Wireshark 1.6.5 released

The latest version of Wireshark is out now and Wireshark 1.6.5 is available for download. This new verison has fixed many known vulnerabilities of previous versions.

This version has not added any protocol but there is updated support for all existing protocols.

These are the main features of this tool:

• Deep inspection of hundreds of protocols, with more being added all the time


• Live capture and offline analysis


• Standard three-pane packet browser


• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others


• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility


• The most powerful display filters in the industry


• Rich VoIP analysis


• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others


• Capture files compressed with gzip can be decompressed on the fly


• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)


• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2


• Coloring rules can be applied to the packet list for quick, intuitive analysis


• Output can be exported to XML, PostScript®, CSV, or plain text

The following vulnerabilities have been fixed:

•  Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats.


•  Wireshark could dereference a NULL pointer and crash.


•  The RLC dissector could overflow a buffer.

The following bugs have been fixed:

•  "Closing File!" Dialog Hangs.


•  Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it.


•  Incorrect time differences displayed with time reference set.


•  Wrong packet type association of SNMP trap after TFTP transfer.


•  SSL/TLS decryption needs wireshark to be rebooted.


•  Export HTTP Objects -> save all crashes Wireshark.


•  Wireshark Netflow dissector complains there is no template found though the template is exported.


•  DCERPC EPM tower UUID must be interpreted always as little endian.


•  Crash if no recent files.


•  IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum.


•  IPv4 UDP/TCP Checksum incorrect if routing header present.


•  Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194.


•  Various crashes after loading NetMon2.x capture file.


•  Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined).


•  SIGSEGV in SVN 40046.


•  Wireshark dissects TCP option 25 as an "April 1" option.


•  ZigBee ZCL Dissector reports invalid status.


•  ICMPv6 DNSSL option malformed on padding.


•  Wrong tvb_get_bits function call in packet-csn1.c.


•  [UDP] - Length Field of Pseudo Header while computing CheckSum is not correct.


•  pcapio.c: bug in libpcap_write_interface_description_block.


•  Memory leaks in various dissectors.


•  Bytes highlighted in wrong Byte pane when field selected in Details pane.