Professional Documents
Culture Documents
Table of Contents
What is Ethereal?
What's New
Bug Fixes
New and Updated Features
New Protocol Support
Updated Protocol Support
New and Updated Capture File Support
Getting Ethereal
Microsoft Windows
Sun Solaris
Source Code
Vendor-supplied Packages
File Locations
Known Problems
Getting Help
Frequently Asked Questions
What is Ethereal?
Ethereal is the world's most popular network protocol analyzer. It is used for troubleshooting,
analysis, development, and education.
What's New
Bug Fixes
Many security vulnerabilities have been fixed since the previous release. See the application
advisory for more details.
• The H.248 dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
• The UMA dissector could go into an infinite loop. Versions affected: 0.10.12 -
0.10.14. CVE: CVE-2006-1933
• The X.509if dissector could crash. Versions affected: 0.10.14. CVE: CVE-2006-1937
• The SRVLOC dissector could crash. Versions affected: 0.10.0 - 0.10.14. CVE: CVE-
2006-1937
• The H.245 dissector could crash. Versions affected: 0.10.13 - 0.10.14. CVE: CVE-
2006-1937
• Ethereal's OID printing routine was susceptible to an off-by-one error. Versions
affected: 0.10.14. CVE: CVE-2006-1932
• The COPS dissector could overflow a buffer. Versions affected: 0.9.15 - 0.10.14.
CVE: CVE-2006-1935
• The ALCAP dissector could overflow a buffer. Versions affected: 0.10.14. CVE:
CVE-2006-1934
Under a grant funded by the U.S. Department of Homeland Security, Coverity has uncovered
a number of vulnerabilities in Ethereal:
• The statistics counter could crash Ethereal. Versions affected: 0.10.10 - 0.10.14. CVE:
CVE-2006-1937
• Ethereal could crash while reading a malformed Sniffer capture. Versions affected:
0.8.12 - 0.10.14. CVE: CVE-2006-1938
• An invalid display filter could crash Ethereal. Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
• The general packet dissector could crash Ethereal. Versions affected: 0.10.9 - 0.10.14.
CVE: CVE-2006-1937
• The AIM dissector could crash Ethereal. Versions affected: 0.10.7 - 0.10.14. CVE:
CVE-2006-1937
• The RPC dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE:
CVE-2006-1939
• The DCERPC dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
• The ASN.1 dissector could crash Ethereal. Versions affected: 0.9.8 - 0.10.14. CVE:
CVE-2006-1939
• The SMB PIPE dissector could crash Ethereal. Versions affected: 0.8.20 - 0.10.14.
CVE: CVE-2006-1938
• The BER dissector could loop excessively. Versions affected: 0.10.4 - 0.10.14. CVE:
CVE-2006-1933
• The SNDCP dissector could abort. Versions affected: 0.10.4 - 0.10.14. CVE: CVE-
2006-1940
• The Network Instruments file code could overrun a buffer. Versions affected: 0.10.0 -
0.10.14. CVE: CVE-2006-1934
• The NetXray/Windows Sniffer file code could overrun a buffer. Versions affected:
0.10.13 - 0.10.14. CVE: CVE-2006-1934
• The GSM SMS dissector could crash Ethereal. Versions affected: 0.9.16 - 0.10.14.
CVE: CVE-2006-1939
• The ALCAP dissector could overrun a buffer. Versions affected: 0.10.14. CVE: CVE-
2006-1934
• The telnet dissector could overrun a buffer. Versions affected: 0.8.5 - 0.10.14. CVE:
CVE-2006-1936
• ASN.1-based dissectors could crash Ethereal. Versions affected: 0.9.10 - 0.10.14.
CVE: CVE-2006-1939
• The H.248 dissector could crash Ethereal. Versions affected: 0.10.11 - 0.10.14. CVE:
CVE-2006-1937
• The DCERPC NT dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14.
CVE: CVE-2006-1939
• The PER dissector could crash Ethereal. Versions affected: 0.9.14 - 0.10.14. CVE:
CVE-2006-1939
Under Windows, Unicode characters in profile and configuration file paths could cause
problems. Versions affected: 0.10.14.
The Coverity audit turned up several UI-related bugs that could make Ethereal crash.
The following features are new (or have been significantly updated) since the last release:
• The new command line tool dumpcap makes it possible to capture network data
without the drawbacks of (t)ethereal (memory usage, security problems, ...) while
keeping the benefit of advanced techniques like multiple (ringbuffer) files and alike.
• Recent versions of Ethereal were flagging packets with an incorrect TCP checksum as
malformed. False positives were being triggered on systems that use TCP checksum
offloading. We now check to see if the checksum is not 0x0000 before flagging the
packet as malformed.
Please Note
If your system uses TCP checksum offloading and Ethereal still shows bad
checksums for outgoing TCP packets and the checksums for outgoing TCP
packets are not 0x0000, this could mean that your operating system is
exposing kernel memory unneccessarily. If this is the case, you should report
the problem to your OS vendor.
3G A11, 802.11, 802.1Q, 802.3 Slow Protocols, AIM, ALCAP, ANSI MAP, ASF, ASN.1
BER, ASN.1 PER, BACapp, BACnet, BFD, BGP, BPDU, BSSAP, BSSGP, Camel, CDP,
CLNP, CMP, COPS, DCERPC (DCERPC, LSA, NT, PNP), DCOM (CBA, DCOM,
Dispatch), DHCP, DIAMETER, DNS, DOCSIS DCC, eDonkey, Ethernet, FC, FCP, FIX,
G.723, GIOP, GRE, GSM A, GSM MAP, GSSAPI, GTP, H.245, H.248, H.450, HTTP, IAPP,
ICMPv6, iFCP, IP, IPMI, IPP, IPsec, IPv6, ISAKMP, iSCSI, ISUP, IuUP, Juniper GGSN,
JXTA, K12, Kerberos, LAPD, LDAP, LLDP, LOOP, M3UA, MEGACO, MPLS, MS MMS,
MS NLB, MS Proxy, MTP3, NBNS, NCP 2222, NDPS, Netflow, NFS, NJACK, NLM, NSIP,
NTLMSSP, PN-DCP, POP, PPP, Q.931, Radiotap, RADIUS, RANAP, RNSAP, RPC,
RSYNC, RTCP, RTP, SCCP, SCCP MG, SCSI, SDP, Sebek, SES, SIGCOMP, SIGCOMP
UDVM, SIP, SKINNY, SMB2, SMB (Mailslot, PIPE, SMB), SMPP, SNDCP, SNMP,
SOCKS, SPNEGO, SRVLOC, SSL, STUN, Syslog, T.38, TACACS, TCAP, TCP, TDS,
Telnet, TIPC, UDP, UMA, WSP, X11, X.411, X.509, XML
Download ethereal-setup-0.99.0.exe from the Windows download area on the main web site.
Double-click the installer executable.
Sun Solaris
Download the appropriate package from the Solaris download area on the main web site.
Uncompress the package using bzip2, and install it using pkgadd.
Source Code
Download ethereal-0.99.0.tar.gz from the main download area on the web site. Extract the
package using tar and gzip. Run "configure ; make ; make install".
Vendor-supplied Packages
Most Linux and Unix vendors supply their own Ethereal packages. You can install or upgrade
Ethereal using the package management system specific to that platform. A list of third-party
packages can be found on the download page on the Ethereal web site.
File Locations
Ethereal and Tethereal look in several different locations for preference files, plugins, SNMP
MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can
use About->Folders to find the default locations on your system.
Known Problems
On Windows systems the packet list scroll bar can sometimes disappear or become unusable.
Until the problem is fixed you can work around it by resizing the packet list or the main
window. (Bug #220)
It may not be possible to re-order coloring rules under Windows. (Bug #699)
Multiple tap interfaces may cause a crash under FreeBSD. (Bug #757)
Commercial support, training, and development services are available from Ethereal
Software.