Wireshark Analyzer is a fantastic multi-platform open source network protocol analyzer. It can be used to check the analysis of data from the network host to survive, but also look to capture files from the disk. You can interactively browse the capture data, just capture details of the package, you need to analyze. Wireshark has some powerful features, including the ability to rich display filter language and view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. It includes a similar tcpdump named tshark the console version. Note that Wireshark emergence of a few dozens of remotely exploitable vulnerabilities, and thus needs to be updated to the latest version, and do not run in an insecure network environment.
Introduction Video: https://www.wireshark.org/video/wireshark/introduction-to-wireshark/
- The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9.
The following vulnerabilities have been fixed:
- wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
- wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
- wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
- wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
- wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
- wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
- wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
- wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
- wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
- wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.
The following bugs have been fixed:
- [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type ‘guint32’ (aka ‘unsigned int’) in packet-ieee80211.c:15534:49. Bug 14770.
- [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type ‘int’ in packet-couchbase.c:1674:37. Bug 15439.
- Duplicated TCP SEQ field in ICMP packets. Bug 15533.
- Wrong length in dhcpv6 NTP Server suboption results in “Malformed Packet” and breaks further dissection. Bug 15542.
- Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.
- GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
- Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561.
- %T not supported for timestamps. Bug 15565.
- LWM2M: resource with \r\n badly shown. Bug 15572.