5 Ethereal 0.10.12 has been released.
7 Our testing program has turned up several more security issues:
9 The LDAP dissector could free static memory and crash.
10 Versions affected: 0.8.5 to 0.10.11
12 The AgentX dissector could crash.
13 Versions affected: 0.10.10 to 0.10.11
15 The 802.3 dissector could go into an infinite loop.
16 Versions affected: 0.8.16 to 0.10.11
18 The PER dissector could abort.
19 Versions affected: 0.10.5 to 0.10.11
21 The DHCP dissector could go into an infinite loop.
22 Versions affected: 0.10.7 to 0.10.11
24 The BER dissector could abort or loop infinitely.
25 Version affected: 0.10.11
27 The MEGACO dissector could go into an infinite loop.
28 Versions affected: 0.9.14 to 0.10.11
30 The GIOP dissector could dereference a null pointer.
31 Versions affected: 0.8.20 to 0.10.11
33 The SMB dissector was susceptible to a buffer overflow.
34 Versions affected: 0.9.12 to 0.10.11
36 The WBXML could dereference a null pointer.
37 Versions affected: 0.10.1 to 0.10.11
39 The H1 dissector could go into an infinite loop.
40 Versions affected: 0.8.15 to 0.10.11
42 The DOCSIS dissector could cause a crash.
43 Versions affected: 0.9.13 to 0.10.11
45 The SMPP dissector could go into an infinite loop.
46 Versions affected: 0.10.1 to 0.10.11
48 The AFP dissector was susceptible to a format string overflow.
49 Versions affected: 0.9.4 to 0.10.11
51 SCTP graphs could crash.
52 Version affected: 0.10.11
54 The HTTP dissector could crash.
55 Versions affected: 0.10.4 to 0.10.11
57 The SMB dissector could go into a large loop.
58 Versions affected: 0.9.0 to 0.10.11
60 The DCERPC dissector could crash.
61 Versions affected: 0.9.16 to 0.10.11.
63 Several dissectors could crash while reassembling packets.
64 Versions affected: 0.9.0 to 0.10.11
69 A separate review by Steve Grubb at Red Hat turned up the following
72 The CAMEL dissector could dereference a null pointer.
73 Version affected: 0.10.11
75 The DHCP dissector could crash.
76 Versions affected: 0.10.4 to 0.10.11
78 The CAMEL dissector could crash.
79 Versions affected: 0.10.10 to 0.10.11
81 The PER dissector could crash.
82 Versions affected: 0.10.10 to 0.10.11
84 The RADIUS dissector could crash.
85 Versions affected: 0.9.4 to 0.10.11
87 The Telnet dissector could crash.
88 Versions affected: 0.9.10 to 0.10.11
90 The IS-IS LSP dissector could crash.
91 Versions affected: 0.8.19 to 0.10.11
93 The NCP dissector could crash.
94 Versions affected: 0.9.15 to 0.10.11
100 Ethereal uses the zlib compression library. Security vulnerabilities
101 have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer
102 now ships with zlib 1.2.3, which fixes these vulnerabilities.
105 Please see the following advisory for more information:
107 http://www.ethereal.com/appnotes/enpa-sa-00020.html
109 Everyone is encouraged to upgrade.
112 New and updated features
114 The Windows installer now includes the WinPcap 3.1 beta 4 installer.
115 You don't have to download and install it separately.
117 RADIUS dictionaries are now included.
119 A lot of documentation were updated
121 Some command line parameters have changed, see
122 the Ethereal / Tethereal manual pages
124 A "File/File Set" submenu was added to better handle
125 Ring buffer/Multiple Files
127 Flow graphs can now be created for any protocol.
129 Memory management has been greatly improved.
131 JXTA has been added to the conversations menu.
133 When compiled with MIT/Heimdal Kerberos and if keytab files are provided,
134 Ethereal can now decrypt and dissect both SecureLDAP and encrypted DCE/RPC.
136 TCP Sequence graphs should now work for all captures and all encapsulation
143 AudioCodes trunk trace,
156 WLAN Certificate Extensions,
159 Updated protocol support
262 New and updated capture file support
264 HP Nettl, Tektronix K12
269 Ethereal 0.10.11 has been released.
271 An aggressive testing program as well as independent discovery has turned
272 up a multitude of security issues:
274 The ANSI A dissector was susceptible to format string vulnerabilities.
275 Discovered by Bryan Fulton.
276 Versions affected: 0.9.15 to 0.10.10
278 The GSM MAP dissector could crash.
279 Versions affected: 0.10.0 to 0.10.10
281 The AIM dissector could cause a crash.
282 Versions affected: 0.9.14 to 0.10.10
284 The DISTCC dissector was susceptible to a buffer overflow.
285 Discovered by Ilja van Sprundel
286 Versions affected: 0.9.13 to 0.10.10
288 The FCELS dissector was susceptible to a buffer overflow.
289 Discovered by Neil Kettle
290 Versions affected: 0.9.9 to 0.10.10
292 The SIP dissector was susceptible to a buffer overflow.
293 Discovered by Ejovi Nuwere.
294 Versions affected: 0.10.0 to 0.10.10
296 The KINK dissector was susceptible to a null pointer exception,
297 endless looping, and other problems.
298 Versions affected: 0.10.10
300 The LMP dissector was susceptible to an endless loop.
301 Versions affected: 0.9.4 to 0.10.10
303 The Telnet dissector could abort.
304 Versions affected: 0.9.10 to 0.10.10
306 The TZSP dissector could cause a segmentation fault.
307 Versions affected: 0.10.10 to 0.10.10
309 The WSP dissector was susceptible to a null pointer exception and
311 Versions affected: 0.10.0 to 0.10.10
313 The 802.3 Slow protocols dissector could throw an assertion.
314 Versions affected: 0.10.10
316 The BER dissector could throw assertions.
317 Versions affected: 0.10.2 to 0.10.10
319 The SMB Mailslot dissector was susceptible to a null pointer exception
320 and could throw assertions.
321 Versions affected: 0.9.0 to 0.10.10
323 The H.245 dissector was susceptible to a null pointer exception.
324 Versions affected: 0.10.10
326 The Bittorrent dissector could cause a segmentation fault.
327 Versions affected: 0.10.8 to 0.10.10
329 The SMB dissector could cause a segmentation fault and throw assertions.
330 Versions affected: 0.9.0 to 0.10.10
332 The Fibre Channel dissector could cause a crash.
333 Versions affected: 0.9.9 to 0.10.10
335 The DICOM dissector could attempt to allocate large amounts of memory.
336 Versions affected: 0.10.4 to 0.10.10
338 The MGCP dissector was susceptible to a null pointer exception, could
339 loop indefinitely, and segfault.
340 Versions affected: 0.8.14 to 0.10.10
342 The RSVP dissector could loop indefinitely.
343 Versions affected: 0.9.8 to 0.10.10
345 The DHCP dissector was susceptible to format string vulnerabilities, and
347 Versions affected: 0.10.7 to 0.10.10
349 The SRVLOC dissector could crash unexpectedly or go into an infinite loop.
350 Versions affected: 0.9.8 to 0.10.10
352 The EIGRP dissector could loop indefinitely.
353 Versions affected: 0.8.18 to 0.10.10
355 The ISIS dissector could overflow a buffer.
356 Versions affected: 0.8.18 to 0.10.10
358 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified,
359 and X.509 dissectors could overflow buffers.
360 Versions affected: 0.10.4 to 0.10.10
362 The NDPS dissector could exhaust system memory or cause an assertion,
364 Versions affected: 0.9.12 to 0.10.10
366 The Q.931 dissector could try to free a null pointer and overflow
368 Versions affected: 0.10.10
370 The IAX2 dissector could throw an assertion.
371 Versions affected: 0.10.1 to 0.10.10
373 The ICEP dissector could try to free the same memory twice.
374 Versions affected: 0.10.7 to 0.10.10
376 The MEGACO dissector was susceptible to an infinite loop and a buffer
378 Versions affected: 0.9.14 to 0.10.10
380 The DLSw dissector was susceptible to an infinite loop.
381 Versions affected: 0.9.1 to 0.10.10
383 The RPC dissector was susceptible to a null pointer exception.
384 Versions affected: 0.9.2 to 0.10.10
386 The NCP dissector could overflow a buffer or loop for a large amount
388 Versions affected: 0.10.5 to 0.10.10
390 The RADIUS dissector could throw an assertion.
391 Versions affected: 0.10.3 to 0.10.10
393 The GSM dissector could access an invalid pointer.
394 Versions affected: 0.10.10
396 The SMB PIPE dissector could throw an assertion.
397 Versions affected: 0.9.0 to 0.10.10
399 The L2TP dissector was susceptible to an infinite loop.
400 Versions affected: 0.10.9 to 0.10.10
402 The SMB NETLOGON dissector could dereference a null pointer.
403 Versions affected: 0.9.12 to 0.10.10
405 The MRDISC dissector could throw an assertion.
406 Versions affected: 0.8.19 to 0.10.10
408 The ISUP dissector could overflow a buffer or cause a segmentation fault.
409 Versions affected: 0.8.19 to 0.10.10
411 The LDAP dissector could crash.
412 Versions affected: 0.10.1 to 0.10.10
414 The TCAP dissector could overflow a buffer or throw an assertion.
415 Versions affected: 0.10.8 to 0.10.10
417 The NTLMSSP dissector could crash.
418 Versions affected: 0.9.7 to 0.10.10
421 Additionally, a number of dissectors could throw an assertion when
422 passing an invalid protocol tree item length.
423 Versions affected: 0.10.8 to 0.10.10
426 Please see the following advisory for more information:
428 http://www.ethereal.com/appnotes/enpa-sa-00019.html
430 Everyone is encouraged to upgrade.
433 New and updated features
441 Updated protocol support
445 New and updated capture file support
452 Ethereal 0.10.10 has been released.
454 This release fixes three security and stability-related issues:
456 Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
459 The GPRS-LLC dissector could crash if the "ignore cipher bit" option
460 was enabled. (CAN-2005-0705)
462 Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector.
463 This flaw was later reported by Leon Juranic. (CAN-2005-0699)
465 Leon Juranic discovered a buffer overflow in the IAPP dissector.
467 A bug in the JXTA dissector could make Ethereal crash.
469 A bug in the sFlow dissector could make Ethereal crash.
472 Please see the following advisory for more information:
474 http://www.ethereal.com/appnotes/enpa-sa-00018.html
476 Everyone is encouraged to upgrade.
479 New and updated features
481 Tree view item context menus now let you browse to the display filter
482 reference and wiki pages for a particular protocol.
484 Online help has been expanded.
486 VoIP call analysis (including nifty connection diagrams) has been
489 GSS-API decryption has been greatly enhanced.
494 AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol,
495 Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
498 Updated protocol support
500 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2,
501 DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella,
502 GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ,
503 IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper,
504 JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID,
505 PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP,
506 SPNEGO, SSL, STUN, TCAP, TCP, TZSP
509 New and updated capture file support
511 DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
516 Ethereal 0.10.9 has been released.
518 This release fixes the following security-related issues:
520 The COPS dissector could go into an infinite loop. (CAN-2005-0006)
522 The DLSw dissector could cause an assertion, making Ethereal exit
523 prematurely. (CAN-2005-0007)
525 The DNP dissector could cause memory corruption. (CAN-2005-0008)
527 The Gnutella dissector could cause an assertion, making Ethereal
528 exit prematurely. (CAN-2005-0009)
530 The MMSE dissector could free static memory. (CAN-2005-0010)
532 The X11 protocol dissector is vulnerable to a string buffer overflow.
535 Please see the following advisory for more information:
537 http://www.ethereal.com/appnotes/enpa-sa-00017.html
539 Everyone is encouraged to upgrade.
542 New and updated features
544 Ethereal will now detect and flag weak 802.11 WEP IVs.
546 Windows Sniffer timestamp handling has been greatly improved.
548 A bug which made Ethereal crash at startup on Windows 98 and Windows
549 ME systems has been fixed.
551 Ethereal and Tethereal now support a personal "hosts" file.
553 Invalid field length handling has been greatly improved.
555 The capture progress window title now shows the interface name.
560 ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
562 Updated protocol support
564 AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM,
565 DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS,
566 FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245,
567 HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos,
568 L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS,
569 NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931,
570 RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC,
571 SSL/TLS, T.38, TACACS, TCAP, TCP, X11
574 New and updated capture file support
580 Ethereal 0.10.8 has been released.
582 This release fixes the following security-related issues:
584 Matthew Bing discovered a bug in DICOM dissection that could make
585 Ethereal crash. (CAN-2004-1139)
587 An invalid RTP timestamp could make Ethereal hang and create a large
588 temporary file, possibly filling available disk space. (CAN-2004-1140)
590 The HTTP dissector could access previously-freed memory, causing a
591 crash. (CAN-2004-1141)
593 Brian Caswell discovered that an improperly formatted SMB packet could
594 make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
596 Please see the following advisory for more information:
598 http://www.ethereal.com/appnotes/enpa-sa-00016.html
600 Everyone is encouraged to upgrade.
603 New and updated features
605 Ethereal now has a packet history, similar to most web browsers.
607 Ethereal now supports custom window titles.
609 Minor performance enhancements have been added.
611 RTP analysis has been enhanced.
613 Host name resolution has been improved.
615 Ethereal can now track TCP PDU times. See
616 http://wiki.ethereal.com/TcpPduTime for more details.
618 Ethereal now ships with netscreen2dump.py, a utility which converts
619 netscreen packet-trace hex dumps to hex dumps that can be read by
625 AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
626 and Session Management, GSM MAP, Extended Security Services, Logotype
627 Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
628 Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
629 DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
632 Updated protocol support
634 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
635 CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
636 ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
637 GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
638 ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
639 PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
640 RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
641 SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
642 X.509af, X.509ce, X.509if, X.509sat,
645 New and updated capture file support
652 Ethereal 0.10.7 has been released.
654 The Windows installer features new GLib/GTK+, Net-SNMP and ADNS
655 libraries which fix several known bugs. Unfortunately, a few known
656 GLib/GTK+ bugs remain.
658 In order to avoid a naming conflict with the tcpreplay project, the
659 "capinfo" utility has been renamed to "capinfos".
662 New and updated features
664 Search wrapping is now a configurable option.
666 A lot of material has been added to the Developer's Guide. The User's Guide
667 has been updated as well.
669 The "Decode As..." dialog now supports DCERPC and SCTP.
671 The "Help" menu now includes a link to the wiki.
673 H.323 call analysis is now supported.
678 Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol,
679 Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate
680 extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT,
683 Updated protocol support
685 AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS,
686 DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS,
687 EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450,
688 ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA,
689 MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF,
690 RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP,
691 SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11,
694 New and updated capture file support
696 HP-UX nettl, NG Sniffer
701 Ethereal 0.10.6 has been released.
703 This release fixes a preferences bug present in Ethereal which displayed
705 (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107
706 (gtk_window_resize): assertion `height > 0' failed
708 at program startup. A workaround for 0.10.5 is described in
710 http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html
712 A new command-line utility called "capinfo" has been added to the
713 distribution which prints statistics about capture files.
715 You can now copy conversation and endpoint data to other applications as
719 New and updated features
721 X.509 support has been added.
723 Crash bugs have been fixed in the RTP and NCP dissectors.
725 PostScript(r) output has been improved.
727 A bug that prevented mergecap from creating a new output file has been
730 Conversation and endpoint performance has been enhanced. General packet
731 display performance has been enhanced.
733 The conversation and host list tools have been renamed to be less
736 You can now copy conversation and host list data as CSV data.
738 RTP analysis can now dynamically determine the proper clock rate.
743 AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1,
744 X.509AF, X.509CE, X.509IF, X.509SAT
747 Updated protocol support
749 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC),
750 ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos,
751 MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP,
752 SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet
755 New and updated capture file support
762 Ethereal 0.10.5 has been released.
765 This release fixes bugs in iSNS, SMB, and SNMP, as described in the
768 http://www.ethereal.com/appnotes/enpa-sa-00015.html
770 Everyone is encouraged to upgrade.
773 New and updated features
775 Ethereal can now merge multiple files (you don't have to resort to
776 mergecap on the command line).
778 A preview pane has been added to the file dialog.
780 The capture progress dialog can now be disabled.
782 The about dialog has received further improvements.
784 The behavior of Ethereal's dialog windows has been normalized somewhat.
786 The Windows installer can now associate standard file extensions
789 Ethereal can be configured not to bug you about unsaved captures.
791 Ethereal can open help documentation using the default web browser.
796 DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared)
799 Updated protocol support
801 AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA,
802 NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245,
803 H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP,
804 M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP,
805 RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP,
806 VRRP, WBXML (User-Agent Profile), WSP, X11
809 New and updated capture file support
816 Ethereal 0.10.4 has been released.
818 This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
819 the following advisory:
821 http://www.ethereal.com/appnotes/enpa-sa-00014.html
823 Everyone is encouraged to upgrade.
826 New and updated features
828 When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
831 Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
833 PostScript(R) output has been improved.
835 The screen layout of the main window can be changed by Preferences now.
837 Many other parts of the user interface have received improvements.
839 Compressed and chunked transfer-coded HTTP bodies are now decoded.
841 A new generic media dissector more cleanly handles HTTP and WSP
842 Content-Type information.
847 ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
848 IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
851 Updated protocol support
853 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS,
854 DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL,
855 FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS,
856 ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP,
857 RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP,
858 Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG
868 Ethereal 0.10.3 has been released.
870 This release fixes several security bugs described in the following
873 http://www.ethereal.com/appnotes/enpa-sa-00013.html
875 Everyone is encouraged to upgrade.
878 New and updated features
880 Display filters now support the bitwise and (&) operator.
882 Protocol hierarchy statistics now have bandwidth columns.
884 The capture dialog has a new layout.
889 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC,
890 MQ, Presentation, SLSK,
893 Updated protocol support
895 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall,
896 BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC
897 RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP,
898 FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP,
899 Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM,
900 PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB,
901 SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC
906 EyeSDN, libpcap (tcpdump)
911 Ethereal 0.10.2 has been released.
913 This release fixes two major bugs in 0.10.1:
915 Under Windows, the error
917 ** WARNING **: error opening
918 /usr/local/share/ethereal/asn1/default.tt, No such file or
921 would be printed at startup.
923 The 0.10.1 source release was missing several files required for
927 New and updated features
929 The user interface has received further updates. The Statistics
931 layout has been improved, as well as the capture options dialog
937 Cisco Cast Client Control Protocol
940 Updated protocol support
942 AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS,
944 IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny,
950 Ethereal 0.10.1 has been released.
953 New and updated features
955 The Windows installer now lets you choose between the traditional
957 version 1 interface and a new GTK+ 2 interface.
959 Several updates were made to Ethereal's user interface. The "File"
961 now has a "most recently used" list. The help menu was greatly
964 The "matches" operator now handles more data types. For example,
968 smtp matches joespammer@example.com
972 I/O statistics now support 1ms resolution.
976 A column resorting crash on the Windows platform was fixed.
980 EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA
982 Updated protocol support
984 ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP,
986 COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL,
987 TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC,
989 FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per
991 GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6,
992 IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF,
993 Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile
995 MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931,
997 RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP,
999 SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet,
1001 Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11
1004 Updated capture file support
1006 DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay,
1010 == December 12, 2003
1012 Ethereal 0.10.0 has been released.
1014 This release fixes issues in the SMB and Q.931 dissectors that could
1015 make Ethereal and Tethereal crash. See
1017 http://www.ethereal.com/appnotes/enpa-sa-00012.html
1021 New and updated features
1023 Many performance improvements have been made to the code. Most
1025 should see a 2x to 3x performance increase when loading and working
1029 A "matches" display filter operator has been added. It is similar
1031 the "contains" operator, but supports Perl-compatible regular
1034 Tethereal can now dump packet data in XML (PDML) format.
1036 The main application menus have been rearranged and the help windows
1037 have been revamped, along with a host of other UI enhancements.
1039 The capture progress window now features bar graphs.
1041 The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the
1043 installer have been updated.
1045 New protocol support
1047 BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY,
1049 IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK,
1051 Updated protocol support
1053 ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC
1055 EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI,
1057 ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM
1059 H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP,
1060 LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP,
1061 RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP,
1063 SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP
1066 Updated capture file support
1068 AiroPeek v9 (2.x) support was added. Network Instruments Observer
1070 Snoop support was updated.
1075 Ethereal 0.9.16 has been released.
1077 This release fixes potential security issues with the GTP, ISAKMP,
1078 MEGACO, and SOCKS dissectors. See
1080 http://www.ethereal.com/appnotes/enpa-sa-00011.html
1084 New and updated features
1086 Ethereal has leapt forward into the 90's and added a toolbar.
1088 Ethereal and Tethereal can now force the data link type of captured
1091 RTP analysis has been enhanced.
1093 Individual frames can now be marked as time references
1095 Service response time and general I/O statistics have been enhanced.
1097 statistics can now calculate client load (experimental).
1099 New protocol support
1101 ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
1102 INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP,
1104 SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
1105 (OTA), T.38, TCAP, TPCP
1107 Updated protocol support
1109 AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER,
1111 DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
1112 DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame
1114 FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
1115 ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
1116 NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP,
1118 RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS,
1120 SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
1121 X.25, Yahoo! Messenger
1124 Updated capture file support
1126 Linux Bluez Bluetooth hcidump support has been added.
1128 Endace ERF and Network Instruments Observer, and NetXRay support has
1132 == September 9, 2003
1134 Ethereal 0.9.15 has been released.
1136 New and updated features
1138 Many often-requested features have been added with this release. If
1139 you're running an older version of Ethereal you may want to have a
1142 Conversation List (aka "top talker") support has been added to
1144 and Tethereal. Protocol statistics in general have been updated.
1146 Searching capture files has been improved even more -- a new
1148 display filter operator that searches for strings in PDUs has been
1149 added. The Find dialog now supports case-insensitive searches, hex
1153 An H.225 dissector has been added. It can automatically recognize
1155 and RTCP conversations.
1157 A preference file has been added for disabled protocols.
1159 Color filters may now be imported and exported from within Ethereal.
1161 A new column type has been added for cumulative bytes.
1166 GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
1171 ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP,
1173 FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA,
1175 MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
1176 SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP,
1180 Updated capture file support
1182 Support for Accellent 5Views and Endace ERF capture files was added.
1183 CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
1188 Ethereal 0.9.14 has been released.
1190 New and updated features
1192 The ringbuffer code has been (nearly) completely rewritten. It now
1193 supports an unlimited number of files.
1195 Ethereal now supports searching for arbitrary text and binary data
1199 Service response time statistics have been enhanced.
1201 Tethereal, the text-mode version of Ethereal, can now be compiled
1202 without capture support.
1205 New and updated features
1207 Echo, eDonkey, Jabber, MS Messenger, sFlow
1212 AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1,
1214 IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3,
1216 NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP,
1218 SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP,
1223 Updated capture file support
1230 Ethereal 0.9.13 has been released.
1232 This release fixes a large number of security issues discovered by
1234 Sirainen and others. See
1236 http://www.ethereal.com/appnotes/enpa-sa-00010.html
1240 New and updated features
1242 Ethereal now supports a system-wide color filter file.
1244 Support for the GNU ADNS library has been added. ADNS allows
1245 asynchronous DNS lookups.
1247 "Decode As..." functionality has been added to Tethereal via the "-
1251 The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are
1253 shown in the protocol tree.
1257 distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA
1261 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet,
1263 GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS,
1264 NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI,
1265 SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML,
1269 Updated capture file support
1271 HP-UX nettl, VMS UCX$TRACE
1276 Ethereal 0.9.12 has been released.
1278 This release fixes several off-by-one and integer overflow errors
1279 discovered by Timo Sirainen. See
1281 http://www.ethereal.com/appnotes/enpa-sa-00009.html
1285 New and updated features
1287 TCP sequence number analysis received a few improvements.
1289 General packet reassembly has been improved.
1291 The "Follow TCP Stream" window now allows you to filter out the
1295 The Vines code received significant updates.
1297 Several enhancements were made to the text2pcap utility.
1301 ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC
1305 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI,
1307 IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP,
1309 M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP,
1311 Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH,
1313 TCP, Telnet, Vines, WBXML, WSP, WTP
1315 Updated capture file support
1322 Ethereal 0.9.11 has been released.
1324 The Ethereal 0.9.10 release was packaged improperly. This release
1326 the packaging, and adds minor updates and fixes for the following
1329 AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH
1331 IA64 support has been improved.
1336 Ethereal 0.9.10 has been released.
1338 This release fixes a security hole discovered by Georgi Guninski in
1340 SOCKS dissector as well as problems with the NTLMSSP and Rsync code.
1341 All users of previous versions are encouraged to upgrade. See
1343 http://www.ethereal.com/appnotes/enpa-sa-00008.html
1348 New and Updated Features
1350 Many small updates were made to the user interface.
1352 The "Help" menu now includes the FAQ.
1354 The TCP dissector was enhanced. Many more fields are filterable.
1356 Tethereal received more IO stats: TCP and UDP top talkers.
1358 Packet reassembly has been improved.
1360 The "Follow TCP Stream" feature can now export C byte arrays.
1362 RTP streams can now be saved to a file.
1367 A missing comma in a string array could cause Ethereal to crash when
1368 opening the preferences dialog.
1373 MSN Messenger, Rsync, SSH, Yahoo! Messenger
1378 AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS,
1380 DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP
1381 extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC,
1383 M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow,
1384 OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA,
1386 SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML,
1387 Wellfleet BofL X.25, X11
1390 Updated Capture File Support
1392 NetXRay, NGSniffer, Snoop
1397 Ethereal 0.9.9 has been released.
1399 Please note the next release will NOT be 1.0. There are still more
1400 features to be added before a 1.0 release will be ready.
1403 New and Updated Features
1405 Plugin search behavior was improved under Unix, allowing more than
1407 version of Ethereal to be installed at one time.
1409 The statistics graphs have been enhanced. More statistics have been
1412 Round-trip-time statistics are now computed for SMB traffic.
1414 NCP Call and Reply times are now tracked.
1416 Top talker statistics for Ethernet, IP and Token Ring are now
1417 available (tethereal only).
1419 Color allocation and handling was improved.
1421 The RADIUS dissector can now decrypt user passwords.
1423 Tethereal now supports reading from a pipe under Unix.
1425 The ATM code received major improvements.
1427 The DOS Sniffer code also received major improvements.
1429 For those that compile Ethereal from source, some fixes and updates
1430 have been made to the configuration and build environment.
1435 The capture progress window now shows the correct number of elapsed
1438 A potential infinite loop in the TCP graphing code has been fixed.
1443 MDSHDR, MEGACO, MySQL, SDLC, X.29
1448 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP,
1450 RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC,
1452 LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP,
1453 RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC,
1455 SUA, TNS, Token Ring, Wellfleet HDLC, X.25
1458 Updated Capture File Support
1460 Firewall-1, Netmon, NetXRay, Radcom, Sniffer
1465 Ethereal 0.9.8 has been released.
1467 Serious problems with the BGP, LMP, PPP, and TDS dissectors have
1471 http://www.ethereal.com/appnotes/enpa-sa-00007.html
1476 New and Updated Features
1478 The TAP subsystem received major updates. Tethereal can display
1479 more statistics, and several graphs have been added to Ethereal.
1481 A protocol hierarchy statistics tap was added to tethereal. This
1483 may be used to replace the hierarchy statistics code in Ethereal.
1485 More updates have been added to TCP analysis.
1487 After a long hiatus, the Windows installer once again includes SNMP
1490 The total running time of the capture is now displayed in the
1492 progress dialog box. The capture progress dialog also shows ARP
1495 The look of the plugins dialog was revamped.
1498 Bug Fixes and Updates
1500 A bug which caused Ethereal under Windows to crash when "Update list
1502 packets in real time" was enabled has been fixed.
1504 The stability of the text2pcap utility has been improved.
1506 In tethereal, the packet count is properly displayed when you ^C out
1513 ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI,
1520 AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR,
1521 DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX,
1522 iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS,
1524 OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP,
1525 Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120,
1530 Updated Capture File Support
1532 AIX iptrace and tcpdump, NetXRay, Sniffer, snoop
1535 == September 28, 2002
1537 Ethereal 0.9.7 has been released.
1541 In order to improve the out-of-box responsiveness of Ethereal and
1542 Tethereal, network name resolution has been disabled by default.
1544 TCP analysis (a feature added in the 0.9.6 release) was improved.
1546 The NCP code base received quite a few updates.
1548 Initial support for version 2 of the GTK+ library was added.
1550 RPC staticstics (which use the new Tap API) were added.
1552 Due to added and updated support for the NTLM, SNEGO, and GSS-API
1553 protocols, Ethereal can now dissect most of the security blobs for
1554 Windows 2000 authentication.
1556 The Ethernet "manuf" file now handles addresses specified with a
1557 mask, and contains many well-known addresses.
1562 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and
1564 SCCP-Management, SPNEGO
1566 The following DCE/RPC protocols were also added:
1568 AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER,
1570 DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN,
1572 ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST,
1573 RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE
1578 AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA,
1580 NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS-
1582 Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP,
1584 Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP,
1590 Ethereal 0.9.6 has been released.
1594 A buffer overflow in the ISIS dissector has been fixed. More
1595 information can be found at
1596 http://www.ethereal.com/appnotes/enpa-sa-00006.html.
1598 A bad TCP header could cause problems for the "Follow TCP Stream"
1601 Setting "column.format" from the command line no longer crashes
1602 Ethereal and Tethereal.
1604 Problems with capture files being overwritten (e.g. if you try to
1606 the current capture file) have been fixed.
1608 An SMB conversation handling bug has been fixed.
1610 Thanks to Valgrind, several memory leaks have been fixed.
1612 Some problems with printing under Windows have been fixed.
1617 TCP sequence number analysis has been added.
1619 The DCE RPC NETLOGON dissector has received a major overhaul.
1621 Data types throughout the code have been cleaned up.
1626 CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP
1631 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT,
1633 REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos,
1635 LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP,
1637 Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot,
1638 SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP
1641 Capture File Updates
1643 CheckPoint Firewall-1 monitor file support and CoSine debug file
1645 were added. Support for pppdump and Netmon files was updated.
1650 Ethereal 0.9.5 has been released. This version fixes several potential
1651 security problems revealed since the release of 0.9.4. See the
1653 advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for
1659 The ability to read packet data from a pipe was enhanced. Printing
1660 under Windows now works.
1665 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI
1670 ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP,
1671 MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA,
1672 SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP,
1676 Capture File Updates
1678 Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop,
1679 NetXRay, and libpcap code all received updates.