5 Ethereal 0.10.12 has been released.
7 Our testing program has turned up several more security issues:
9 The CAMEL dissector could dereference a null pointer.
10 Discovered by Steve Grubb.
11 Version affected: 0.10.11
13 The LDAP dissector could free static memory and crash.
14 Versions affected: 0.8.5 to 0.10.11
16 The AgentX dissector could crash.
17 Versions affected: 0.10.10 to 0.10.11
19 The 802.3 dissector could go into an infinite loop.
20 Versions affected: 0.8.16 to 0.10.11
22 The PER dissector could abort.
23 Versions affected: 0.10.5 to 0.10.11
25 The DHCP dissector could go into an infinite loop.
26 Versions affected: 0.10.7 to 0.10.11
28 The BER dissector could abort.
29 Version affected: 0.10.11
31 The MEGACO dissector could go into an infinite loop.
32 Versions affected: 0.9.14 to 0.10.11
34 The GIOP dissector could dereference a null pointer.
35 Versions affected: 0.8.20 to 0.10.11
37 The SMB dissector was susceptible to a buffer overflow.
38 Versions affected: 0.9.12 to 0.10.11
40 The WBXML could dereference a null pointer.
41 Versions affected: 0.10.1 to 0.10.11
43 The H1 dissector could go into an infinite loop.
44 Versions affected: 0.8.15 to 0.10.11
46 The DOCSIS dissector could cause a crash.
47 Versions affected: 0.9.13 to 0.10.11
49 The SMPP dissector could go into an infinite loop.
50 Versions affected: 0.10.1 to 0.10.11
52 The AFP dissector was susceptible to a format string overflow.
53 Versions affected: 0.9.4 to 0.10.11
55 SCTP graphs could crash.
56 Version affected: 0.10.11
58 The HTTP dissector could crash.
59 Versions affected: 0.10.4 to 0.10.11
62 Please see the following advisory for more information:
64 http://www.ethereal.com/appnotes/enpa-sa-00020.html
66 Everyone is encouraged to upgrade.
69 New and updated features
77 Updated protocol support
81 New and updated capture file support
87 Ethereal 0.10.11 has been released.
89 An aggressive testing program as well as independent discovery has turned
90 up a multitude of security issues:
92 The ANSI A dissector was susceptible to format string vulnerabilities.
93 Discovered by Bryan Fulton.
94 Versions affected: 0.9.15 to 0.10.10
96 The GSM MAP dissector could crash.
97 Versions affected: 0.10.0 to 0.10.10
99 The AIM dissector could cause a crash.
100 Versions affected: 0.9.14 to 0.10.10
102 The DISTCC dissector was susceptible to a buffer overflow.
103 Discovered by Ilja van Sprundel
104 Versions affected: 0.9.13 to 0.10.10
106 The FCELS dissector was susceptible to a buffer overflow.
107 Discovered by Neil Kettle
108 Versions affected: 0.9.9 to 0.10.10
110 The SIP dissector was susceptible to a buffer overflow.
111 Discovered by Ejovi Nuwere.
112 Versions affected: 0.10.0 to 0.10.10
114 The KINK dissector was susceptible to a null pointer exception,
115 endless looping, and other problems.
116 Versions affected: 0.10.10
118 The LMP dissector was susceptible to an endless loop.
119 Versions affected: 0.9.4 to 0.10.10
121 The Telnet dissector could abort.
122 Versions affected: 0.9.10 to 0.10.10
124 The TZSP dissector could cause a segmentation fault.
125 Versions affected: 0.10.10 to 0.10.10
127 The WSP dissector was susceptible to a null pointer exception and
129 Versions affected: 0.10.0 to 0.10.10
131 The 802.3 Slow protocols dissector could throw an assertion.
132 Versions affected: 0.10.10
134 The BER dissector could throw assertions.
135 Versions affected: 0.10.2 to 0.10.10
137 The SMB Mailslot dissector was susceptible to a null pointer exception
138 and could throw assertions.
139 Versions affected: 0.9.0 to 0.10.10
141 The H.245 dissector was susceptible to a null pointer exception.
142 Versions affected: 0.10.10
144 The Bittorrent dissector could cause a segmentation fault.
145 Versions affected: 0.10.8 to 0.10.10
147 The SMB dissector could cause a segmentation fault and throw assertions.
148 Versions affected: 0.9.0 to 0.10.10
150 The Fibre Channel dissector could cause a crash.
151 Versions affected: 0.9.9 to 0.10.10
153 The DICOM dissector could attempt to allocate large amounts of memory.
154 Versions affected: 0.10.4 to 0.10.10
156 The MGCP dissector was susceptible to a null pointer exception, could
157 loop indefinitely, and segfault.
158 Versions affected: 0.8.14 to 0.10.10
160 The RSVP dissector could loop indefinitely.
161 Versions affected: 0.9.8 to 0.10.10
163 The DHCP dissector was susceptible to format string vulnerabilities, and
165 Versions affected: 0.10.7 to 0.10.10
167 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
168 Versions affected: 0.9.8 to 0.10.10
170 The EIGRP dissector could loop indefinitely.
171 Versions affected: 0.8.18 to 0.10.10
173 The ISIS dissector could overflow a buffer.
174 Versions affected: 0.8.18 to 0.10.10
176 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
177 and X.509 dissectors could overflow buffers.
178 Versions affected: 0.10.4 to 0.10.10
180 The NDPS dissector could exhaust system memory or cause an assertion,
182 Versions affected: 0.9.12 to 0.10.10
184 The Q.931 dissector could try to free a null pointer and overflow
186 Versions affected: 0.10.10
188 The IAX2 dissector could throw an assertion.
189 Versions affected: 0.10.1 to 0.10.10
191 The ICEP dissector could try to free the same memory twice.
192 Versions affected: 0.10.7 to 0.10.10
194 The MEGACO dissector was susceptible to an infinite loop and a buffer
196 Versions affected: 0.9.14 to 0.10.10
198 The DLSw dissector was susceptible to an infinite loop.
199 Versions affected: 0.9.1 to 0.10.10
201 The RPC dissector was susceptible to a null pointer exception.
202 Versions affected: 0.9.2 to 0.10.10
204 The NCP dissector could overflow a buffer or loop for a large amount
206 Versions affected: 0.10.5 to 0.10.10
208 The RADIUS dissector could throw an assertion.
209 Versions affected: 0.10.3 to 0.10.10
211 The GSM dissector could access an invalid pointer.
212 Versions affected: 0.10.10
214 The SMB PIPE dissector could throw an assertion.
215 Versions affected: 0.9.0 to 0.10.10
217 The L2TP dissector was susceptible to an infinite loop.
218 Versions affected: 0.10.9 to 0.10.10
220 The SMB NETLOGON dissector could dereference a null pointer.
221 Versions affected: 0.9.12 to 0.10.10
223 The MRDISC dissector could throw an assertion.
224 Versions affected: 0.8.19 to 0.10.10
226 The ISUP dissector could overflow a buffer or cause a segmentation fault.
227 Versions affected: 0.8.19 to 0.10.10
229 The LDAP dissector could crash.
230 Versions affected: 0.10.1 to 0.10.10
232 The TCAP dissector could overflow a buffer or throw an assertion.
233 Versions affected: 0.10.8 to 0.10.10
235 The NTLMSSP dissector could crash.
236 Versions affected: 0.9.7 to 0.10.10
239 Additionally, a number of dissectors could throw an assertion when
240 passing an invalid protocol tree item length.
241 Versions affected: 0.10.8 to 0.10.10
244 Please see the following advisory for more information:
246 http://www.ethereal.com/appnotes/enpa-sa-00019.html
248 Everyone is encouraged to upgrade.
251 New and updated features
259 Updated protocol support
263 New and updated capture file support
270 Ethereal 0.10.10 has been released.
272 This release fixes three security and stability-related issues:
274 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
277 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
278 was enabled. (CAN-2005-0705)
280 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
281 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
283 Leon Juranic discovered a buffer overflow in the IAPP dissector.
285 A bug in the JXTA dissector could make Ethereal crash.
287 A bug in the sFlow dissector could make Ethereal crash.
290 Please see the following advisory for more information:
292 http://www.ethereal.com/appnotes/enpa-sa-00018.html
294 Everyone is encouraged to upgrade.
297 New and updated features
299 Tree view item context menus now let you browse to the display filter
300 reference and wiki pages for a particular protocol.
302 Online help has been expanded.
304 VoIP call analysis (including nifty connection diagrams) has been
307 GSS-API decryption has been greatly enhanced.
312 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
313 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
316 Updated protocol support
318 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
319 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
320 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
321 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
322 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
323 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
324 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
327 New and updated capture file support
329 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
334 Ethereal 0.10.9 has been released.
336 This release fixes the following security-related issues:
338 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
340 The DLSw dissector could cause an assertion, making Ethereal exit
341 prematurely. (CAN-2005-0007)
343 The DNP dissector could cause memory corruption. (CAN-2005-0008)
345 The Gnutella dissector could cause an assertion, making Ethereal
346 exit prematurely. (CAN-2005-0009)
348 The MMSE dissector could free static memory. (CAN-2005-0010)
350 The X11 protocol dissector is vulnerable to a string buffer overflow.
353 Please see the following advisory for more information:
355 http://www.ethereal.com/appnotes/enpa-sa-00017.html
357 Everyone is encouraged to upgrade.
360 New and updated features
362 Ethereal will now detect and flag weak 802.11 WEP IVs.
364 Windows Sniffer timestamp handling has been greatly improved.
366 A bug which made Ethereal crash at startup on Windows 98 and Windows
367 ME systems has been fixed.
369 Ethereal and Tethereal now support a personal "hosts" file.
371 Invalid field length handling has been greatly improved.
373 The capture progress window title now shows the interface name.
378 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
380 Updated protocol support
382 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
383 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
384 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
385 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
386 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
387 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
388 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
389 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
392 New and updated capture file support
398 Ethereal 0.10.8 has been released.
400 This release fixes the following security-related issues:
402 Matthew Bing discovered a bug in DICOM dissection that could make
403 Ethereal crash. (CAN-2004-1139)
405 An invalid RTP timestamp could make Ethereal hang and create a large
406 temporary file, possibly filling available disk space. (CAN-2004-1140)
408 The HTTP dissector could access previously-freed memory, causing a
409 crash. (CAN-2004-1141)
411 Brian Caswell discovered that an improperly formatted SMB packet could
412 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
414 Please see the following advisory for more information:
416 http://www.ethereal.com/appnotes/enpa-sa-00016.html
418 Everyone is encouraged to upgrade.
421 New and updated features
423 Ethereal now has a packet history, similar to most web browsers.
425 Ethereal now supports custom window titles.
427 Minor performance enhancements have been added.
429 RTP analysis has been enhanced.
431 Host name resolution has been improved.
433 Ethereal can now track TCP PDU times. See
434 http://wiki.ethereal.com/TcpPduTime for more details.
436 Ethereal now ships with netscreen2dump.py, a utility which converts
437 netscreen packet-trace hex dumps to hex dumps that can be read by
443 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
444 and Session Management, GSM MAP, Extended Security Services, Logotype
445 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
446 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
447 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
450 Updated protocol support
452 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
453 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
454 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
455 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
456 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
457 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
458 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
459 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
460 X.509af, X.509ce, X.509if, X.509sat,
463 New and updated capture file support
470 Ethereal 0.10.7 has been released.
472 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
473 libraries which fix several known bugs. Unfortunately, a few known
474 GLib/GTK+ bugs remain.
476 In order to avoid a naming conflict with the tcpreplay project, the
477 "capinfo" utility has been renamed to "capinfos".
480 New and updated features
482 Search wrapping is now a configurable option.
484 A lot of material has been added to the Developer's Guide. The User's Guide
485 has been updated as well.
487 The "Decode As..." dialog now supports DCERPC and SCTP.
489 The "Help" menu now includes a link to the wiki.
491 H.323 call analysis is now supported.
496 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
497 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
498 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
501 Updated protocol support
503 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
504 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
505 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
506 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
507 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
508 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
509 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
512 New and updated capture file support
514 HP-UX nettl, NG Sniffer
519 Ethereal 0.10.6 has been released.
521 This release fixes a preferences bug present in Ethereal which displayed
523 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
524 (gtk_window_resize): assertion `height > 0' failed
526 at program startup. A workaround for 0.10.5 is described in
528 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
530 A new command-line utility called "capinfo" has been added to the
531 distribution which prints statistics about capture files.
533 You can now copy conversation and endpoint data to other applications as
537 New and updated features
539 X.509 support has been added.
541 Crash bugs have been fixed in the RTP and NCP dissectors.
543 PostScript(r) output has been improved.
545 A bug that prevented mergecap from creating a new output file has been
548 Conversation and endpoint performance has been enhanced. General packet
549 display performance has been enhanced.
551 The conversation and host list tools have been renamed to be less
554 You can now copy conversation and host list data as CSV data.
556 RTP analysis can now dynamically determine the proper clock rate.
561 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
562 X.509AF, X.509CE, X.509IF, X.509SAT
565 Updated protocol support
567 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
568 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
569 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
570 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
573 New and updated capture file support
580 Ethereal 0.10.5 has been released.
583 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
586 http://www.ethereal.com/appnotes/enpa-sa-00015.html
588 Everyone is encouraged to upgrade.
591 New and updated features
593 Ethereal can now merge multiple files (you don't have to resort to
594 mergecap on the command line).
596 A preview pane has been added to the file dialog.
598 The capture progress dialog can now be disabled.
600 The about dialog has received further improvements.
602 The behavior of Ethereal's dialog windows has been normalized somewhat.
604 The Windows installer can now associate standard file extensions
607 Ethereal can be configured not to bug you about unsaved captures.
609 Ethereal can open help documentation using the default web browser.
614 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
617 Updated protocol support
619 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
620 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
621 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
622 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
623 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
624 VRRP, WBXML (User-Agent Profile), WSP, X11
627 New and updated capture file support
634 Ethereal 0.10.4 has been released.
636 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
637 the following advisory:
639 http://www.ethereal.com/appnotes/enpa-sa-00014.html
641 Everyone is encouraged to upgrade.
644 New and updated features
646 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
649 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
651 PostScript(R) output has been improved.
653 The screen layout of the main window can be changed by Preferences now.
655 Many other parts of the user interface have received improvements.
657 Compressed and chunked transfer-coded HTTP bodies are now decoded.
659 A new generic media dissector more cleanly handles HTTP and WSP
660 Content-Type information.
665 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
666 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
669 Updated protocol support
671 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
672 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
673 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
674 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
675 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
676 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
686 Ethereal 0.10.3 has been released.
688 This release fixes several security bugs described in the following
691 http://www.ethereal.com/appnotes/enpa-sa-00013.html
693 Everyone is encouraged to upgrade.
696 New and updated features
698 Display filters now support the bitwise and (&) operator.
700 Protocol hierarchy statistics now have bandwidth columns.
702 The capture dialog has a new layout.
707 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
708 MQ, Presentation, SLSK,
711 Updated protocol support
713 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
714 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
715 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
716 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
717 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
718 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
719 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
724 EyeSDN, libpcap (tcpdump)
729 Ethereal 0.10.2 has been released.
731 This release fixes two major bugs in 0.10.1:
733 Under Windows, the error
735 ** WARNING **: error opening
736 /usr/local/share/ethereal/asn1/default.tt, No such file or
739 would be printed at startup.
741 The 0.10.1 source release was missing several files required for
745 New and updated features
747 The user interface has received further updates. The Statistics
749 layout has been improved, as well as the capture options dialog
755 Cisco Cast Client Control Protocol
758 Updated protocol support
760 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
762 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
768 Ethereal 0.10.1 has been released.
771 New and updated features
773 The Windows installer now lets you choose between the traditional
775 version 1 interface and a new GTK+ 2 interface.
777 Several updates were made to Ethereal's user interface. The "File"
779 now has a "most recently used" list. The help menu was greatly
782 The "matches" operator now handles more data types. For example,
786 smtp matches joespammer@example.com
790 I/O statistics now support 1ms resolution.
794 A column resorting crash on the Windows platform was fixed.
798 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
800 Updated protocol support
802 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
804 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
805 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
807 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
809 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
810 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
811 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
813 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
815 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
817 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
819 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
822 Updated capture file support
824 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
830 Ethereal 0.10.0 has been released.
832 This release fixes issues in the SMB and Q.931 dissectors that could
833 make Ethereal and Tethereal crash. See
835 http://www.ethereal.com/appnotes/enpa-sa-00012.html
839 New and updated features
841 Many performance improvements have been made to the code. Most
843 should see a 2x to 3x performance increase when loading and working
847 A "matches" display filter operator has been added. It is similar
849 the "contains" operator, but supports Perl-compatible regular
852 Tethereal can now dump packet data in XML (PDML) format.
854 The main application menus have been rearranged and the help windows
855 have been revamped, along with a host of other UI enhancements.
857 The capture progress window now features bar graphs.
859 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
861 installer have been updated.
865 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
867 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
869 Updated protocol support
871 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
873 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
875 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
877 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
878 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
879 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
881 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
884 Updated capture file support
886 AiroPeek v9 (2.x) support was added. Network Instruments Observer
888 Snoop support was updated.
893 Ethereal 0.9.16 has been released.
895 This release fixes potential security issues with the GTP, ISAKMP,
896 MEGACO, and SOCKS dissectors. See
898 http://www.ethereal.com/appnotes/enpa-sa-00011.html
902 New and updated features
904 Ethereal has leapt forward into the 90's and added a toolbar.
906 Ethereal and Tethereal can now force the data link type of captured
909 RTP analysis has been enhanced.
911 Individual frames can now be marked as time references
913 Service response time and general I/O statistics have been enhanced.
915 statistics can now calculate client load (experimental).
919 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
920 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
922 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
923 (OTA), T.38, TCAP, TPCP
925 Updated protocol support
927 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
929 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
930 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
932 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
933 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
934 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
936 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
938 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
939 X.25, Yahoo! Messenger
942 Updated capture file support
944 Linux Bluez Bluetooth hcidump support has been added.
946 Endace ERF and Network Instruments Observer, and NetXRay support has
952 Ethereal 0.9.15 has been released.
954 New and updated features
956 Many often-requested features have been added with this release. If
957 you're running an older version of Ethereal you may want to have a
960 Conversation List (aka "top talker") support has been added to
962 and Tethereal. Protocol statistics in general have been updated.
964 Searching capture files has been improved even more -- a new
966 display filter operator that searches for strings in PDUs has been
967 added. The Find dialog now supports case-insensitive searches, hex
971 An H.225 dissector has been added. It can automatically recognize
973 and RTCP conversations.
975 A preference file has been added for disabled protocols.
977 Color filters may now be imported and exported from within Ethereal.
979 A new column type has been added for cumulative bytes.
984 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
989 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
991 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
993 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
994 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
998 Updated capture file support
1000 Support for Accellent 5Views and Endace ERF capture files was added.
1001 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
1006 Ethereal 0.9.14 has been released.
1008 New and updated features
1010 The ringbuffer code has been (nearly) completely rewritten. It now
1011 supports an unlimited number of files.
1013 Ethereal now supports searching for arbitrary text and binary data
1017 Service response time statistics have been enhanced.
1019 Tethereal, the text-mode version of Ethereal, can now be compiled
1020 without capture support.
1023 New and updated features
1025 Echo, eDonkey, Jabber, MS Messenger, sFlow
1030 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
1032 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
1034 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
1036 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
1041 Updated capture file support
1048 Ethereal 0.9.13 has been released.
1050 This release fixes a large number of security issues discovered by
1052 Sirainen and others. See
1054 http://www.ethereal.com/appnotes/enpa-sa-00010.html
1058 New and updated features
1060 Ethereal now supports a system-wide color filter file.
1062 Support for the GNU ADNS library has been added. ADNS allows
1063 asynchronous DNS lookups.
1065 "Decode As..." functionality has been added to Tethereal via the "-
1069 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
1071 shown in the protocol tree.
1075 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
1079 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
1081 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1082 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1083 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1087 Updated capture file support
1089 HP-UX nettl, VMS UCX$TRACE
1094 Ethereal 0.9.12 has been released.
1096 This release fixes several off-by-one and integer overflow errors
1097 discovered by Timo Sirainen. See
1099 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1103 New and updated features
1105 TCP sequence number analysis received a few improvements.
1107 General packet reassembly has been improved.
1109 The "Follow TCP Stream" window now allows you to filter out the
1113 The Vines code received significant updates.
1115 Several enhancements were made to the text2pcap utility.
1119 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1123 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1125 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1127 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1129 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1131 TCP, Telnet, Vines, WBXML, WSP, WTP
1133 Updated capture file support
1140 Ethereal 0.9.11 has been released.
1142 The Ethereal 0.9.10 release was packaged improperly. This release
1144 the packaging, and adds minor updates and fixes for the following
1147 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1149 IA64 support has been improved.
1154 Ethereal 0.9.10 has been released.
1156 This release fixes a security hole discovered by Georgi Guninski in
1158 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1159 All users of previous versions are encouraged to upgrade. See
1161 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1166 New and Updated Features
1168 Many small updates were made to the user interface.
1170 The "Help" menu now includes the FAQ.
1172 The TCP dissector was enhanced. Many more fields are filterable.
1174 Tethereal received more IO stats: TCP and UDP top talkers.
1176 Packet reassembly has been improved.
1178 The "Follow TCP Stream" feature can now export C byte arrays.
1180 RTP streams can now be saved to a file.
1185 A missing comma in a string array could cause Ethereal to crash when
1186 opening the preferences dialog.
1191 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1196 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1198 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1199 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1201 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1202 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1204 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1205 Wellfleet BofL X.25, X11
1208 Updated Capture File Support
1210 NetXRay, NGSniffer, Snoop
1215 Ethereal 0.9.9 has been released.
1217 Please note the next release will NOT be 1.0. There are still more
1218 features to be added before a 1.0 release will be ready.
1221 New and Updated Features
1223 Plugin search behavior was improved under Unix, allowing more than
1225 version of Ethereal to be installed at one time.
1227 The statistics graphs have been enhanced. More statistics have been
1230 Round-trip-time statistics are now computed for SMB traffic.
1232 NCP Call and Reply times are now tracked.
1234 Top talker statistics for Ethernet, IP and Token Ring are now
1235 available (tethereal only).
1237 Color allocation and handling was improved.
1239 The RADIUS dissector can now decrypt user passwords.
1241 Tethereal now supports reading from a pipe under Unix.
1243 The ATM code received major improvements.
1245 The DOS Sniffer code also received major improvements.
1247 For those that compile Ethereal from source, some fixes and updates
1248 have been made to the configuration and build environment.
1253 The capture progress window now shows the correct number of elapsed
1256 A potential infinite loop in the TCP graphing code has been fixed.
1261 MDSHDR, MEGACO, MySQL, SDLC, X.29
1266 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1268 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1270 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1271 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1273 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1276 Updated Capture File Support
1278 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1283 Ethereal 0.9.8 has been released.
1285 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1289 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1294 New and Updated Features
1296 The TAP subsystem received major updates. Tethereal can display
1297 more statistics, and several graphs have been added to Ethereal.
1299 A protocol hierarchy statistics tap was added to tethereal. This
1301 may be used to replace the hierarchy statistics code in Ethereal.
1303 More updates have been added to TCP analysis.
1305 After a long hiatus, the Windows installer once again includes SNMP
1308 The total running time of the capture is now displayed in the
1310 progress dialog box. The capture progress dialog also shows ARP
1313 The look of the plugins dialog was revamped.
1316 Bug Fixes and Updates
1318 A bug which caused Ethereal under Windows to crash when "Update list
1320 packets in real time" was enabled has been fixed.
1322 The stability of the text2pcap utility has been improved.
1324 In tethereal, the packet count is properly displayed when you ^C out
1331 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1338 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1339 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1340 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1342 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1343 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1348 Updated Capture File Support
1350 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1353 == September 28, 2002
1355 Ethereal 0.9.7 has been released.
1359 In order to improve the out-of-box responsiveness of Ethereal and
1360 Tethereal, network name resolution has been disabled by default.
1362 TCP analysis (a feature added in the 0.9.6 release) was improved.
1364 The NCP code base received quite a few updates.
1366 Initial support for version 2 of the GTK+ library was added.
1368 RPC staticstics (which use the new Tap API) were added.
1370 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1371 protocols, Ethereal can now dissect most of the security blobs for
1372 Windows 2000 authentication.
1374 The Ethernet "manuf" file now handles addresses specified with a
1375 mask, and contains many well-known addresses.
1380 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1382 SCCP-Management, SPNEGO
1384 The following DCE/RPC protocols were also added:
1386 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1388 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1390 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1391 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1396 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1398 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1400 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1402 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1408 Ethereal 0.9.6 has been released.
1412 A buffer overflow in the ISIS dissector has been fixed. More
1413 information can be found at
1414 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1416 A bad TCP header could cause problems for the "Follow TCP Stream"
1419 Setting "column.format" from the command line no longer crashes
1420 Ethereal and Tethereal.
1422 Problems with capture files being overwritten (e.g. if you try to
1424 the current capture file) have been fixed.
1426 An SMB conversation handling bug has been fixed.
1428 Thanks to Valgrind, several memory leaks have been fixed.
1430 Some problems with printing under Windows have been fixed.
1435 TCP sequence number analysis has been added.
1437 The DCE RPC NETLOGON dissector has received a major overhaul.
1439 Data types throughout the code have been cleaned up.
1444 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1449 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1451 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1453 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1455 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1456 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1459 Capture File Updates
1461 CheckPoint Firewall-1 monitor file support and CoSine debug file
1463 were added. Support for pppdump and Netmon files was updated.
1468 Ethereal 0.9.5 has been released. This version fixes several potential
1469 security problems revealed since the release of 0.9.4. See the
1471 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1477 The ability to read packet data from a pipe was enhanced. Printing
1478 under Windows now works.
1483 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1488 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1489 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1490 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1494 Capture File Updates
1496 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1497 NetXRay, and libpcap code all received updates.