转载

Wireshark is 1.12.4 发布，网络协议检测程序

3月21日深圳 OSC 源创会开始报名罗，送华为海思开发板

Wireshark is 1.12.4 发布，此版本主要是 bug 修复版本，没有新特性也没有功能性改进，有一些协议更新等等。

此版本现已提供下载：

Windows Installer (64-bit)
Windows Installer (32-bit)
Windows PortableApps (32-bit)
OS X 10.6 and later Intel 64-bit .dmg
OS X 10.5 and later Intel 32-bit .dmg
Source Code

此版本解决的漏洞：

wnpa-sec-2015-06

The ATN-CPDLC dissector could crash. ( Bug 9952 ) CVE-2015-2187
wnpa-sec-2015-07

The WCP dissector could crash. ( Bug 10844 ) CVE-2015-2188
wnpa-sec-2015-08

The pcapng file parser could crash. ( Bug 10895 ) CVE-2015-2189
wnpa-sec-2015-09

The LLDP dissector could crash. ( Bug 10983 ) CVE-2015-2190
wnpa-sec-2015-10

The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. ( Bug 11023 ) CVE-2015-2191
wnpa-sec-2015-11

The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. ( Bug 11024 ) CVE-2015-2192

Bug 修复：

RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). ( Bug 2630 )
"Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. ( Bug 9849 )
IPv6 Mobility Header Link Layer Address is parsed incorrectly. ( Bug 10006 )
DNS NXT RR is parsed incorrectly. ( Bug 10615 )
IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. ( Bug 10626 )
IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. ( Bug 10627 )
HTTP chunked response includes data beyond the chunked response. ( Bug 10707 )
DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. ( Bug 10784 )
Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. ( Bug 10837 )
Little-endian OS X Bluetooth PacketLogger files aren’t handled. ( Bug 10861 )
X.509 certificate serial number incorrectly interpreted as negative number. ( Bug 10862 )
Malformed Packet on rsync-version with length 2. ( Bug 10863 )
ZigBee epoch time is incorrectly displayed in OTA cluster. ( Bug 10872 )
BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. ( Bug 10873 )
Bad bytes read for extended rnc id value in GTP dissector. ( Bug 10877 )
"ServiceChangeReasonStr" messages are not shown in txt generated by tshark. ( Bug 10879 )
Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. ( Bug 10897 )
MEGACO wrong decoding on media port. ( Bug 10898 )
Wrong media format. ( Bug 10899 )
BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). ( Bug 10903 )
DNS LOC Precision missing units. ( Bug 10940 )
Packets on OpenBSD loopback decoded as raw not null. ( Bug 10956 )
Display Filter Macro unable to edit. ( Bug 10957 )
IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. ( Bug 10961 )
SNTP server list improperly formatted in DHCPv6 packet details. ( Bug 10964 )
Juniper Packet Mirror dissector expects ipv6 flow label = 0. ( Bug 10976 )
NS Trace (NetScaler Trace) file format is not able to export specified packets. ( Bug 10998 )

更多改进内容请看发行说明。

Wireshark（前称Ethereal）是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。

网络封包分析软件的功能可想像成 "电工技师使用电表来量测电流、电压、电阻" 的工作 - 只是将场景移植到网络上，并将电线替换成网络线。在过去，网络封包分析软件是非常昂贵，或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下，使用者可以以免费的代价取得软件与其源代码，并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。

网络管理员使用Wireshark来检测网络问题，网络安全工程师使用Wireshark来检查资讯安全相关问题，开发者使用Wireshark来为新的通讯协定除错，普通使用者使用Wireshark来学习网络协定的相关知识当然，有的人也会“居心叵测”的用它来寻找一些敏感信息……

Wireshark不是入侵侦测软件（Intrusion DetectionSoftware,IDS）。对于网络上的异常流量行为，Wireshark不会产生警示或是任何提示。然而，仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改，它只会反映出目前流通的封包资讯。 Wireshark本身也不会送出封包至网络上。

Wireshark is 1.12.4 发布，网络协议检测程序