Ethereal is a free network protocol analyzer for Unix and Windows.
It allows you to examine data from a live network or from a capture file on disk.
You can interactively browse the capture data, viewing summary and detail information for each packet.
Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.
* The TCP dissector could hang or crash while reassembling HTTP packets.
(Bug 1200)
* The HTTP dissector could crash
* On some systems, the IEEE 802.11 dissector could crash
* On some systems, the LLT dissector could crash
* On Windows systems the packet list scroll bar could sometimes disappear or become unusable.
(Bug 220)
* The end of HTTP chunked encoding wasn't being displayed.
(Bug 646)
* The Follow TCP Stream window could omit characters.
(Bug 1043)
* Opening a flow graph could crash Wireshark.
(Bug 1117)
* Follow TCP Stream would sometimes get the direction wrong.
(Bug 1138)
* The foreground text in the coloring rules editor was always black.
(Bug 1164)
* The CSV export format was incorrect.
(Bug 1173)
* On some Windows systems Wireshark could take a long time to start up
* Malformed UDLD packets could cause an exception
* The ISUP statistics report could overflow a buffer and crash when displaying IPv6 addresses
* We are now offering Wireshark as a U3 package for Windows.
U3 packages are suitable for using on USB drives and CD-ROMs.
It's still experimental, but you're welcome to try it out and report any problems or successes
* Decryption support for WPA/WPA2 and SNMPv3 has been added.
The TDS / MS SQL dissector now de-obfuscates passwords
* 64-bit file handling has been improved
* The Find function now selects the corresponding packet detail item.
Find functionality has been added to the TCP and SSL stream dialogs
* Main window keyboard navigation has been improved
* Windows file dialogs now show the "places" bar (Desktop, My Documents, My Computer, My Network Places, etc).
File dialogs now default to "My Documents" in accordance with Microsoft's HIG
* AirPcap support (which provides raw mode capture under Windows) has been enhanced to allow capturing on multiple AirPcap adapters simultaneously
* You can no longer install Wireshark on Windows 95, 98, or ME.
(OK, so it's not a feature per se, but it's an important change).
The last version known to work on these systems is Ethereal 0.99.0
* ASN.1 BER-encoded files can now be dissected according to a user-specified syntax
* DMP, Homeplug (INT51X1), NBD, OMAPI, PKCS#12, RGMP, Roofnet, STUN v2
* Updated Protocol Support:
* 2dparityfec, ACN, AIM, AMR, ANSI 637, ANSI A, ANSI MAP, ARP, ASN.1 BER, ASN.1 PER, BACapp, BPDU, CAMEL, DCERPC (DCERPC, EFS, EVENTLOG, NSPI, PN-IO, WINREG), DCOM CBA, DCP, DHCP, DHCPv6, DMP, DNS, E.164, EAP, EPL, ETSI DCP, FCP, GIOP, GSM A, H.245, H.248,
* New and Updated Capture File Support:
* Catapult DCT2000, Netttl, Windows Sniffer / NetXray
|
