Wireshark 使用说明

Wireshark 1.4.3 Release Notes

------------------------------------------------------------------

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer.

It is used for troubleshooting, analysis, development and

education.

What's New

Bug Fixes

The following vulnerabilities have been fixed. See the security

advisory for details and a workaround.

o FRAsse discovered that the MAC-LTE dissector could overflow a

buffer. (Bug 5530)

Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.

o FRAsse discovered that the ENTTEC dissector could overflow a

buffer. (Bug 5539)

Versions affected: 1.2.0 to 1.2.13 and 1.4.0 to 1.4.2.

CVE-2010-4538

o The ASN.1 BER dissector could assert and make Wireshark exit

prematurely. (Bug 5537)

Versions affected: 1.4.0 to 1.4.2.

The following bugs have been fixed:

o AMQP failed assertion. (Bug 4048)

o Reassemble.c leaks memory for GLIB > 2.8. (Bug 4141)

o Fuzz testing reports possible dissector bug: TCP. (Bug 4211)

o Wrong length calculation in new_octet_aligned_subset_bits()

(PER dissector). (Bug 5393)

o Function dissect_per_bit_string_display might read more bytes than available (PER dissector). (Bug 5394)

o Cannot load wpcap.dll & packet.dll from Wireshark program directory. (Bug 5420)

o Wireshark crashes with Copy -> Description on date/time fields. (Bug 5421)

o DHCPv6 OPTION_CLIENT_FQDN parse error. (Bug 5426)

o Information element Error for supported channels. (Bug 5430)

o Assert when using ASN.1 dissector with loading a 'type table'. (Bug 5447)

o Bug with RWH parsing in Infiniband dissector. (Bug 5444)

o Help->About Wireshark mis-reports OS. (Bug 5453)

o Delegated-IPv6-Prefix(123) is shown incorrect as

X-Ascend-Call-Attempt-Limit(123). (Bug 5455)

o "tshark -r file -T fields" is truncating exported data. (Bug 5463)

o gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet Flow Identifier. (Bug 5475)

o Improper decode of TLS 1.2 packet containing both CertificateRequest and ServerHelloDone messages. (Bug 5485)

o LTE-PDCP UL and DL problem. (Bug 5505)

o CIGI 3.2/3.3 support broken. (Bug 5510)

o Prepare Filter in RTP Streams dialog does not work correctly. (Bug 5513)

o Wrong decode at ethernet OAM Y.1731 ETH-CC. (Bug 5517)

o WPS: RF bands decryption. (Bug 5523)

o Incorrect LTP SDNV value handling. (Bug 5521)

o LTP bug found by randpkt. (Bug 5323)

o Buffer overflow in SNMP EngineID preferences. (Bug 5530)

New and Updated Features

There are no new features in this release.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC, GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T, RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM, WPS

New and Updated Capture File Support

Endace ERF, Microsoft Network Monitor, VMS TCPtrace.

Getting Wireshark

Wireshark source code and installation packages are available from

/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages.

You can usually install or upgrade Wireshark using the package

management system specific to that platform. A list of third-party

packages can be found on the download page on the Wireshark web

site.

File Locations

Wireshark and TShark look in several different locations for

preference files, plugins, SNMP MIBS, and RADIUS dictionaries.

These locations vary from platform to platform. You can use

About->Folders to find the default locations on your system.