Wireshark is 1.12.4 发布,此版本主要是 bug 修复版本,没有新特性也没有功能性改进,有一些协议更新等等。 此版本现已提供下载: Windows Installer (64-bit) Windows Installer (32-bit) Windows PortableApps (32-bit) OS X 10.6 and later Intel 64-bit .dmg OS X 10.5 and later Intel 32-bit .dmg Source Code 此版本解决的漏洞: wnpa-sec-2015-06 The ATN-CPDLC dissector could crash. (Bug 9952)CVE-2015-2187 wnpa-sec-2015-07 The WCP dissector could crash. (Bug 10844)CVE-2015-2188 wnpa-sec-2015-08 The pcapng file parser could crash. (Bug 10895)CVE-2015-2189 wnpa-sec-2015-09 The LLDP dissector could crash. (Bug 10983)CVE-2015-2190 wnpa-sec-2015-10 The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023)CVE-2015-2191 wnpa-sec-2015-11 The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11024)CVE-2015-2192 Bug 修复: RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630) "Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849) IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006) DNS NXT RR is parsed incorrectly. (Bug 10615) IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626) IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627) HTTP chunked response includes data beyond the chunked response. (Bug 10707) DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784) Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837) Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861) X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862) Malformed Packet on rsync-version with length 2. (Bug 10863) ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872) BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873) Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877) "ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879) Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897) MEGACO wrong decoding on media port. (Bug 10898) Wrong media format. (Bug 10899) BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903) DNS LOC Precision missing units. (Bug 10940) Packets on OpenBSD loopback decoded as raw not null. (Bug 10956) Display Filter Macro unable to edit. (Bug 10957) IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961) SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964) Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976) NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998) 更多改进内容请看发行说明。 Wireshark(前称Ethereal)是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料。 网络封包分析软件的功能可想像成 "电工技师使用电表来量测电流、电压、电阻" 的工作 - 只是将场景移植到网络上,并将电线替换成网络线。 在过去,网络封包分析软件是非常昂贵,或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下,使用者 可以以免费的代价取得软件与其源代码,并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。 网络管理员使用Wireshark来检测网络问题,网络安全工程师使用Wireshark来检查资讯安全相关问题,开发者使用Wireshark来 为新的通讯协定除错,普通使用者使用Wireshark来学习网络协定的相关知识当然,有的人也会“居心叵测”的用它来寻找一些敏感信息…… Wireshark不是入侵侦测软件(Intrusion DetectionSoftware,IDS)。对于网络上的异常流量行为,Wireshark不会产生警示或是任何提示。然而,仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改,它只会反映出目前流通的封包 资讯。 Wireshark本身也不会送出封包至网络上。 Wireshark is 1.12.4 发布,网络协议检测程序下载地址