Download Wireshark 0.99.7

Cace Technologies released version 0.99.7 of its protocol analyzer and packet sniffer Wireshark yesterday. Wireshark is the new name of Ethereal. When lead developer and founder Gerald Combs exchanged the company NIS for Cace Technologies, he could take the software with him, but not the name because of the rights that rest on it. More information about this change is in this article found on NewsForge. Wireshark can be used to parse and analyze many hundreds of different network protocols and data sent over the network. It can also use already stored data traffic as input. The changelog of this release shows the following changes and improvements:

Bug Fixes

• Wireshark could crash when reading an MP3 file.
• Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
• Stefan Esser discovered a buffer overflow in the SSL dissector.
• The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms.
• The Firebird/Interbase dissector could go into an infinite loop or crash.
• The NCP dissector could cause a crash.
• The HTTP dissector could crash on some systems while decoding chunked messages.
• The MEGACO dissector could enter a large loop and consume system resources.
• The DCP ETSI dissector could enter a large loop and consume system resources.
• Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser.
• The PPP dissector could overflow a buffer.
• The Bluetooth SDP dissector could go into an infinite loop.
• A malformed RPC Portmap packet could cause a crash.
• The IPv6 dissector could loop excessively.
• The USB dissector could loop excessively or crash.
• The SMB dissector could crash.
• The RPL dissector could go into an infinite loop.
• The WiMAX dissector could crash due to unaligned access on some platforms.
• The CIP dissector could attempt to allocate a huge amount of memory and crash.
• Handling of non-ASCII file names and paths has been improved.
• Wireshark could crash while editing a coloring rule or a UAT table.
• The display filter code could crash while bitwise ANDing an IPv4 address.

New and Updated Features

• Most of the capture code has been moved out of the GUI, which means that Wireshark no longer needs to be run as root.
• Many display filter names have been cleaned up. If your favorite display filter just went missing, please consult the display filter reference to find out where it ended up.
• You can now filter directly on SNMP OIDs.
• IO graphs have more display options, and you can now export graphs.
• You can now follow UDP streams in addition to TCP and SSL streams.
• You can now disable coloring rules without deleting them.
• Main window toolbar buttons are now available even when the window is small.
• The version of WinPcap that ships with the Windows installers has been updated to 4.0.2.
• The Windows installers now include a “services” file, which maps port numbers to names.
• The Windows installer now enables npf.sys by default under Vista. Wireshark will print a warning at startup if npf.sys isn’t loaded under Vista.
• Optimizations have been applied in some places to make Wireshark start up and run faster.

New Protocol Support

• ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT, ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah, IMF (RFC 2822), RSL , SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN, WiMAX ASN Control Plane, X.224,

Updated Protocol Support

• 3Com XNS, 3G A11, ACN, ACP123, ACSE, AIM, ANSI IS-637-A, ANSI MAP, Armagetronad, BACapp, BACnet, BER, BFD, BGP, Bluetooth, CAMEL, CDT, CFM, CIP, Cisco ERSPAN, CLNP , CMIP, CMS, COPS, CTDB, DCCP, DCERPC ATSVC, DCERPC PNIO, DCERPC SAMR, DCERPC, DCOM CBA-ACCO, DCP ETSI, DEC DNA, DFS, DHCP/BOOTP, DHCPv6, DIAMETER, DISP, DMP, DNP, DNS , DOP, DTLS, DUA, eDonkey, ELSM, ESL, Ethernet, FC ELS, FC, FCOE, FTAM, FTP, GDSDB, GIOP, GPRS-LLC, GSM A, GSM MAP, GTP, HSRP, HTTP, IAX2, ICMPv6, IEEE 802.11, INAP, IP, IPMI, IPv6, ISAKMP, ISIS, iSNS, ISUP, IUUP, JXTA, K12, Kerberos, L2TP, LAPD, LDAP, LINX, LPD, LWAPP, MEGACO, MIKEY, MIME Multipart, MMS, MP2T, MPEG PES, MPEG, MTP2, MySQL, NBAP, NetFlow, nettl, NFS, NSIP, OSPF, P_MUL, PANA, PER, PKCS#12, PMIPv6, PN-PTCP, PN-RT, PPI, PPPoE, PRES, PROFINET, PTP , Q.932 ROS, Q.932, QSIG, Radiotap, RADIUS, RANAP, RNSAP, ROS, RTCP, RTP, RTSE, RTSP, SCCP, SCTP, SDP, SIGCOMP, SIP, Slow Protocols, SMB, SMPP, SMTP, SNDCP , SNMP, SRP, SSL, STANAG 4406, STUN2, TCAP, TCP, tex t/media, TIPC, ULP, UMA, UMTS FP, V5UA, VNC, WiMAX M2M, WiMAX, WLCCP, X.411, X.420, X.509 SAT, XML,

New and Updated Capture File Support

• Catapult DCT 2000, Endace ERF, Juniper NetScreen snoop, Visual Networks, Windows Sniffer (NetXRay)

[break] Click on the image for a larger version.