From Wireshark development team
Wireshark is the world's foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.
Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Wireshark has a rich feature set which includes the following:
* Deep inspection of hundreds of protocols, with more being added all the time
* Live capture and offline analysis
* Standard three-pane packet browser
* Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
* Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
* The most powerful display filters in the industry
* Rich VoIP analysis
* Read/write many different capture file formats: tcpdump (libpcap), Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek,
The following vulnerabilities have been fixed. See the security advisory for details and a workaround.
*Nephi Johnson of BreakingPoint discovered that the LDSS dissector could overflow a buffer. (Bug 5318)
Versions affected: 1.2.0 to 1.2.12 and 1.4.0 to 1.4.1.
*The ZigBee ZCL dissector could go into an infinite loop. (Bug 5303)
Versions affected: 1.4.0 to 1.4.1.
The following bugs have been fixed:
* File-Open Display Filter is overwritten by Save-As Filename. (Bug 3894)
* Wireshark crashes with "Gtk-ERROR **: Byte index 6 is off the end of the line" if click on last PDU. (Bug 5285)
* GTK-ERROR can occur in packets when there are multiple Netbios/SMB headers in a single frame. (Bug 5289)
* "Tshark -G values" crashes on Windows. (Bug 5296)
* PROFINET I&M0FilterData packet not fully decoded. (Bug 5299)
* PROFINET MRP linkup/linkdown decoding incorrect. (Bug 5300)
* [lua] Dumper:close() will cause a segfault due later GC of the Dumper. (Bug 5320)
* Network Instruments' trace files sometimes cannot be read with an error message of "Observer: bad record: Invalid magic number". (Bug 5330)
* IO Graph Time of Day times incorrect for filtered data. (Bug 5340)
* Wireshark tools do not detect and read some ERF files correctly. (Bug 5344)
* "editcap -h" sends some lines to stderr and others to stdout. (Bug 5353)
* IP Timestamp Option: "flag=3" variant (prespecified) not displayed correctly. (Bug 5357)
* AgentX PDU Header 'hex field highlighting' incorrectly spans extra bytes. (Bug 5364)
* AgentX dissector cannot handle null OID in Open-PDU. (Bug 5368)
* Crash with "Gtk-ERROR **: Byte index 6 is off the end of the line". (Bug 5374)
* ANCP Portmanagment TLV wrong decoded. (Bug 5388)
* Crash during startup because of Python SyntaxError in wspy_libws.py. (Bug 5389)
New and Updated Features
There are no new features in this release.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AgentX, ANCP, DIAMETER, HTTP, IP, LDSS, MIME, NBNS, PROFINET, SIP, TCP, Telnet, ZigBee
New and Updated Capture File Support
Endace ERF, Network Instruments Observer.