--
New dissectors include SUA Light, HCLNFSD, Rquota. Many other dissectors were
updated and bug-fixed. The wiretap library can now read Etherpeek files,
and write NetMon 2.x files. Capture filters and display filters are kept in
separate dialogues/files to help minimize confusion. A new "Decode As"
feature allows some run-time configuration of which dissectors are called
for a particular packet. You can now click on a byte in the hex dump and the
appropriate field in the protocol tree will be selected. The display filter
code was re-written, and some syntax changed (esp. for boolean variables).
Ethereal 0.8.15 has one of the biggest GUI changes in recent history;
display filters can now be constructed via an easy-to-use point-and-click
interface. Protocol dissectors now exist for: NFSv4, Mobile IPv6, X.25
over TCP, LAPBETHER, DEC LANBridge Spanning Tree Protocol, X.25 over LLC,
Frame Relay, MTP3 User Adaptation Layer, and ISDN Q.921 User Adaptation
Layer. Many other dissectors and core features were improved, and bugs
were squashed. The wiretap library can now read Sniffer Frame Relay files.
Capturing supports the "any" pseudo-device on Linux if you use libpcap 0.6
from www.tcpdump.org.
--
Besides the new dissectors (WAP, SIP, AIM/OSCAR, GIOP 1.2, 802.11)
and updates to many many dissectors, an exploit for a buffer overrun
in the AFS dissector has been patched. Please upgrade to 0.8.14 as soon
as possible to guard against this exploit, which was announced
this weekend in BugTraq.
--
New dissectors include H.261, TPKT, and IGRP. RTP and RTCP were
re-written, and many other dissectors were updated and improved.
The wiretap library enables Ethereal to read Nokia-firewall tcpdump
files, Shomiti Surveyor 3.x files, pppd log files (pppdump format),
and NetXRay ATM files.
Release notes from the authors:
The dissectors for RTP, IP, ISAKMP, ICMP, SMB, SMB-PIPE, VTP, SNMPv3,
Ethernet, GRE, EIGRP, DHCP, IPX, X.25, RSVP, and L2TP have been updated,
fixed, or otherwise modified. Ethereal has new dissectors for Mobile IP
and COPS.
Internally, the dissector API has changed in order to catch more errors
at compile time and to guard against segfaulting when dissecting
short packets. The Ethereal team has to convert all the existing dissectors
to make use of the new API; that is a work in progress. If you have
your own dissector, you should consider converting it to this new API
as soon as possible. Read the doc/README.tvbuff file for information,
and be sure to subscribe to the ethereal-dev mailing list.
The Wiretap library can now read compressed Sniffer files,
allowing Ethereal, Tethereal, and Editcap to do so too. You'll also find
a few minor but helpful GUI tweaks in this version of Ethereal.
Change summary
--------------
In Ethereal 0.8.7 we have fixed a display bug affecting boolean flags
in bitfields that was introduced in 0.8.5. The DNS dissector avoids the
zlip DNS Denial-of-Service exploit. Dissectors for rlogin and SOCKS
4 and 5 were added. Other updated dissectors include SMB, BGP, LLC,
OSI CLNP, and ISIS.
