Hackers’ most popular network analyzing tool, Wireshark 3.2.6 released with a bug fix for Kafka dissector and other bugs
The devs of Wireshark yesterday announced the release of Wireshark 3.2.6. The latest version of Wireshark doesn’t have new any new features but it fixes many bugs like the Kafka dissector bug, invalid timestamp bug, etc.
For the uninitiated, Wireshark is the network protocol analyzer. It lets hackers and security researchers check network abnormalities and is used to live capture packets and analyze them. It captures packets and lets you check data at the micro-level. It runs on Windows, Linux, OS X, Solaris, FreeBSD, and others. Wireshark requires good knowledge of network protocols to analyze the data obtained with the tool. Here are few features of Wireshark 3.2.6
- Deep inspection of hundreds of protocols (news ones added)
- Live capture and offline analysis
- Standard three-pane packet browser
- Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
- Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
- The most powerful display filters in the industry
- Rich VoIP analysis
- Read/write many different capture file formats
- Capture files compressed with gzip can be decompressed on the fly
- Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
- Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
- Coloring rules can be applied to the packet list for quick, intuitive analysis
- Output can be exported to XML, PostScript®, CSV, or plain text
Wireshark is perhaps one of the best open-source packet analyzers available today but it was not free of bugs. The new version of Wireshark comes with as many as 12 bug fixes which are given below:
- Kafka dissector fails to parse FETCH responses. Bug 16623
- The dissector for ASTERIX Category 001 / 210 does not recognize bit 1 as extension. Bug 16662.
- “invalid timestamp” for Systemd Journal Export Block. Bug 16664.
- Decoding Extended Emergency number list IE length. Bug 16668.
- Some macOS Bluetooth PacketLogger capture files aren’t recognized as PacketLogger files (regression, bisected). Bug 16670.
- Short IMSIs (5 digits) lead to the wrong decoding+warning. Bug 16676.
- Decoding of PFCP IE ‘PFD Contents’ results in “malformed packet”. Bug 16704.
- RFH2 Header with 32 or fewer bytes of NameValue will not parse out that info. Bug 16733.
- CDP: Port ID TLV followed by Type 1009 TLV triggers [Malformed Packet]. Bug 16742.
- tshark crashed when processing opcda. Bug 16746.
- tshark with –export-dicom gives “Segmentation fault (core dumped)”. Bug 16748.
The updated Wireshark 3.2.6 now supports the following protocols:
ASTERIX, BSSAP, CDP, CoAP, DCERPC SPOOLSS, DCOM, DICOM, DVB-S2, E.212, GBCS, GSM RR, GSM SMS, IEEE 802.11, Kafka, MQ, Nano, NAS 5GS, NIS+, NR RRC, PacketLogger, PFCP, RTPS, systemd Journal, TDS, TN3270, and TN5250
The updated version also brings PacketLogger and pcapng capture file support. You can download the updated Wireshark 3.2.6 from here:
All Wireshark 3.2.6 source code, information, and installation packages are available here.