Wireshark 1.12.5 發布，網絡協議檢測程序

Wireshark 1.12.5 發布，此版本主要是 bug 修復版本，沒有新特性也沒有功能性改進，也沒有協議更新等等。

此版本現已提供下載：

• Windows Installer (64-bit)

• Windows Installer (32-bit)

• Windows PortableApps (32-bit)

• OS X 10.6 and later Intel 64-bit .dmg

• OS X 10.5 and later Intel 32-bit .dmg

• Source Code

此版本解決的漏洞：

• wnpa-sec-2015-12

  The LBMR dissector could go into an infinite loop. (Bug 11036)CVE-2015-3808CVE-2015-3809

• wnpa-sec-2015-13

  The WebSocket dissector could recurse excessively. (Bug 10989)CVE-2015-3810

• wnpa-sec-2015-14

  The WCP dissector could crash while decompressing data. (Bug 10978)CVE-2015-3811

• wnpa-sec-2015-15

  The X11 dissector could leak memory. (Bug 11088)CVE-2015-3812

• wnpa-sec-2015-16

  The packet reassembly code could leak memory. (Bug 11129)CVE-2015-3813

• wnpa-sec-2015-17

  The IEEE 802.11 dissector could go into an infinite loop. (Bug 11110)CVE-2015-3814

• wnpa-sec-2015-18

  The Android Logcat file parser could crash. Discovered by Hanno B?ck. (Bug 11188)CVE-2015-3815

Bug 修復：

• Wireshark crashes if "Update list of packets in real time" is disabled and a display filter is applied while capturing. (Bug 6217)

• EAPOL 4-way handshake information wrong. (Bug 10557)

• RPC NULL calls incorrectly flagged as malformed. (Bug 10646)

• Wireshark relative ISN set incorrectly if raw ISN set to 0. (Bug 10713)

• Buffer overrun in encryption code. (Bug 10849)

• Crash when use Telephony / Voip calls. (Bug 10885)

• ICMP Parameter Problem message contains Length of original datagram is treated as the total IPv4 length. (Bug 10991)

• ICMP Redirect takes 4 bytes for IPv4 payload instead of 8. (Bug 10992)

• Missing field "tcp.pdu.size" in TCP stack. (Bug 11007)

• Sierra EM7345 marks MBIM packets as NCM. (Bug 11018)

• Possible infinite loop DoS in ForCES dissector. (Bug 11037)

• "Decode As…" crashes when a packet dialog is open. (Bug 11043)

• Interface Identifier incorrectly represented by Wireshark. (Bug 11053)

• "Follow UDP Stream" on mpeg packets crashes wireshark v.1.12.4 (works fine on v.1.10.13). (Bug 11055)

• Annoying popup when trying to capture on bonds. (Bug 11058)

• Request-response cross-reference in USB URB packets incorrect. (Bug 11072)

• Right clicking in Expert Infos to create a filter (duplicate IP) results in invalid filters. (Bug 11073)

• CanOpen dissector fails on frames with RTR and 0 length. (Bug 11083)

• Typo in secp521r1 curve wrongly identified as sect521r1. (Bug 11106)

• packet-zbee-zcl.h: IS_ANALOG_SUBTYPE doesn’t filter ENUM. (Bug 11120)

• Typo: "LTE Positioning Protocol" abbreviated as "LPP", not "LLP". (Bug 11141)

• Missing Makefile.nmake in ansi1/Kerberos directory. (Bug 11155)

• Can’t build tshark without the Qt packages installed unless --without-qt is specified. (Bug 11157)

更多改進內容請看發行頁面。

Wireshark（前稱Ethereal）是一個網絡封包分析軟件。網絡封包分析軟件的功能是擷取網絡封包，并盡可能顯示出最為詳細的網絡封包資料。

網絡封包分析軟件的功能可想像成 "電工技師使用電表來量測電流、電壓、電阻" 的工作 - 只是將場景移植到網絡上，并將電線替換成網絡線。 在過去，網絡封包分析軟件是非常昂貴，或是專門屬于營利用的軟件。Ethereal的出現改變了這一切。在GNUGPL通用許可證的保障范圍底下，使用者 可以以免費的代價取得軟件與其源代碼，并擁有針對其源代碼修改及客制化的權利。Ethereal是目前全世界最廣泛的網絡封包分析軟件之一。

網絡管理員使用Wireshark來檢測網絡問題，網絡安全工程師使用Wireshark來檢查資訊安全相關問題，開發者使用Wireshark來 為新的通訊協定除錯，普通使用者使用Wireshark來學習網絡協定的相關知識當然，有的人也會“居心叵測”的用它來尋找一些敏感信息……

Wireshark不是入侵偵測軟件（Intrusion DetectionSoftware,IDS）。對于網絡上的異常流量行為，Wireshark不會產生警示或是任何提示。然而，仔細分析 Wireshark擷取的封包能夠幫助使用者對于網絡行為有更清楚的了解。Wireshark不會對網絡封包產生內容的修改，它只會反映出目前流通的封包 資訊。 Wireshark本身也不會送出封包至網絡上。