$Id$ == July 12, 2005 Ethereal 0.10.12 has been released. Our testing program has turned up several more security issues: The LDAP dissector could free static memory and crash. Versions affected: 0.8.5 to 0.10.11 The AgentX dissector could crash. Versions affected: 0.10.10 to 0.10.11 The 802.3 dissector could go into an infinite loop. Versions affected: 0.8.16 to 0.10.11 The PER dissector could abort. Versions affected: 0.10.5 to 0.10.11 The DHCP dissector could go into an infinite loop. Versions affected: 0.10.7 to 0.10.11 The BER dissector could abort or loop infinitely. Version affected: 0.10.11 The MEGACO dissector could go into an infinite loop. Versions affected: 0.9.14 to 0.10.11 The GIOP dissector could dereference a null pointer. Versions affected: 0.8.20 to 0.10.11 The SMB dissector was susceptible to a buffer overflow. Versions affected: 0.9.12 to 0.10.11 The WBXML could dereference a null pointer. Versions affected: 0.10.1 to 0.10.11 The H1 dissector could go into an infinite loop. Versions affected: 0.8.15 to 0.10.11 The DOCSIS dissector could cause a crash. Versions affected: 0.9.13 to 0.10.11 The SMPP dissector could go into an infinite loop. Versions affected: 0.10.1 to 0.10.11 The AFP dissector was susceptible to a format string overflow. Versions affected: 0.9.4 to 0.10.11 SCTP graphs could crash. Version affected: 0.10.11 The HTTP dissector could crash. Versions affected: 0.10.4 to 0.10.11 The SMB dissector could go into a large loop. Versions affected: 0.9.0 to 0.10.11 The DCERPC dissector could crash. Versions affected: 0.9.16 to 0.10.11. Several dissectors could crash while reassembling packets. Versions affected: 0.9.0 to 0.10.11 A separate review by Steve Grubb at Red Hat turned up the following issues: The CAMEL dissector could dereference a null pointer. Version affected: 0.10.11 The DHCP dissector could crash. Versions affected: 0.10.4 to 0.10.11 The CAMEL dissector could crash. Versions affected: 0.10.10 to 0.10.11 The PER dissector could crash. Versions affected: 0.10.10 to 0.10.11 The RADIUS dissector could crash. Versions affected: 0.9.4 to 0.10.11 The Telnet dissector could crash. Versions affected: 0.9.10 to 0.10.11 The IS-IS LSP dissector could crash. Versions affected: 0.8.19 to 0.10.11 The NCP dissector could crash. Versions affected: 0.9.15 to 0.10.11 Ethereal uses the zlib compression library. Security vulnerabilities have been discovered in zlib 1.2.1 and 1.2.2. The Windows installer now ships with zlib 1.2.3, which fixes these vulnerabilities. Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00020.html Everyone is encouraged to upgrade. New and updated features The Windows installer now includes the WinPcap 3.1 beta 4 installer. You don't have to download and install it separately. RADIUS dictionaries are now included. A lot of documentation were updated Some command line parameters have changed, see the Ethereal / Tethereal manual pages A "File/File Set" submenu was added to better handle Ring buffer/Multiple Files Flow graphs can now be created for any protocol. Memory management has been greatly improved. JXTA has been added to the conversations menu. When compiled with MIT/Heimdal Kerberos and if keytab files are provided, Ethereal can now decrypt and dissect both SecureLDAP and encrypted DCE/RPC. TCP Sequence graphs should now work for all captures and all encapsulation types. New protocol support ACSE, ARMAGETRONAD, AudioCodes trunk trace, CSM_ENCAPS, DEC DNA Routing, DIS, FTAM, iFCP, Juniper PPPoE, MMS, MS MediaServer, MSRP, Parlay, Synergy, TANGO, WLAN Certificate Extensions, Updated protocol support 802.11 Radiotap, 9P, ACSE, AFP, AgentX, AIM, ANSI MAP, BACapp, BVLC, Camel, CLNP, CMIP, DCERPC, DCOM, DHCP, DHCP Failover, DHCPv6, DICOM, DNP, DNS, DOCSIS, EAP, Ethernet, FCIP, FC-SWILS, GIOP, GSM A, GSM MAP, GSSAPI, GTP, H.221, H.225, H.235, H.245, H.248, H.450, H1, HPSW, HTTP, HyperSCSI, ICMP, IEEE 802.3, IEEE 802.11, IP, IPDC, ISAKMP, iSCSI, iSNS, ISUP, JXTA, Kerberos, KINK, LDAP, LLC, LMP, LWAPP, MEGACO, MGCP, MMSE, NDMP, NDPS, NFS, NTLMSSP, OSI, PER, PPP, PRES, PROFINET, RDT, RMT, RPC, Rsync, RSVP, RTP, RTSP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SPNEGO, SSCOP, SSL, T.38, TCAP, TCP, Telnet, TFTP, TPKT, UDP, UDVM, UMA, V5UA, WBXML, WSP, XML, YMSG, YPSERV, New and updated capture file support HP Nettl, Tektronix K12 == May 4, 2005 Ethereal 0.10.11 has been released. An aggressive testing program as well as independent discovery has turned up a multitude of security issues: The ANSI A dissector was susceptible to format string vulnerabilities. Discovered by Bryan Fulton. Versions affected: 0.9.15 to 0.10.10 The GSM MAP dissector could crash. Versions affected: 0.10.0 to 0.10.10 The AIM dissector could cause a crash. Versions affected: 0.9.14 to 0.10.10 The DISTCC dissector was susceptible to a buffer overflow. Discovered by Ilja van Sprundel Versions affected: 0.9.13 to 0.10.10 The FCELS dissector was susceptible to a buffer overflow. Discovered by Neil Kettle Versions affected: 0.9.9 to 0.10.10 The SIP dissector was susceptible to a buffer overflow. Discovered by Ejovi Nuwere. Versions affected: 0.10.0 to 0.10.10 The KINK dissector was susceptible to a null pointer exception, endless looping, and other problems. Versions affected: 0.10.10 The LMP dissector was susceptible to an endless loop. Versions affected: 0.9.4 to 0.10.10 The Telnet dissector could abort. Versions affected: 0.9.10 to 0.10.10 The TZSP dissector could cause a segmentation fault. Versions affected: 0.10.10 to 0.10.10 The WSP dissector was susceptible to a null pointer exception and assertions. Versions affected: 0.10.0 to 0.10.10 The 802.3 Slow protocols dissector could throw an assertion. Versions affected: 0.10.10 The BER dissector could throw assertions. Versions affected: 0.10.2 to 0.10.10 The SMB Mailslot dissector was susceptible to a null pointer exception and could throw assertions. Versions affected: 0.9.0 to 0.10.10 The H.245 dissector was susceptible to a null pointer exception. Versions affected: 0.10.10 The Bittorrent dissector could cause a segmentation fault. Versions affected: 0.10.8 to 0.10.10 The SMB dissector could cause a segmentation fault and throw assertions. Versions affected: 0.9.0 to 0.10.10 The Fibre Channel dissector could cause a crash. Versions affected: 0.9.9 to 0.10.10 The DICOM dissector could attempt to allocate large amounts of memory. Versions affected: 0.10.4 to 0.10.10 The MGCP dissector was susceptible to a null pointer exception, could loop indefinitely, and segfault. Versions affected: 0.8.14 to 0.10.10 The RSVP dissector could loop indefinitely. Versions affected: 0.9.8 to 0.10.10 The DHCP dissector was susceptible to format string vulnerabilities, and could abort. Versions affected: 0.10.7 to 0.10.10 The SRVLOC dissector could crash unexpectedly or go into an infinite loop. Versions affected: 0.9.8 to 0.10.10 The EIGRP dissector could loop indefinitely. Versions affected: 0.8.18 to 0.10.10 The ISIS dissector could overflow a buffer. Versions affected: 0.8.18 to 0.10.10 The CMIP, CMP, CMS, CRMF, ESS, OCSP, PKIX1Explitit, PKIX Qualified, and X.509 dissectors could overflow buffers. Versions affected: 0.10.4 to 0.10.10 The NDPS dissector could exhaust system memory or cause an assertion, or crash. Versions affected: 0.9.12 to 0.10.10 The Q.931 dissector could try to free a null pointer and overflow a buffer. Versions affected: 0.10.10 The IAX2 dissector could throw an assertion. Versions affected: 0.10.1 to 0.10.10 The ICEP dissector could try to free the same memory twice. Versions affected: 0.10.7 to 0.10.10 The MEGACO dissector was susceptible to an infinite loop and a buffer overflow. Versions affected: 0.9.14 to 0.10.10 The DLSw dissector was susceptible to an infinite loop. Versions affected: 0.9.1 to 0.10.10 The RPC dissector was susceptible to a null pointer exception. Versions affected: 0.9.2 to 0.10.10 The NCP dissector could overflow a buffer or loop for a large amount of time. Versions affected: 0.10.5 to 0.10.10 The RADIUS dissector could throw an assertion. Versions affected: 0.10.3 to 0.10.10 The GSM dissector could access an invalid pointer. Versions affected: 0.10.10 The SMB PIPE dissector could throw an assertion. Versions affected: 0.9.0 to 0.10.10 The L2TP dissector was susceptible to an infinite loop. Versions affected: 0.10.9 to 0.10.10 The SMB NETLOGON dissector could dereference a null pointer. Versions affected: 0.9.12 to 0.10.10 The MRDISC dissector could throw an assertion. Versions affected: 0.8.19 to 0.10.10 The ISUP dissector could overflow a buffer or cause a segmentation fault. Versions affected: 0.8.19 to 0.10.10 The LDAP dissector could crash. Versions affected: 0.10.1 to 0.10.10 The TCAP dissector could overflow a buffer or throw an assertion. Versions affected: 0.10.8 to 0.10.10 The NTLMSSP dissector could crash. Versions affected: 0.9.7 to 0.10.10 Additionally, a number of dissectors could throw an assertion when passing an invalid protocol tree item length. Versions affected: 0.10.8 to 0.10.10 Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00019.html Everyone is encouraged to upgrade. New and updated features New protocol support Updated protocol support New and updated capture file support == March 11, 2005 Ethereal 0.10.10 has been released. This release fixes three security and stability-related issues: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. (CAN-2005-0704) The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. (CAN-2005-0705) Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This flaw was later reported by Leon Juranic. (CAN-2005-0699) Leon Juranic discovered a buffer overflow in the IAPP dissector. A bug in the JXTA dissector could make Ethereal crash. A bug in the sFlow dissector could make Ethereal crash. Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00018.html Everyone is encouraged to upgrade. New and updated features Tree view item context menus now let you browse to the display filter reference and wiki pages for a particular protocol. Online help has been expanded. VoIP call analysis (including nifty connection diagrams) has been added. GSS-API decryption has been greatly enhanced. New protocol support AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, Retix Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP Updated protocol support 3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, DAAP, DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, GPRS, GSM A, GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, IEEE 802.11, IEEE 802.3 Slow Protocols, IP, iSCSI, ISUP, Juniper, JXTA, Kerberos, L2TP, LDAP, MIP, MPLS, NDMP, NSIP, NTP, OSPF, OXID, PostgreSQL, RADIUS, RDT, Redback, RMCP, RTP, RTSP, SCSI, SCTP, SDP, SPNEGO, SSL, STUN, TCAP, TCP, TZSP New and updated capture file support DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback) == January 19, 2005 Ethereal 0.10.9 has been released. This release fixes the following security-related issues: The COPS dissector could go into an infinite loop. (CAN-2005-0006) The DLSw dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0007) The DNP dissector could cause memory corruption. (CAN-2005-0008) The Gnutella dissector could cause an assertion, making Ethereal exit prematurely. (CAN-2005-0009) The MMSE dissector could free static memory. (CAN-2005-0010) The X11 protocol dissector is vulnerable to a string buffer overflow. (CAN-2005-0084) Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00017.html Everyone is encouraged to upgrade. New and updated features Ethereal will now detect and flag weak 802.11 WEP IVs. Windows Sniffer timestamp handling has been greatly improved. A bug which made Ethereal crash at startup on Windows 98 and Windows ME systems has been fixed. Ethereal and Tethereal now support a personal "hosts" file. Invalid field length handling has been greatly improved. The capture progress window title now shows the interface name. New protocol support ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA Updated protocol support AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM, DHCPv6, DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS, FCIP, FCSB3, FIX, GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IEEE 802a, image/GIF, image/JFIF, Kerberos, L2TP, LDAP, LLC, LMP, MGCP, MIME Multipart, MMSE, MPLS, MTP2, NBNS, NDMP, NMAS, NSIP, OLSR, PER, pflog, PGM, PostgreSQL, PPP, PRES, Q.931, RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP, SIP, SLSK, SMB, SMPP, SRVLOC, SSL/TLS, T.38, TACACS, TCAP, TCP, X11 New and updated capture file support Windows Sniffer == December 15, 2004 Ethereal 0.10.8 has been released. This release fixes the following security-related issues: Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. (CAN-2004-1139) An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling available disk space. (CAN-2004-1140) The HTTP dissector could access previously-freed memory, causing a crash. (CAN-2004-1141) Brian Caswell discovered that an improperly formatted SMB packet could make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142) Please see the following advisory for more information: http://www.ethereal.com/appnotes/enpa-sa-00016.html Everyone is encouraged to upgrade. New and updated features Ethereal now has a packet history, similar to most web browsers. Ethereal now supports custom window titles. Minor performance enhancements have been added. RTP analysis has been enhanced. Host name resolution has been improved. Ethereal can now track TCP PDU times. See http://wiki.ethereal.com/TcpPduTime for more details. Ethereal now ships with netscreen2dump.py, a utility which converts netscreen packet-trace hex dumps to hex dumps that can be read by text2pcap. New protocol support AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management and Session Management, GSM MAP, Extended Security Services, Logotype Certificate Extensions, MAP Dialogue, Network Service Over IP, Online Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI, Updated protocol support 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC, CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey, ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A, GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec, ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT, PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet, RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP, SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25, X.509af, X.509ce, X.509if, X.509sat, New and updated capture file support pppdump == October 20, 2004 Ethereal 0.10.7 has been released. The Windows installer features new GLib/GTK+, Net-SNMP and ADNS libraries which fix several known bugs. Unfortunately, a few known GLib/GTK+ bugs remain. In order to avoid a naming conflict with the tcpreplay project, the "capinfo" utility has been renamed to "capinfos". New and updated features Search wrapping is now a configurable option. A lot of material has been added to the Developer's Guide. The User's Guide has been updated as well. The "Decode As..." dialog now supports DCERPC and SCTP. The "Help" menu now includes a link to the wiki. H.323 call analysis is now supported. New protocol support Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol, Ethernet MAC Control Frame, ICE, Kerberos v4, Netscape certificate extensions, PKINIT, PKIX1EXPLICIT, PKIX1IMPLICIT, Updated protocol support AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS, DCERPC MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS, EAP, ENIP, EPM, GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450, ISAKMP, iSCSI, iSNS, ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA, MEGACO, MPLS, NCP 2222, NCP, NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF, RADIUS, RSVP, RTCP, RTP, RTSP, SCTP, SDP, SES, SIP, Skinny, SMB, SNMP, SUA, T.38, TALI, TCAP, TCP, TDS, Teredo, Time, X.509, X11, New and updated capture file support HP-UX nettl, NG Sniffer == August 12, 2004 Ethereal 0.10.6 has been released. This release fixes a preferences bug present in Ethereal which displayed (ethereal.exe:3512): Gtk-CRITICAL **: file gtkwindow.c: line 3107 (gtk_window_resize): assertion `height > 0' failed at program startup. A workaround for 0.10.5 is described in http://www.ethereal.com/lists/ethereal-users/200408/msg00059.html A new command-line utility called "capinfo" has been added to the distribution which prints statistics about capture files. You can now copy conversation and endpoint data to other applications as CSV data. New and updated features X.509 support has been added. Crash bugs have been fixed in the RTP and NCP dissectors. PostScript(r) output has been improved. A bug that prevented mergecap from creating a new output file has been fixed. Conversation and endpoint performance has been enhanced. General packet display performance has been enhanced. The conversation and host list tools have been renamed to be less confusing. You can now copy conversation and host list data as CSV data. RTP analysis can now dynamically determine the proper clock rate. New protocol support AX/4000, CMS, DCERPC (EVENTLOG, FRSAPI, FRSRPC), MANOLITO, PKCS#1, X.509AF, X.509CE, X.509IF, X.509SAT Updated protocol support 802.11, AIM, ASAP, ASN.1 BER, ASN.1, COPS, DCM, DHCP Failover (ISC), ENRP, Fibre Channel, GIOP, GSSAPI, GTP, HTTP, ICAP, iSNS, Kerberos, MPLS, NCP, NTLMSSP, OPSI, OSPF, PRES, RADIUS, Rlogin, RSVP, RTPS, RTSP, SCTP, Sigcomp, Skinny, SMB BROWSER, SMB, SNMP, SSL, TDS, Telnet New and updated capture file support LANalyzer == July 7, 2004 Ethereal 0.10.5 has been released. This release fixes bugs in iSNS, SMB, and SNMP, as described in the following advisory: http://www.ethereal.com/appnotes/enpa-sa-00015.html Everyone is encouraged to upgrade. New and updated features Ethereal can now merge multiple files (you don't have to resort to mergecap on the command line). A preview pane has been added to the file dialog. The capture progress dialog can now be disabled. The about dialog has received further improvements. The behavior of Ethereal's dialog windows has been normalized somewhat. The Windows installer can now associate standard file extensions with Ethereal. Ethereal can be configured not to bug you about unsaved captures. Ethereal can open help documentation using the default web browser. New protocol support DNP, ENRP, giFT, H.235, PacketCable, SigComp, SIR (Serial Infrared) Updated protocol support AIM, ASAP, ASN.1 BER, ARP, ATM, DHCP, CFPI, CLNP, DCERPC (DCERPC, LSA, NT, SAMR, SRVSVC, WKSSVC), EAP, ENIP, Frame Relay, GRE, H.225, H.245, H.450, HTTP, IAX2, IEEE 802.11, ISAKMP, iSNS, ISUP, JFIF, Kerberos, LMP, M3UA, MGCP, MPLS, MTP3, NCP, NetFlow, NFS, OSPF, PIM, RADIUS, RIP, RSVP, RTCP, RTP, RTSP, SCSI, SDP, SIP, SMB, SMTP, SNMP, SOCKS, SSL, T.35, TCP, VRRP, WBXML (User-Agent Profile), WSP, X11 New and updated capture file support Radcom == May 13, 2004 Ethereal 0.10.4 has been released. This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in the following advisory: http://www.ethereal.com/appnotes/enpa-sa-00014.html Everyone is encouraged to upgrade. New and updated features When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file selection dialog. Export dialogs for Plain text, PostScript(R), PDML and PSML have been added. PostScript(R) output has been improved. The screen layout of the main window can be changed by Preferences now. Many other parts of the user interface have received improvements. Compressed and chunked transfer-coded HTTP bodies are now decoded. A new generic media dissector more cleanly handles HTTP and WSP Content-Type information. New protocol support ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP, IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS Updated protocol support 3G A11, ACSE, AFS, AIM, ANSI MAP, ASN.1 (BER, PER), BACnet, CHDLC, COPS, DCERPC (LSA, NETLOGON, SAMR, SVCCTL, SPOOLS) DHCP, DIAMETER, EAPOL, FTAM, GSM, GTP, H.225, HTTP, ICMPv6, IPv4, IPv6, IPDC, IPMI, iSNS, ISUP, Kerberos, LDAP, LDP, MEGACO, MIPv6, MMSE, MQ, MTP3, NTLMSSP, RADIUS, RPC, RTCP, RTPS, RUDP, SCTP, SIP, SLSK, SMB, SPNEGO, TCP, Time, WBXML (EMN, SI, WV-CSP), WCCP, WSP, X11, YMSG Capture file support EyeSDN, nettl == March 25, 2004 Ethereal 0.10.3 has been released. This release fixes several security bugs described in the following advisory: http://www.ethereal.com/appnotes/enpa-sa-00013.html Everyone is encouraged to upgrade. New and updated features Display filters now support the bitwise and (&) operator. Protocol hierarchy statistics now have bandwidth columns. The capture dialog has a new layout. New protocol support 3G A11 Cisco SS7 (RUDP, RLM, and Session Management), FTAM, IPDC, MQ, Presentation, SLSK, Updated protocol support 802.11, AFP, AIM/Oscar, Axent Raptor/Symantec Enterprise firewall, BER, BGP, CDP, DCCP, DCERPC NETLOGON, DCERPC RS_PGO, DCERPC RS_PROP_PLCY, DCERPC, DCERPD SAMR, DIAMETER, DOCSIS, E.164, EIGRP, FCFCS, GSM A, GSM MAP, GSM SMS, GTP, H.225, IGAP, IrDA, ISUP, Kerberos, M2PA, M3UA, MTP3, NBNS, NCP, NDMP, Netflow, PER, PGM, PostgreSQL, Q.931, Q.933, Quake 2, RADIUS, RSVP, RTSP, SCTP, SMB, SNA, TCAP, TCP, UCP, WBXML, WSP, X11, xDLC Capture file support EyeSDN, libpcap (tcpdump) == February 23, 2004 Ethereal 0.10.2 has been released. This release fixes two major bugs in 0.10.1: Under Windows, the error ** WARNING **: error opening /usr/local/share/ethereal/asn1/default.tt, No such file or directory would be printed at startup. The 0.10.1 source release was missing several files required for compiling. New and updated features The user interface has received further updates. The Statistics menu layout has been improved, as well as the capture options dialog layout. New protocol support Cisco Cast Client Control Protocol Updated protocol support AppleTalk, ASN.1, DCERPC, Diameter, FCSP, GSM A, GSM MAP, GSM SMS, HTTP, IEEE 802.3, Kerberos, MSN Messenger, PostgreSQL, Q.931, RPL, Skinny, TCAP, TDS == February 18, 2004 Ethereal 0.10.1 has been released. New and updated features The Windows installer now lets you choose between the traditional GTK+ version 1 interface and a new GTK+ 2 interface. Several updates were made to Ethereal's user interface. The "File" menu now has a "most recently used" list. The help menu was greatly expanded. The "matches" operator now handles more data types. For example, you can now use smtp matches joespammer@example.com as a display filter. I/O statistics now support 1ms resolution. Bug fixes A column resorting crash on the Windows platform was fixed. New protocol support EDP, IAX2, IrDA, ISMP, OLSR, PostgreSQL, PRES, V5UA Updated protocol support ACSE, AFP, AIM, ANSI MAP, ARCNET, ASN.1, BEEP, BGP, BPDU, BSSAP, CLNP, COPS, CPHA, DCERPC AFS4INT, FLDB, RPRIV, RS_REPADM, STAT, SVCCTL, TRKSVR, WKSSVC, DCERPC, DHCPv6, DNS, DOCSIS, EAP, ENIP, ESIS, FC, FC-IP, FC-SB3, FW-1, GIF (OK, so it's a file format and not a protocol per se), GIOP, GRE, GSM MAP, GSM SMS, GTP, H.225, H.245, H.450, HTTP, ICMPv6, IEEE 802.11, IPMI, IPv4, IPv6, IPX, ISAKMP, iSCSI, ISDN, ISUP, JFIF, Kerberos, KPASSWD, L2TP, LDAP, LDP, LWAPP, MGCP, MLD, MMSE, Mobile IPv6, MSPROXY, MTP3, NBNS, NCP, NDMP, NFS, OSI, OSPF, PER, PGM, Q.931, RADIUS, RMI, RSTAT, RTP, RTSP, SCCP, SDP, SES, SIP, SLL, SLSK, SMB, SMPP, SNMP, SOCKS, SRVLOC, SSH, SSL, STUN, T.38, TACACS, TCAP, TDS, Telnet, Teredo, Text, TFTP, TZSP, UDP, Vines, WAP, WBXML, WSP, WTP, X11 Updated capture file support DBS EtherWatch, EtherPeek/AiroPeek, EyeSDN, LANAlzyer, NetXRay, Snoop == December 12, 2003 Ethereal 0.10.0 has been released. This release fixes issues in the SMB and Q.931 dissectors that could make Ethereal and Tethereal crash. See http://www.ethereal.com/appnotes/enpa-sa-00012.html for more details. New and updated features Many performance improvements have been made to the code. Most users should see a 2x to 3x performance increase when loading and working with capture files. A "matches" display filter operator has been added. It is similar to the "contains" operator, but supports Perl-compatible regular expressions. Tethereal can now dump packet data in XML (PDML) format. The main application menus have been rearranged and the help windows have been revamped, along with a host of other UI enhancements. The capture progress window now features bar graphs. The GLib, GTK+, Net-SNMP, and zlib libraries that ship with the Windows installer have been updated. New protocol support BFD, CCSDS, CPFI, DCE/RPC {BUDB, EPM4, ICL_RPC, RS_PLCY, RS_PROP_ACCT} IGAP, ISO 8327-1 SES, MS Kpasswd, RTCFG, SEBEK, Updated protocol support ACN, AFP, ANSI A, ANSI MAP, ASN.1, BSMAP, BSSAP, CPFI, DCE/RPC {DCOM, EPM, NDR, SRVSVC, STAT, WKSSVC}, DCE/RPC, DHCP, DNS, DOCSIS, DSI, DTAP, ENTTEC, FC ELS, FC FZS, FC-SP, FC-SWILS, GIOP, GPRS NS, GSM A, GSM MAP, H.225, H.450, HTTP, ICMP, IPv6, IS-IS, ISAKMP, ISUP, Kerberos, LDAP, LDP, MIPv6, MMSE, MS Proxy, MTP3, NCP 2222, NTP, PIM, RADIUS, RANAP, RDM, RSVP, RTCP, RTP, SCCP, SDP, SIP, SMB, SMPP, SOCKS, SONMP, SRVLOC, SSL, TACACS, TCAP, TCP, TPKT, TZSP, UCP, WAP, WBXML, WLAN, WSP, WTP Updated capture file support AiroPeek v9 (2.x) support was added. Network Instruments Observer and Snoop support was updated. == November 2, 2003 Ethereal 0.9.16 has been released. This release fixes potential security issues with the GTP, ISAKMP, MEGACO, and SOCKS dissectors. See http://www.ethereal.com/appnotes/enpa-sa-00011.html for more details. New and updated features Ethereal has leapt forward into the 90's and added a toolbar. Ethereal and Tethereal can now force the data link type of captured frames. RTP analysis has been enhanced. Individual frames can now be marked as time references Service response time and general I/O statistics have been enhanced. I/O statistics can now calculate client load (experimental). New protocol support ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP, GSM SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A (OTA), T.38, TCAP, TPCP Updated protocol support AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER, DCE/RPC DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG, DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame Relay, FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX, ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP, NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP, RIP, RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS, SONMP, SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP, X.25, Yahoo! Messenger Updated capture file support Linux Bluez Bluetooth hcidump support has been added. Endace ERF and Network Instruments Observer, and NetXRay support has been enhanced. == September 9, 2003 Ethereal 0.9.15 has been released. New and updated features Many often-requested features have been added with this release. If you're running an older version of Ethereal you may want to have a look. Conversation List (aka "top talker") support has been added to Ethereal and Tethereal. Protocol statistics in general have been updated. Searching capture files has been improved even more -- a new "contains" display filter operator that searches for strings in PDUs has been added. The Find dialog now supports case-insensitive searches, hex data searches, and more. An H.225 dissector has been added. It can automatically recognize RTP and RTCP conversations. A preference file has been added for disabled protocols. Color filters may now be imported and exported from within Ethereal. A new column type has been added for cumulative bytes. New protocols GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN Updated protocols ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP, Ethernet, FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA, M3UA, MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP, SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP, WSP, Updated capture file support Support for Accellent 5Views and Endace ERF capture files was added. CheckPoint FW-1 and Novell LANalyzer support has been enhanced. == July 23, 2003 Ethereal 0.9.14 has been released. New and updated features The ringbuffer code has been (nearly) completely rewritten. It now supports an unlimited number of files. Ethereal now supports searching for arbitrary text and binary data in frames. Service response time statistics have been enhanced. Tethereal, the text-mode version of Ethereal, can now be compiled without capture support. New and updated features Echo, eDonkey, Jabber, MS Messenger, sFlow Updated protocols AODV, AODV6, Boardwalk, DCE-RPC, ENIP, Fibre Channel, FIX, FW1, H.245, IGMP, IPsec, IS-IS, iSCSI, ISUP, LDAP, LDP, M2UA, MEGACO, MTP3, NDS, NETLOGON, NTLMSSP, NTP, Q.2931, Q.931, SAMR, SCCP, SCSI, SMB, SMPP, SNA, SNMP, SPNEGO, SPOOLSS, SRVLOC, UCP, Vines, VRRP, WBXML, WEP, WSP, WTP, X11, Zebra Updated capture file support LANalyzer, NetXRay == June 11, 2003 Ethereal 0.9.13 has been released. This release fixes a large number of security issues discovered by Timo Sirainen and others. See http://www.ethereal.com/appnotes/enpa-sa-00010.html for more details. New and updated features Ethereal now supports a system-wide color filter file. Support for the GNU ADNS library has been added. ADNS allows asynchronous DNS lookups. "Decode As..." functionality has been added to Tethereal via the "- d" flag. The HTTP, FTP, POP, SMTP, IMAP, and ACAP requests and responses are now shown in the protocol tree. New protocols distcc, EtherNet/IP, MSRPC ATSVC, RTNET/TMDA Updated protocols 802.11, AIM, BGP, CLNP, COTP, CPHA, DCERPC, DNS, EAPOL, Ethernet, FDDI, GSSAPI, IP, ISAKMP, ISIS, LDAP, LSP, M2PA, MAPI, Modbus, NDPS, NFS, NTLMSSP, OSI, OSPF, OpenBSD pflog, PPTP, RMCP, RMI, RPC, RTP, SCSI, SCTP, SIP, SMB, SMPP, SMTP, SNMP, SPNEGO, TACACS, TCP, TSP, WBXML, WSP, WTP Updated capture file support HP-UX nettl, VMS UCX$TRACE == May 1, 2003 Ethereal 0.9.12 has been released. This release fixes several off-by-one and integer overflow errors discovered by Timo Sirainen. See http://www.ethereal.com/appnotes/enpa-sa-00009.html for more details. New and updated features TCP sequence number analysis received a few improvements. General packet reassembly has been improved. The "Follow TCP Stream" window now allows you to filter out the current stream. The Vines code received significant updates. Several enhancements were made to the text2pcap utility. New protocols ArtNET, IPX WAN, Intel ANS, iSNS, NLSP, WKSSVC Updated protocols 802.11 ACAP, AFP, AIM, AJP, ASAP, BGP, CLNP, CPHA, DCE/RPC, DSI, EAP, IP, IPMI, IPX, IPv6, ISIS, ISUP, IUA, Kerberos, LDAP, M2PA, M2TP, M2UA, M3UA, MGCP, MTP2, MTP3, MTP3MG, Modbus/TCP, NDMP, NDPS, NFS, NLSP, PGM, Q.931, RANAP, RPC, RSVP, SCCP, SCCPMG, SCTP, SMB, SNMP, SPX, SSH, SUA, TCP, Telnet, Vines, WBXML, WSP, WTP Updated capture file support Netxray == March 10, 2003 Ethereal 0.9.11 has been released. The Ethereal 0.9.10 release was packaged improperly. This release fixes the packaging, and adds minor updates and fixes for the following protocols: AFS, OpenBSD enc(4), RTP, SCSI, SIP, SMPP, SSH IA64 support has been improved. == March 7, 2003 Ethereal 0.9.10 has been released. This release fixes a security hole discovered by Georgi Guninski in the SOCKS dissector as well as problems with the NTLMSSP and Rsync code. All users of previous versions are encouraged to upgrade. See http://www.ethereal.com/appnotes/enpa-sa-00008.html for more details. New and Updated Features Many small updates were made to the user interface. The "Help" menu now includes the FAQ. The TCP dissector was enhanced. Many more fields are filterable. Tethereal received more IO stats: TCP and UDP top talkers. Packet reassembly has been improved. The "Follow TCP Stream" feature can now export C byte arrays. RTP streams can now be saved to a file. Bug Fixes A missing comma in a string array could cause Ethereal to crash when opening the preferences dialog. New Protocols MSN Messenger, Rsync, SSH, Yahoo! Messenger Updated Protocols AFP, AFS, AIM, ATM, Apache JServ, BACNET, BGP, BOOTP, CLNP, COPS, DCCP, DCERPC NT, DCERPC, DNS, ESIS, Ethernet, Frame Relay, GIOP, GTP, HP extended 802.2 LLC, HP-UX remote management, HTTP, IPP, IPX, LLC, LSA, M3UA, MDSHDR, MIP6, MPLS, MySQL, NCP2222, NETLOGON, NLPID, NetFlow, OpenBSD enc(4), OSI, PPP, RADIUS, RMP, RPL, SAMR, SCSI, SMB, SNA, SNMP, SOCKS, SPOOLSS, SRVLOC, SRVSVC, SSL, SliMP3, TCP, Token Ring, WBXML, Wellfleet BofL X.25, X11 Updated Capture File Support NetXRay, NGSniffer, Snoop == January 23, 2003 Ethereal 0.9.9 has been released. Please note the next release will NOT be 1.0. There are still more features to be added before a 1.0 release will be ready. New and Updated Features Plugin search behavior was improved under Unix, allowing more than one version of Ethereal to be installed at one time. The statistics graphs have been enhanced. More statistics have been added: Round-trip-time statistics are now computed for SMB traffic. NCP Call and Reply times are now tracked. Top talker statistics for Ethernet, IP and Token Ring are now available (tethereal only). Color allocation and handling was improved. The RADIUS dissector can now decrypt user passwords. Tethereal now supports reading from a pipe under Unix. The ATM code received major improvements. The DOS Sniffer code also received major improvements. For those that compile Ethereal from source, some fixes and updates have been made to the configuration and build environment. Bug Fixes The capture progress window now shows the correct number of elapsed minutes. A potential infinite loop in the TCP graphing code has been fixed. New Protocols MDSHDR, MEGACO, MySQL, SDLC, X.29 Updated Protocols 802.11, AFP, AFS, AIM, ARCNET, ASAP, ATM, BPDU, Cisco HDLC, CLNP, DCE RPC, DDTP, Ethernet, FC-ELS, FCIP, H.261, IMSI, IP, IP-over-FC, L2TP, LMI, M3UA, MTP3, NCP, NetBIOS, NETLOGON, ONC RPC, OSPF, PIM, PPP, RADIUS, RANAP, RPC, SAMR, SCTP, SMB, SPNEGO, SPOOLSS, SRVLOC, SRVSVC, SUA, TNS, Token Ring, Wellfleet HDLC, X.25 Updated Capture File Support Firewall-1, Netmon, NetXRay, Radcom, Sniffer == December 7, 2002 Ethereal 0.9.8 has been released. Serious problems with the BGP, LMP, PPP, and TDS dissectors have been discovered. See http://www.ethereal.com/appnotes/enpa-sa-00007.html for more details. New and Updated Features The TAP subsystem received major updates. Tethereal can display more statistics, and several graphs have been added to Ethereal. A protocol hierarchy statistics tap was added to tethereal. This code may be used to replace the hierarchy statistics code in Ethereal. More updates have been added to TCP analysis. After a long hiatus, the Windows installer once again includes SNMP support. The total running time of the capture is now displayed in the capture progress dialog box. The capture progress dialog also shows ARP packets. The look of the plugins dialog was revamped. Bug Fixes and Updates A bug which caused Ethereal under Windows to crash when "Update list of packets in real time" was enabled has been fixed. The stability of the text2pcap utility has been improved. In tethereal, the packet count is properly displayed when you ^C out of a capture. New Protocols ARCNET, ClearCase NFS, DCERPC LSA_DS, Fibre Channel, HyperSCSI, MDNS, PCLI, RPL Updated Protocols AFP, AFS, BACNet, BGP, DCERPC, DCERPC EPM, DCERPC LSA, DCERPC NDR, DCERPC NT, DCERPC SAMR, DCERPC UPDATE, GRE, GTP, HTTP, IPv6CP, IPX, iSCSI, ISDN, IUA, LAPD, LDAP, M2PA, NDPS, NDS, NetBIOS, NFS, NTLMSSP, OSPF, PPP, PPPoE, Q.2931, Q.931, RPC, RSVP, SCSI, SCTP, SMB, SNMP, Spanning Tree, SPNEGO, SPOOLSS, SPX, SRVLOC, TCP, Telnet, V.120, WEP, YPSERV Updated Capture File Support AIX iptrace and tcpdump, NetXRay, Sniffer, snoop == September 28, 2002 Ethereal 0.9.7 has been released. New Features In order to improve the out-of-box responsiveness of Ethereal and Tethereal, network name resolution has been disabled by default. TCP analysis (a feature added in the 0.9.6 release) was improved. The NCP code base received quite a few updates. Initial support for version 2 of the GTK+ library was added. RPC staticstics (which use the new Tap API) were added. Due to added and updated support for the NTLM, SNEGO, and GSS-API protocols, Ethereal can now dissect most of the security blobs for Windows 2000 authentication. The Ethernet "manuf" file now handles addresses specified with a mask, and contains many well-known addresses. New Protocols 802.1s MSTP, FIX, GSS-API, Interbase, NDPS, Netflow (Cisco and Juniper), SCCP-Management, SPNEGO The following DCE/RPC protocols were also added: AFS4INT, BOSSVR, CDS_CLERKSERVER, CDS_SOLICIT, CPRPC_SERVER, DNSSERVER, DTSPROVIDER, DTSSTIME_REQ, FLDB, FTSERVER, KRB5RPC, REPADMIN, REP_PROC, ROVERRIDE, RPRIV, RS_ATTR, RSEC_LOGIN, RS_MISC, RS_PGO, RS_REPLIST, RS_UNIX, SECIDMAP, TKN4INT, UBIKDISK, UKIKVOTE Updated Protocols AFP, AODV/AODV6, BGP, CHDLC, CHPA, DCE/RPC CONV, DCE/RPC LSA, DCE/RPC NT, DCE/RPC SAMR, DHCP, DNS, DOCSIS, EAP, GTP, HTTP, IP, iSCSI, IS- IS, Kerberos, LDAP, LDP, M2PA MMSE, NBNS, NCP, NDS, NETLOGON, NTLMSSP, OSI Q.931 RPC, RPCSTAT, SCSI, Skinny, SMB, SNEGO, SPOOLSS, SRVSVC, TCP, WSP, == August 20, 2002 Ethereal 0.9.6 has been released. Bugs Fixed A buffer overflow in the ISIS dissector has been fixed. More information can be found at http://www.ethereal.com/appnotes/enpa-sa-00006.html. A bad TCP header could cause problems for the "Follow TCP Stream" feature. Setting "column.format" from the command line no longer crashes Ethereal and Tethereal. Problems with capture files being overwritten (e.g. if you try to save over the current capture file) have been fixed. An SMB conversation handling bug has been fixed. Thanks to Valgrind, several memory leaks have been fixed. Some problems with printing under Windows have been fixed. New Features TCP sequence number analysis has been added. The DCE RPC NETLOGON dissector has received a major overhaul. Data types throughout the code have been cleaned up. New Protocols CPHA, DOCSIS, NTLMSSP, Xyplex terminal server protocol, ZIP Updated Protocols 802.11, AFP, ASAP, BGP, CDP, CDPCP, CPHA, DDP, DCERPC, DCERPC NT, DCERPC REG, EPM, FTP, HCLNFSD, HTTP, IPX, ISAKMP, ISIS, IUA, Kerberos, L2TP, LLMNR, LSA, MMSE, MPLSCP, NBNS, NetBIOS, NETLOGON, NFS, NTLMSSP, PPP, Quake2, RADIUS, RSVP, RTCP, SAMR, SCSI, SDP, SIP, SMB, SMB Mailslot, SMTP, SPOOLSS, TCP, TDS, TNS, TPKT, Token Ring, VJ TCP, WINREG, WSP Capture File Updates CheckPoint Firewall-1 monitor file support and CoSine debug file support were added. Support for pppdump and Netmon files was updated. == June 28, 2002 Ethereal 0.9.5 has been released. This version fixes several potential security problems revealed since the release of 0.9.4. See the security advisory at http://www.ethereal.com/appnotes/enpa-sa-00005.html for more details. New Features: The ability to read packet data from a pipe was enhanced. Printing under Windows now works. New Protocols 802.3 LACP, Apache JServ, AODV6, DCERPC Browser, Java RMI, TAPI Updated Protocols ATM, BGP, BOOTP, DCE RPC, EPM, Frame Relay, GTP, L2TP, LMP, MAPI, MIP, MMSE, MTP3, NCP, NFS, NSPI, PPP, Q2931, RADIUS, RSVP, SCSI, SMB, SNA, SOCKS, SPOOLSS, SRVSVC, SunATM, TFTP, TNS, Token Ring, UCP, VJ TCP/IP, WCP, WEP, WSP, WTP Capture File Updates Ethereal can now write LANalyzer files. The Sniffer, nettl, snoop, NetXRay, and libpcap code all received updates.