Wireshark popularny sniffer

Wireshark 2.0: wygodniejsze „wąchanie” sieci dzięki nowemu interfejsowi

Kliknij aby rozwinąć...

The following vulnerabilities have been fixed:

• wnpa-sec-2017-22
• Bazaar dissector infinite loop (Bug 13599) CVE-2017-9352
• wnpa-sec-2017-23
• DOF dissector read overflow (Bug 13608) CVE-2017-9348
• wnpa-sec-2017-24
• DHCP dissector read overflow (Bug 13609, Bug 13628) CVE-2017-9351
• wnpa-sec-2017-25
• SoulSeek dissector infinite loop (Bug 13631) CVE-2017-9346
• wnpa-sec-2017-26
• DNS dissector infinite loop (Bug 13633) CVE-2017-9345
• wnpa-sec-2017-27
• DICOM dissector infinite loop (Bug 13685) CVE-2017-9349
• wnpa-sec-2017-28
• openSAFETY dissector memory exhaustion (Bug 13649) CVE-2017-9350
• wnpa-sec-2017-29
• BT L2CAP dissector divide by zero (Bug 13701) CVE-2017-9344
• wnpa-sec-2017-30
• MSNIP dissector crash (Bug 13725) CVE-2017-9343
• wnpa-sec-2017-31
• ROS dissector crash (Bug 13637) CVE-2017-9347
• wnpa-sec-2017-32
• RGMP dissector crash (Bug 13646) CVE-2017-9354
• wnpa-sec-2017-33
• IPv6 dissector crash (Bug 13675) CVE-2017-9353

The following bugs have been fixed:

• DICOM dissection error. (Bug 13164)
• Qt: drag & drop of one column header in PacketList moves other columns. (Bug 13183)
• Can not export captured DICOM objects in version 2.2.5. (Bug 13570)
• False complain about bad checksum of ICMP extension header. (Bug 13586)
• LibFuzzer: ISUP dissector bug (isup.number_different_meaning). (Bug 13588)
• Dissector Bug, protocol BT ATT. (Bug 13590)
• Wireshark dispalys RRCConnectionReestablishmentRejectRRCConnectionReestablishmentReject in Info column. (Bug 13595)
• [oss-fuzz] UBSAN: shift exponent 105 is too large for 32-bit type int in packet-ositp.c:551:79. (Bug 13606)
• [oss-fuzz] UBSAN: shift exponent -77 is negative in packet-netflow.c:7717:23. (Bug 13607)
• [oss-fuzz] UBSAN: shift exponent 1959 is too large for 32-bit type int in packet-sigcomp.c:2128:28. (Bug 13610)
• [oss-fuzz] UBSAN: shift exponent 63 is too large for 32-bit type guint32 (aka unsigned int) in packet-rtcp.c:917:24. (Bug 13611)
• [oss-fuzz] UBSAN: shift exponent 70 is too large for 64-bit type guint64 (aka unsigned long) in dwarf.c:42:43. (Bug 13616)
• [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-xot.c:260:23. (Bug 13618)
• [oss-fuzz] UBSAN: shift exponent -5 is negative in packet-sigcomp.c:1722:36. (Bug 13619)
• [oss-fuzz] UBSAN: index 2049 out of bounds for type char [2049] in packet-quakeworld.c:134:5. (Bug 13624)
• [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-netsync.c:467:25. (Bug 13639)
• [oss-fuzz] UBSAN: shift exponent 32 is too large for 32-bit type int in packet-sigcomp.c:3857:24. (Bug 13641)
• [oss-fuzz] ASAN: stack-use-after-return epan/dissectors/packet-ieee80211.c:14341:23 in add_tagged_field. (Bug 13662)
• Welcome screen invalid capture filter wihtout WinPcap installed causes runtime error. (Bug 13672)
• SMB protocol parser does not parse SMB_COM_TRANSACTION2_SECONDARY (0x33) command correctly. (Bug 13690)
• SIP packets with SDP marked as malformed. (Bug 13698)
• [oss-fuzz] UBSAN: index 8 out of bounds for type gboolean const[8] in packet-ieee80211-radiotap.c:1836:12. (Bug 13713)
• Crash on "Show packet bytes…" context menu item click. (Bug 13723)
• DNP3 dissector does not properly decode packed variations with prefixed qualifiers. (Bug 13733)

Updated Protocol Support:

• Bazaar, BT ATT, BT L2CAP, DHCP, DICOM, DNP3, DNS, DOF, DWARF, ICMP, IEEE 802.11, IPv6, ISUP, LTE RRC, MSNIP, Netflow, Netsync, openSAFETY, OSITP, QUAKEWORLD, Radiotap, RGMP, ROS, RTCP, SIGCOMP, SMB, SoulSeek, and XOT

Kliknij aby rozwinąć...

1. What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

2. What’s New

2.1. Bug Fixes
The following vulnerabilities have been fixed:
wnpa-sec-2017-13
WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410
Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12.
wnpa-sec-2017-28
openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411

Note: This is an update for a fix in Wireshark 2.2.7.
wnpa-sec-2017-34
AMQP dissector crash. (Bug 13780) CVE-2017-11408
wnpa-sec-2017-35
MQ dissector crash. (Bug 13792) CVE-2017-11407
wnpa-sec-2017-36
DOCSIS infinite loop. (Bug 13797) CVE-2017-11406

The following bugs have been fixed:
Y.1711 dissector reverses defect type order. (Bug 8292)
Packet list keeps scrolling back to selected packet while names are being resolved. (Bug 12074)
[REGRESSION] Export Objects do not show files from a SMB2 capture. (Bug 13214)
LTE RRC: lte-rrc.q_RxLevMin filter fails on negative values. (Bug 13481)
Hexpane showing in proportional font again. (Bug 13638)
Regression in SCCP fragments handling. (Bug 13651)
TCAP SRT incorrectly matches TC_BEGINs and TC_ENDs. (Bug 13739)
Dissector for WSMP (IEEE 1609.3) not current. (Bug 13766)
RANAP: possible issue in the heuristic code. (Bug 13770)
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type int in packet-btrfcomm.c:314:37. (Bug 13783)
RANAP: false positives on heuristic algorithm. (Bug 13791)
Automatic name resolution not saved to PCAP-NG NRB. (Bug 13798)
DAAP dissector dissect_daap_one_tag recursion stack exhausted. (Bug 13799)
Malformed DCERPC PNIO packet decode, exception handler invalid poionter reference. (Bug 13811)
It seems SPVID was decoded from wrong field. (Bug 13821)
README.dissectors: Add notes about predefined string structures not available to plugin authors. (Bug 13828)
Statistics→Packet Lengths doesn’t display details for 5120 or greater. (Bug 13844)
cmake/modules/FindZLIB.cmake doesn’t find inflatePrime. (Bug 13850)
BGP: incorrect decoding COMMUNITIES whose length is larger than 255. (Bug 13872)

2.2. New and Updated Features
There are no new features in this release.

2.3. New File Format Decoding Support
There are no new file formats in this release.

2.4. New Protocol Support
There are no new protocols in this release.

2.5. Updated Protocol Support
AMQP, BGP, BSSMAP, BT RFCOMM, DAAP, DOCSIS, E.212, FDDI, GSM A GM, GSM BSSMAP, IEEE 802.11, IP, ISIS LSP, LTE RRC, MQ, OpenSafety, OSPF, PROFINET IO, RANAP, SCCP, SGSAP, SMB2, TCAP, TCP, UMTS FP, UMTS RLC, WBXML, WSMP, and Y.1711

2.6. New and Updated Capture File Support
pcap pcap-ng

2.7. New and Updated Capture Interfaces support
There are no new or updated capture interfaces supported in this release.

2.8. Major API Changes
There are no major API changes in this release.

3. Getting Wireshark
Wireshark source code and installation packages are available from

Zaloguj lub Zarejestruj się aby zobaczyć!

.

3.1. Vendor-supplied Packages
Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

4. File Locations
Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.

5. Known Problems
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)
The BER dissector might infinitely loop. (Bug 1516)
Capture filters aren’t applied when capturing from named pipes. (Bug 1814)
Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)
Application crash when changing real-time option. (Bug 4035)
Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)
Wireshark should let you work with multiple capture files. (Bug 10488)
Dell Backup and Recovery (DBAR) makes many Windows applications crash, including Wireshark. (Bug 12036)

Kliknij aby rozwinąć...

July 19, 2017

Wireshark 2.4.0 has been released. Installers for Windows, macOS, and source code are now available.

New or significantly updated features since version 2.2.0

• Experimental 32-bit and 64-bit Windows Installer (.msi) packages are available. It is recommended that you use these independently of the NSIS (.exe) installers. That is, you should make sure the NSIS package is completely uninstalled before installing the Windows Installer package and vice-versa.
• Source packages are now compressed using xz instead of bzip2.
• The legacy (GTK+) UI is disabled by default in the Windows installers.
• The legacy (GTK+) UI is disabled by default in the development environment (Autotools and CMake).
• SS7 Point Codes can now be resolved into names with a hosts-like file.
• Wireshark can now go fullscreen to have more room for packets.
• TShark can now export objects like the other GUI interfaces.
• Support for G.722 and G.726 codecs in the RTP Player (via the SpanDSP library).
• You can now choose the output device when playing RTP streams.
• Added support for dissectors to include a unit name natively in their hf field. A field can now automatically append "seconds" or "ms" to its value without additional printf-style APIs.
• The Default profile can now be reset to default values.
• You can move back and forth in the selection history in the Qt UI.
• IEEE 802.15.4 dissector now uses an UAT for decryption keys. The original decryption key preference has been obsoleted.
• Extcap utilities can now provide configuration for a GUI interface toolbar to control the extcap utility while capturing.
• Extcap utilities can now validate the capture filter.
• Display filter function len() can now be used on all string and byte fields.
• Added an experimental timeline view for 802.11 wireless packet data which can be enabled via the "802.11 radio information" preferences.
• Added TLS 1.3 (draft 21) dissection and decryption support (
  Zaloguj lub Zarejestruj się aby zobaczyć!
  ).
• The (D)TLS Application Layer protocol (e.g. HTTP or CoAP) can now be changed via the Decode As dialog.
• The RSA keys dialog for SSL keys has improved feedback for invalid settings and no longer requires the IP address, Port or Protocol fields to be set in addition to the Key File.
• TCP Analysis will detect and flag more spurious retransmissions.

New Protocol Support
Bluetooth HCI Vendor Intel, CAN FD, Citrix NetScaler Metric Exchange Protocol, Citrix NetScaler RPC Protocol, DirectPlay 8 protocol, Ericsson A-bis P-GSL, Ericsson A-bis TFP (Traffic Forwarding Protocol), Facebook Zero, Fc00/cjdns Protocol, Generic Netlink (genl), GSM Osmux, GSMTAP based logging, Health Level 7 (HL7), High-speed SECS message service (HSMS), HomePNA, IndigoCare iCall protocol, IndigoCare Netrix protocol, iPerf2, ISO 15765, Linux 802.11 Netlink (nl80211), Local Service Discovery (LSD), M2 Application Protocol, Mesh Link Establishment (MLE), MUDURL, Netgear Ensemble Protocol, NetScaler HA Protocol, NetScaler Metric Exchange Protocol, NetScaler RPC Protocol, NM protocol, Nordic BLE Sniffer, NVMe, NVMe Fabrics RDMA, OBD-II PIDs, OpenThread simulator, RFTap Protocol, SCTE-35 Digital Program Insertion Messages, Snort Post-dissector, Thread CoAP, UDP based FTP w/ multicast (UFTP and UFTP4), Unified Diagnostic Services (UDS), vSocket, Windows Cluster Management API (clusapi), and X-Rite i1 Display Pro (and derivatives) USB protocol

Kliknij aby rozwinąć...