WireShark is the most popular network protocol analyzer. Admins use it mostly for troubleshooting, developers for testing new protocols, and it’s also a very good tool for educational purpose.
But, like all software in the world, it contains bugs. if you use the version 2.2.1, you may have found some problem, but even if don’t, you should be glad to know that the team released an update, porting WireShark at 2.2.2 version and bringing 30 security and bug fixes.
Bugfixes
Following, the complete list of bug fixes:
- TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN true.
- TCP: nextseq incorrect if TCP_MAX_UNACKED_SEGMENTS exceeded & FIN true.
- dmg for OS X does not install man pages.
- Fails to compile against Heimdal 1.5.3.
- TCP: Next sequence number off by one when sending payload in SYN packet (e.g. TFO).
- Follow TCP Stream shows duplicate stream data.
- Dissection engine falsely asserts that EIGRP packet’s checksum is incorrect.
- IEEE 802.15.4 frames erroneously handed over to ZigBee dissector.
- Capture Filter Bookmark Inactive in Capture Options page.
- CLNP dissector does not parse ER NPDU properly.
- SNMP trap bindings for NON scalar OIDs.
- BGP LS Link Protection Type TLV (1093) decoding.
- Application crash sorting column for tcp.window_size_scalefactor up and down.
- ZigBee Green Power add key during execution.
- Malformed AMPQ packets for session.expected and session.confirmed fields.
- Wireshark 2.2.1 crashes when attempting to merge pcap files.
- [IS-637A] SMS – Teleservice layer parameter -→ IA5 encoded text is not correctly displayed.
- Failure to dissect USB Audio feature unit descriptors missing the iFeature field.
- MSISDN not populated/decoded in JSON GTP-C decoding.
- E212: 3 digits MNC are identified as 2 digits long if they end with a 0.
- Exception with last unknown Cisco AVP available in a SCCRQ message.
- TShark stalls on FreeBSD if androiddump is present.
- Dissector skips DICOM command.
- UUID (FT_GUID) filtering isn’t working.
- Manufacturer name resolution fail.
- packet-sdp.c allocates transport_info→encoding_name from wrong memory pool.
- Payload type name for dynamic payload is wrong for reverse RTP channels.
Not only fixing bug
Along with these important fixes, WireShark 2.2.2 introduces also updates in 6LoWPAN, AllJoyn, AMPQ, ANSI IS-637 A, BGP, CLNP, DCERPC, DICOM, DTN, E.212, EIGRP, ERF, GVSP, IEEE 802.11, IEEE 802.15.4, IP, ISO-8583, Kerberos, L2TP, LACP, MAC LTE, OpenFlow, Profinet I/O, RTPS, SCTP, SDP, Skype, SMPP, SNA, SNMP, SPNEGO, TCP, USB Audio, XML, and ZigBee protocols support.
Getting WireShark
So, if you need WireShark (and maybe you do), this is a “must-have” update.
Installation packages and source code can be found at the official website download page.