Wireshark 1.12.3 Now Available for Download

Wireshark 1.12.3 is now available for download. This is a maintenance release that includes fixing security vulnerabilities and other bugs, and stability improvements over the previous release.

Overview
Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and industries and educational institutions.

Features includes deep inspection of hundreds of protocols, with more being added all the time, Live capture and offline analysis, Standard three-pane packet browser, Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility, and Rich VoIP analysis.

Key Features
Here are key features of Wireshark:
  • Deep inspection of hundreds of protocols, with more being added all the time
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • The most powerful display filters in the industry
  • Rich VoIP analysis
  • Read/write many different capture file formats
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript, CSV, or plain text

Wireshark 1.12 includes a number of new features and improvements. The following features are new or have been significantly updated since version 1.10:
  • The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
  • Expert information is now filterable when the new API is in use.
  • The "Number" column shows related packets and protocol conversation spans (Qt only).
  • When manipulating packets with editcap using the -C and/or -s options, it is now possible to also adjust the original frame length using the -L option.
  • You can now pass the -C option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
  • You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
  • "malformed" display filter has been renamed to "_ws.malformed". A handful of other filters have been given the "_ws." prefix to note they are Wireshark application specific filters and not dissector filters.
  • The Kerberos dissector has been replaced with an auto generated one from ASN1 protocol description, changing a lot of filter names.

Additionally the Windows installers have an extra component: a preview of the upcoming user interface for Wireshark 2.0.

Download Wireshark 1.12.3
To Wireshark, go to the Wireshark - Download website. Download the files most appropriate for you.

What's New in Wireshark 1.12.3
Bug Fixes

The following vulnerabilities have been fixed.
  • wnpa-sec-2015-01: The WCCP dissector could crash. (Bug 10720, Bug 10806) CVE-2015-0559, CVE-2015-0560
  • wnpa-sec-2015-02: The LPP dissector could crash. (Bug 10773) CVE-2015-0561
  • wnpa-sec-2015-03: The DEC DNA Routing Protocol dissector could crash. (Bug 10724) CVE-2015-0562
  • wnpa-sec-2015-04: The SMTP dissector could crash. (Bug 10823) CVE-2015-0563
  • wnpa-sec-2015-05: Wireshark could crash while decypting TLS/SSL sessions. Discovered by Noam Rathaus. CVE-2015-0564

The following bugs have been fixed.
  • WebSocket dissector: empty payload causes DISSECTOR_ASSERT_NOT_REACHED. (Bug 9332)
  • Wireshark crashes if Lua heuristic dissector returns true. (Bug 10233)
  • Display MEP ID in decimal in OAM Y.1731 Synthetic Loss Message and Reply PDU. (Bug 10500)
  • TCP Window Size incorrectly reported in Packet List. (Bug 10514)
  • Status bar "creeps" to the left a few pixels every time Wireshark is opened. (Bug 10518)
  • E-LMI Message type. (Bug 10531)
  • SMTP decoder can dump binary data to terminal in TShark. (Bug 10536)
  • PTPoE dissector gets confused by packets that include an FCS. (Bug 10611)
  • IPv6 Vendor Specific Mobility Option includes the next mobility option type. (Bug 10618)
  • Save PCAP to PCAPng with commentary fails. (Bug 10656)
  • Display filter "frame contains bytes [2342]" causes a crash. (Bug 10690)
  • Multipath TCP: checksum displayed when it’s not there. (Bug 10692)
  • LTE APN-AMBR is decoded incorrectly. (Bug 10699)
  • DNS NAPTR RR Replacement Length is incorrect. (Bug 10700)
  • IPv6 Experimental mobility header data is interpreted as options. (Bug 10703)
  • Dissector bug, protocol SPDY: tvbuff.c:610: failed assertion "tvb && tvb→initialized". (Bug 10704)
  • BGP: Incorrect decoding AS numbers when mixed AS size. (Bug 10742)
  • BGP update community - incorrect decoding. (Bug 10746)
  • Setting a 6LoWPAN context generates a Wireshark crash. (Bug 10747)
  • FC is not dissected (protocol UNKNOWN). (Bug 10751)
  • Crash when displaying several times INFO column. (Bug 10755)
  • Decoding of longitude value in LCSAP (3GPP TS 29.171) is incorrect. (Bug 10767)
  • Crash when enabling FCoIB manual settings without filling address field. (Bug 10796)
  • RSVP RECORD_ROUTE IPv4 Subobject Flags field incorrect decoding. (Bug 10799)
  • Wireshark Lua engine can’t access protocol field type. (Bug 10801)
  • Field Analysis of OpenFlow v1.4 OFPT_SET_ASYNC. (Bug 10808)
  • Lua: getting fieldinfo.value for FT_NONE causes assert. (Bug 10815)

For more information about resources for Wireshark 1.12.3, go to the following website: Wireshark 1.12.3 Release Notes

No comments: