Wireshark is 1.12.4发布,网络协议检测程序

Wireshark is 1.12.4 发布，此版本主要是 bug 修复版本，没有新特性也没有功能性改进，有一些协议更新等等。

此版本现已提供下载：

• Windows Installer (64-bit)

• Windows Installer (32-bit)

• Windows PortableApps (32-bit)

• OS X 10.6 and later Intel 64-bit .dmg

• OS X 10.5 and later Intel 32-bit .dmg

• Source Code
  

此版本解决的漏洞：

• wnpa-sec-2015-06

  The ATN-CPDLC dissector could crash. (Bug 9952)CVE-2015-2187

• wnpa-sec-2015-07

  The WCP dissector could crash. (Bug 10844)CVE-2015-2188

• wnpa-sec-2015-08

  The pcapng file parser could crash. (Bug 10895)CVE-2015-2189

• wnpa-sec-2015-09

  The LLDP dissector could crash. (Bug 10983)CVE-2015-2190

• wnpa-sec-2015-10

  The TNEF dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11023)CVE-2015-2191

• wnpa-sec-2015-11

  The SCSI OSD dissector could go into an infinite loop. Discovered by Vlad Tsyrklevich. (Bug 11024)CVE-2015-2192

Bug 修复：

• RTP player crashes on decode of long call: BadAlloc (insufficient resources for operation). (Bug 2630)

• "Telephony→SCTP→Analyse This Association" crashes Wireshark on manufactured SCTP packet. (Bug 9849)

• IPv6 Mobility Header Link Layer Address is parsed incorrectly. (Bug 10006)

• DNS NXT RR is parsed incorrectly. (Bug 10615)

• IPv6 AUTH mobility option parses Mobility SPI and Authentication Data incorrectly. (Bug 10626)

• IPv6 Mobility Header Link-Layer Address Mobility Option is parsed incorrectly. (Bug 10627)

• HTTP chunked response includes data beyond the chunked response. (Bug 10707)

• DHCP Option 125 Suboption: (1) option-len always expects 1 but specification allows for more. (Bug 10784)

• Incorrect decoding of IPv4 Interface/Neighbor Address sub-TLVs in Extended IS Reachability TLV of IS-IS. (Bug 10837)

• Little-endian OS X Bluetooth PacketLogger files aren’t handled. (Bug 10861)

• X.509 certificate serial number incorrectly interpreted as negative number. (Bug 10862)

• Malformed Packet on rsync-version with length 2. (Bug 10863)

• ZigBee epoch time is incorrectly displayed in OTA cluster. (Bug 10872)

• BGP EVPN - Route Type 4 - "Invalid length of IP Address" - "Expert Info" shows a false error. (Bug 10873)

• Bad bytes read for extended rnc id value in GTP dissector. (Bug 10877)

• "ServiceChangeReasonStr" messages are not shown in txt generated by tshark. (Bug 10879)

• Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI. (Bug 10897)

• MEGACO wrong decoding on media port. (Bug 10898)

• Wrong media format. (Bug 10899)

• BSSGP Status PDU decoding fault (missing Mandatory element (0x04) BVCI for proper packet). (Bug 10903)

• DNS LOC Precision missing units. (Bug 10940)

• Packets on OpenBSD loopback decoded as raw not null. (Bug 10956)

• Display Filter Macro unable to edit. (Bug 10957)

• IPv6 Local Mobility Anchor Address mobility option code is treated incorrectly. (Bug 10961)

• SNTP server list improperly formatted in DHCPv6 packet details. (Bug 10964)

• Juniper Packet Mirror dissector expects ipv6 flow label = 0. (Bug 10976)

• NS Trace (NetScaler Trace) file format is not able to export specified packets. (Bug 10998)

更多改进内容请看发行说明。

Wireshark（前称Ethereal）是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包，并尽可能显示出最为详细的网络封包资料。

网络封包分析软件的功能可想像成 "电工技师使用电表来量测电流、电压、电阻" 的工作 - 只是将场景移植到网络上，并将电线替换成网络线。 在过去，网络封包分析软件是非常昂贵，或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下，使用者 可以以免费的代价取得软件与其源代码，并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。

网络管理员使用Wireshark来检测网络问题，网络安全工程师使用Wireshark来检查资讯安全相关问题，开发者使用Wireshark来 为新的通讯协定除错，普通使用者使用Wireshark来学习网络协定的相关知识当然，有的人也会“居心叵测”的用它来寻找一些敏感信息……

Wireshark不是入侵侦测软件（Intrusion DetectionSoftware,IDS）。对于网络上的异常流量行为，Wireshark不会产生警示或是任何提示。然而，仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改，它只会反映出目前流通的封包 资讯。 Wireshark本身也不会送出封包至网络上。