Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireshark 1.0 Released

Posted by ScuttleMonkey on from the happy-sniffing dept.

katterjohn writes "After almost 10 years of work, Wireshark 1.0 has been released. Wireshark is the award-winning protocol analyzer, formerly known as Ethereal. The release features several security fixes and an experimental package for Max OS X Intel."

40 of 123 comments (clear)

  1. Say ... by ScrewMaster · · Score: 5, Interesting

    would this still be illegal in Germany?

    --
    The higher the technology, the sharper that two-edged sword.
    1. Re:Say ... by Anonymous Coward · · Score: 2, Informative

      Since there aren't any court decisions based on that relatively new law, nobody knows. (The point of the law actually is that you can interpret it in basically any way you want.) The state attorney dismissed a case against the Bundesamt für Sicherheit in der Informationstechnik (Federal Bureau for Security in Information Technology) because they are distibuting software of the kind via the Web, though.

    2. Re:Say ... by Kadin2048 · · Score: 5, Informative

      I think they just decided that Scientology wasn't a religion, but a business cum Ponzi scheme in clerical collars.

      Also I think what they prohibited wasn't the practice of Scientology per se, but the Church of Scientology as an organization. That the CoS believes you can't practice the 'religion' without them is kind of a separate issue. But if you want to sit in your house and think Scientology thoughts in Germany, I think you'd be protected. They just take a dim view of the whole converting-others-and-fleecing-them bit. Historically, even religiously tolerant societies have had different reactions to aggressive proselyting.

      It is a bit arbitrary, since I could think of a few other religions that aren't a ton better, but you have to admit the CoS is particularly bald-faced.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. More useful than you would think by CRCulver · · Score: 2, Informative

    Wireshark is far from being an egghead tool that only professionals might use. It's also useful for running aircrack-ng. I'm happy they've finally reached 1.0.

    1. Re:More useful than you would think by Anonymous Coward · · Score: 5, Funny

      And aircrack-ng is far from an egghead tool. It's useful for... wait a minute....

  3. Award-winning? by Anonymous Coward · · Score: 5, Interesting

    Whenever some product claims to be "award-winning", I always wonder what that award is. It's like the word "professional", that also lost its meaning. So, anybody have any pointers to any kind of "award"?

    1. Re:Award-winning? by Anonymous Coward · · Score: 4, Funny

      Whenever some product claims to be "award-winning", I always wonder what that award is.

      How could you wonder? It's "world famous"!

    2. Re:Award-winning? by stevey · · Score: 2, Funny

      Maybe an award for the number of security issues the code has historically had?

    3. Re:Award-winning? by Nykon · · Score: 3, Funny

      I don't think that's it. Microsoft always seems to clean up at THAT award ceremony. ;-)

      --
      "It's better to be a pirate then join the Navy"
    4. Re:Award-winning? by JSG · · Score: 5, Insightful

      Why do you hang around /. if you don't have the occasional use for Ether^H^H^H^H^Wireshark. It does run on Windows nicely.

      Award, hmmm, award ...

      It really doesn't matter what awards WS has won.

      It is a classic example of FOSS at its best. In the dim and distant past you paid serious money for packet capture software. Now you get the absolute dog's nadgers on a plate for nowt. It shows me everything from what a NetWare cluster is up to to a well, what more do you want? Also you can follow streams etc etc etc etc

      I personally put it up there with Apache and Samba (oh and that Linux kernel thing) as important software. OK there are quite a few others but I trust you get my point.

      Whenever someone says something like "Whenever some product claims to be "award-winning", I always wonder what that award is." I trust they know what they are on about.
       
      ... and PHP, Python, PERL, MySQL, PostgreSQL, *BSD, Firefox, KDE, Gnome, E{n} ...

      By gum it's a good world when it comes to software.

      AWARD - PAH - use the bloody thing and give out your own awards!

  4. Yes, Yes, and it does... (Buried Lede?) by curmudgeon99 · · Score: 5, Insightful

    Now come on! What sort of a lede is that? Just a tease and no candy? What does Wireshark 1.0 DO for pete's sake?

    1. Re:Yes, Yes, and it does... (Buried Lede?) by calebt3 · · Score: 2, Insightful

      But what was added to make it 1.0? What is new?

    2. Re:Yes, Yes, and it does... (Buried Lede?) by kasparov · · Score: 5, Funny

      Now come on! What sort of a lede is that? Just a tease and no candy? What does Wireshark 1.0 DO for pete's sake? A quick read: "Network protocol analyzer for Windows and Unix that allows examination of data from a live network, or from a capture file on disk." Basically it is tcpdump with a GUI. That is kind of like saying a bulldozer is like a shovel, but yellow.
      --
      There's no place I can be, since I found Serenity.
    3. Re:Yes, Yes, and it does... (Buried Lede?) by CastrTroy · · Score: 2, Informative

      Couldn't have put it better myself. Wireshark gives you a ton of tools for filtering through all the ongoing connections, and really looking at what's going on with your network.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    4. Re:Yes, Yes, and it does... (Buried Lede?) by kylehase · · Score: 4, Funny

      The previous version was 0.99.8 so 0.00.2 was added to make it 1.0.0

      --
      You want fun, go home and buy a monkey!
  5. Thanks! by mudshark · · Score: 5, Informative

    I'll be off to update mine today. It's the best improvement on tcpdump I've ever used.

    --
    In other news, astrophysicists have announced that they now know what all that dark matter is: it's stupidity.
    1. Re:Thanks! by dubl-u · · Score: 2, Insightful

      I'll be off to update mine today. It's the best improvement on tcpdump I've ever used.

      Amen to that. "Assemble TCP Stream" alone is a glorious thing, and there's so much more.

      Still, I'm a little sad that it's now v1.0. It seemed much more advanced when it was 0.9.99.9921 or whatever the last prerelease version was.

    2. Re:Thanks! by UncleTogie · · Score: 2, Interesting

      Amen to that. "Assemble TCP Stream" alone is a glorious thing, and there's so much more.

      Ditto. It was the first thing I noticed, and seemed to work well with the {admittedly few} tests that I threw at it... Anyone else notice any discrepancies?

      --
      Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
    3. Re:Thanks! by Hes+Nikke · · Score: 2, Informative

      well, assemble implies that you already have all the pieces (you do), sort of like ASSEMBLING a puzzle. or a desk.

      follow implies that it'll show you anything new that comes in (i can't recall ottomh if it does this but i'd be surprised if it doesn't). think of following a trail. or a conversation.

      english is such a magical^Wgay^Winfuriating language! (said by a native speaker)

      --
      Don't call me back. Give me a call back. Bye. So yeah. But bye our, well, but alright we are on a shirt this chill.
  6. Downloads by Skuldo · · Score: 5, Informative

    The site is slow at the moment, if you want to download the thing, skip the chase and go straight to http://sourceforge.net/projects/wireshark/

    1. Re:Downloads by gardyloo · · Score: 4, Funny

      One might want to use the "-mit Lasern" flag, of course.

  7. and yet... by digitalsushi · · Score: 3, Interesting

    I wish I could sniff on multiple interfaces.

    Or exclude specific interfaces from the pseudo-device available in some versions (like my linux copy)

    Or filter out duplicate packets (not retransmissions, but the literal same packet: I bridged two interfaces, and the pseudo-device captures both the bridge and the bridge member)

    Or just add localhost to a bridge.. why I can't do this is outside my understanding (until someone gives a crafty answer)

    Or even just route all traffic destined for localhost through a physical interface first (I just want to capture all my packets, including localhost and a bridge with several ethernet members, but only once!)

    Ah, it's on the wishlist. For another day, perhaps...

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    1. Re:and yet... by Anonymous Coward · · Score: 5, Funny

      those features will be available in Wireshark 2.0, forecast for release in 2018 at their current pace

    2. Re:and yet... by Anonymous Coward · · Score: 2, Informative

      You can capture multiple interfaces with tcpdump or what have you, and merge them with wireshark. There is also the "any" interface in wireshark.

    3. Re:and yet... by Creepy+Crawler · · Score: 4, Informative

      :Or just add localhost to a bridge.. why I can't do this is outside my understanding (until someone gives a crafty answer)

      It's a simple reason. Bridging is a layer 2 technology, as IP is layer 3. As I expected, a "localhost" on Linux does not have a MAC address (required for layer 2).

      --
  8. The difference between F/OSS and commercial by Anonymous Coward · · Score: 5, Insightful

    This project took 10 years of continuous development and public testing to reach a 1.0 release. This timeframe is not atypical; F/OSS 1.0 releases are usually stable, reliable, and heavily featured. Some projects never make a 2.0 release, instead making point releases on top of 1.0 indefinately.

    The 1.0 release of most commercial software comes after extremely limited public testing, and the developers scramble to make a 2.0 release within a year. Commercial 1.0 releases are frequently buggy and have obvious gaps in functionality, which are often not completely addressed in 2.0.

    1. Re:The difference between F/OSS and commercial by Trojan35 · · Score: 2, Insightful

      Yes, but the commercial version would have been out 8 years ago and released 2.0 7 years ago. YMMV.

    2. Re:The difference between F/OSS and commercial by Zantetsuken · · Score: 3, Interesting

      his point is that the quality of these sorts of F/OSS releases is often on par with a commercial product that would now be release 8.12 - not just 8.0 feature-wise, but .12 because of the stability. when you go to show your phb why your company should use wireshark, tell them its only 1.0 and yet already has tons of features and stability not found in commercial products at 8.12 releases

  9. Download link by greenreaper · · Score: 5, Informative

    wireshark-setup-1.0.0.exe

  10. Useful in Biztalk by jasonmanley · · Score: 3, Interesting

    I do a lot of Biztalk dev and I often need to send data to remote HTTP locations. Usually the outgoing message is transformed inside an outgoing pipeline and it is not always easy to see exactly what is being sent to the client. This is where WireShark has come in handy. I just monitor my ethernet interface for a few seconds. The results are usually colour coded and easy to read. Very useful tool.

    --
    http://projectleader.wordpress.com
    1. Re:Useful in Biztalk by mcpkaaos · · Score: 4, Interesting

      A dev after my own heart! I use it to capture ASP.NET web service requests as it's far easier to deal with than WSE3 tracing or serializing objects before passing them to the web proxy (which usually leaves you without namespaces anyway).

      Over the years, I've found protocol analyzers to be indispensable for developing and debugging modern MS-based network apps. They hide so damned much from the developers these days, often times it's the only way to see what's really going on.

      --
      It goes from God, to Jerry, to me.
  11. Helped me at work by British · · Score: 4, Interesting

    Long story short: I had a SQL client app that tried to connect to the SQL server with a hard-coded password. I needed to know the password to set on the server. Fired up wireshark, found the password, set said password on the server, and it was a go.

    1. Re:Helped me at work by 77Punker · · Score: 3, Funny

      Another story:
      I was picking up my wireless from my neighbor and my roommate was using my computer for internet access via crossover cable.

      I needed to know the contents of his AIM messages so I fired up Wireshark.

  12. And an OSX Link by dvanduzer · · Score: 2, Informative

    http://wireshark.zing.org/download/osx/Wireshark%201.0.0%20Intel.dmg

  13. This is interesting? by slyborg · · Score: 5, Insightful

    Man, people have mod points burning holes in their keyboards tonight.

    I fail to see anything at all "interesting in this". Taking advantage of other people because you are more knowledgeable than them, breaking the law, and then boasting about it on Slashdot is -5 Lame, especially when the level of expertise involved is what is usually ascribed to "script kiddies".

    And no, you don't get a pass because it was the "only black hat thing I've ever done", like we believe that, and it sure sounds like the entire objective of your weak excuse for "black hat" action was to sniff their traffic, since changing their router setup was hardly necessary if you just wanted to steal access.

    Maybe I'm just having an old man moment, but I kept expecting some kind of punch line in there, and it ended up just being "my neighbor left his garage door open, and I stole a six-pack out of his fridge". WTF is that about?

    1. Re:This is interesting? by Pikoro · · Score: 2, Funny

      You're glavenoid's neighbor aren't you?

      --
      "Freedom in the USA is not the ability to do what you want. It is the ability to stop others from doing what THEY want"
  14. Is Wireshark the right tool for me? by baeksu · · Score: 2, Interesting

    I have a 'black box' on my home network. It's a voip phone, provided by our local telecom, and I'd really like to see what traffic it's sending to and receiving from the outside.

    I've scanned it with nmap and not found any open ports from the outside. It's sitting behind a nat router, and the company won't tell me which ports it would need to forwarded (though somehow it's still able to receive calls and messages from the outside).

    Actually, the company says I should forward ports 20000-60000 (seriously), but I think I won't do that.

    I'm really curious to see the traffic it sends and receives, and also whether it's using any encryption. Is it possible to use Wireshark to sniff the traffic from another box that is within the same LAN, and where might one find a good tutorial for such a project?

    --
    Gnome: A never ending quest to make unix friendly to people who don't want unix and excruciating for those that do.
  15. If other companies made Wireshark by Junior+J.+Junior+III · · Score: 3, Funny

    Adobe: v1.0 is released; a week later 1.0.1 is released. A few months after that, 1.0.2. Then three years go by, and suddenly it's at 2.0, which is broken from the install.

    Microsoft: v1.0 is released; no one buys it. v2.0 is released; it's still not really usable. v3.0 comes out, and people suddenly line up for it around the block. v3.0SP1 is released and fixes most of the really bad bugs while introducing a few others, some random security vulnerabilities, invalidating half the licenses of all previous versions, and causes DrDOS to crash.

    Apple: v1.0 is released, but it has a bug so Apple pulls it from the download server for a few hours, after which a patched version replaces it, with the same exact version number, and no mention of any bugfix in the release notes. Any mention of any alleged switcheroo or the problem that existed in the first 1.0 release is ruthlessly and systematically quashed in the support forums on Apple's website; unfortunately, their lawyers can't censor the entire net.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  16. Re:What does the /. effect look like by Slashcrap · · Score: 2, Funny

    It's easy to simulate. Just login to a remote system via VNC/RDP and then run Wireshark on it. Remove any filters that Wireshark might automatically add to save you from yourself. You can also recreate this with SSH and tcpdump.

    I would make sure that it's not a very important remote system though.

  17. How is wireshark better than tcpdump? by rayvd · · Score: 2, Informative

    One of the most useful features of wireshark is its breakdown of (known) protocols. It makes it a lot easier to follow a DHCP address acquisition or a DNS request and to dig into the individual flags of said DNS request (was it an update? did it have any prerequisites?)

    However, probably the best use I've found for Wireshark was troubleshooting VoIP with SIP and RTP. Wireshark has great plugins for visually laying out each step of the SIP conversation, including showing you where the RTP stream initidated at. If you've ever tried to troubleshoot SIP via a NAT setup with various proxies like SER throughout, it's an invaluable tool. It'll even graph jitter for you. Just tcpdump to an output file and load it up in Wireshark.