转载

Wireshark 1.12.5 发布，网络协议检测程序

5月23日西安 OSC 源创会开始报名啦，存储、虚拟机、Docker 等干货分享

Wireshark 1.12.5 发布，此版本主要是 bug 修复版本，没有新特性也没有功能性改进，也没有协议更新等等。

此版本现已提供下载：

Windows Installer (64-bit)
Windows Installer (32-bit)
Windows PortableApps (32-bit)
OS X 10.6 and later Intel 64-bit .dmg
OS X 10.5 and later Intel 32-bit .dmg
Source Code

此版本解决的漏洞：

wnpa-sec-2015-12

The LBMR dissector could go into an infinite loop. ( Bug 11036 ) CVE-2015-3808 CVE-2015-3809
wnpa-sec-2015-13

The WebSocket dissector could recurse excessively. ( Bug 10989 ) CVE-2015-3810
wnpa-sec-2015-14

The WCP dissector could crash while decompressing data. ( Bug 10978 ) CVE-2015-3811
wnpa-sec-2015-15

The X11 dissector could leak memory. ( Bug 11088 ) CVE-2015-3812
wnpa-sec-2015-16

The packet reassembly code could leak memory. ( Bug 11129 ) CVE-2015-3813
wnpa-sec-2015-17

The IEEE 802.11 dissector could go into an infinite loop. ( Bug 11110 ) CVE-2015-3814
wnpa-sec-2015-18

The Android Logcat file parser could crash. Discovered by Hanno Böck. ( Bug 11188 ) CVE-2015-3815

Bug 修复：

Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. ( Bug 6217 )
EAPOL 4-way handshake information wrong. ( Bug 10557 )
RPC NULL calls incorrectly flagged as malformed. ( Bug 10646 )
Wireshark relative ISN set incorrectly if raw ISN set to 0. ( Bug 10713 )
Buffer overrun in encryption code. ( Bug 10849 )
Crash when use Telephony / Voip calls. ( Bug 10885 )
ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. ( Bug 10991 )
ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. ( Bug 10992 )
Missing field "tcp.pdu.size" in TCP stack. ( Bug 11007 )
Sierra EM7345 marks MBIM packets as NCM. ( Bug 11018 )
Possible infinite loop DoS in ForCES dissector. ( Bug 11037 )
"Decode As…" crashes when a packet dialog is open. ( Bug 11043 )
Interface Identifier incorrectly represented by Wireshark. ( Bug 11053 )
"Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). ( Bug 11055 )
Annoying popup when trying to capture on bonds. ( Bug 11058 )
Request-response cross-reference in USB URB packets incorrect. ( Bug 11072 )
Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. ( Bug 11073 )
CanOpen dissector fails on frames with RTR and 0 length. ( Bug 11083 )
Typo in secp521r1 curve wrongly identified as sect521r1. ( Bug 11106 )
packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. ( Bug 11120 )
Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". ( Bug 11141 )
Missing Makefile.nmake in ansi1/Kerberos directory. ( Bug 11155 )
Can’t build tshark without the Qt packages installed unless --without-qt is specified. ( Bug 11157 )

更多改进内容请看发行页面。

Wireshark（前称Ethereal）是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。

网络封包分析软件的功能可想像成 "电工技师使用电表来量测电流、电压、电阻" 的工作 - 只是将场景移植到网络上，并将电线替换成网络线。在过去，网络封包分析软件是非常昂贵，或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下，使用者可以以免费的代价取得软件与其源代码，并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。

网络管理员使用Wireshark来检测网络问题，网络安全工程师使用Wireshark来检查资讯安全相关问题，开发者使用Wireshark来为新的通讯协定除错，普通使用者使用Wireshark来学习网络协定的相关知识当然，有的人也会“居心叵测”的用它来寻找一些敏感信息……

Wireshark不是入侵侦测软件（Intrusion DetectionSoftware,IDS）。对于网络上的异常流量行为，Wireshark不会产生警示或是任何提示。然而，仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改，它只会反映出目前流通的封包资讯。 Wireshark本身也不会送出封包至网络上。

Wireshark 1.12.5 发布，网络协议检测程序