Thema: Wireshark (Ex-Ethereal) ...

[SiLæncer]

Changelog

What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed.

wnpa-sec-2015-06

The ATN-CPDLC dissector could crash. (Bug 9952) CVE-2015-2187

wnpa-sec-2015-07

The WCP dissector could crash. (Bug 10844) CVE-2015-2188

wnpa-sec-2015-08

The pcapng file parser could crash. (Bug 10895) CVE-2015-2189

wnpa-sec-2015-09

The LLDP dissector could crash. (Bug 10983) CVE-2015-2190

wnpa-sec-2015-10

The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023) CVE-2015-2191

wnpa-sec-2015-11

The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11024) CVE-2015-2192

The following bugs have been fixed:

RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630)
"Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849)
IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006)
DNS NXT RR is parsed incorrectly. (Bug 10615)
IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)
IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)
HTTP chunked response includes data beyond the chunked response. (Bug 10707)
DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)
Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837)
Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)
X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)
Malformed Packet on rsync-version with length 2. (Bug 10863)
ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872)
BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873)
Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877)
"ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879)
Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)
MEGACO wrong decoding on media port. (Bug 10898)
Wrong media format. (Bug 10899)
BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)
DNS LOC Precision missing units. (Bug 10940)
Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)
Display Filter Macro unable to edit. (Bug 10957)
IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)
SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964)
Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)
NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998)
2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

ACN, ANSI IS-637-A, AppleMIDI, ATN-CPDLC, BGP, BSSGP, CMIP, DHCP, DHCPv6, DIS, DLM3, DMP, DNS, Extreme Networks, ForCES, FTAM, GMHDR, GSM A BSSMAP, GSM A-bis OML, GSM MAP, GSM RLC MAC, GTP, H.248, H.264, HTTP, IEEE 802.11, IPv6, IS-IS, ISMACryp, J1939, Juniper Jmirror, KDP, L2CAP, LDAP, LLDP, MGCP, MIP6, NBNS, NET/ROM, Netflow, Novell PKIS, PANA, PPPoE, RSL, RSYNC, RTMPT, RTP, SCSI OSD, SDP, SMB Pipe, SMPP, SYNCHROPHASOR, TETRA, TiVoConnect, TNEF, USB HID, V.52, VSS-Monitoring, X.509AF, Zebra, and ZigBee

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following features are new (or have been significantly updated)
   since version 1.99.2:
     * Qt port:
          + Several bugs have been fixed.
          + You can now open a packet in a new window.
          + The Bluetooth ATT Server Attributes dialog has been added.
          + The Coloring Rules dialog has been added.
          + Many translations have been updated. Chinese, Italian and
            Polish translations are complete.
          + General user interface and usability improvements.
          + Automatic scrolling during capture now works.
          + The related packet indicator has been updated.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following features are new (or have been significantly updated) since version 1.99.3:

Qt port:

Several interface bugs have been fixed.
Translations have been updated.
The following features are new (or have been significantly updated) since version 1.99.2:

Qt port:

Several bugs have been fixed.
You can now open a packet in a new window.
The Bluetooth ATT Server Attributes dialog has been added.
The Coloring Rules dialog has been added.
Many translations have been updated. Chinese, Italian and Polish translations are complete.
General user interface and usability improvements.
Automatic scrolling during capture now works.
The related packet indicator has been updated.
The following features are new (or have been significantly updated) since version 1.99.1:

Qt port:

The welcome screen layout has been updated.
The Preferences dialog no longer crashes on Windows.
The packet list header menu has been added.
Statistics tree plugins are now supported.
The window icon is now displayed properly in the Windows taskbar.
A packet list an byte view selection bug has been fixed (Bug 10896)
The RTP Streams dialog has been added.
The Protocol Hierarchy Statistics dialog has been added.
The following features are new (or have been significantly updated) since version 1.99.0:

Qt port:

You can now show and hide toolbars and major widgets using the View menu.
You can now set the time display format and precision.
The byte view widget is much faster, particularly when selecting large reassembled packets.
The byte view is explorable. Hovering over it highlights the corresponding field and shows a description in the status bar.
An Italian translation has been added.
The Summary dialog has been updated and renamed to Capture File Properties.
The VoIP Calls and SIP Flows dialogs have been added.
The following features are new (or have been significantly updated) since version 1.12.0:

The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
TShark now resets its state when changing files in ring-buffer mode.
Expert Info severities can now be configured.
Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.
Qt port:

The Qt UI is now the default (program name is wireshark).
A Polish translation has been added.
The Interfaces dialog has been added.
The interface list is now updated when interfaces appear or disappear.
The Conversations and Endpoints dialogs have been added.
A Japanese translation has been added.
It is now possible to manage remote capture interfaces.
Windows: taskbar progress support has been added.
Most toolbar actions are in place and work.
More command line options are now supported

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following features are new (or have been significantly updated)

Qt port:

Several interface bugs have been fixed.
Translations have been updated.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following vulnerabilities have been fixed:

The LBMR dissector could go into an infinite loop. (Bug 11036) CVE-2015-3808 CVE-2015-3809
The WebSocket dissector could recurse excessively. (Bug 10989) CVE-2015-3810
The WCP dissector could crash while decompressing data. (Bug 10978) CVE-2015-3811
The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812
The packet reassembly code could leak memory. (Bug 11129) CVE-2015-3813
The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110) CVE-2015-3814
The Android Logcat file parser could crash. Discovered by Hanno Böck. (Bug 11188) CVE-2015-3815

The following bugs have been fixed:

Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)
EAPOL 4-way handshake information wrong. (Bug 10557)
RPC NULL calls incorrectly flagged as malformed. (Bug 10646)
Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)
Buffer overrun in encryption code. (Bug 10849)
Crash when use Telephony / Voip calls. (Bug 10885)
ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)
ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)
Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)
Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)
Possible infinite loop DoS in ForCES dissector. (Bug 11037)
"Decode As…" crashes when a packet dialog is open. (Bug 11043)
Interface Identifier incorrectly represented by Wireshark. (Bug 11053)
"Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)
Annoying popup when trying to capture on bonds. (Bug 11058)
Request-response cross-reference in USB URB packets incorrect. (Bug 11072)
Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)
CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)
Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)
Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)
Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)

Updated Protocol Support:

AllJoyn, ASN.1 PER, ATM, CANopen, Diameter, ForCES, GSM RLC/MAC, GSMTAP, ICMP, IEC-60870-5-104, IEEE 802.11, IMF, IP, LBMC, LBMR, LDAP, LPP, MBIM, MEGACO, MP2T, PKCS-1, PPP IPv6CP, RPC, SPNEGO, SRVLOC, SSL, T.38, TCP, USB, WCP, WebSocket, X11, and ZigBee ZCL

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed.

wnpa-sec-2015-14

The WCP dissector could crash while decompressing data. (Bug 10978) CVE-2015-3811

wnpa-sec-2015-15

The X11 dissector could leak memory. (Bug 11088) CVE-2015-3812

wnpa-sec-2015-17

The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110) CVE-2015-3814

The following bugs have been fixed:

Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)
Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)
Buffer overrun in encryption code. (Bug 10849)
ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)
ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)
Interface Identifier incorrectly represented by Wireshark. (Bug 11053)
Annoying popup when trying to capture on bonding devices on Linux. (Bug 11058)
CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)
Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)
packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)
Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)

2.2. New and Updated Features

There are no new features in this release.

2.3. New Protocol Support

There are no new protocols in this release.

2.4. Updated Protocol Support

ASN.1 PER, CANopen, GSM RLC/MAC, GSMTAP, ICMP, IEEE 802.11, LPP, MEGACO, PKCS-1, PPP IPv6CP, SRVLOC, SSL, TCP, WCP, X11, and ZigBee ZCL

2.5. New and Updated Capture File Support

and Savvius OmniPeek Visual Networks

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

The following features are new (or have been significantly updated):

Qt port:

Capture restarts are now supported.
Menu items for plugins are now supported.
Extcap interfaces are now supported.
The Expert Information dialog has been added.
Display filter completion is now supported.
Several interface bugs have been fixed.
Translations have been updated.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

1. What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.
2. What’s New
2.1. Bug Fixes

The following vulnerabilities have been fixed.

    wnpa-sec-2015-19

    WCCP dissector crash. (Bug 11153)

    wnpa-sec-2015-20

    GSM DTAP dissector crash. (Bug 11201)

The following bugs have been fixed:

    Wireshark 1.12.1 crashes on startup on Mac OS X 10.10 (Yosemite). (Bug 10640)
    Wireshark does not display X.400 addresses correctly. (Bug 11210)
    Reproducible crash in "Edit column details" dialog. (Bug 11245)
    Subnet name resolution doesn’t always work. (Bug 11247)
    SIP MIME body containing ISUP does not decode properly. (Bug 11249)
    iSCSI: Read(10): shows incorrect "Data In" & "Response" frame number. (Bug 11250)
    tshark -z io,stat,1,SUM(ip.len) reports invalid stats, triggers ASAN buffer overrun. (Bug 11262)
    Port Control Protocol packet dissection decodes R bit incorrectly. (Bug 11278)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

GSM DTAP, iSCSI, P1, PCP, SIP, and WCCP
2.5. New and Updated Capture File Support

There is no new or updated capture file support in this release.
3. Getting Wireshark

Wireshark source code and installation packages are available from http://www.wireshark.org/download.html.
3.1. Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.
4. File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use About→Folders to find the default locations on your system.
5. Known Problems

Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The BER dissector might infinitely loop. (Bug 1516)

Capture filters aren’t applied when capturing from named pipes. (Bug 1814)

Filtering tshark captures with read filters (-R) no longer works. (Bug 2234)

The 64-bit Windows installer does not support Kerberos decryption. (Win64 development page)

Resolving (Bug 9044) reopens (Bug 3528) so that Wireshark no longer automatically decodes gzip data when following a TCP stream.

Application crash when changing real-time option. (Bug 4035)

Hex pane display issue after startup. (Bug 4056)

Packet list rows are oversized. (Bug 4357)

Wireshark and TShark will display incorrect delta times in some cases. (Bug 4985)

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

NEW AND UPDATED FEATURES:
Qt port:
The Bluetooth Devices dialog has been added.
The wireless toolbar has been added.
Opening files via drag and drop is now supported.
The Capture Filter and Display Filter dialogs have been added.
The Display Filter Expression dialog has been added.
Conversation Filter menu items have been added.
You can change protocol preferences by right clicking on the packet list and details.
NEW PROTOCOL SUPPORT:
(LISP) TCP Control Message, Aeron, AllJoyn Reliable Datagram Protocol, Android ADB, Android Logcat text, Apache Tribes Heartbeat, BGP Monitoring Prototol (BMP), C15 Call History Protocol dissection (C15ch), ceph, corosync/totemnet corosync cluster engine ( lowest levelencryption/decryption protocol), corosync/totemsrp corosync cluster engine ( totem single ring protocol), Couchbase, CP "Cooper" 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC 4728), Elasticsearch, ETSI Card Application Toolkit - Transport Protocol, Generic Network Virtualization Encapsulation (Geneve), Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM) Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace, iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft Pocket Edition), Network File System over Remote Direct Memory Access (NFSoRDMA), OCFS2, OptoMMP, Performance Co-Pilot Proxy, QNEX6 (QNET), RakNet games library, Remote Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA, Stateless Transport Tunneling, Thrift, Video Services over IP (VSIP), and ZVT Kassenschnittstelle
NEW AND UPDATED CAPTURE FILE SUPPORT:
3GPP Nettrace TS 34 423, Android Logcat text files, Colasoft Capsa files, Netscaler 3.5, and Wireshark now supports nanosecond timestamp resolution in PCAP-NG files.
NEW AND UPDATED CAPTURE INTERFACES SUPPORT:
and Androiddump - provide interfaces to capture (Logcat and Bluetooth) from connected Android devices
MAJOR API CHANGES:
The libwireshark API has undergone some major changes:
The emem framework (including all ep_ and se_ memory allocation routines) has been completely removed in favour of wmem which is now fully mature.
The (long-since-broken) Python bindings support has been removed. If you want to write dissectors in something other than C, use Lua.
Plugins can now create GUI menu items.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Qt port:
The Enabled Protocols dialog has been added.
Many statistics dialogs have been added, including Service response time, DHCP/BOOTP, and ANSI.
The RTP Analysis dialog has been added.
Lua dialog support has been added.
You can now manually resolve addresses.
The Resolved Addresses dialog has been added.
The packet list scrollbar now has a minimap.
The capture interfaces dialog has been updated.
You can now colorize conversations.
Welcome screen behavior has been improved.
Plugin support has been improved.
Many dialogs should now more correctly minimize and maximize.
The reload button has been added back to the toolbar.
The "Decode As" dialog no longer saves decoding behavior.
You can now stop loading large capture files.
The Bluetooth HCI Summary has been added.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

2. What’s New

2.1. Bug Fixes

The following vulnerabilities have been fixed.

    wnpa-sec-2015-21

    Protocol tree crash. (Bug 11309)

    wnpa-sec-2015-22

    Memory manager crash. (Bug 11373)

    wnpa-sec-2015-23

    Dissector table crash. (Bug 11381)

    wnpa-sec-2015-24

    ZigBee crash. (Bug 11389)

    wnpa-sec-2015-25

    GSM RLC/MAC infinite loop. (Bug 11358)

    wnpa-sec-2015-26

    WaveAgent crash. (Bug 11358)

    wnpa-sec-2015-27

    OpenFlow infinite loop. (Bug 11358)

    wnpa-sec-2015-28

    Ptvcursor crash. (Bug 11358)

    wnpa-sec-2015-29

    WCCP crash. (Bug 11358)

The following bugs have been fixed:

    DCE RPC "Decode As" capability is missing. (Bug 10368)
    Mergecap turns nanosecond-resolution time stamps into microsecond-resolution time stamps. (Bug 11202)
    The Aruba ERM Type 1 Dissector inconsistent with Type 0 and Type 3. (Bug 11204)
    Parse CFM Type Test signal (TST) without CRC. (Bug 11286)
    Tshark: output format of rpc.xid changed from Hex to Integer. (Bug 11292)
    Not stop -a filecount <COUNT>. (Bug 11305)
    lldp.ieee.802_3.mdi_power_class display is wrong. (Bug 11330)
    Powerlink (EPL) SDO packages interpreted as frame dublication. (Bug 11341)
    Mysql dissector adds packet content to INFO column without scrubbing it. (Bug 11344)
    PIM null-register according to rfc4601 is incorrectly parsed. (Bug 11354)
    Wireshark Lua dissectors: both expand together. (Bug 11356)
    Link-type not retrieved for rpcap interfaces configured with authentication. (Bug 11366)
    SSL Decryption (RSA private key with p smaller than q) failing on the Windows 7 buildbot. (Bug 11372)
    [gtpv2]PCSCF ip in the Protocol configuration of update bearer request is not getting populated. (Bug 11378)
    wpan.src64 (and dst64) filter always gives "is not a valid EUI64 Address" error. (Bug 11380)
    Websphere MQ Work Information Header incorrectly showing "Reserved". (Bug 11384)
    DUP ACK Counter resetting after Window Update. (Bug 11397)
    CSV values missing when using tshark -2 option. (Bug 11401)
    Ethernet PAUSE frames are decoded incorrectly as PFC. (Bug 11403)
    SOCKS decoder giving strange values for seemingly normal SOCKS connection. (Bug 11417)
    802.11ad decoding error. (Bug 11419)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

Aruba ERM, CFM, EPL, GSM A-bis OML, GSM MAP, GSM RLC/MAC, GTPv2, IEEE 802.11, LLDP, LTE RRC, MAC Control, MQ, MySQL, OpcUa, OpenFlow, Radiotap, SCCP, SOCKS, TCP, WaveAgent, WCCP, and ZigBee
2.5. New and Updated Capture File Support

There is no new or updated capture file support in this release.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Qt port:
The MTP3 statistics and summary dialogs have been added.
The WAP-WSP statistics dialog has been added.
The UDP multicast statistics dialog has been added.
The WLAN statistics dialog has been added.
The display filter macros dialog has been added.
The capture file properties dialog now includes packet comments.
Many more statistics dialogs can be opened from the command line via -z ....
Most dialogs now have a cancellable progress bar.
Many packet list and packet detail context menus items have been added.
Lua plugins can be reloaded from the Analyze menu.
Many bug fixes and improvements.

[close]

http://www.wireshark.org/

[SiLæncer]

Changelog

Bug Fixes

The following vulnerabilities have been fixed.

    wnpa-sec-2015-30

    Pcapng file parser crash. Discovered by Dario Lombardo and Shannon Sabens. (Bug 11455) CVE-2015-7830

The following bugs have been fixed:

    Last Address field for IPv6 RPL routing header is interpreted incorrectly. (Bug 10560)
    Comparing two capture files crashes Wireshark when navigating the results. (Bug 11098)
    802.11 frame is not correctly dissected if it contains HT Control. (Bug 11351)
    GVCP bit-fields not updated. (Bug 11442)
    Tshark crash when specifying ssl.keys_list on CLI. (Bug 11443)
    pcapng: SPB capture length is incorrectly truncated if IDB snaplen = 0. (Bug 11483)
    pcapng: NRB IPv4 address is endian swapped but shouldn’t be. (Bug 11484)
    pcapng: NRB with options causes file read failure. (Bug 11485)
    pcapng: ISB without if_drop option is shown as max value. (Bug 11489)
    UNISTIM dissector - Message length not included in offset for "Select Adjustable Rx Volume". (Bug 11497)

2.2. New and Updated Features

There are no new features in this release.
2.3. New Protocol Support

There are no new protocols in this release.
2.4. Updated Protocol Support

DIAMETER, GVCP, IEEE 802.11, IPv6, and UNISTIM

[close]

http://www.wireshark.org/

[SiLæncer]

Whats new:>>

Several dissector and Qt UI crash bugs have been fixed

Qt port:

The SIP Statistics dialog has been added
You can now create filter expressions from the display filter toolbar
Bugs in the UAT prefererences dialog has been fixed

http://www.wireshark.org/

[SiLæncer]

Whats new:>>

”'File” - Merge no longer crashes on Windows. Bug Bug 11684.
Icons in the main toolbar obey magnification settings on Windows. Bug Bug 11675.
The Windows installer does a better job of detecting WinPcap. Bug Bug 10867.
The main window no longer appears off-screen on Windows. Bug Bug 11568.

http://www.wireshark.org/