home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2006 February
/
PCWorld_2006-02_cd.bin
/
software
/
vyzkuste
/
spioni
/
spioni.exe
/
ethereal-setup-0.10.14.exe
/
NEWS.txt
< prev
next >
Wrap
Text File
|
2005-12-27
|
57KB
|
1,913 lines
$Id: NEWS 16905 2005-12-27 17:18:28Z gerald $
== December 27, 2005
Ethereal 0.10.14 has been released.
Bug Fixes
Three security vulnerabilities have been fixed since the previous
release. See the [1]application advisory for more details.
o The IRC dissector could go into an infinite loop. Versions
affected: 0.10.13.
o The GTP dissector could go into an infinite loop. Versions
affected: 0.9.1 to 0.10.13.
o iDefense found a buffer overflow in the OSPF dissector.
Versions affected: 0.8.20 to 0.10.13.
New and Updated Features
The following features are new (or have been significantly
updated) since the last release:
o The Windows installer now ships with GTK+ 2.6 instead of GTK+
2.4. This should fix several long-standing bugs.
o If you're loading a saved capture file and press "Cancel",
Ethereal will now display the packets read up to that point.
In previous versions, Ethereal would abort the attempt
completely and clear the packet list.
This means that if you're loding a huge capture file, you can
stop loading in the middle and still be able to analyze part
of the file.
o The maximum number of files allowed in a ring buffer has been
increased from 1024 to 10,000.
o OID to name resolution has been improved.
o TCP graphs now handle upper and lower bounds better.
New Protocol Support
3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB,
NBAP, NCP SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC,
UDP-Lite, X.501
Updated Protocol Support
ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL,
CMP, CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN,
NT, WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric,
FC-DNS, FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235,
H.245, H.248, H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6,
IRC, ISIS LSP, ISUP, IUUP, Juniper, LLDP, M3UA, MIP, MIPv6,
Modbus/TCP, MTP3, NCP, NDPS, NDS, NEMO, NMAS, NTLMSSP, OSPF, PER,
PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931, RADIUS, RANAP, RDT, RLOGIN,
RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP, SCTP, SES, SIP, SMB,
SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication, X.411, X.420,
X.509
New and Updated Capture File Support
DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces,
Tektronix K12
Getting Ethereal
Microsoft Windows
Download ethereal-setup-0.10.14.exe from the [2]Windows download
area on the main web site. Double-click the installer executable.
Sun Solaris
Download the appropriate package from the [3]Solaris download area
on the main web site. Uncompress the package using bzip2, and
install it using pkgadd.
Source Code
Download ethereal-0.10.14.tar.gz from the [4]main download area on
the web site. Extract the package using tar and gzip. Run
"configure ; make ; make install".
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Ethereal packages.
You can install or upgrade Ethereal using the package management
system specific to that platform. A list of third-party packages
can be found on the [5]download page on the Ethereal web site.
File Locations
Ethereal and Tethereal look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform. You can use
About->Folders to find the default locations on your system.
Known Problems
On Windows systems the packet list scroll bar can sometimes
disappear or become unusable. Until the problem is fixed you can
work around it by resizing the packet list or the main window.
([6]Bug #220)
Getting Help
Community support is available on the ethereal-users mailing list.
Subscription information and archives for all of Ethereal's
mailing lists can be found on [7]the web site. There is also an
[8]IRC channel dedicated to Ethereal.
Commercial support, training, and development services are
available from [9]Ethereal Software.
Frequently Asked Questions
A complete FAQ is available on the [10]Ethereal web site.
References
Visible links
1. http://www.ethereal.com/appnotes/enpa-sa-00022.html
2. http://www.ethereal.com/docs/distribution/win32/
3. http://www.ethereal.com/docs/distribution/solaris/
4. http://www.ethereal.com/docs/distribution/
5. http://www.ethereal.com/download.html#otherplat
6. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
7. http://www.ethereal.com/lists/
8. irc://irc.freenode.net/ethereal
9. http://www.etherealsoft.com/
10. http://www.ethereal.com/faq.html
== October 17, 2005
Ethereal 0.10.13 has been released.
Bug Fixes
Several security vulnerabilities have been fixed since the previous
release. See the [1]application advisory for more details.
o The ISAKMP dissector could exhaust system memory. Versions affected:
0.10.11 to 0.10.12.
o The FC-FCS dissector could exhaust system memory. Versions affected:
0.9.0 to 0.10.12.
o The RSVP dissector could exhaust system memory. Versions affected:
0.9.4 to 0.10.12.
o The ISIS LSP dissector could exhaust system memory. Versions affected:
0.8.18 to 0.10.12.
o The IrDA dissector could crash. Versions affected: 0.10.0 to 0.10.12.
o The SLIMP3 dissector could overflow a buffer. Versions affected: 0.9.1
to 0.10.12.
o The BER dissector was susceptible to an infinite loop. Versions
affected: 0.10.3 to 0.10.12.
o The SCSI dissector could dereference a null pointer and crash.
Versions affected: 0.10.3 to 0.10.12.
o If the "Dissect unknown RPC program numbers" option was enabled, the
ONC RPC dissector might be able to exhaust system memory. This option
is disabled by default. Versions affected: 0.7.7 to 0.10.12.
o The sFlow dissector could dereference a null pointer and crash.
Versions affected: 0.9.14 to 0.10.12.
o The RTnet dissector could dereference a null pointer and crash.
Versions affected: 0.10.8 to 0.10.12.
o The SigComp UDVM could go into an infinite loop or crash. Versions
affected: 0.10.12.
o If SMB transaction payload reassembly is enabled the SMB dissector
could crash. This preference is disabled by default. Versions
affected: 0.9.7 to 0.10.12.
o The X11 dissector could attempt to divide by zero. Versions affected:
0.10.1 to 0.10.12.
o The AgentX dissector could overflow a buffer. Versions affected:
0.10.10 to 0.10.12.
o The WSP dissector could free an invalid pointer. Versions affected:
0.10.1 to 0.10.12.
o iDEFENSE found a buffer overflow in the SRVLOC dissector. Versions
affected: 0.10.0 to 0.10.12.
When trying to save a flow graph, Ethereal could crash.
When viewing protocol hierarchy statistics, Ethereal and Tethereal could
crash.
The PCRE library that ships with the Windows installer has been upgraded
from version 4.4 to 6.3 in response to a [2]security vulnerability.
New and Updated Features
The following features are new (or have been significantly updated) since
the last release:
o The timestamp display precision of the Packet List can be adjusted
now. The precision will be automatically adjusted depending on the
file format loaded, e.g. libpcap typically uses microsecond resolution
displayed like "0.000000". In addition you can adjust the precision
manually through the View/Time Display Format menu items.
o The WinPcap version 3.1 installer was released since the last Ethereal
release. The version included in the Ethereal Windows installer has
been updated from 3.1 beta 4 to 3.1. If you want to upgrade WinPcap
separately or install a different version you can download it from:
[3]the WinPcap web site.
o The behavior of the display filter "ip.checksum_bad" has changed.
Instead of merely checking for its presence you must now make sure it
is set, e.g. instead of using "ip.checksum_bad" you must now use
"ip.checksum_bad == 1".
o A new capture file format "Nanosecond libpcap (Ethereal)" was added.
It is very similar to the common libpcap file format but is capable of
keeping nanosecond resolution timestamps. This format is currently
supported only by Ethereal.
o Ethereal's memory managment has been greatly improved.
o Ethereal can now save gzip-compressed capture files.
New Protocol Support
CIMD, CISCOWL-L2, DCCP, EDP, GNM, LLDP, ROS, RTSE, STANAG 4406, WINS
Replication, X.411, X.420
Updated Protocol Support
802.11 Radiotap, A11, AARP, ACSE, ACtrace, AFP, AFS, AgentX, AIM, AJP13,
ALCAP, AMR, ANSI A, ANSI IS-637-A, ANSI IS-683-A, ANSI IS-801, ANSI MAP,
AOE, AppleTalk, Armagetronad, ARP, ASAP, ASN.1, BACapp, BER, BGP,
BitTorrent, BOOTP, CAMEL, CLNP, CMIP, CMP, CMS, COPS, CRMF, CSM_ENCAPS,
DAAP, DCERPC (ATSVC, DCE_DFS, FLDB, INITSHUTDOWN, LSA, NETLOGON, NT, SAMR,
SPOOLSS, WINREG), DCM, DCOM, DHCP Failover, DIAMETER, ENRP, ESS, FC, FCCT,
FCDNS, FCELS, FCFCS, FCFZS, FCP, FCSWILS, FTAM, GIOP, GPRS LLC, GSM, GTP,
H1, H.225, H.235, H.245, H.248, H.261, H.263, H.450, HSRP, HTTP, IAX2,
IEEE 802.11, IEEE 802.3, IEEE 802.3 Slow protocols, IP, IP/IEEE1394, IRC,
IrDA, ISAKMP, iSCSI, ISIS, ISUP, Jabber, JFIF, Juniper, JXTA, K12,
Kerberos, LDAP, LDP, LLC, LPD, MAP_DialoguePDU, MDSHDR, Media, MEGACO,
MGCP, MIME multipart, MMS, MOUNT, MQ, MSMMS, NBNS, NDMP, NS_CERT_EXTS,
OCSP, OPSI, OSPF, PARLAY, PER, PKINIT, PKIX, PN-RT, PPP, PRES, PTP,
RADIUS, RDT, RPC, RSVP, RTCP, RTnet, RTSP, SCCP, SCSI, SCTP, SES, sFlow,
SIGCOMP, SIP, SliMP3, SMB, SMPP, SMRSE, SNA, SNMP, SPNEGO, SRVLOC, STUN,
T.38, TCAP, TCP, Text, TPKT, UMA, WBXML, WLANCERTEXTN, WSP, X11, X.25,
X.509, XML, YMSG
New and Updated Capture File Support
5Views, AiroPeek, ERF, EtherPeek, i4btrace, LANAlyzer, Libpcap, Windows
Sniffer, Tektronix K12
Getting Ethereal
Microsoft Windows
Download ethereal-setup-0.10.13.exe from the [4]Windows download area on
the main web site. Double-click the installer executable.
Sun Solaris
Download the appropriate package from the [5]Solaris download area on the
main web site. Uncompress the package using bzip2, and install it using
pkgadd.
Source Code
Download ethereal-0.10.13.tar.gz from the [6]main download area on the web
site. Extract the package using tar and gzip. Run "configure ; make ; make
install".
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Ethereal packages. You can
install or upgrade Ethereal using the package management system specific
to that platform. A list of third-party packages can be found on the
[7]download page on the Ethereal web site.
File Locations
Ethereal and Tethereal look in several different locations for preference
files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary
from platform to platform. You can use About->Folders to find the default
locations on your system.
Known Problems
On Windows systems the packet list scroll bar can sometimes disappear or
become unusable. Until the problem is fixed you can work around it by
resizing the packet list or the main window. ([8]Bug #220)
Getting Help
Community support is available on the ethereal-users mailing list.
Subscription information and archives for all of Ethereal's mailing lists
can be found on [9]the web site. There is also an [10]IRC channel
dedicated to Ethereal.
Commercial support, training, and development services are available from
[11]Ethereal Software.
Frequently Asked Questions
A complete FAQ is available on the [12]Ethereal web site.
References
Visible links
1. http://www.ethereal.com/appnotes/enpa-sa-00021.html
2. http://www.securityfocus.com/bid/14620
3. http://www.winpcap.org/
4. http://www.ethereal.com/docs/distribution/win32/
5. http://www.ethereal.com/docs/distribution/solaris/
6. http://www.ethereal.com/docs/distribution/
7. http://www.ethereal.com/download.html#otherplat
8. http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=220
9. http://www.ethereal.com/lists/
10. irc://irc.freenode.net/ethereal
11. http://www.etherealsoft.com/
12. http://www.ethereal.com/faq.html
== July 26, 2005
Ethereal 0.10.12 has been released.
Our testing program has turned up several more security issues:
The LDAP dissector could free static memory and crash.
Versions affected: 0.8.5 to 0.10.11
The AgentX dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The 802.3 dissector could go into an infinite loop.
Versions affected: 0.8.16 to 0.10.11
The PER dissector could abort.
Versions affected: 0.10.5 to 0.10.11
The DHCP dissector could go into an infinite loop.
Versions affected: 0.10.7 to 0.10.11
The BER dissector could abort or loop infinitely.
Version affected: 0.10.11
The MEGACO dissector could go into an infinite loop.
Versions affected: 0.9.14 to 0.10.11
The GIOP dissector could dereference a null pointer.
Versions affected: 0.8.20 to 0.10.11
The SMB dissector was susceptible to a buffer overflow.
Versions affected: 0.9.12 to 0.10.11
The WBXML could dereference a null pointer.
Versions affected: 0.10.1 to 0.10.11
The H1 dissector could go into an infinite loop.
Versions affected: 0.8.15 to 0.10.11
The DOCSIS dissector could cause a crash.
Versions affected: 0.9.13 to 0.10.11
The SMPP dissector could go into an infinite loop.
Versions affected: 0.10.1 to 0.10.11
SCTP graphs could crash.
Version affected: 0.10.11
The HTTP dissector could crash.
Versions affected: 0.10.4 to 0.10.11
The SMB dissector could go into a large loop.
Versions affected: 0.9.0 to 0.10.11
The DCERPC dissector could crash.
Versions affected: 0.9.16 to 0.10.11.
Several dissectors could crash while reassembling packets.
Versions affected: 0.9.0 to 0.10.11
Steve Grubb at Red Hat found the following issues:
The CAMEL dissector could dereference a null pointer.
Version affected: 0.10.11
The DHCP dissector could crash.
Versions affected: 0.10.4 to 0.10.11
The CAMEL dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The PER dissector could crash.
Versions affected: 0.10.10 to 0.10.11
The RADIUS dissector could crash.
Versions affected: 0.9.4 to 0.10.11
The Telnet dissector could crash.
Versions affected: 0.9.10 to 0.10.11
The IS-IS LSP dissector could crash.
Versions affected: 0.8.19 to 0.10.11
The NCP dissector could crash.
Versions affected: 0.9.15 to 0.10.11
iDEFENSE found the following issues:
Several dissectors were susceptible to a format string overflow.
Versions affected: 0.9.4 to 0.10.11
Ethereal uses the zlib compression library. Security vulnerabilities
have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
now ships with zlib 1.2.3, which fixes these vulnerabilities.
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00020.html
Everyone is encouraged to upgrade.
New and updated features
The Windows installer now includes the WinPcap 3.1 beta 4 installer.
You don't have to download and install it separately.
RADIUS dictionaries are now included.
A lot of documentation was updated
Some command line parameters have changed, see the Ethereal / Tethereal
manual pages
A "File/File Set" submenu was added to better handle multiple files
(such as ring buffers).
Flow graphs can now be created for any protocol.
Memory management has been greatly improved.
JXTA has been added to the conversations menu.
When compiled with MIT/Heimdal Kerberos AND if keytab files are
provided, Ethereal can now decrypt and dissect both SecureLDAP and
encrypted DCE/RPC.
TCP Sequence graphs should now work for all captures and all
encapsulation types.
New protocol support
ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing,
DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay,
Synergy, TANGO, WLAN Certificate Extensions
Updated protocol support
802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC,
Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM,
DNP, DNS, DOCSIS, EAP, Ethernet, FC ELS, FCIP, FCP, FC-SWILS, GIOP,
GSM A, GSM MAP, GSSAPI, GTP, H1, H.221, H.225, H.235, H.245, H.248,
H.450, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.11, IEEE 802.3, iFCP,
IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC,
LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, OSPF,
PER, PPP, PRES, PROFINET, RDT, RMT, RPC, RSVP, Rsync, RTP, RTSP, SCSI,
SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP,
Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV
New and updated capture file support
HP Nettl, Tektronix K12
== May 4, 2005
Ethereal 0.10.11 has been released.
An aggressive testing program as well as independent discovery has turned
up a multitude of security issues:
The ANSI A dissector was susceptible to format string vulnerabilities.
Discovered by Bryan Fulton.
Versions affected: 0.9.15 to 0.10.10
The GSM MAP dissector could crash.
Versions affected: 0.10.0 to 0.10.10
The AIM dissector could cause a crash.
Versions affected: 0.9.14 to 0.10.10
The DISTCC dissector was susceptible to a buffer overflow.
Discovered by Ilja van Sprundel
Versions affected: 0.9.13 to 0.10.10
The FCELS dissector was susceptible to a buffer overflow.
Discovered by Neil Kettle
Versions affected: 0.9.9 to 0.10.10
The SIP dissector was susceptible to a buffer overflow.
Discovered by Ejovi Nuwere.
Versions affected: 0.10.0 to 0.10.10
The KINK dissector was susceptible to a null pointer exception,
endless looping, and other problems.
Versions affected: 0.10.10
The LMP dissector was susceptible to an endless loop.
Versions affected: 0.9.4 to 0.10.10
The Telnet dissector could abort.
Versions affected: 0.9.10 to 0.10.10
The TZSP dissector could cause a segmentation fault.
Versions affected: 0.10.10 to 0.10.10
The WSP dissector was susceptible to a null pointer exception and
assertions.
Versions affected: 0.10.0 to 0.10.10
The 802.3 Slow protocols dissector could throw an assertion.
Versions affected: 0.10.10
The BER dissector could throw assertions.
Versions affected: 0.10.2 to 0.10.10
The SMB Mailslot dissector was susceptible to a null pointer exception
and could throw assertions.
Versions affected: 0.9.0 to 0.10.10
The H.245 dissector was susceptible to a null pointer exception.
Versions affected: 0.10.10
The Bittorrent dissector could cause a segmentation fault.
Versions affected: 0.10.8 to 0.10.10
The SMB dissector could cause a segmentation fault and throw assertions.
Versions affected: 0.9.0 to 0.10.10
The Fibre Channel dissector could cause a crash.
Versions affected: 0.9.9 to 0.10.10
The DICOM dissector could attempt to allocate large amounts of memory.
Versions affected: 0.10.4 to 0.10.10
The MGCP dissector was susceptible to a null pointer exception, could
loop indefinitely, and segfault.
Versions affected: 0.8.14 to 0.10.10
The RSVP dissector could loop indefinitely.
Versions affected: 0.9.8 to 0.10.10
The DHCP dissector was susceptible to format string vulnerabilities, and
could abort.
Versions affected: 0.10.7 to 0.10.10
The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
Versions affected: 0.9.8 to 0.10.10
The EIGRP dissector could loop indefinitely.
Versions affected: 0.8.18 to 0.10.10
The ISIS dissector could overflow a buffer.
Versions affected: 0.8.18 to 0.10.10
The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
and X.509 dissectors could overflow buffers.
Versions affected: 0.10.4 to 0.10.10
The NDPS dissector could exhaust system memory or cause an assertion,
or crash.
Versions affected: 0.9.12 to 0.10.10
The Q.931 dissector could try to free a null pointer and overflow
a buffer.
Versions affected: 0.10.10
The IAX2 dissector could throw an assertion.
Versions affected: 0.10.1 to 0.10.10
The ICEP dissector could try to free the same memory twice.
Versions affected: 0.10.7 to 0.10.10
The MEGACO dissector was susceptible to an infinite loop and a buffer
overflow.
Versions affected: 0.9.14 to 0.10.10
The DLSw dissector was susceptible to an infinite loop.
Versions affected: 0.9.1 to 0.10.10
The RPC dissector was susceptible to a null pointer exception.
Versions affected: 0.9.2 to 0.10.10
The NCP dissector could overflow a buffer or loop for a large amount
of time.
Versions affected: 0.10.5 to 0.10.10
The RADIUS dissector could throw an assertion.
Versions affected: 0.10.3 to 0.10.10
The GSM dissector could access an invalid pointer.
Versions affected: 0.10.10
The SMB PIPE dissector could throw an assertion.
Versions affected: 0.9.0 to 0.10.10
The L2TP dissector was susceptible to an infinite loop.
Versions affected: 0.10.9 to 0.10.10
The SMB NETLOGON dissector could dereference a null pointer.
Versions affected: 0.9.12 to 0.10.10
The MRDISC dissector could throw an assertion.
Versions affected: 0.8.19 to 0.10.10
The ISUP dissector could overflow a buffer or cause a segmentation fault.
Versions affected: 0.8.19 to 0.10.10
The LDAP dissector could crash.
Versions affected: 0.10.1 to 0.10.10
The TCAP dissector could overflow a buffer or throw an assertion.
Versions affected: 0.10.8 to 0.10.10
The NTLMSSP dissector could crash.
Versions affected: 0.9.7 to 0.10.10
Additionally, a number of dissectors could throw an assertion when
passing an invalid protocol tree item length.
Versions affected: 0.10.8 to 0.10.10
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00019.html
Everyone is encouraged to upgrade.
New and updated features
New protocol support
Updated protocol support
New and updated capture file support
== March 11, 2005
Ethereal 0.10.10 has been released.
This release fixes three security and stability-related issues:
Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
(CAN-2005-0704)
The GPRS-LLC dissector could crash if the "ignore cipher bit" option
was enabled. (CAN-2005-0705)
Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
This flaw was later reported by Leon Juranic. (CAN-2005-0699)
Leon Juranic discovered a buffer overflow in the IAPP dissector.
A bug in the JXTA dissector could make Ethereal crash.
A bug in the sFlow dissector could make Ethereal crash.
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00018.html
Everyone is encouraged to upgrade.
New and updated features
Tree view item context menus now let you browse to the display filter
reference and wiki pages for a particular protocol.
Online help has been expanded.
VoIP call analysis (including nifty connection diagrams) has been
added.
GSS-API decryption has been greatly enhanced.
New protocol support
AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
Updated protocol support
3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
SPNEGO, SSL, STUN, TCAP, TCP, TZSP
New and updated capture file support
DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
== January 19, 2005
Ethereal 0.10.9 has been released.
This release fixes the following security-related issues:
The COPS dissector could go into an infinite loop. (CAN-2005-0006)
The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0007)
The DNP dissector could cause memory corruption. (CAN-2005-0008)
The Gnutella dissector could cause an assertion, making Ethereal
exit prematurely. (CAN-2005-0009)
The MMSE dissector could free static memory. (CAN-2005-0010)
The X11 protocol dissector is vulnerable to a string buffer overflow.
(CAN-2005-0084)
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00017.html
Everyone is encouraged to upgrade.
New and updated features
Ethereal will now detect and flag weak 802.11 WEP IVs.
Windows Sniffer timestamp handling has been greatly improved.
A bug which made Ethereal crash at startup on Windows 98 and Windows
ME systems has been fixed.
Ethereal and Tethereal now support a personal "hosts" file.
Invalid field length handling has been greatly improved.
The capture progress window title now shows the interface name.
New protocol support
ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
Updated protocol support
AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
SSL/TLS, T.38, TACACS, TCAP, TCP, X11
New and updated capture file support
Windows Sniffer
== December 15, 2004
Ethereal 0.10.8 has been released.
This release fixes the following security-related issues:
Matthew Bing discovered a bug in DICOM dissection that could make
Ethereal crash. (CAN-2004-1139)
An invalid RTP timestamp could make Ethereal hang and create a large
temporary file, possibly filling available disk space. (CAN-2004-1140)
The HTTP dissector could access previously-freed memory, causing a
crash. (CAN-2004-1141)
Brian Caswell discovered that an improperly formatted SMB packet could
make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00016.html
Everyone is encouraged to upgrade.
New and updated features
Ethereal now has a packet history, similar to most web browsers.
Ethereal now supports custom window titles.
Minor performance enhancements have been added.
RTP analysis has been enhanced.
Host name resolution has been improved.
Ethereal can now track TCP PDU times. See
http://wiki.ethereal.com/TcpPduTime for more details.
Ethereal now ships with netscreen2dump.py, a utility which converts
netscreen packet-trace hex dumps to hex dumps that can be read by
text2pcap.
New protocol support
AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
and Session Management, GSM MAP, Extended Security Services, Logotype
Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
Updated protocol support
3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
X.509af, X.509ce, X.509if, X.509sat,
New and updated capture file support
pppdump
== October 20, 2004
Ethereal 0.10.7 has been released.
The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
libraries which fix several known bugs. Unfortunately, a few known
GLib/GTK+ bugs remain.
In order to avoid a naming conflict with the tcpreplay project, the
"capinfo" utility has been renamed to "capinfos".
New and updated features
Search wrapping is now a configurable option.
A lot of material has been added to the Developer's Guide. The User's Guide
has been updated as well.
The "Decode As..." dialog now supports DCERPC and SCTP.
The "Help" menu now includes a link to the wiki.
H.323 call analysis is now supported.
New protocol support
Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
Updated protocol support
AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
New and updated capture file support
HP-UX nettl, NG Sniffer
== August 12, 2004
Ethereal 0.10.6 has been released.
This release fixes a preferences bug present in Ethereal which displayed
(ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
(gtk_window_resize): assertion `height > 0' failed
at program startup. A workaround for 0.10.5 is described in
http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
A new command-line utility called "capinfo" has been added to the
distribution which prints statistics about capture files.
You can now copy conversation and endpoint data to other applications as
CSV data.
New and updated features
X.509 support has been added.
Crash bugs have been fixed in the RTP and NCP dissectors.
PostScript(r) output has been improved.
A bug that prevented mergecap from creating a new output file has been
fixed.
Conversation and endpoint performance has been enhanced. General packet
display performance has been enhanced.
The conversation and host list tools have been renamed to be less
confusing.
You can now copy conversation and host list data as CSV data.
RTP analysis can now dynamically determine the proper clock rate.
New protocol support
AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
X.509AF, X.509CE, X.509IF, X.509SAT
Updated protocol support
802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
New and updated capture file support
LANalyzer
== July 7, 2004
Ethereal 0.10.5 has been released.
This release fixes bugs in iSNS, SMB, and SNMP, as described in the
following advisory:
http://www.ethereal.com/appnotes/enpa-sa-00015.html
Everyone is encouraged to upgrade.
New and updated features
Ethereal can now merge multiple files (you don't have to resort to
mergecap on the command line).
A preview pane has been added to the file dialog.
The capture progress dialog can now be disabled.
The about dialog has received further improvements.
The behavior of Ethereal's dialog windows has been normalized somewhat.
The Windows installer can now associate standard file extensions
with Ethereal.
Ethereal can be configured not to bug you about unsaved captures.
Ethereal can open help documentation using the default web browser.
New protocol support
DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
Updated protocol support
AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
VRRP, WBXML (User-Agent Profile), WSP, X11
New and updated capture file support
Radcom
== May 13, 2004
Ethereal 0.10.4 has been released.
This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
the following advisory:
http://www.ethereal.com/appnotes/enpa-sa-00014.html
Everyone is encouraged to upgrade.
New and updated features
When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
selection dialog.
Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
PostScript(R) output has been improved.
The screen layout of the main window can be changed by Preferences now.
Many other parts of the user interface have received improvements.
Compressed and chunked transfer-coded HTTP bodies are now decoded.
A new generic media dissector more cleanly handles HTTP and WSP
Content-Type information.
New protocol support
ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
Updated protocol support
3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
Capture file support
EyeSDN, nettl
== March 25, 2004
Ethereal 0.10.3 has been released.
This release fixes several security bugs described in the following
advisory:
http://www.ethereal.com/appnotes/enpa-sa-00013.html
Everyone is encouraged to upgrade.
New and updated features
Display filters now support the bitwise and (&) operator.
Protocol hierarchy statistics now have bandwidth columns.
The capture dialog has a new layout.
New protocol support
3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
MQ, Presentation, SLSK,
Updated protocol support
802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
Capture file support
EyeSDN, libpcap (tcpdump)
== February 23, 2004
Ethereal 0.10.2 has been released.
This release fixes two major bugs in 0.10.1:
Under Windows, the error
** WARNING **: error opening
/usr/local/share/ethereal/asn1/default.tt, No such file or
directory
would be printed at startup.
The 0.10.1 source release was missing several files required for
compiling.
New and updated features
The user interface has received further updates. The Statistics
menu
layout has been improved, as well as the capture options dialog
layout.
New protocol support
Cisco Cast Client Control Protocol
Updated protocol support
AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
HTTP,
IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
TCAP, TDS
== February 18, 2004
Ethereal 0.10.1 has been released.
New and updated features
The Windows installer now lets you choose between the traditional
GTK+
version 1 interface and a new GTK+ 2 interface.
Several updates were made to Ethereal's user interface. The "File"
menu
now has a "most recently used" list. The help menu was greatly
expanded.
The "matches" operator now handles more data types. For example,
you can
now use
smtp matches joespammer@example.com
as a display filter.
I/O statistics now support 1ms resolution.
Bug fixes
A column resorting crash on the Windows platform was fixed.
New protocol support
EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
Updated protocol support
ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
CLNP,
COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
FC-IP,
FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
se),
GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
IPv6,
MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
RADIUS,
RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
SNMP,
SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
Teredo,
Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
Updated capture file support
DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
Snoop
== December 12, 2003
Ethereal 0.10.0 has been released.
This release fixes issues in the SMB and Q.931 dissectors that could
make Ethereal and Tethereal crash. See
http://www.ethereal.com/appnotes/enpa-sa-00012.html
for more details.
New and updated features
Many performance improvements have been made to the code. Most
users
should see a 2x to 3x performance increase when loading and working
with
capture files.
A "matches" display filter operator has been added. It is similar
to
the "contains" operator, but supports Perl-compatible regular
expressions.
Tethereal can now dump packet data in XML (PDML) format.
The main application menus have been rearranged and the help windows
have been revamped, along with a host of other UI enhancements.
The capture progress window now features bar graphs.
The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
Windows
installer have been updated.
New protocol support
BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
RS_PROP_ACCT}
IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
Updated protocol support
ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
{DCOM,
EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
DTAP,
ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
MAP,
H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
SRVLOC,
SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
Updated capture file support
AiroPeek v9 (2.x) support was added. Network Instruments Observer
and
Snoop support was updated.
== November 2, 2003
Ethereal 0.9.16 has been released.
This release fixes potential security issues with the GTP, ISAKMP,
MEGACO, and SOCKS dissectors. See
http://www.ethereal.com/appnotes/enpa-sa-00011.html
for more details.
New and updated features
Ethereal has leapt forward into the 90's and added a toolbar.
Ethereal and Tethereal can now force the data link type of captured
frames.
RTP analysis has been enhanced.
Individual frames can now be marked as time references
Service response time and general I/O statistics have been enhanced.
I/O
statistics can now calculate client load (experimental).
New protocol support
ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
GSM
SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
(OTA), T.38, TCAP, TPCP
Updated protocol support
AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
DCE/RPC
DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
Relay,
FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
RIP,
RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
SONMP,
SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
X.25, Yahoo! Messenger
Updated capture file support
Linux Bluez Bluetooth hcidump support has been added.
Endace ERF and Network Instruments Observer, and NetXRay support has
been enhanced.
== September 9, 2003
Ethereal 0.9.15 has been released.
New and updated features
Many often-requested features have been added with this release. If
you're running an older version of Ethereal you may want to have a
look.
Conversation List (aka "top talker") support has been added to
Ethereal
and Tethereal. Protocol statistics in general have been updated.
Searching capture files has been improved even more -- a new
"contains"
display filter operator that searches for strings in PDUs has been
added. The Find dialog now supports case-insensitive searches, hex
data
searches, and more.
An H.225 dissector has been added. It can automatically recognize
RTP
and RTCP conversations.
A preference file has been added for disabled protocols.
Color filters may now be imported and exported from within Ethereal.
A new column type has been added for cumulative bytes.
New protocols
GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
Updated protocols
ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
Ethernet,
FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
M3UA,
MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
WSP,
Updated capture file support
Support for Accellent 5Views and Endace ERF capture files was added.
CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
== July 23, 2003
Ethereal 0.9.14 has been released.
New and updated features
The ringbuffer code has been (nearly) completely rewritten. It now
supports an unlimited number of files.
Ethereal now supports searching for arbitrary text and binary data
in
frames.
Service response time statistics have been enhanced.
Tethereal, the text-mode version of Ethereal, can now be compiled
without capture support.
New and updated features
Echo, eDonkey, Jabber, MS Messenger, sFlow
Updated protocols
AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
H.245,
IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
NDS,
NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
SNA,
SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
WTP,
X11, Zebra
Updated capture file support
LANalyzer, NetXRay
== June 11, 2003
Ethereal 0.9.13 has been released.
This release fixes a large number of security issues discovered by
Timo
Sirainen and others. See
http://www.ethereal.com/appnotes/enpa-sa-00010.html
for more details.
New and updated features
Ethereal now supports a system-wide color filter file.
Support for the GNU ADNS library has been added. ADNS allows
asynchronous DNS lookups.
"Decode As..." functionality has been added to Tethereal via the "-
d"
flag.
The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
now
shown in the protocol tree.
New protocols
distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
Updated protocols
802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
FDDI,
GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
WSP,
WTP
Updated capture file support
HP-UX nettl, VMS UCX$TRACE
== May 1, 2003
Ethereal 0.9.12 has been released.
This release fixes several off-by-one and integer overflow errors
discovered by Timo Sirainen. See
http://www.ethereal.com/appnotes/enpa-sa-00009.html
for more details.
New and updated features
TCP sequence number analysis received a few improvements.
General packet reassembly has been improved.
The "Follow TCP Stream" window now allows you to filter out the
current
stream.
The Vines code received significant updates.
Several enhancements were made to the text2pcap utility.
New protocols
ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
Updated protocols
802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
EAP,
IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
M2UA,
M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
PGM,
Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
SUA,
TCP, Telnet, Vines, WBXML, WSP, WTP
Updated capture file support
Netxray
== March 10, 2003
Ethereal 0.9.11 has been released.
The Ethereal 0.9.10 release was packaged improperly. This release
fixes
the packaging, and adds minor updates and fixes for the following
protocols:
AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
IA64 support has been improved.
== March 7, 2003
Ethereal 0.9.10 has been released.
This release fixes a security hole discovered by Georgi Guninski in
the
SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
All users of previous versions are encouraged to upgrade. See
http://www.ethereal.com/appnotes/enpa-sa-00008.html
for more details.
New and Updated Features
Many small updates were made to the user interface.
The "Help" menu now includes the FAQ.
The TCP dissector was enhanced. Many more fields are filterable.
Tethereal received more IO stats: TCP and UDP top talkers.
Packet reassembly has been improved.
The "Follow TCP Stream" feature can now export C byte arrays.
RTP streams can now be saved to a file.
Bug Fixes
A missing comma in a string array could cause Ethereal to crash when
opening the preferences dialog.
New Protocols
MSN Messenger, Rsync, SSH, Yahoo! Messenger
Updated Protocols
AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
DCCP,
DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
LSA,
M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
SNMP,
SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
Wellfleet BofL X.25, X11
Updated Capture File Support
NetXRay, NGSniffer, Snoop
== January 23, 2003
Ethereal 0.9.9 has been released.
Please note the next release will NOT be 1.0. There are still more
features to be added before a 1.0 release will be ready.
New and Updated Features
Plugin search behavior was improved under Unix, allowing more than
one
version of Ethereal to be installed at one time.
The statistics graphs have been enhanced. More statistics have been
added:
Round-trip-time statistics are now computed for SMB traffic.
NCP Call and Reply times are now tracked.
Top talker statistics for Ethernet, IP and Token Ring are now
available (tethereal only).
Color allocation and handling was improved.
The RADIUS dissector can now decrypt user passwords.
Tethereal now supports reading from a pipe under Unix.
The ATM code received major improvements.
The DOS Sniffer code also received major improvements.
For those that compile Ethereal from source, some fixes and updates
have been made to the configuration and build environment.
Bug Fixes
The capture progress window now shows the correct number of elapsed
minutes.
A potential infinite loop in the TCP graphing code has been fixed.
New Protocols
MDSHDR, MEGACO, MySQL, SDLC, X.29
Updated Protocols
802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
DCE
RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
L2TP,
LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
SRVSVC,
SUA, TNS, Token Ring, Wellfleet HDLC, X.25
Updated Capture File Support
Firewall-1, Netmon, NetXRay, Radcom, Sniffer
== December 7, 2002
Ethereal 0.9.8 has been released.
Serious problems with the BGP, LMP, PPP, and TDS dissectors have
been
discovered. See
http://www.ethereal.com/appnotes/enpa-sa-00007.html
for more details.
New and Updated Features
The TAP subsystem received major updates. Tethereal can display
more statistics, and several graphs have been added to Ethereal.
A protocol hierarchy statistics tap was added to tethereal. This
code
may be used to replace the hierarchy statistics code in Ethereal.
More updates have been added to TCP analysis.
After a long hiatus, the Windows installer once again includes SNMP
support.
The total running time of the capture is now displayed in the
capture
progress dialog box. The capture progress dialog also shows ARP
packets.
The look of the plugins dialog was revamped.
Bug Fixes and Updates
A bug which caused Ethereal under Windows to crash when "Update list
of
packets in real time" was enabled has been fixed.
The stability of the text2pcap utility has been improved.
In tethereal, the packet count is properly displayed when you ^C out
of a
capture.
New Protocols
ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
MDNS,
PCLI, RPL
Updated Protocols
AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
NTLMSSP,
OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
WEP,
YPSERV
Updated Capture File Support
AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
== September 28, 2002
Ethereal 0.9.7 has been released.
New Features
In order to improve the out-of-box responsiveness of Ethereal and
Tethereal, network name resolution has been disabled by default.
TCP analysis (a feature added in the 0.9.6 release) was improved.
The NCP code base received quite a few updates.
Initial support for version 2 of the GTK+ library was added.
RPC staticstics (which use the new Tap API) were added.
Due to added and updated support for the NTLM, SNEGO, and GSS-API
protocols, Ethereal can now dissect most of the security blobs for
Windows 2000 authentication.
The Ethernet "manuf" file now handles addresses specified with a
mask, and contains many well-known addresses.
New Protocols
802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
Juniper),
SCCP-Management, SPNEGO
The following DCE/RPC protocols were also added:
AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
DNSSERVER,
DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
REP_PROC,
ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
Updated Protocols
AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
DCE/RPC
NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
IS,
Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
OSI
Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
WSP,
== August 20, 2002
Ethereal 0.9.6 has been released.
Bugs Fixed
A buffer overflow in the ISIS dissector has been fixed. More
information can be found at
http://www.ethereal.com/appnotes/enpa-sa-00006.html.
A bad TCP header could cause problems for the "Follow TCP Stream"
feature.
Setting "column.format" from the command line no longer crashes
Ethereal and Tethereal.
Problems with capture files being overwritten (e.g. if you try to
save over
the current capture file) have been fixed.
An SMB conversation handling bug has been fixed.
Thanks to Valgrind, several memory leaks have been fixed.
Some problems with printing under Windows have been fixed.
New Features
TCP sequence number analysis has been added.
The DCE RPC NETLOGON dissector has received a major overhaul.
Data types throughout the code have been cleaned up.
New Protocols
CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
Updated Protocols
802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
DCERPC
REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
L2TP,
LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
PPP,
Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
Capture File Updates
CheckPoint Firewall-1 monitor file support and CoSine debug file
support
were added. Support for pppdump and Netmon files was updated.
== June 28, 2002
Ethereal 0.9.5 has been released. This version fixes several potential
security problems revealed since the release of 0.9.4. See the
security
advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
more details.
New Features:
The ability to read packet data from a pipe was enhanced. Printing
under Windows now works.
New Protocols
802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
Updated Protocols
ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
WCP, WEP, WSP, WTP
Capture File Updates
Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
NetXRay, and libpcap code all received updates.
