./net/wireshark, Network protocol analyzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.1, Package name: wireshark-2.2.1, Maintainer: pkgsrc-users

Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.

This package tracks version 2 stable branch.

Required to run:
[sysutils/desktop-file-utils] [graphics/hicolor-icon-theme] [security/gnutls] [security/libgcrypt] [devel/glib2] [devel/libsmi] [devel/pcre] [x11/gtk3] [lang/lua52]

Required to build:
[pkgtools/x11-links] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [lang/python27]

Package options: gtk3, lua

Master sites:

SHA1: fe07ab3582f39111ce5c78f5de6f44a8667000ac
RMD160: 46214dad4b4ac3b9f1f3f8fc95192d0cc1e3377d
Filesize: 31400.476 KB

Version history: (Expand)

CVS history: (Expand)

   2016-10-09 23:17:32 by Thomas Klausner | Files touched by this commit (2)
Log message:
Remove obsolete patch.
   2016-10-09 23:13:22 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Updated wireshark to 2.2.1.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2016-56
       The Bluetooth L2CAP dissector could crash. ([2]Bug 12825)
     * [3]wnpa-sec-2016-57
       The NCP dissector could crash. ([4]Bug 12945)

   The following bugs have been fixed:
     * Flow Graph colored data arrows. ([5]Bug 12065)
     * Capture File Properties under Statistics Grayed Out after Stopping
       a Capture. ([6]Bug 12071)
     * Qt: Hidden columns displayed during live capture. ([7]Bug 12377)
     * Unable to save changes to coloring rules. ([8]Bug 12814)
     * Bad description for NBSS error code 0x81. ([9]Bug 12835)
     * Live capture from USBPcap fails immediately. ([10]Bug 12846)
     * Cannot decrypt EAP-TTLS traffic (not recognized as conversation).
       ([11]Bug 12879)
     * Export packet dissections Option disabled after capturing traffic.
       ([12]Bug 12898)
     * Failure to open file named with Chinese or other multibyte
       characters. ([13]Bug 12900)
     * k12 text file format causes errors. ([14]Bug 12903)
     * File | File Set | List Files dialog is blank. ([15]Bug 12904)
     * Decoding/Display of an INAP CONNECT message goes wrong for the
       Destination Routing Address part. ([16]Bug 12911)
     * TLS padding extension dissector length parsing bug. ([17]Bug 12922)
     * Diameter dictionary bugs. ([18]Bug 12927)
     * File open from menu bar with filter in place causes Wireshark to
       crash. ([19]Bug 12929)
     * Unable to capture USBPcap trace using tshark with extcap built.
       ([20]Bug 12949)
     * P1 dissector fails a TVB assertion. ([21]Bug 12976)
     * Multiple PortableApps instances can once again be run at the same

  Updated Protocol Support

   6LowPAN, BT L2CAP, CIP, DCOM IRemUnknown, Diameter, DMP, EAP, ISUP,
   NBT, NCP, NetFlow, SSL / TLS, and U3V

  New and Updated Capture File Support

   Ascend, and K12
   2016-10-04 08:41:18 by Alexander Nasonov | Files touched by this commit (1)
Log message:
Not compatible with Lua 5.3.
   2016-09-29 22:11:09 by Mark Davies | Files touched by this commit (4) | Package updated
Log message:
Allow build with heimdal again. Bump PKGREVISION.
   2016-09-19 15:04:29 by Thomas Klausner | Files touched by this commit (147)
Log message:
Recursive PKGREVISION bump for gnutls shlib major bump.
   2016-09-12 17:58:44 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
   2016-09-12 13:04:54 by Thomas Klausner | Files touched by this commit (2)
Log message:
Add upstream bug report URL.
   2016-09-12 12:59:55 by Thomas Klausner | Files touched by this commit (5) | Package updated
Log message:
Updated wireshark to 2.2.0.

What's New

  Bug Fixes

     * Upgrading to latest version uninstalls Microsoft Visual C++
       redistributable. ([1]Bug 12712)
     * Extcap errors not reported back to UI. ([2]Bug 11892)

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.2.0rc1:

   "Decode As" supports SSL (TLS) over TCP.

   The following features are new (or have been significantly updated)
   since version 2.1.1:
     * Invalid coloring rules are now disabled instead of discarded. This
       will provide backward compatibility with a coloring rule change in
       Wireshark 2.2.

   The following features are new (or have been significantly updated)
   since version 2.1.0:
     * Added -d option for Decode As support in Wireshark (mimics TShark
     * The Qt UI, GTK+ UI, and TShark can now export packets as JSON.
       TShark can additionally export packets as Elasticsearch-compatible
     * The Qt UI now supports the -j, -J, and -l flags. The -m flag is now
     * The Conversations and Endpoints dialogs are more responsive when
       viewing large numbers of items.
     * The RTP player now allows up to 30 minutes of silence frames.
     * Packet bytes can now be displayed as EBCDIC.
     * The Qt UI loads captures faster on Windows.
     * proto_tree_add_checksum was added as an API. This attempts to
       standardize how checksums are reported and filtered for within
       *Shark. There are no more individual "good" and "bad" \ 
       fields, protocols now have a "checksum.status" field that records
       "Good", "Bad" and "Unverified" (neither \ 
good or bad). Color filters
       provided with Wireshark have been adjusted to the new display
       filter names, but custom ones may need to be updated.

   The following features are new (or have been significantly updated)
   since version 2.0.0:
     * The intelligent scroll bar now sits to the left of a normal scroll
       bar and provides a clickable map of nearby packets.
     * You can now switch between between Capture and File Format
       dissection of the current capture file via the View menu in the Qt
     * You can now show selected packet bytes as ASCII, HTML, Image, ISO
       8859-1, Raw, UTF-8, a C array, or YAML.
     * You can now use regular expressions in Find Packet and in the
       advanced preferences.
     * Name resolution for packet capture now supports asynchronous DNS
       lookups only. Therefore the "concurrent DNS resolution" preference
       has been deprecated and is a no-op. To enable DNS name resolution
       some build dependencies must be present (currently c-ares). If that
       is not the case DNS name resolution will be disabled (but other
       name resolution mechanisms, such as host files, are still
     * The byte under the mouse in the Packet Bytes pane is now
     * TShark supports exporting PDUs via the -U flag.
     * The Windows and OS X installers now come with the "sshdump" and
       "ciscodump" extcap interfaces.
     * Most dialogs in the Qt UI now save their size and positions.
     * The Follow Stream dialog now supports UTF-16.
     * The Firewall ACL Rules dialog has returned.
     * The Flow (Sequence) Analysis dialog has been improved.
     * We no longer provide packages for 32-bit versions of OS X.
     * The Bluetooth Device details dialog has been added.

  New File Format Decoding Support

   Wireshark is able to display the format of some types of files (rather
   than displaying the contents of those files). This is useful when
   you're curious about, or debugging, a file and its format. To open a
   capture file (such as PCAP) in this mode specify "MIME Files Format" as
   the file's format in the Open File dialog.

  New Protocol Support

   Apache Cassandra - CQL version 3.0, Bachmann bluecom Protocol,
   Bluetooth Pseudoheader for BR/EDR, Cisco ERSPAN3 Marker, Cisco ttag,
   Digital Equipment Corporation Local Area Transport, Distributed Object
   Framework, DOCSIS Upstream Channel Descriptor Type 35, Edge Control
   Protocol (ECP), Encrypted UDP based FTP with multicast, Ericsson IPOS
   Kernel Packet Header Dissector Added (IPOS), Extensible Control &
   Management Protocol (eCMP), FLEXRAY Protocol dissector added
   (automotive bus), IEEE 802.1BR E-Tag, Intel Omni-Path Architecture, ISO
   8583-1, ISO14443, ITU-T G.7041/Y.1303 Generic Framing Procedure (GFP),
   LAT protocol (DECNET), Metamako trailers, Network Service Header for
   Ethernet & GRE, Network-Based IP Flow Mobility (NBIFOM), Nokia
   Intelligent Service Interface (ISI), Open Mobile Alliance Lightweight
   Machine to Machine TLV payload Added (LwM2M TLV), Real Time Location
   System (RTLS), RTI TCP Transport Layer (RTITCP), SMB Witness Service,
   STANAG 5602 SIMPLE, Standard Interface for Multiple Platform Link
   Evaluation (SIMPLE), USB3 Vision Protocol (USB machine vision cameras),
   USBIP Protocol, UserLog Protocol, and Zigbee Protocol Clusters
   Dissectors Added (Closures Lighting General Measurement & Sensing HVAC
   Security & Safety)

  Updated Protocol Support

   Bluetooth OBEX dissector (btobex) was renamed to Obex Dissector (obex),
   allow to DecodeAs it over USB, TCP and UDP.

   A preference was added to TCP dissector for handling IPFIX process
   information. It has been disabled by default.

  New and Updated Capture File Support

   Micropross mplog

  New and Updated Capture Interfaces support

   Non-empty section placeholder.

  Major API Changes

   The libwireshark API has undergone some major changes:
     * The address macros (e.g., SET_ADDRESS) have been removed. Use the
       (lower case) functions of the same names instead.
     * "old style" dissector functions (that don't return number of bytes
       used) have been replaced in name with the "new style" dissector
     * tvb_get_string and tvb_get_stringz have been replaced with
       tvb_get_string_enc and tvb_get_stringz_enc respectively.