Wireshark 1.12.5 发布,网络协议检测程序

2015年05月13日 23:27 142 次阅读 来源: 开源中国 作者: 路人甲
摘要 Wireshark 1.12.5 发布,此版本主要是 bug 修复版本,没有新特性也没有功能性改进,也没有协议更新等等。此版本现已提供下载:Windows Installer 64-bitWindows Installer 32-bitWindows PortableApps 32-bitOS X 10.6 and later Intel 64-bit .dmgOS X 10.5 and late...

Wireshark 1.12.5 发布,此版本主要是 bug 修复版本,没有新特性也没有功能性改进,也没有协议更新等等。


此版本现已提供下载:


Windows Installer (64-bit)

Windows Installer (32-bit)

Windows PortableApps (32-bit)

OS X 10.6 and later Intel 64-bit .dmg

OS X 10.5 and later Intel 32-bit .dmg

Source Code

此版本解决的漏洞:


wnpa-sec-2015-12The LBMR dissector could go into an infinite loop. (Bug 11036)CVE-2015-3808CVE-2015-3809

wnpa-sec-2015-13The WebSocket dissector could recurse excessively. (Bug 10989)CVE-2015-3810

wnpa-sec-2015-14The WCP dissector could crash while decompressing data. (Bug 10978)CVE-2015-3811

wnpa-sec-2015-15The X11 dissector could leak memory. (Bug 11088)CVE-2015-3812

wnpa-sec-2015-16The packet reassembly code could leak memory. (Bug 11129)CVE-2015-3813

wnpa-sec-2015-17The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110)CVE-2015-3814

wnpa-sec-2015-18The Android Logcat file parser could crash. Discovered by Hanno Böck. (Bug 11188)CVE-2015-3815

Bug 修复:


Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)

EAPOL 4-way handshake information wrong. (Bug 10557)

RPC NULL calls incorrectly flagged as malformed. (Bug 10646)

Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)

Buffer overrun in encryption code. (Bug 10849)

Crash when use Telephony / Voip calls. (Bug 10885)

ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)

ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)

Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)

Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)

Possible infinite loop DoS in ForCES dissector. (Bug 11037)

"Decode As…" crashes when a packet dialog is open. (Bug 11043)

Interface Identifier incorrectly represented by Wireshark. (Bug 11053)

"Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)

Annoying popup when trying to capture on bonds. (Bug 11058)

Request-response cross-reference in USB URB packets incorrect. (Bug 11072)

Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)

CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)

Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)

packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)

Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)

Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)

Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)

更多改进内容请看发行页面。


Wireshark(前称Ethereal)是一个网络封包分析软件。网络封包分析软件的功能是撷取网络封包,并尽可能显示出最为详细的网络封包资料。


网络封包分析软件的功能可想像成 "电工技师使用电表来量测电流、电压、电阻" 的工作 - 只是将场景移植到网络上,并将电线替换成网络线。 在过去,网络封包分析软件是非常昂贵,或是专门属于营利用的软件。Ethereal的出现改变了这一切。在GNUGPL通用许可证的保障范围底下,使用者 可以以免费的代价取得软件与其源代码,并拥有针对其源代码修改及客制化的权利。Ethereal是目前全世界最广泛的网络封包分析软件之一。


网络管理员使用Wireshark来检测网络问题,网络安全工程师使用Wireshark来检查资讯安全相关问题,开发者使用Wireshark来 为新的通讯协定除错,普通使用者使用Wireshark来学习网络协定的相关知识当然,有的人也会“居心叵测”的用它来寻找一些敏感信息……


Wireshark不是入侵侦测软件(Intrusion DetectionSoftware,IDS)。对于网络上的异常流量行为,Wireshark不会产生警示或是任何提示。然而,仔细分析 Wireshark撷取的封包能够帮助使用者对于网络行为有更清楚的了解。Wireshark不会对网络封包产生内容的修改,它只会反映出目前流通的封包 资讯。 Wireshark本身也不会送出封包至网络上。

还可以输入136 讨论区:
评 论