Ubuntu 14.04 and 16.04. Bug 15241.

    RSL dissector bugs in presence of optional IEs. Bug 15789.

    The "Media Attribute Value" field is missed in rtcp SDP dissection (packet-sdp.c). Bug 15791.

    BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug 15807.

    tshark: Display filter error message references "-d" when it should reference "-Y". Bug 15825.

    Open "protocol" preferences …​ does not work for protocol in subtree. Bug 15836.

    Problems with sshdump "Error by extcap pipe: sh: sudo: command not found". Bug 15845.

    editcap won’t change encapsulation type when writing pcap format. Bug 15873.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ASN.1, BTLE, CUPS, DNS, DPNSS, GSM RLC/MAC, HiQnet, ISObus VT, MAC LTE, MIME multipart, MQ, RSL, SDP, SMB, and TNEF

New and Updated Capture File Support

Ascend

[close]

http://www.wireshark.org/