Archives For November 30, 1999

Wireshark, the most popular network protocol analyzer has reached v1.10.3. Wireshark 1.10.3 fixed lots of bugs and updated many protocols support.

This tutorial shows how to install Wireshark 1.10.3 via PPA in Ubuntu 13.10 Saucy, Ubuntu 13.04 Raring, Ubuntu 12.10 Quantal, Ubuntu 12.04 Precise, Linux Mint and their derivatives.

What’s New in Wireshark 1.10.3:

The following vulnerabilities have been fixed:

  • The IEEE 802.15.4 dissector could crash.
  • The NBAP dissector could crash. Discovered by Laurent Butti.
  • The SIP dissector could crash.
  • The OpenWire dissector could go into a large loop. Discovered by Murali.
  • The TCP dissector could crash.
    The following bugs has been fixed:

  • new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled.
  • TLS decryption fails with XMPP start_tls.
  • Wrong Interpretation of GTS starting slot.
  • “Follow TCP Stream” shows only the first HTTP req+res.
  • The value of SEND_TO_UE in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1.
  • Crash then try to delete the same entry (length range) twice.
  • Crash if wrong “packet lengths range” entered.
  • Bssgp ⇒ SGSN-INVOKE-TRACE use the wrong function…
  • Minor correction to dissection of DLR frames in Ethernet/IP dissector.
  • WebSphere MQ V7 Bug Fix 8322 TSHM_EBCDIC.
  • EDNS0 “Higher bits in extended RCODE” incorrectly decoded in packet-dns.c.
  • Files with pcap-ng Simple Packet Blocks can’t be read.
  • Bug in RTP dissector if RTP extension is present.
  • Improve “eHRPD Indicator” NVSE dissection in 3GPP2 A11 Registration Request.
  • “make debian-package” fails, missing wsicon32.xpm.
  • Fix typo in MODCOD list of DVB-S2 dissector.
  • Ring buffer crash when tshark gets too far behind dumpcap.
  • PTP Dissector Wrongfully Reports Malformed Packet.
  • Wireshark lua dissector unable to load for media_type=application/octet-stream.
  • Wireshark crash when dissecting packet with NTLMSSP.
  • Padding in uint64 field in DCERPC protocol wrongly reported.
  • DCERPC data_blobs are not correctly dissected when NDR64 encoding is used.
  • Multiple PDUs in the same DCERPC packet are not correctly decrypted.
  • The tshark summary line doesn’t display the frame number or displays it sporadically.
  • Bluetooth: SDP improvements and minor fixes.
  • Duplicate IRC header field abbreviation breaks filter (example: irc.response.command).
    Updated Protocol Support:

    3GPP2 A11, Bluetooth SDP, BSSGP, DCERPC, DCERPC NDR, DCERPC NT, DIAMETER, DNS, DVB-S2, Ethernet, EtherNet/IP, H.225, IEEE 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, PTP, RTP, SIP, TCP, WiMax, and XMPP

    Read Wireshare 1.10.3 release note.

    Install Wireshark 1.10.3:

    It’s recommended to upgrade to this version because it fixed lots of vulnerabilities and bugs that affected in versions that are available by default in Ubuntu repository.

    To get started, press Ctrl+Alt+T on your keyboard to open terminal. When it opens, run commands below one by one to install Wireshark 1.10.3 from PPA:

    sudo add-apt-repository ppa:pi-rho/security
    sudo apt-get update
    sudo apt-get install wireshark

    For Ubuntu 14.04 Trusty, the version of Wireshark is available in Ubuntu Software Center.

    wireshark 1.10.3 in ubuntu 13.10

    wireshark 1.10.3 in ubuntu 13.10