./net/wireshark, Network protocol analyzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.6.0nb1, Package name: wireshark-2.6.0nb1, Maintainer: pkgsrc-users

Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.

This package tracks version 2 stable branch.

Required to run:
[sysutils/desktop-file-utils] [graphics/hicolor-icon-theme] [security/gnutls] [security/libgcrypt] [devel/glib2] [devel/libsmi] [devel/pcre] [lang/lua52] [x11/qt5-qtx11extras] [x11/qt5-qttools]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [lang/python27] [pkgtools/cwrappers] [x11/xorgproto]

Package options: lua, qt5

Master sites:

SHA1: d1f53751c5b24d6b1695117fb396a6b202e88451
RMD160: 4eb1a446dabff8f452737ea22bfc341a3be89a3f
Filesize: 27651.238 KB

Version history: (Expand)

CVS history: (Expand)

   2018-05-04 01:02:39 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
wireshark: reduce dependencies.

Addresses PR 53256 by martin@

   2018-04-29 14:15:37 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
wireshark: update to 2.6.0.

Switch default GUI from gtk3 to qt5. See What's New below for "why".

 What’s New

  Wireshark 2.6 is the last release that will support the legacy (GTK+)
  user interface. It will not be supported or available in Wireshark

  Many user interface improvements have been made. See the “New and
  Updated Features” section below for more details.

  Bug Fixes

   The following bugs have been fixed:

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.5.0:

     • HTTP Request sequences are now supported.

     • Wireshark now supports MaxMind DB files. Support for GeoIP and
       GeoLite Legacy databases has been removed.

     • The Windows packages are now built using Microsoft Visual Studio

     • The IP map feature (the “Map” button in the “Endpoints” dialog)
       has been removed.

   The following features are new (or have been significantly updated)
   since version 2.4.0:

     • Display filter buttons can now be edited, disabled, and removed
       via a context menu directly from the toolbar

     • Drag & Drop filter fields to the display filter toolbar or edit
       to create a button on the fly or apply the filter as a display

     • Application startup time has been reduced.

     • Some keyboard shortcut mix-ups have been resolved by assigning
       new shortcuts to Edit → Copy methods.

     • TShark now supports color using the --color option.

     • The "matches" display filter operator is now case-insensitive.

     • Display expression (button) preferences have been converted to a
       UAT. This puts the display expressions in their own file.
       Wireshark still supports preference files that contain the old
       preferences, but new preference files will be written without the
       old fields.

     • SMI private enterprise numbers are now read from the
       “enterprises.tsv” configuration file.

     • The QUIC dissector has been renamed to Google QUIC (quic →

     • The selected packet number can now be shown in the Status Bar by
       enabling Preferences → Appearance → Layout → Show selected packet

     • File load time in the Status Bar is now disabled by default and
       can be enabled in Preferences → Appearance → Layout → Show file
       load time.

     • Support for the G.729A codec in the RTP Player is now added via
       the bcg729 library.

     • Support for hardware-timestamping of packets has been added.

     • Improved NetMon .cap support with comments, event tracing,
       network filter, network info types and some Message Analyzer
       exported types.

     • The personal plugins folder on Linux/Unix is now

     • TShark can print flow graphs using -z flow…

     • Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
       SHA1. MD5 output has been removed.

     • The packet editor has been removed. (This was a GTK+ only
       experimental feature.)

     • Support BBC micro:bit Bluetooth profile

     • The Linux and UNIX installation step for Wireshark will now
       install headers required to build plugins. A pkg-config file is
       provided to help with this (see “doc/plugins.example” for
       details). Note you must still rebuild all plugins between minor
       releases (X.Y).

     • The Windows installers and packages now ship with Qt 5.9.4.

     • The generic data dissector can now uncompress zlib compressed

     • DNS Stats now supports service level statistics.

     • DNS filters for retransmissions and unsolicited responses have
       been added.

     • The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero
       window advertisements.

     • The membership operator now supports ranges, allowing display
       filters such as tcp.port in {4430..4434} to be expressed. See the
       User’s Guide, chapter Building display filter expressions for

  New Protocol Support

   ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling),
   AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags
   (Broadcom Ethernet switch management frames), CAN-ETH, CVS password
   server, Excentis DOCSIS31 XRA header, F1 Application Protocol,
   F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High
   Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for
   Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br
   Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
   Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol
   (UDP), Network Functional Application Platform Interface (NFAPI)
   Protocol, New Radio Radio Link Control protocol, New Radio Radio
   Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer
   Protocol, Object Security for Constrained RESTful Environments
   (OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf
   (Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect
   Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring
   protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP
   and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Microsoft Network Monitor

  New and Updated Capture Interfaces support

   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
   2018-04-17 12:29:06 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
wireshark: update to 2.4.6.

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2018-15
       The MP4 dissector could crash. ([2]Bug 13777)
     * [3]wnpa-sec-2018-16
       The ADB dissector could crash. ([4]Bug 14460)
     * [5]wnpa-sec-2018-17
       The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
     * [7]wnpa-sec-2018-18
       The NBAP dissector could crash. ([8]Bug 14471)
     * [9]wnpa-sec-2018-19
       The VLAN dissector could crash. ([10]Bug 14469)
     * [11]wnpa-sec-2018-20
       The LWAPP dissector could crash. ([12]Bug 14467)
     * [13]wnpa-sec-2018-21
       The TCP dissector could crash. ([14]Bug 14472)
     * [15]wnpa-sec-2018-22
       The CQL dissector could to into an infinite loop. ([16]Bug 14530)
     * [17]wnpa-sec-2018-23
       The Kerberos dissector could crash. ([18]Bug 14576)
     * [19]wnpa-sec-2018-24
       Multiple dissectors and other modules could leak memory. The TN3270
       ([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
       ([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
       multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
       14488) dissectors were susceptible along with Wireshark and TShark
       ([29]Bug 14489).

   The following bugs have been fixed:
     * TRANSUM doesn't account for DNS retries in the Request Spread.
       ([30]Bug 14210)
     * BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not
       able to decode the packet correctly. ([31]Bug 14241)
     * Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes
       in later releases. ([32]Bug 14293)
     * PEEKREMOTE dissector lacks 80mhz support, short preamble support
       and spatial streams encoding. ([33]Bug 14452)
     * Statistics > UDP Multicast Streams > [Copy|Save as..] is broken.
       ([34]Bug 14477)
     * Typo error in enumeration value of speech version identifier.
       ([35]Bug 14528)
     * In "Unsaved packets" dialog one can NOT use keyboard to choose
       "Continue without Saving". ([36]Bug 14531)
     * WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ([37]Bug

     * Buildbot crash output: fuzz-2018-03-19-19114.pcap. ([38]Bug 14544)
     * alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion.
       ([39]Bug 14552)
     * HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ([40]Bug
     * Makefile.in uses non-portable "install" command. ([41]Bug 14555)
     * HP-UX HP ANSI C doesn't support assigning {} to a variable in
       epan/app_mem_usage.c. ([42]Bug 14556)
     * PPP in SSTP, HDLC framing not parsed properly. ([43]Bug 14559)
     * Using the DIAMETER dictionary causes the standard input to be
       closed when the dictionary is read. ([44]Bug 14577)

  Updated Protocol Support

   802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD,
   SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP
   2018-04-16 16:35:28 by Thomas Klausner | Files touched by this commit (1284)
Log message:
Recursive bump for new fribidi dependency in pango.
   2018-04-14 09:34:46 by Adam Ciarcinski | Files touched by this commit (681) | Package updated
Log message:
revbump after icu update
   2018-03-12 12:18:01 by Thomas Klausner | Files touched by this commit (2155)
Log message:
Recursive bumps for fontconfig and libzip dependency changes.
   2018-02-25 22:35:42 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
wireshark: update to 2.4.5.

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2018-05
       The IEEE 802.11 dissector could crash. [2]Bug 14442,
     * [4]wnpa-sec-2018-06
       Multiple dissectors could go into large infinite loops. All ASN.1
       BER dissectors ([5]Bug 14444), along with the DICOM ([6]Bug 14411),
       DMP ([7]Bug 14408), LLTD ([8]Bug 14419), OpenFlow ([9]Bug 14420),
       RELOAD ([10]Bug 14445), RPCoRDMA ([11]Bug 14449), RPKI-Router
       ([12]Bug 14414), S7COMM ([13]Bug 14423), SCCP ([14]Bug 14413),
       Thread ([15]Bug 14428), Thrift ([16]Bug 14379), USB ([17]Bug
       14421), and WCCP ([18]Bug 14412) dissectors were susceptible.
     * [19]wnpa-sec-2018-07
       The UMTS MAC dissector could crash. [20]Bug 14339,
     * [22]wnpa-sec-2018-08
       The DOCSIS dissector could crash. [23]Bug 14446, [24]CVE-2018-7337
     * [25]wnpa-sec-2018-09
       The FCP dissector could crash. [26]Bug 14374, [27]CVE-2018-7336
     * [28]wnpa-sec-2018-10
       The SIGCOMP dissector could crash. [29]Bug 14398, [30]CVE-2018-7320
     * [31]wnpa-sec-2018-11
       The pcapng file parser could crash. [32]Bug 14403,
     * [34]wnpa-sec-2018-12
       The IPMI dissector could crash. [35]Bug 14409, [36]CVE-2018-7417
     * [37]wnpa-sec-2018-13
       The SIGCOMP dissector could crash. [38]Bug 14410, [39]CVE-2018-7418
     * [40]wnpa-sec-2018-14
       The NBAP disssector could crash. [41]Bug 14443, [42]CVE-2018-7419

   The following bugs have been fixed:
     * Change placement of "double chevron" in Filter Toolbar to eliminate
       overlap. ([43]Bug 14121)
     * AutoScroll does not work. ([44]Bug 14257)
     * BOOTP/DHCP: malformed packet -> when user class option (77) is
       present. ([45]Bug 14312)
     * GET MAX LUN wLength decoded as big-endian - USB Mass Storage.
       ([46]Bug 14360)
     * Unable to create Filter Expression Button for a yellow filter.
       ([47]Bug 14369)
     * Buildbot crash output: fuzz-2018-01-28-15874.pcap. ([48]Bug 14371)
     * NetScaler RPC segmentation fault / stack overflow. ([49]Bug 14399)
     * [oss-fuzz] #6028 RPC_NETLOGON: Direct-leak in g_malloc
       (generate_hash_key). ([50]Bug 14407)
     * Newline "\n" in packet list field increase line height for all
       rows. ([51]Bug 14424)
     * ieee80211-radio.c preamble duration calculation not correct.
       ([52]Bug 14439)
     * DIS: Malformed packet in SISO-STD-002 transmitter. ([53]Bug 14441)

  Updated Protocol Support

   FCP, GSM A RR, HSRP, IAX2, IEEE 802.11, Infiniband, IPMI, IPv6, LDAP,
   LLTD, NBAP, NetScaler RPC, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router,
   Storage, and WCCP

  New and Updated Capture File Support

   pcap pcapng