to include capture, name resolution, and window geometry settings. It is
now possible to search for all fields in GIOP messages. You can now build
display filters on the fly by right-clicking on tree view items.
Additionally, protocol hierarchy statistics display and MacOS X capture
timeout bugs have been fixed.
The idl2eth utility now handles CORBA IDL recursive unions and structs and
the text2pcap utility also received updates, including SCTP support.
New dissectors include DHCPv6, DLSw, IAPP, SCSI, SPOOLSS RPC, SliMP3, and
TSP. Dissectors receiving updates include AFS, AIM, Auto-RP, BGP, BOOTP,
DCE RPC, DIAMETER, FDDI, GTP, H.261, HMIPv6, IS-IS, iSCSI, ISUP, LDAP,
M3UA, MIP, MMSE, MTP3, NBNS, NCP, NDMP, NFS, ONC RPC, PIM, PPP, PPP,
Q.931, RPC, RSVP, RTCP, SCTP, SDP, SIP, SMB/CIFS, SSL, STAT, Syslog, TCP,
TNS, VJ, WTP, and ypbind.
Support for WildPackets' AiroPeek and OpenBSD pflog capture file formats
have been added (you can read pflog data from a file, or directly from the
logging interface). Support for the DBS Etherwatch, EtherPeek, NetMon,
and VMS TCPIPtrace formats has been enhanced.
--
Several new features have been added, including TCP graphs and ring buffer
captures. The SMB dissector was completely rewritten and many enhancements
were made to the user interface. The text2pcap utility can now handle a
broader range of input data formats. The developer documentation also
received many updates. Bug fixes include a workaround for an SNMP bug
present several Linux distributions.
Many dissectors were enhanced. Support for the following protocols was
added:
EAPOL
M2TP
MS RPC
MTP2
PCNFSD
PPP/EAPOL
QLLC
SMPP
SUA
Support for DBS Etherwatch, Visual Networks Visual UpTime, and VMS
TCPIPtrace capture files was added. Ascend/Lucent debug Etherpeek,
iptrace and MS Netmon capture file support was enhanced.
Enhancements were made to many dissectors. In particular, the SMB, DCE
RPC, PPP, and GIOP dissectors had major updates.
New dissectors include:
CosEventComm
Quake 3 Arena
GMRP
GTP
HMIPv6
OSPFv3
MMSE
UCP
Skinny Client Control Protocol
--
New dissectors include SUA Light, HCLNFSD, Rquota. Many other dissectors were
updated and bug-fixed. The wiretap library can now read Etherpeek files,
and write NetMon 2.x files. Capture filters and display filters are kept in
separate dialogues/files to help minimize confusion. A new "Decode As"
feature allows some run-time configuration of which dissectors are called
for a particular packet. You can now click on a byte in the hex dump and the
appropriate field in the protocol tree will be selected. The display filter
code was re-written, and some syntax changed (esp. for boolean variables).
Ethereal 0.8.15 has one of the biggest GUI changes in recent history;
display filters can now be constructed via an easy-to-use point-and-click
interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25
over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC,
Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation
Layer. Many other dissectors and core features were improved, and bugs
were squashed. The wiretap library can now read Sniffer Frame Relay files.
Capturing supports the "any" pseudo-device on Linux if you use libpcap 0.6
from www.tcpdump.org.
--
Besides the new dissectors (WAP, SIP, AIM/OSCAR, GIOP 1.2, 802.11)
and updates to many many dissectors, an exploit for a buffer overrun
in the AFS dissector has been patched. Please upgrade to 0.8.14 as soon
as possible to guard against this exploit, which was announced
this weekend in BugTraq.
--
New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were
re-written, and many other dissectors were updated and improved.
The wiretap library enables Ethereal to read Nokia-firewall tcpdump
files, Shomiti Surveyor 3.x files, pppd log files (pppdump format),
and NetXRay ATM files.
Release notes from the authors:
The dissectors for RTP, IP, ISAKMP, ICMP, SMB, SMB-PIPE, VTP, SNMPv3,
Ethernet, GRE, EIGRP, DHCP, IPX, X.25, RSVP, and L2TP have been updated,
fixed, or otherwise modified. Ethereal has new dissectors for Mobile IP
and COPS.
Internally, the dissector API has changed in order to catch more errors
at compile time and to guard against segfaulting when dissecting
short packets. The Ethereal team has to convert all the existing dissectors
to make use of the new API; that is a work in progress. If you have
your own dissector, you should consider converting it to this new API
as soon as possible. Read the doc/README.tvbuff file for information,
and be sure to subscribe to the ethereal-dev mailing list.
The Wiretap library can now read compressed Sniffer files,
allowing Ethereal, Tethereal, and Editcap to do so too. You'll also find
a few minor but helpful GUI tweaks in this version of Ethereal.
Change summary
--------------
In Ethereal 0.8.7 we have fixed a display bug affecting boolean flags
in bitfields that was introduced in 0.8.5. The DNS dissector avoids the
zlip DNS Denial-of-Service exploit. Dissectors for rlogin and SOCKS
4 and 5 were added. Other updated dissectors include SMB, BGP, LLC,
OSI CLNP, and ISIS.
