Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Changelog

Bug Fixes

    wnpa-sec-2020-16 Kafka dissector memory leak. Bug 16739. CVE-2020-26418.

    wnpa-sec-2020-17 USB HID dissector crash. Bug 16958. CVE-2020-26421.

    wnpa-sec-2020-18 RTPS dissector memory leak. Bug 16994. CVE-2020-26420.

The following bugs have been fixed:

    SOME/IP: Wrong dissection of parameters after Array Bug 16951.

    Can editcap properly corrupt pcapng file with systemd journal export block? Bug 16965.

    Crash when a GIOP ior.txt file is present Bug 16984.

    Protobuf: failed to parse .proto file contains negative enum values or option values of number type Bug 16988.

    MMRP dissector bug Bug 17005.

    SSTP no longer recognized Bug 17024.

    RFC2190 encapsulated H.263 bitfields masked wrong in Mode A Bug 17025.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

Ericsson HDLC, F5 Ethernet Trailer, GIOP, GSM A, HTTP, IEEE 802.11, Kafka, LLC, MMRP, NAS 5GS, NAS EPS, ProtoBuf, QUIC, Radiotap, RFC 2190, RLC MAC, RTCP, RTPS, S1AP, SOME/IP, and USB Video

New and Updated Capture File Support

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Termshark is a network protocol analyzer that acts as a network sniffer. To be more precise, it allows you to capture packets from live networks or read them from a previously saved file. Therefore, it can be a powerful tool for anyone interested in analyzing the network traffic in real-time or learn minute details about the connection that enables the detection of anomalies, problems and trends.

MIT License

Changelog

    e073727 A first attempt to make termshark themeable
    962362d A function to construct a color by looking it up in the config file
    e10382a A limited function to build a widget containing scrollable text
    1722d07 A minibuffer command to load a new pcap file
    b9d4e1e A minibuffer option to set the preferred terminal type
    9c8d532 A new callback handler for pcap operations
    654a4aa A new minibuffer command to clear the filter and apply it
    709b15f A reworking of the tshark pcap loaders
    afd03cd A simple type that formats PSML for display in a dialog
    b090f05 A simple widget to display the termshark log file
    410a81a A simpler way to detect when a live packet source is ready
    1c2a84f A small struct to track vim key-chord state
    e1fa8cf A widget to provide a vim "last-line" or emacs "minibuffer"
    66c7cdc A widget to translate specific keys into key sequences
    74850d4 Add Sean Abbott as a contributor for the arm64 PR.
    a453ee8 Add a FAQ for tshark-args question by @zoulja
    b63d148 Add a note to the user guide on limiting disk cache growth
    4e6354f Add bug contributions from @zoulja
    e18e42a Add h, j, k and l navigation to the ChangeLog
    d333720 Add information on termshark themes to the user guide
    aa8a182 Add more users to contributors list for vim suggestions and feedback
    69b9111 Add some vim-key awareness to termshark!
    5085437 Add the cursor keys to the macros help dialog
    e9cb8b7 Add the location of the config and log files to the FAQ
    765ca7a Add the minibuffer to the ChangeLog, for the record
    2c81218 Add theme and no-theme commands to in-application help
    2e8bb74 Add theme and no-theme minibuffer commands
    54075aa Add themes to the ChangeLog
    50033b6 Add vim-key navigation to the hexdumper widget
    96f7d7c Adds a few more in-app help screens
    b6d59cd Adjust pcap loaders to avoid race conditions
    7e07a52 Allow use of the end key to resume packet auto-scrolling
    c0dbaa0 An API to open a dialog that features scrollable text
    3453855 An adaptor to allow vim navigation of termshark's various tables
    3bdedd9 Another guess to fix the unpredictable test failures
    1e31f81 Another iteration of loader changes
    60727e2 Another try
    51e1a10 Assorted improvements to the minibuffer
    300c5de Attempted fix build break on Travis CI
    308da69 Be more precise about which keypresses are accepted
    680f0fd Better UX when using h, j, k, and l to navigate
    1c91cf1 Better color interpolation when base16-shell is in use
    4d16242 Better control of a display filter error message
    2f28793 Better tab-completion behavior when multiple options match
    cefaefb Bug fix - these dialogs didn't open!
    b671ee3 Bug fix for a possible deadlock
    26db525 Change default behavior of the Escape key
    ab0e8d6 Change minibuffer clear function to clear-packets
    fa38931 Change the capinfos loading procedure, following convs + streams
    43ec082 Changelog update for freebsd pipe fix
    b51a445 Compile-in some simple themes
    b974917 Consolidate the common candidate functions for the minibuffer
    32a152f Correct mistaken XDG cache directory location
    fea0326 Debug test 4
    558140a Disable my crummy UI tests for now until I understand the failures
    44034c8 Document new features for a future 2.2 release
    91c9533 Don't panic - get the size by rendering the child
    5132d71 Dup2() is not available on these platforms
    bc0c2fb Eliminate a misleading warning message about failing to kill a proc
    3cd954b Emit command lines in the log file in a more useful way
    b6f7b5b Ensure conversation view is regenerated appropriately
    e8f9435 Fifo support was broken - this is a fix
    86c7df9 Fix a build break on Go < 1.14
    acb2542 Fix a regression I introduced with recent loader changes
    13d4b88 Fix a search-and-replace error that led to theme warnings
    ff872c7 Fix a theme-loading problem on Windows
    d261f16 Fix a typo in the help
    0f91bf1 Fix broken theme command when COLORTERM=truecolor
    75df850 Fix numbering snafu in without-root question
    dca6137 Fix occasional failed execution of jump to global mark
    085ff40 Fix reading from a pipe on freebsd
    95c4cfe Fix some doc mistakes
    acd39b6 Fix the TOC anchor...
    c8a9641 Fix typos in the user guide
    880e9a2 Fix up some theme inconsistencies.
    e631890 Fixes #84
    8832c09 Fixes a bug in the minibuffer/cmdline when nothing has been typed
    a77ccd8 Fixes a bug loading a recent pcap after a clear operation
    7238bfc Fixes an off-by-one error
    b46d778 Fixes mark commands to work when pcap is filtered and table sorted
    2eda27c For now, the minibuffer palette is hardcoded
    8a7b443 Formatting
    d58dd11 Further improvements to the PSML loading sequence
    206a443 Go 1.11 does not have Cmd.ProcessState.ExitCode...
    a6ce236 Guesswork to make the travis tests more reliable
    23bd76f Have the display filter respect all typical up/down keys
    9d8bba6 Hide QuitRequestChannel sends behind an API function
    0865bc4 How embarrassing - the quick start install instructions don't work...
    df99ba1 I broke the ability to enter j and k in the display filter
    da4ad3b It's useful to return the dialog
    ab80a10 Jumping to a global mark didn't work if the pcap was already loaded
    0222532 Keep TOC for longer docs, and make home page more concise
    289c18a Keep the Changelog up-to-date with unreleased work
    88305e2 Keep track of processes killed in the termshark log file
    4aef081 Latest gowid - so that vim.KeyPress implements gowid.IKey
    51d4b12 Let the user know when a mark is successfully set
    2edf53d Load the configured theme at startup
    e0a9f3f Long overdue - starting to think about some basic black box tests
    50f7642 Make sure termshark's screen color range is correctly set
    440a5ec Make sure that file-local marks are cleared when clear is invoked
    1722816 Make sure the ChangeLog is up-to-date
    e24e6c0 Make sure the mischievous shark fin disappears with any UI input
    e006962 Make sure window offsets are saved to the toml file when changed
    ea209bb Make the cmdline border UI element themeable
    4ca37e7 Make the dialog from OpenError available for registering callbacks
    6142eb7 Maybe I am missing the timeout command?
    0ec7ce5 Mention NetBSD and OpenBSD binaries in the ChangeLog
    9a5fe2f Merge branch 'centosbug92'
    2b16e4f Merge branch 'master' into v22docs
    29c429c Merge branch 'master' into v22docs
    c205693 Merge branch 'master' into v22docs
    3f2c132 Merge branch 'v22docs'
    958fe26 Merge pull request #85 from pocc/master
    2516dc6 Merge pull request #90 from sean-abbott/master
    d705192 More CLI and UI tests for termshark.
    41bb24d More changes to the packet loaders
    4650482 More theme tweaks - this time for stream reassembly
    00d0658 Move modeswap underneath a new theme directory
    291e18b Need a better approach...
    1e31439 Not sure how to make viper remove items from the toml!
    2dba578 Not sure yet why this doesn't run on travis but does locally
    46fad8f Note that the z key can maximize or restore a dialog
    cf55f11 Open the minibuffer if the user hits ":"
    9e8ab59 Overhaul the way I am handling themes
    47d1dd7 Plumb the new log-viewing widget into termshark's UI
    d755385 Prefer the functions to direct field access
    df5ad6b Prevent a race allowing the submission of an invalid filter
    bf98581 Prevent cursor keys from moving between packet views
    121bd32 Properly validate the first argument of a cmdline "map" command
    7a2d301 Publish binaries for NetBSD and OpenBSD too.
    796f4cf Re-enable auto-scrolling with the G key too
    69b4335 Re-read the toml config if it's changed
    88f0374 Ready for a new release...
    6ce2f4e Rearrange PSML loading code in the same manner as the other loaders
    df53ec6 Reconcile vim.KeyPress with gowid.Key
    5c897de Refine last-line mode to allow typing when focus is on the selctions
    7d67260 Regenerate the built-in theme database
    c2cb4b6 Regenerate the built-in themes before release
    62c3f2a Reinstate the timeout - next to debug test 4.
    a752227 Remove all hard-coded colors!
    ab7c1fa Removing very outdated tests that don't work
    9690b99 Restructure the psml loader too
    2e313b0 Result of running go mod tidy
    59c9b3a Rethink how menus are instantiated in termshark
    592f588 Return to correct UI view after maximize/minimize
    78cf195 Return true if a toml config key exists
    3bb9128 Run the 1.15 Go build first
    81fd807 Save per-terminal-mode theme settings
    8a46b89 See if travis supports building with go 1.15...
    75479e2 Several new minibuffer commands
    2204fa2 Simplify file descriptor handling for piped input
    56ba55a Simplify the pcap and pdml loaders
    97dede5 Some ropey hacks to try to better display long error messages
    416c913 Speed up the simple UI tests
    b8ee6ac Support enabling debug-mode via the config file too
    6a54009 Support for a new variable, main.pager
    c33f006 Support quotes arguments in the minibuffer
    7ea620e Table bug fix from the latest gowid
    dab271f Take 2
    cc66871 Take 2...
    1c95b8d Templates used for constructing the new "marks" and "map" dialogs
    761b032 Termshark commands to make file-local and global marks
    8c30642 Test cases for processing of various input types
    287dffe Test to see if I can build with go 1.14
    207b1e5 Test to see if the UI runs - very rudimentary.
    20391c4 The minimum version of Go required now is 1.12
    a05e77b The unused color should not be scoped to themes now
    7934226 This is a relic of my first themes implementation
    44175ed This is failing on travis - not sure why yet.
    9800dd4 This is to test a fix for a tshark error on Centos
    efcc3d3 This shortcut is no longer needed.
    6f951c3 Timeout not working on travis...
    2c52c9d Try to track down why my tests are still failing
    20ec126 Try to work out where travis puts the installed go binary
    879aa49 Tweak the Ubuntu installation instructions
    7469378 Tweak the front page to make the ChangeLog more obvious
    822445d Tweaks to the themes
    7fa8f26 Update --help to make it clear stdin can be used.
    86de7e4 Update copyrights
    3cfe937 Update documentation for a future 2.2.0 release
    5539301 Update tcell dependency because I broke mouse support
    74c96e5 Update tcell dependency to fix a bug running under xterm-16color
    6395698 Update the changelog to reflect recent work
    c049213 Update the contributors list
    386bd11 Update to latest gowid
    85d836a Update to latest gowid
    5944b1b Update to latest gowid for color-mapping fixes
    7335cee Update to latest gowid for widget tweaks needed for minibuffer
    165e111 Update to the latest gowid
    d53dcd7 Update to the latest gowid
    5090fb7 Use SIGKILL by default on tshark processes
    1caed70 Use bash to avoid any shell differences
    149ed2a Use latest gowid to fix a problem max/minimizing dialogs
    3d083dd Use latest gowid to provide features for coming termshark updates
    4aacb97 Use the latest gowid for base16-shell support
    0daa619 Utilities to save "marks" in the toml config file
    9fbfe05 Utilities to save vim-style key mappings in the toml config file
    9a32d7e When maximizing in the UI, stay on the current view with focus
    98f1d97 When setting the display filter, it's best to move the cursor too
    78a426a Workaround for incorrect colors with base16-shell and truecolor
    8cbd582 Works either way, but it's more correct to send SIGTERM
    674620e add arm64 build

[close]

https://termshark.io/

[SiLæncer]

Changelog

What’s New

The Windows installers now ship with Npcap 1.10. They previously shipped with Npcap 1.00.
Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-01 USB HID dissector memory leak. Bug 17124. CVE-2021-22173.

    wnpa-sec-2021-02 USB HID dissector crash. Bug 17165. CVE-2021-22174.

The following bugs have been fixed:

    SIP response single-line multiple Contact-URIs decoding error Bug 13752.

    Adding filter while "Telephony→VoIP Calls→Flow Sequence" open causes OOB memory reads and potential crashes. Bug 16952.

    QUIC packet not fully dissected Bug 17077.

    SOMEIP-SD hidden entries are off Bug 17091.

    Problem with calculation on UDP checksum in SRv6 Bug 17097.

    Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098.

    Wireshark 3.4.0: build failure on older MacOS releases, due to 'CLOCK_REALTIME' Bug 17101.

    TECMP: Status Capture Module messages shows 3 instead of 2 bytes for HW version Bug 17133.

    Documentation - editorial error - README.dissector bad reference Bug 17141.

    Cannot save capture with comments to a format that doesn’t support it (no pop-up) Bug 17146.

    AUTOSAR-NM: PNI TF-String wrong way around Bug 17154.

    Fibre Channel parsing errors even with the fix for #17084 Bug 17168.

    f5ethtrailer: Won’t find a trailer after an FCS that begins with a 0x00 byte Bug 17171.

    f5ethtrailer: legacy format, low noise only, no vip name trailers no longer detected Bug 17172.

    Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug 17174.

    Dissection error on large ZVT packets Bug 17177.

    TShark crashes with -T ek option Bug 17179.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AUTOSAR-NM, DHCPv6, DoIP, FC ELS, GQUIC, IPv6, NAS 5GS, NAS EPS, QUIC, SIP, SOME/IP-SD, TECMP, TLS, TPNCP, USB HID, and ZVT

New and Updated Capture File Support

f5ethtrailer and pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following bugs have been fixed:

    Adding filter while "Telephony→VoIP Calls→Flow Sequence" open causes OOB memory reads and potential crashes. Bug 16952.

    SOMEIP-SD hidden entries are off Bug 17091.

    Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098.

    Documentation - editorial error - README.dissector bad reference Bug 17141.

    AUTOSAR-NM: PNI TF-String wrong way around Bug 17154.

    Fibre Channel parsing errors even with the fix for #17084 Bug 17168.

    Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug 17174.

    Dissection error on large ZVT packets Bug 17177.

    TShark crashes with -T ek option Bug 17179.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AUTOSAR-NM, DHCPv6, DoIP, FC ELS, SIP, SOME/IP-SD, and ZVT

New and Updated Capture File Support

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-03 Wireshark could open unsafe URLs. Issue 17232. CVE-2021-22191.

The following bugs have been fixed:

    NTP Version 3 Client Decode PDML output issue (Reference ID Issue) Issue 17112.

    3.4.2: public wireshark include files are including build time "config.h" Issue 17190.

    wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array index ? Issue 17198.

    SIP protocol: P-Called-Party-ID header mixed up with P-Charge-Info header Issue 17215.

    Asterix CAT010 Decode Error Issue 17226.

    _ws.expert columns not populated for IPv4 Issue 17228.

    Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue 17233.

    gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024) that v3.2.6 succeeds. Issue 17250.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ASTERIX, Frame Relay, GQUIC, NTP, NVMe Fabrics RDMA, S7COMM, and SIP
New and Updated Capture File Support

iSeries

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-03 Wireshark could open unsafe URLs. Issue 17232. CVE-2021-22191.

The following bugs have been fixed:

    _ws.expert columns not populated for IPv4 Issue 17228.

    Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue 17233.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ARP, Frame Relay, GQUIC, and NVMe Fabrics RDMA

New and Updated Capture File Support

iSeries

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-04 MS-WSP dissector excessive memory consumption. Issue 17331.

The following bugs have been fixed:

    TShark does not print GeoIP information Issue 14691.

    TShark error when piping to "head" Issue 16192.

    Parts of ASCII representation in Packet Bytes pane are missing Issue 17087.

    Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue 17254.

    NDPE attribute of NAN packet is not dissected Issue 17278.

    TECMP: reserved flag interpreted as part of timestamp Issue 17279.

    Master branch does not compile at least with gcc-11 Issue 17281.

    DNS IXFR/AXFR multiple response Issue 17293.

    File too large Issue 17301.

    Build fails with CMake 3.20 Issue 17314.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi NAN

New and Updated Capture File Support

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-04 MS-WSP dissector excessive memory consumption. Issue 17331.

The following bugs have been fixed:

    TShark does not print GeoIP information Issue 14691.

    Lua TvbRanges do not support truncated captures where tvb_captured_length < tvb_reported_length Issue 15655.

    TShark error when piping to "head" Issue 16192.

    Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue 17254.

    DNS IXFR/AXFR multiple response Issue 17293.

    File too large Issue 17301.

    Build fails with CMake 3.20 Issue 17314.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DECT, DNS, LDAP, MS-WSP, PROFINET, and Sysdig

New and Updated Capture File Support

pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

The Windows installers now ship with Npcap 1.31. They previously shipped with Npcap 1.10.

The Windows installers now ship with Qt 5.15.2. They previously shipped with Qt 5.12.1.

Bug Fixes

    wnpa-sec-2021-04 DVB-S2-BB dissector infinite loop

The following bugs have been fixed:

    Macro filters can’t handle escaped characters Issue 17160.

    Display filter crashes Wireshark Issue 17316.

    IEEE-1588 Signalling Unicast TLV incorrectly reported as being malformed Issue 17355.

    IETF QUIC TLS decryption error with extraneous packets during the handshake Issue 17383.

    Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…​) ports not displayed Issue 17395.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS

New and Updated Capture File Support

Ascend, ERF, K12, NetScaler, and pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following bugs have been fixed:

    Macro filters can’t handle escaped characters Issue 17160.

    Display filter crashes Wireshark Issue 17316.

    IEEE-1588 Signalling Unicast TLV incorrectly reported as being malformed Issue 17355.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DNP, ProtoBuf, PTP, and TACACS

New and Updated Capture File Support

Ascend, ERF, K12, NetScaler, and pcapng

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-06 DNP dissector crash. Issue 17462. CVE-2021-22235.

The following bugs have been fixed:

    TCP dissector - Erroneous DSACK reporting Issue 17315.

    No wlan_radio.duration calculated for PHY type: 802.11ac (VHT) Issue 17419.

    NAN Dissector has wrong minimum length for availability attribute Issue 17431.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ASTERIX, BT LE LL, DCE RPC, DNP, GTPv2, IEEE 802.11 Radio, LDAP, NAN, NORDIC_BLE, NR RRC, OSPF, pcapng, PNIO, RSL, S101, Snort config, and TCP

New and Updated Capture File Support

Catapult DCT2000, ERF, and pcap

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed:

    wnpa-sec-2021-06 DNP dissector crash. Issue 17462. CVE-2021-22235.

The following bugs have been fixed:

    No wlan_radio.duration calculated for PHY type: 802.11ac (VHT) Issue 17419.

    NAN Dissector has wrong minimum length for availability attribute Issue 17431.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

DNP, GTPv2, IEEE 802.11 Radio, NAN, NR RRC, OSPF, pcapng, PNIO, RSL, and Snort config

New and Updated Capture File Support

Catapult DCT2000, ERF, and pcap

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following bugs have been fixed:

    Dissector bug reported for Bluetooth Cycling Power Measurement characteristic for extreme angles value Issue 17505.

    vcruntime140_1.dll deleted on Wireshark update/install Issue 17506.

    Raknet Addresses are incorrectly identified. Issue 17509.

    Editcap saving files as ethernet when specifying '-T ieee-802-11-*' Issue 17520.

    CoAP dissector confuses Content-Format with Accept Issue 17536.

New and Updated Features

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet

New and Updated Capture File Support

There is no new or updated capture file support in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

What’s New

Bug Fixes

The following bugs have been fixed:

    Dissector bug reported for Bluetooth Cycling Power Measurement characteristic for extreme angles value Issue 17505.

    Raknet Addresses are incorrectly identified. Issue 17509.

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

BT ATT, DLM3, and RakNet

New and Updated Capture File Support

There is no new or updated capture file support in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

    New and Updated Features:

    The following features are new (or have been significantly updated) since version 3.4.0:

    The Windows installers now ship with Npcap 1.50.
    A 64-bit Windows PortableApps package is now available.
    A macOS Arm 64 (Apple Silicon) package is now available.

    TCP conversations now support a completeness criteria, which facilitates the identification of TCP streams having any of opening or closing handshakes, a payload, in any combination. It is accessed with the new tcp.completeness filter.
    Protobuf fields that are not serialized on the wire (missing in capture files) can now be displayed with default values by setting the new 'add_default_value' preference. The default values might be explicitly declared in 'proto2' files, or false for bools, first value for enums, zero for numeric types.
    Wireshark now supports reading Event Tracing for Windows (ETW). A new extcap named ETW reader is created that now can open an etl file, convert all events in the file to DLT_ETW packets and write to a specified FIFO destination. Also, a new packet_etw dissector is created to dissect DLT_ETW packets so Wireshark can display the DLT_ETW packet header, its message and packet_etw dissector calls packet_mbim sub_dissector if its provider matches the MBIM provider GUID.
    "Follow DCCP stream" feature to filter for and extract the contents of DCCP streams.
    Wireshark now supports dissecting the rtp packet with OPUS payload.
    Importing captures from text files is now also possible based on regular expressions. By specifying a regex capturing a single packet including capturing groups for relevant fields a textfile can be converted to a libpcap capture file. Supported data encodings are plain-hexadecimal, -octal, -binary and base64. Also the timestamp format now allows the second-fractions to be placed anywhere in the timestamp and it will be stored with nanosecond instead of microsecond precision.
    Display filter literal strings can now be specified using raw string syntax, identical to raw strings in the Python programming language. This is useful to avoid the complexity of using two levels of character escapes with regular expressions.
    Significant RTP Player redesign and improvements (see Wireshark User Documentation, Playing VoIP Calls and RTP Player Window)
    RTP Player can play many streams in row
    UI is more responsive
    RTP Player maintains playlist, other tools can add/remove streams to it
    Every stream can be muted or routed to L/R channel for replay
    Save audio is moved from RTP Analysis to RTP Player. RTP Player saves what was played. RTP Player can save in multichannel .au or .wav.
    RTP Player added to menu Telephony>RTP>RTP Player
    VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP Player, SIP Flows) are non-modal, can stay opened on background
    Same tools are provided across all dialogs (Prepare Filter, Analyse, RTP Player …​)
    Follow stream is now able to follow SIP calls based on their Call-ID value.
    Follow stream YAML output format’s has been changed to add timestamps and peers information (for more details see the user’s guide, Following Protocol Streams)
    IP fragments between public IPv4 addresses are now reassembled even if they have different VLAN IDs. Reassembly of IP fragments where one endpoint is a private (RFC 1918 section 3) or link-local (RFC 3927) IPv4 address continues to take the VLAN ID into account, as those addresses can be reused. To revert to the previous behavior and not reassemble fragments with different VLAN IDs, turn on the "Enable stricter conversation tracking heuristics" top level protocol preference.
    USB Link Layer reassembly has been added, which allows hardware captures to be analyzed at the same level as software captures.
    TShark can now export TLS session keys with the --export-tls-session-keys option.
    Wireshark participated in the Google Season of Docs 2020 and the User’s Guide has been extensively updated.
    Format of export to CSV in RTP Stream Analysis dialog was slightly changed. First line of export contains names of columns as in other CSV exports.
    Wireshark now supports the Turkish language.
    New File Format Decoding Support
    Vector Informatik Binary Log File (BLF)

    New Protocol Support

    Bluetooth Link Manager Protocol (BT LMP), E2 Application Protocol (E2AP), Event Tracing for Windows (ETW), High-Performance Connectivity Tracer (HiPerConTracer), Kerberos SPAKE, Linux psample protocol, Local Interconnect Network (LIN), Microsoft Task Scheduler Service, O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic Channel Protocol (DRDYNVC), Real-Time Publish-Subscribe Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC), Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP), Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, and World of Warcraft World (WOWW)

    Updated Protocol Support

    Too many protocols have been updated to list here.
    New and Updated Capture File Support
    Vector Informatik Binary Log File (BLF)

[close]

http://www.wireshark.org/