Changes - j0ke.net Open Build Service

@@ -1,589 +1,300 @@ ------------------------------------------------------------------------ -r51941 | gerald | 2013-09-10 13:02:31 -0700 (Tue, 10 Sep 2013) | 2 lines +r53023 | gerald | 2013-11-01 10:01:59 -0700 (Fri, 01 Nov 2013) | 2 lines Changed paths: M /trunk-1.8/ChangeLog - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/make-version.pl + M /trunk-1.8/NEWS -1.8.10 → 1.8.11. +Build 1.8.11. ------------------------------------------------------------------------ -r52059 | gerald | 2013-09-15 07:34:57 -0700 (Sun, 15 Sep 2013) | 1 line +r53032 | gerald | 2013-11-01 13:53:05 -0700 (Fri, 01 Nov 2013) | 2 lines Changed paths: - M /trunk-1.8/manuf - M /trunk-1.8/services + M /trunk-1.8/ChangeLog + M /trunk-1.8/config.nmake + M /trunk-1.8/configure.in + M /trunk-1.8/debian/changelog + M /trunk-1.8/debian/wireshark-common.files + M /trunk-1.8/docbook/asciidoc.conf + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/Makefile.am + M /trunk-1.8/make-version.pl + M /trunk-1.8/version.conf + M /trunk-1.8/wiretap/Makefile.am + +1.8.11 → 1.8.12. -[Automatic manuf, services and enterprise-numbers update for 2013-09-15] ------------------------------------------------------------------------ -r52171 | gerald | 2013-09-22 07:34:54 -0700 (Sun, 22 Sep 2013) | 1 line +r53066 | gerald | 2013-11-03 07:35:02 -0800 (Sun, 03 Nov 2013) | 1 line Changed paths: M /trunk-1.8/manuf M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-09-22] ------------------------------------------------------------------------- -r52174 | eapache | 2013-09-22 09:50:24 -0700 (Sun, 22 Sep 2013) | 3 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-gluster.h - M /trunk-1.8/epan/dissectors/packet-glusterfs.c - -Manual backport of r52142 and r52144 to fix collision between gluster defines -and system header dirent.h - ------------------------------------------------------------------------- -r52196 | eapache | 2013-09-23 16:38:34 -0700 (Mon, 23 Sep 2013) | 13 lines -Changed paths: - M /trunk-1.8/epan/reassemble.c - -Manual backport of r52195 from trunk-1.10: - -Replace r51826 with a slightly different backport fix for -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9027 -that doesn't leak memory. I thought the leaks would be pretty minor and not -worth worrying about, but -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9169 -showed otherwise. - -Major thanks to Jakub for figuring out we could create a dummy TVB hooked up to -the parent, even though the 1.8 reassembly code doesn't know about the real -child TVB. - ------------------------------------------------------------------------- -r52200 | eapache | 2013-09-23 18:50:23 -0700 (Mon, 23 Sep 2013) | 7 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-ntlmssp.c - -Simply don't store (or look for) the conversation struct in the packet proto -data, since it leads to mis-casts and bad corruptions. This is effectively a -backport for Jeff's r50734 fixing -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941 -but since we don't have the index count for p_add_proto_data I had to go through -and prove to myself that the entire thing can be safely removed. - +[Automatic manuf, services and enterprise-numbers update for 2013-11-03] ------------------------------------------------------------------------ -r52240 | guy | 2013-09-28 10:47:45 -0700 (Sat, 28 Sep 2013) | 9 lines +r53124 | guy | 2013-11-06 18:02:22 -0800 (Wed, 06 Nov 2013) | 19 lines Changed paths: M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c + M /trunk-1.8/wiretap/libpcap.c -Copy over r52238 from trunk: +Copy over r49999 from trunk: ------------------------------------------------------------------------ - r52238 | guy | 2013-09-28 10:44:50 -0700 (Sat, 28 Sep 2013) | 4 lines - - There's no interface ID in a Simple Packet Block. - - Fixes one problem found by the file in bug 9200. - ------------------------------------------------------------------------- -r52243 | guy | 2013-09-28 11:12:50 -0700 (Sat, 28 Sep 2013) | 17 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52241 from trunk, with manual intervention: - - ------------------------------------------------------------------------ - r52241 | guy | 2013-09-28 11:03:20 -0700 (Sat, 28 Sep 2013) | 12 lines - - In a Simple Packet Block, the captured length isn't the block length - minus the lengths of the two length fields and the packet length field, - it's the minimum of that and the packet length, as there might be - padding. + r49999 | eapache | 2013-06-17 18:02:26 -0700 (Mon, 17 Jun 2013) | 10 lines - Fixes one problem found by the file in bug 9200. + Don't limit the on-the-wire length of packets to 64KB, there are larger packets + out there (especially over USB) and we should be able to load them as long as + they are snapped to a sane length. - While we're at it, pcapng_read_packet_block() and - pcapng_read_simple_packet_block() return an integer, not a Boolean; - return 0, not FALSE (they have the same value, but returning 0 makes it - clearer that the return value isn't restricted to TRUE or FALSE). + Also validate that packets do not specify a snapshot length larger than the one + in the file header, though only make it a warning, as this is not necessarily a + fatally corrupt packet. ------------------------------------------------------------------------- -r52246 | guy | 2013-09-28 11:26:58 -0700 (Sat, 28 Sep 2013) | 11 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52244 from trunk: + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808 ------------------------------------------------------------------------ - r52244 | guy | 2013-09-28 11:25:07 -0700 (Sat, 28 Sep 2013) | 6 lines - Correctly calculate the captured length in a Simple Packet Block - - subtract out the minimum SPB size, which includes the length of - *everything* except for the packet data. - - Fixes one problem found by the file in bug 9200. +Also fixes bug 9390. ------------------------------------------------------------------------ -r52249 | guy | 2013-09-28 12:27:55 -0700 (Sat, 28 Sep 2013) | 9 lines +r53127 | guy | 2013-11-06 18:14:02 -0800 (Wed, 06 Nov 2013) | 2 lines Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52247 from trunk: - - ------------------------------------------------------------------------ - r52247 | guy | 2013-09-28 12:26:23 -0700 (Sat, 28 Sep 2013) | 4 lines - - Fix cut-and-pasteo. - - Finishes the fix for bug 9200. - ------------------------------------------------------------------------- -r52252 | guy | 2013-09-28 13:11:56 -0700 (Sat, 28 Sep 2013) | 15 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52250 from trunk: - - ------------------------------------------------------------------------ - r52250 | guy | 2013-09-28 13:08:39 -0700 (Sat, 28 Sep 2013) | 10 lines - - Actually, the captured length must be the minimum of: - - the number of bytes available for packet data in the block; - - the packet length; - - *and* the snapshot length for the interface. - - One more fix for bug 9200, so it should *now* be fixed. - ------------------------------------------------------------------------- -r52255 | guy | 2013-09-28 14:08:49 -0700 (Sat, 28 Sep 2013) | 8 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52253 from trunk: - - ------------------------------------------------------------------------ - r52253 | guy | 2013-09-28 14:06:17 -0700 (Sat, 28 Sep 2013) | 3 lines + M /trunk-1.8/docbook/release-notes.asciidoc - The pcap-ng spec says the captured length is the minimum of the - interface snapshot length and the packet length; make it so. +Note that bug 8808 and bug 9390 are fixed. ------------------------------------------------------------------------ -r52259 | guy | 2013-09-28 14:32:08 -0700 (Sat, 28 Sep 2013) | 2 lines +r53197 | pascal | 2013-11-09 07:44:39 -0800 (Sat, 09 Nov 2013) | 3 lines Changed paths: - M /trunk-1.8/docbook/release-notes.xml + M /trunk-1.8/epan/dissectors/packet-sip.c -Mention bug 9200 being fixed. +Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388 : +Avoid an infinite loop in SIP dissector (backport of r51738) ------------------------------------------------------------------------ -r52267 | gerald | 2013-09-29 07:34:51 -0700 (Sun, 29 Sep 2013) | 1 line +r53229 | gerald | 2013-11-10 07:34:55 -0800 (Sun, 10 Nov 2013) | 1 line Changed paths: M /trunk-1.8/manuf -[Automatic manuf, services and enterprise-numbers update for 2013-09-29] +[Automatic manuf, services and enterprise-numbers update for 2013-11-10] ------------------------------------------------------------------------ -r52326 | guy | 2013-10-01 14:55:57 -0700 (Tue, 01 Oct 2013) | 3 lines -Changed paths: - M /trunk-1.8/packaging/macosx/Read_me_first.rtf - -We install the wrapper scripts for the command-line tools in -/usr/local/bin, not in /Library/Wireshark. - ------------------------------------------------------------------------- -r52402 | gerald | 2013-10-06 07:35:01 -0700 (Sun, 06 Oct 2013) | 1 line +r53397 | gerald | 2013-11-17 07:34:54 -0800 (Sun, 17 Nov 2013) | 1 line Changed paths: M /trunk-1.8/manuf + M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-06] ------------------------------------------------------------------------- -r52466 | pascal | 2013-10-09 09:08:55 -0700 (Wed, 09 Oct 2013) | 9 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-wccp.c - -Copy over manually from the trunk: ------------------------------------------------------------------------- -r52464 | pascal | 2013-10-09 18:07:24 +0200 (mer., 09 oct. 2013) | 3 lines - -From Peter Van Eynde via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9252 : -Fix WCCP fix hash buckets assignment info decoding - ------------------------------------------------------------------------- - ------------------------------------------------------------------------- -r52491 | eapache | 2013-10-10 06:10:47 -0700 (Thu, 10 Oct 2013) | 21 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/epan/dissectors/packet-openwire.c - -Copy over from trunk to pacify the fuzzbot and so Michael's patch backports -cleanly - - ------------------------------------------------------------------------ - r52458 | eapache | 2013-10-08 19:16:53 -0400 (Tue, 08 Oct 2013) | 10 lines - Changed paths: - M /trunk/epan/dissectors/packet-openwire.c - - Hacky fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248 - Just break out of the loop if offset doesn't go up. - - There's almost certainly a better fix - the dissector is weird, and I'm not sure - if all the _length_remaining() checks are important or legacy, and what affect - they have on this issue. - - At the very least this will pacify the fuzzbots until somebody has time to - figure it out properly. - - ------------------------------------------------------------------------ - - +[Automatic manuf, services and enterprise-numbers update for 2013-11-17] ------------------------------------------------------------------------ -r52547 | morriss | 2013-10-11 11:18:56 -0700 (Fri, 11 Oct 2013) | 9 lines +r53548 | gerald | 2013-11-24 07:36:04 -0800 (Sun, 24 Nov 2013) | 1 line Changed paths: - M /trunk-1.8/epan/dissectors/packet-ncp-sss.c - -Copy over with manual intervention (to eliminate imlicit declaration warning): - - ------------------------------------------------------------------------ - r51451 | darkjames | 2013-08-21 13:01:05 -0400 (Wed, 21 Aug 2013) | 2 lines - - small fix for r51448 isprint() is locale aware, we want just ascii - ------------------------------------------------------------------------ - + M /trunk-1.8/manuf +[Automatic manuf, services and enterprise-numbers update for 2013-11-24] ------------------------------------------------------------------------ -r52586 | gerald | 2013-10-13 07:34:52 -0700 (Sun, 13 Oct 2013) | 1 line +r53697 | gerald | 2013-12-01 07:35:03 -0800 (Sun, 01 Dec 2013) | 1 line Changed paths: M /trunk-1.8/manuf - M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-13] +[Automatic manuf, services and enterprise-numbers update for 2013-12-01] ------------------------------------------------------------------------ -r52714 | gerald | 2013-10-20 07:34:51 -0700 (Sun, 20 Oct 2013) | 1 line +r53858 | gerald | 2013-12-08 07:34:55 -0800 (Sun, 08 Dec 2013) | 1 line Changed paths: M /trunk-1.8/manuf -[Automatic manuf, services and enterprise-numbers update for 2013-10-20] +[Automatic manuf, services and enterprise-numbers update for 2013-12-08] ------------------------------------------------------------------------ -r52892 | gerald | 2013-10-27 07:35:00 -0700 (Sun, 27 Oct 2013) | 1 line +r54119 | gerald | 2013-12-15 07:34:53 -0800 (Sun, 15 Dec 2013) | 1 line Changed paths: M /trunk-1.8/manuf M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-27] +[Automatic manuf, services and enterprise-numbers update for 2013-12-15] ------------------------------------------------------------------------ -r52956 | gerald | 2013-10-29 11:37:57 -0700 (Tue, 29 Oct 2013) | 19 lines +r54146 | gerald | 2013-12-16 08:54:46 -0800 (Mon, 16 Dec 2013) | 16 lines Changed paths: - M /trunk-1.8 - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-ieee802154.c + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-ntlmssp.c -Copy over revisions from the trunk: +Copy over r53626 with manual intervention. ------------------------------------------------------------------------ - r52036 | eapache | 2013-09-14 06:15:31 -0700 (Sat, 14 Sep 2013) | 8 lines + r53626 | rbalint | 2013-11-28 08:39:04 -0800 (Thu, 28 Nov 2013) | 5 lines Changed paths: - M /trunk/epan/dissectors/packet-ieee802154.c - - _lookup_extended takes a pointer to the key-pointer since it has to set the old - key pointer value. _insert just takes the key-pointer, not a pointer to it. - Passing a pointer-to-a-pointer causes the outer pointer to be dereferenced as a - struct (when it in fact points to a pointer to struct) and leads to incorrect - behaviour and uninitialized/out-of-bounds memory accesses. - - Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 - ------------------------------------------------------------------------ - - -Update the release notes. + M /trunk/epan/dissectors/packet-ntlmssp.c ------------------------------------------------------------------------- -r52958 | gerald | 2013-10-29 11:46:49 -0700 (Tue, 29 Oct 2013) | 14 lines -Changed paths: - M /trunk-1.8/asn1/nbap/nbap.cnf - M /trunk-1.8/asn1/nbap/packet-nbap-template.c - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-nbap.c + Support long Domain Names in NTLMSSP v2 -Copy over r52154 by hand: + ... instead of crashing on them. :-) - ------------------------------------------------------------------------ - r52154 | etxrab | 2013-09-20 07:19:31 -0700 (Fri, 20 Sep 2013) | 1 line - Changed paths: - M /trunk/asn1/nbap/nbap.cnf - M /trunk/asn1/nbap/packet-nbap-template.c - M /trunk/epan/dissectors/packet-nbap.c - - DCH-ID can be 255 + Discovered by Garming Sam <garming@catalyst.net.nz> ------------------------------------------------------------------------ Update the release notes. ------------------------------------------------------------------------ -r52960 | gerald | 2013-10-29 11:59:51 -0700 (Tue, 29 Oct 2013) | 13 lines +r54147 | gerald | 2013-12-16 10:16:51 -0800 (Mon, 16 Dec 2013) | 50 lines Changed paths: M /trunk-1.8 - M /trunk-1.8/docbook/release-notes.xml + M /trunk-1.8/asn1/gsm_map/packet-gsm_map-template.c + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-gsm_map.c + M /trunk-1.8/epan/dissectors/packet-iscsi.c + M /trunk-1.8/epan/dissectors/packet-mongo.c M /trunk-1.8/epan/dissectors/packet-sip.c -Copy over r52354 from the trunk: +Copy over revisions from the trunk: ------------------------------------------------------------------------ - r52354 | pascal | 2013-10-04 03:29:57 -0700 (Fri, 04 Oct 2013) | 3 lines + r53071 | pascal | 2013-11-03 10:07:46 -0800 (Sun, 03 Nov 2013) | 3 lines Changed paths: M /trunk/epan/dissectors/packet-sip.c - Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 : - Ensure that decompressed tvb exists before trying to add it to the tree - ------------------------------------------------------------------------ - -Update the release notes. - ------------------------------------------------------------------------- -r52962 | gerald | 2013-10-29 12:55:46 -0700 (Tue, 29 Oct 2013) | 14 lines -Changed paths: - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-tcp.c - -Copy over r52570 with manual intervention: - + Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9031 : + SIP contact-param parsing fails in case the last parameter includes a quoted string ------------------------------------------------------------------------ - r52570 | cmaynard | 2013-10-12 11:03:34 -0700 (Sat, 12 Oct 2013) | 4 lines + r53148 | pascal | 2013-11-07 13:08:15 -0800 (Thu, 07 Nov 2013) | 3 lines Changed paths: - M /trunk/epan/dissectors/packet-tcp.c - - Don't assume that tvb_length_remaining() or tvb_reported_length_remaining() always return a value >= 0. Part of fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 + M /trunk/asn1/gsm_map/packet-gsm_map-template.c + M /trunk/epan/dissectors/packet-gsm_map.c - #BACKPORT(1.10,1.8) + From Vasil Velichkov via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9382 : + Fix dissection of GSM MAPv3 ReportSM_DeliveryStatusRes ------------------------------------------------------------------------ - -Update the release notes. - ------------------------------------------------------------------------- -r53005 | gerald | 2013-10-31 11:57:01 -0700 (Thu, 31 Oct 2013) | 3 lines -Changed paths: - M /trunk-1.8/config.nmake - M /trunk-1.8/configure.in - M /trunk-1.8/docbook/Makefile.am - M /trunk-1.8/docbook/Makefile.common - M /trunk-1.8/docbook/Makefile.nmake - A /trunk-1.8/docbook/asciidoc.conf (from /trunk-1.10/docbook/asciidoc.conf:53004) - A /trunk-1.8/docbook/release-notes.asciidoc (from /trunk-1.8/docbook/release-notes.xml:53004) - D /trunk-1.8/docbook/release-notes.xml - -Convert the release notes to AsciiDoc. Apply r48307 for most files, -convert the notes themselves using Pandoc followed by manual fixups. - ------------------------------------------------------------------------- -r53006 | gerald | 2013-10-31 12:09:42 -0700 (Thu, 31 Oct 2013) | 2 lines -Changed paths: - M /trunk-1.8/docbook/release-notes.asciidoc - -Fix the sample bug entry. - ------------------------------------------------------------------------- -r53007 | gerald | 2013-10-31 12:22:04 -0700 (Thu, 31 Oct 2013) | 3 lines -Changed paths: - M /trunk-1.8/docbook/asciidoc.conf - M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/make-version.pl - M /trunk-1.8/tools/svnadd - -Backport asciidoc.conf support in make-version.pl from r48405. Backport -AsciiDoc support in svnadd from r48392. Set some keywords. - ------------------------------------------------------------------------- -r53008 | gerald | 2013-10-31 12:24:22 -0700 (Thu, 31 Oct 2013) | 2 lines -Changed paths: - M /trunk-1.8/config.nmake - M /trunk-1.8/configure.in - M /trunk-1.8/debian/changelog - M /trunk-1.8/debian/wireshark-common.files - M /trunk-1.8/epan/Makefile.am - M /trunk-1.8/wiretap/Makefile.am - -1.8.10 → 1.8.11. - ------------------------------------------------------------------------- -r53010 | gerald | 2013-10-31 14:52:27 -0700 (Thu, 31 Oct 2013) | 37 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/diameter/dictionary.xml - M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-bssgp.c - M /trunk-1.8/epan/dissectors/packet-enip.c - M /trunk-1.8/ui/win32/print_win32.c - -Copy over revisions from the trunk: - - ------------------------------------------------------------------------ - r51942 | pascal | 2013-09-10 14:18:28 -0700 (Tue, 10 Sep 2013) | 3 lines + r53247 | martink | 2013-11-11 02:57:30 -0800 (Mon, 11 Nov 2013) | 3 lines Changed paths: - M /trunk/diameter/dictionary.xml + M /trunk/epan/dissectors/packet-mongo.c - From Philippe Rosenfeld via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9126 : - Fix the value of 'SEND_TO_UE' in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP + fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9409 + don't call proto_item_get_len() when the argument can be NULL ------------------------------------------------------------------------ - r52131 | pascal | 2013-09-17 14:56:35 -0700 (Tue, 17 Sep 2013) | 3 lines + r53838 | mmann | 2013-12-07 17:15:55 -0800 (Sat, 07 Dec 2013) | 3 lines Changed paths: - M /trunk/epan/dissectors/packet-bssgp.c + M /trunk/epan/dissectors/packet-iscsi.c - From Jason Wzhy via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9157 : - BSSGP: Fix dissection of Trace Type IE in SGSN-INVOKE-TRACE message + Correctly update the data length of the SCSI payload within ISCSI. Bug 9521 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9521) + + From Yaniv Kaul ------------------------------------------------------------------------ - r52157 | mmann | 2013-09-20 11:35:10 -0700 (Fri, 20 Sep 2013) | 4 lines - Changed paths: - M /trunk/epan/dissectors/packet-enip.c - Bugfix a few items: - 1. Correct Interface Flag enumeration - 2. Dissect ARP data without making it look like its an ARP packet by disabling column writing. +Copy over r53627 from trunk-1.10: + ------------------------------------------------------------------------ - r52221 | cmaynard | 2013-09-26 10:27:53 -0700 (Thu, 26 Sep 2013) | 4 lines + r53627 | mmann | 2013-11-28 08:51:08 -0800 (Thu, 28 Nov 2013) | 5 lines Changed paths: - M /trunk/ui/win32/print_win32.c + M /trunk-1.10/ui/gtk/decode_as_dlg.c - When a line of text wraps to the next line, the character that caused the line to wrap was not being printed. + Crash when selecting "Decode As" based on SCTP PPID. Bug 8976 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8976) - #BACKPORT(1.10,1.8) + Fixed by defaulting PPID value to LAST_PPID (which should make Decode As a no-op) ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53011 | gerald | 2013-10-31 15:46:40 -0700 (Thu, 31 Oct 2013) | 63 lines +r54151 | gerald | 2013-12-16 11:39:48 -0800 (Mon, 16 Dec 2013) | 32 lines Changed paths: M /trunk-1.8 M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-dcerpc-nt.c - M /trunk-1.8/epan/dissectors/packet-dcerpc.c - M /trunk-1.8/epan/dissectors/packet-eth.c - M /trunk-1.8/epan/dissectors/packet-ethertype.c - M /trunk-1.8/epan/packet.c - M /trunk-1.8/plugins/wimax/packet-wmx.c - M /trunk-1.8/tshark.c - M /trunk-1.8/ui/gtk/uat_gui.c + M /trunk-1.8/epan/dissectors/packet-dvb-bat.c + M /trunk-1.8/epan/dissectors/packet-time.c Copy over revisions from the trunk: ------------------------------------------------------------------------ - r52209 | mmann | 2013-09-24 14:06:05 -0700 (Tue, 24 Sep 2013) | 3 lines + r54138 | martink | 2013-12-16 00:20:22 -0800 (Mon, 16 Dec 2013) | 4 lines Changed paths: - M /trunk/plugins/wimax/packet-wmx.c - - Prevent crashing as a result of tree removal in r52208. Tree removal + this patch should be the "quick" fix to bug 5349 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5349). I knew the tree check was preventing some dissection/column data/etc, but from the comments in bug 5349, the tree check was also protecting this (and maybe other) crashes (due to missed NULL checking). + M /trunk/epan/dissectors/packet-time.c - I want to follow up with some massive cleanup (remove PITEM_FINFO calls), but this with r52208 should be good enough to backport to 1.8 and 1.10 to fix bug 5349. Cleanup shouldn't need to be backported. + From Wesley + fix "decode as" for time protocol + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9563 ------------------------------------------------------------------------ - r52734 | mmann | 2013-10-21 08:50:23 -0700 (Mon, 21 Oct 2013) | 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-dcerpc-nt.c - Datablob size is NDR64/32 dependant. Bug 9301 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9301). - From Matthieu Patou +Copy over with manual intervention: + ------------------------------------------------------------------------ - r52735 | mmann | 2013-10-21 08:58:52 -0700 (Mon, 21 Oct 2013) | 1 line + r52987 | martink | 2013-10-30 15:34:16 -0700 (Wed, 30 Oct 2013) | 2 lines Changed paths: - M /trunk/epan/dissectors/packet-dcerpc-nt.c + M /trunk/epan/dissectors/packet-dvb-bat.c - Fix compile errors introduced in r52734. + BAT has a Bouquet ID, no Service ID ------------------------------------------------------------------------ - r52736 | mmann | 2013-10-21 09:00:37 -0700 (Mon, 21 Oct 2013) | 3 lines + r53222 | darkjames | 2013-11-10 05:04:21 -0800 (Sun, 10 Nov 2013) | 2 lines Changed paths: - M /trunk/epan/dissectors/packet-dcerpc.c - - dce-rpc: properly dissect multiple PDU in the same packet. Bug 9302 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9302). + M /trunk/epan/tvbtest.c - From Matthieu Patou + missing include for tvbtest + add 'const' (silent most of warnings). ------------------------------------------------------------------------ - r52738 | cmaynard | 2013-10-21 10:31:22 -0700 (Mon, 21 Oct 2013) | 4 lines - Changed paths: - M /trunk/epan/dissectors/packet-eth.c - M /trunk/epan/dissectors/packet-ethertype.c - Remove if (fh_tree) checks as add_ethernet_trailer() calls such functions as dissector_try_heuristic(), expert_add_info(), and col_append_str(), which all need to be called whether fh_tree is NULL or not. - #BACKPORT(1.10,1.8) - ------------------------------------------------------------------------ - r52838 | cmaynard | 2013-10-25 05:51:16 -0700 (Fri, 25 Oct 2013) | 4 lines - Changed paths: - M /trunk/tshark.c +Update the release notes. + +------------------------------------------------------------------------ +r54152 | gerald | 2013-12-16 12:13:40 -0800 (Mon, 16 Dec 2013) | 15 lines +Changed paths: + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-ssl-utils.c - Display the frame number on the packet summary line if it's one of the configured columns. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317 +Copy over r53842 with manual intervention: - #BACKPORT(1.10,1.8) ------------------------------------------------------------------------ - r52977 | eapache | 2013-10-29 18:42:11 -0700 (Tue, 29 Oct 2013) | 6 lines + r53842 | mmann | 2013-12-07 17:52:02 -0800 (Sat, 07 Dec 2013) | 3 lines Changed paths: - M /trunk/epan/packet.c + M /trunk/epan/dissectors/packet-ssl-utils.c - When adding an entry to a dissector string table, take a copy of the pattern - string (and pass g_free to g_hash_table_new_full to free it). + dtls: fix buffer overflow in mac check. Bug 9512 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9512) - This means callers don't have to worry about the scope of the memory they pass - in, and fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296 + From Hauke Mehrtens ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53015 | pascal | 2013-11-01 08:12:40 -0700 (Fri, 01 Nov 2013) | 14 lines +r54155 | gerald | 2013-12-16 12:29:10 -0800 (Mon, 16 Dec 2013) | 13 lines Changed paths: M /trunk-1.8 M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-ptp.c + M /trunk-1.8/epan/dissectors/packet-dvbci.c -Copy over from the trunk with manual intervention: +Copy over r53322 from the trunk: ------------------------------------------------------------------------ - r52566 | pascal | 2013-10-12 16:05:32 +0200 (sam. 12 oct. 2013) | 3 lignes - Chemins modifiés : - M /trunk/epan/dissectors/packet-ptp.c - - From Todd Newton via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9262 : - Fix dissection of PTP Management messages + r53322 | martink | 2013-11-14 13:44:05 -0800 (Thu, 14 Nov 2013) | 2 lines + Changed paths: + M /trunk/epan/dissectors/packet-dvbci.c + fix application capability handling ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53019 | gerald | 2013-11-01 09:17:18 -0700 (Fri, 01 Nov 2013) | 16 lines +r54168 | pascal | 2013-12-17 01:59:30 -0800 (Tue, 17 Dec 2013) | 12 lines Changed paths: M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-ntlmssp.c + M /trunk-1.8/epan/dissectors/packet-gsm_sms.c -Copy over r52732 by hand. This appears to be in response to r52213 and -wmemification in the trunk, neither of which have been backported. The extra -check doesn't hurt, however. +Copy over from the trunk: - ------------------------------------------------------------------------ - r52732 | mmann | 2013-10-21 08:39:07 -0700 (Mon, 21 Oct 2013) | 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-ntlmssp.c +------------------------------------------------------------------------ +r53940 | pascal | 2013-12-11 19:47:15 +0100 (mer., 11 déc. 2013) | 3 lines - NULL check ref_nt_challenge_response and ref_lm_challenge_response. Bug 9299 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9299) +From Michael Lum via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9550 : +GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th - From Matthieu Patou - ------------------------------------------------------------------------ +------------------------------------------------------------------------ Update the release notes. ------------------------------------------------------------------------ -r53021 | gerald | 2013-11-01 09:29:10 -0700 (Fri, 01 Nov 2013) | 13 lines +r54169 | pascal | 2013-12-17 02:00:58 -0800 (Tue, 17 Dec 2013) | 2 lines Changed paths: M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-irc.c - -Copy over r53016 with manual intervention. - ------------------------------------------------------------------------ - r53016 | pascal | 2013-11-01 08:48:57 -0700 (Fri, 01 Nov 2013) | 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-irc.c - - From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9360 : - Fix IRC response command filter - ------------------------------------------------------------------------ - -Update the release notes. +Add bug reference to release notes ------------------------------------------------------------------------

@@ -1,4 +1,4 @@ - Wireshark 1.8.11 Release Notes + Wireshark 1.8.12 Release Notes __________________________________________________________ What is Wireshark? @@ -13,51 +13,32 @@ Bug Fixes The following vulnerabilities have been fixed. - * [1]wnpa-sec-2013-61 - The IEEE 802.15.4 dissector could crash. ([2]Bug 9139) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [3]CVE-2013-6336 - * [4]wnpa-sec-2013-62 - The NBAP dissector could crash. Discovered by Laurent - Butti. ([5]Bug 9168) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [6]CVE-2013-6337 - * [7]wnpa-sec-2013-63 - The SIP dissector could crash. ([8]Bug 9228) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [9]CVE-2013-6338 - * [10]wnpa-sec-2013-64 - The OpenWire dissector could go into a large loop. - Discovered by Murali. ([11]Bug 9248) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [12]CVE-2013-6339 - * [13]wnpa-sec-2013-65 - The TCP dissector could crash. ([14]Bug 9263) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [15]CVE-2013-6340 + * [1]wnpa-sec-2013-66 + The SIP dissector could go into an infinite loop. + Discovered by Alain Botti. ([2]Bug 9388) + Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + [3]CVE-2013-7112 + * [4]wnpa-sec-2013-68 + The NTLMSSP v2 dissector could crash. Discovered by Garming + Sam. ([5]Bug 9488) + Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + [6]CVE-2013-7114 The following bugs have been fixed: - * new_packet_list: EAP-TLS reassemble does not happen when - NEW_PACKET_LIST is toggled. ([16]Bug 5349) - * The value of SEND_TO_UE in the DIAMETER Gx dictionary for - Packet-Filter-Usage AVP is 0 instead of 1. ([17]Bug 9126) - * Bssgp => SGSN-INVOKE-TRACE use the wrong function... - ([18]Bug 9157) - * Files with pcap-ng Simple Packet Blocks can't be read. - ([19]Bug 9200) - * Wireshark lua dissector unable to load for - media_type=application/octet-stream. ([20]Bug 9296) - * Wireshark crash when dissecting packet with NTLMSSP. - ([21]Bug 9299) - * DCERPC data_blobs are not correctly dissected when NDR64 - encoding is used. ([22]Bug 9301) - * multiple PDU in the same DCERPC packet are not correctly - decrypted. ([23]Bug 9302) - * The tshark summary line doesn't display the frame number or - displays it sporadically. ([24]Bug 9317) - * Fix dissection of PTP Management messages. ([25]Bug 9262) - * Duplicate IRC header field abbreviation breaks filter - (example: irc.response.command). ([26]Bug 9360) + * "On-the-wire" packet lengths are limited to 65535 bytes. + ([7]Bug 8808, ws-buglink:9390) + * Crash when selecting "Decode As" based on SCTP PPID. + ([8]Bug 8976) + * Wireshark fails to decode single-line, multiple Contact: + URIs in SIP responses. ([9]Bug 9031) + * gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus + result. ([10]Bug 9382) + * DTLS: fix buffer overflow in mac check. ([11]Bug 9512) + * Correct data length in SCSI_DATA_IN packets (within iSCSI). + ([12]Bug 9521) + * Fix "decode as ..." for packet-time.c. ([13]Bug 9563) + * GSM SMS UDH EMS control expects 4 octets instead of 3 with + OPTIONAL 4th. ([14]Bug 9550) New and Updated Features @@ -69,24 +50,24 @@ Updated Protocol Support - BSSGP, DCERPC, DCERPC NT, DIAMETER, Ethernet, EtherNet/IP, IEEE - 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, SIP, and WiMax + DTLS, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, iSCSI, SCTP, SIP, and + Time New and Updated Capture File Support - and . + and Pcap-ng. Getting Wireshark Wireshark source code and installation packages are available - from [27]http://www.wireshark.org/download.html. + from [15]http://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list - of third-party packages can be found on the [28]download page + of third-party packages can be found on the [16]download page on the Wireshark web site. __________________________________________________________ @@ -100,93 +81,81 @@ Known Problems - Dumpcap might not quit if Wireshark or TShark crashes. ([29]Bug + Dumpcap might not quit if Wireshark or TShark crashes. ([17]Bug 1419) - The BER dissector might infinitely loop. ([30]Bug 1516) + The BER dissector might infinitely loop. ([18]Bug 1516) Capture filters aren't applied when capturing from named pipes. - ([31]Bug 1814) + ([19]Bug 1814) Filtering tshark captures with display filters (-R) no longer - works. ([32]Bug 2234) + works. ([20]Bug 2234) The 64-bit Windows installer does not support Kerberos - decryption. ([33]Win64 development page) + decryption. ([21]Win64 development page) - Application crash when changing real-time option. ([34]Bug + Application crash when changing real-time option. ([22]Bug 4035) - Hex pane display issue after startup. ([35]Bug 4056) + Hex pane display issue after startup. ([23]Bug 4056) - Packet list rows are oversized. ([36]Bug 4357) + Packet list rows are oversized. ([24]Bug 4357) Summary pane selected frame highlighting not maintained. - ([37]Bug 4445) + ([25]Bug 4445) Wireshark and TShark will display incorrect delta times in some - cases. ([38]Bug 4985) + cases. ([26]Bug 4985) __________________________________________________________ Getting Help - Community support is available on [39]Wireshark's Q&A site and + Community support is available on [27]Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found - on [40]the web site. + on [28]the web site. Official Wireshark training and certification are available - from [41]Wireshark University. + from [29]Wireshark University. __________________________________________________________ Frequently Asked Questions - A complete FAQ is available on the [42]Wireshark web site. + A complete FAQ is available on the [30]Wireshark web site. __________________________________________________________ - Last updated 2013-11-01 09:29:10 PDT + Last updated 2013-12-17 09:10:38 PST References - 1. https://www.wireshark.org/security/wnpa-sec-2013-61.html - 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 - 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336 - 4. https://www.wireshark.org/security/wnpa-sec-2013-62.html - 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 - 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337 - 7. https://www.wireshark.org/security/wnpa-sec-2013-63.html - 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 - 9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338 - 10. https://www.wireshark.org/security/wnpa-sec-2013-64.html - 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248 - 12. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339 - 13. https://www.wireshark.org/security/wnpa-sec-2013-65.html - 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 - 15. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340 - 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5349 - 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9126 - 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9157 - 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200 - 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296 - 21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9299 - 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9301 - 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9302 - 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317 - 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9262 - 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9360 - 27. http://www.wireshark.org/download.html - 28. http://www.wireshark.org/download.html#thirdparty - 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 - 30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 - 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 - 32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 - 33. https://wiki.wireshark.org/Development/Win64 - 34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 - 35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056 - 36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357 - 37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445 - 38. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 - 39. http://ask.wireshark.org/ - 40. http://www.wireshark.org/lists/ - 41. http://www.wiresharktraining.com/ - 42. http://www.wireshark.org/faq.html + 1. https://www.wireshark.org/security/wnpa-sec-2013-66.html + 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388 + 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112 + 4. https://www.wireshark.org/security/wnpa-sec-2013-68.html + 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488 + 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114 + 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808 + 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8976 + 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9031 + 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9382 + 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9512 + 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9521 + 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9563 + 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9550 + 15. http://www.wireshark.org/download.html + 16. http://www.wireshark.org/download.html#thirdparty + 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 + 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 + 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 + 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 + 21. https://wiki.wireshark.org/Development/Win64 + 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 + 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056 + 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357 + 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445 + 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 + 27. http://ask.wireshark.org/ + 28. http://www.wireshark.org/lists/ + 29. http://www.wiresharktraining.com/ + 30. http://www.wireshark.org/faq.html

@@ -17,7 +17,7 @@ * Felix Fei <felix.fei [AT] utstar.com> * and Michael Lum <mlum [AT] telostech.com> * - * $Id: packet-gsm_map-template.c 49236 2013-05-10 21:44:09Z gerald $ + * $Id: packet-gsm_map-template.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1472,8 +1472,8 @@ case 47: /*reportSM-DeliveryStatus*/ offset=dissect_mc_message(tvb, offset, actx, tree, FALSE, dissect_gsm_map_ISDN_AddressString, hf_gsm_map_sm_storedMSISDN, - FALSE, NULL, -1, - FALSE , dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1);/*undefined*/ + FALSE, dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1, + FALSE, NULL, -1);/*undefined*/ break; case 48: /*noteSubscriberPresent*/

@@ -1,4 +1,4 @@ -# $Id: config.nmake 53008 2013-10-31 19:24:22Z gerald $ +# $Id: config.nmake 53032 2013-11-01 20:53:05Z gerald $ # Some more information about the settings in this file can be found in # the file README.windows and the Developer's Guide (available online). @@ -13,13 +13,13 @@ ##### Versions ##### # The SVN revision of our build. Updated by make-version.pl -SVN_REVISION=53023 +SVN_REVISION=54185 # The current Wireshark version. Recommended: Leave unchanged. # Updated by make-version.pl VERSION_MAJOR=1 VERSION_MINOR=8 -VERSION_MICRO=11 +VERSION_MICRO=12 VERSION_BUILD=$(SVN_REVISION) # Local build information. Recommended: Unique string for your

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for wireshark 1.8.11. +# Generated by GNU Autoconf 2.68 for wireshark 1.8.12. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -567,8 +567,8 @@ # Identity of this package. PACKAGE_NAME='wireshark' PACKAGE_TARNAME='wireshark' -PACKAGE_VERSION='1.8.11' -PACKAGE_STRING='wireshark 1.8.11' +PACKAGE_VERSION='1.8.12' +PACKAGE_STRING='wireshark 1.8.12' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1522,7 +1522,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures wireshark 1.8.11 to adapt to many kinds of systems. +\`configure' configures wireshark 1.8.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1593,7 +1593,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of wireshark 1.8.11:";; + short | recursive ) echo "Configuration of wireshark 1.8.12:";; esac cat <<\_ACEOF @@ -1792,7 +1792,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -wireshark configure 1.8.11 +wireshark configure 1.8.12 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2332,7 +2332,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by wireshark $as_me 1.8.11, which was +It was created by wireshark $as_me 1.8.12, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3260,7 +3260,7 @@ # Define the identity of the package. PACKAGE='wireshark' - VERSION='1.8.11' + VERSION='1.8.12' cat >>confdefs.h <<_ACEOF @@ -29473,7 +29473,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by wireshark $as_me 1.8.11, which was +This file was extended by wireshark $as_me 1.8.12, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -29539,7 +29539,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -wireshark config.status 1.8.11 +wireshark config.status 1.8.12 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"

@@ -1,8 +1,8 @@ -# $Id: configure.in 53008 2013-10-31 19:24:22Z gerald $ +# $Id: configure.in 53032 2013-11-01 20:53:05Z gerald $ # AC_PREREQ(2.60) -AC_INIT(wireshark, 1.8.11) +AC_INIT(wireshark, 1.8.12) dnl Check for CPU / vendor / OS dnl The user is encouraged to use either `AC_CANONICAL_BUILD', or

@@ -1,4 +1,4 @@ -wireshark (1.8.11) unstable; urgency=low +wireshark (1.8.12) unstable; urgency=low * Self-made package

@@ -7,9 +7,9 @@ /usr/bin/rawshark /usr/bin/text2pcap /usr/lib/wireshark/libwireshark.so.2 -/usr/lib/wireshark/libwireshark.so.2.0.11 +/usr/lib/wireshark/libwireshark.so.2.0.12 /usr/lib/wireshark/libwiretap.so.2 -/usr/lib/wireshark/libwiretap.so.2.1.11 +/usr/lib/wireshark/libwiretap.so.2.1.12 /usr/lib/wireshark/libwsutil.so.2 /usr/lib/wireshark/libwsutil.so.2.0.0 /usr/lib/wireshark/plugins/*

@@ -1,10 +1,10 @@ # AsciiDoc configuration for Wireshark -# $Id: asciidoc.conf 53007 2013-10-31 19:22:04Z gerald $ +# $Id: asciidoc.conf 53032 2013-11-01 20:53:05Z gerald $ [replacements] # Yes, this is a fake macro. -wireshark-version:\[\]=1.8.11 +wireshark-version:\[\]=1.8.12 [macros]

@@ -1,5 +1,5 @@ = Wireshark wireshark-version:[] Release Notes -// $Id: release-notes.asciidoc 53021 2013-11-01 16:29:10Z gerald $ +// $Id: release-notes.asciidoc 54185 2013-12-17 17:22:52Z gerald $ == What is Wireshark? @@ -17,66 +17,28 @@ //* ws-salink:2013-11[] //* cve-idlink:2013-2486[] -* ws-salink:2013-61[] +* ws-salink:2013-66[] + -The IEEE 802.15.4 dissector could crash. -// Fixed in trunk: r52036 -// Fixed in trunk-1.10: r52954 -// Fixed in trunk-1.8: r52956 -(ws-buglink:9139[]) +The SIP dissector could go into an infinite loop. Discovered by Alain Botti. +// Fixed in trunk-1.10: r53195 +// Fixed in trunk-1.8: r53197 +(ws-buglink:9388[]) + -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 +Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + -cve-idlink:2013-6336[] +cve-idlink:2013-7112[] -* ws-salink:2013-62[] +* ws-salink:2013-68[] + -The NBAP dissector could crash. Discovered by Laurent Butti. -// Fixed in trunk: r52154 -// Fixed in trunk-1.10: r52957 -// Fixed in trunk-1.8: r52958 -(ws-buglink:9168[]) +The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. +// Fixed in trunk: r53626 +// Fixed in trunk-1.10: r54072 +// Fixed in trunk-1.8: r54146 +(ws-buglink:9488[]) + -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 +Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + -cve-idlink:2013-6337[] - -* ws-salink:2013-63[] -+ -The SIP dissector could crash. -// Fixed in trunk: r52354 -// Fixed in trunk-1.10: r52959 -// Fixed in trunk-1.8: r52960 -(ws-buglink:9228[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6338[] - -* ws-salink:2013-64[] -+ -The OpenWire dissector could go into a large loop. Discovered by Murali. -// Fixed in trunk: r52457, r52458, r52463 -// Fixed in trunk-1.10: r52490 -// Fixed in trunk-1.8: r52490 -(ws-buglink:9248[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6339[] - -* ws-salink:2013-65[] -+ -The TCP dissector could crash. -// Fixed in trunk: r52570 -// Fixed in trunk-1.10: r52961 -// Fixed in trunk-1.8: r52962 -(ws-buglink:9263[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6340[] - +cve-idlink:2013-7114[] The following bugs have been fixed: @@ -84,28 +46,21 @@ //flame job to the hood and fenders using gray, red, and black primer. //(ws-buglink:0000[]) -* new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (ws-buglink:5349[]) - -* The value of 'SEND_TO_UE' in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (ws-buglink:9126[]) - -* Bssgp => SGSN-INVOKE-TRACE use the wrong function... (ws-buglink:9157[]) - -* Files with pcap-ng Simple Packet Blocks can't be read. -(ws-buglink:9200[]) +* "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390) -* Wireshark lua dissector unable to load for media_type=application/octet-stream. (ws-buglink:9296[]) +* Crash when selecting "Decode As" based on SCTP PPID. (ws-buglink:8976[]) -* Wireshark crash when dissecting packet with NTLMSSP. (ws-buglink:9299[]) +* Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (ws-buglink:9031[]) -* DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (ws-buglink:9301[]) +* gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus result. (ws-buglink:9382[]) -* multiple PDU in the same DCERPC packet are not correctly decrypted. (ws-buglink:9302[]) +* DTLS: fix buffer overflow in mac check. (ws-buglink:9512[]) -* The tshark summary line doesn't display the frame number or displays it sporadically. (ws-buglink:9317[]) +* Correct data length in SCSI_DATA_IN packets (within iSCSI). (ws-buglink:9521[]) -* Fix dissection of PTP Management messages. (ws-buglink:9262[]) +* Fix "decode as ..." for packet-time.c. (ws-buglink:9563[]) -* Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (ws-buglink:9360[]) +* GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (ws-buglink:9550[]) === New and Updated Features @@ -119,19 +74,15 @@ --sort-and-group-- -BSSGP -DCERPC -DCERPC NT -DIAMETER -Ethernet -EtherNet/IP -IEEE 802.15.4 -IRC -NBAP -NTLMSSP -OpenWire +DTLS +DVB-BAT +DVB-CI +GSM MAP +GSM SMS +iSCSI +SCTP SIP -WiMax +Time --sort-and-group-- @@ -139,7 +90,7 @@ --sort-and-group-- -. +Pcap-ng. --sort-and-group--

@@ -3,7 +3,7 @@ # (EPAN is a historical name; it stands for Ethereal Protocol ANalyzer # Library) # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -56,7 +56,7 @@ noinst_LTLIBRARIES = libwireshark_generated.la libwireshark_asmopt.la lib_LTLIBRARIES = libwireshark.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwireshark_la_LDFLAGS = -version-info 2:11:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ +libwireshark_la_LDFLAGS = -version-info 2:12:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ include Makefile.common

@@ -20,7 +20,7 @@ # (EPAN is a historical name; it stands for Ethereal Protocol ANalyzer # Library) # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -573,7 +573,7 @@ noinst_LTLIBRARIES = libwireshark_generated.la libwireshark_asmopt.la lib_LTLIBRARIES = libwireshark.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwireshark_la_LDFLAGS = -version-info 2:11:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ +libwireshark_la_LDFLAGS = -version-info 2:12:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ LIBWIRESHARK_SRC = \ addr_and_mask.c \ addr_resolv.c \

@@ -2,7 +2,7 @@ * Routines for DVB (ETSI EN 300 468) Bouquet Association Table (BAT) dissection * Copyright 2012, Guy Martin <gmsoft@tuxicoman.be> * - * $Id: packet-dvb-bat.c 41836 2012-03-30 01:17:46Z morriss $ + * $Id: packet-dvb-bat.c 54151 2013-12-16 19:39:48Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -183,7 +183,7 @@ static hf_register_info hf[] = { { &hf_dvb_bat_bouquet_id, { - "Service ID", "dvb_bat.sid", + "Bouquet ID", "dvb_bat.bouquet_id", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },

@@ -2,7 +2,7 @@ * Routines for DVB-CI (Common Interface) dissection * Copyright 2011-2012, Martin Kaiser <martin@kaiser.cx> * - * $Id: packet-dvbci.c 50476 2013-07-09 21:07:16Z martink $ + * $Id: packet-dvbci.c 54155 2013-12-16 20:29:10Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1526,7 +1526,7 @@ if (!title) return -1; - if (item_len==0 || cap_loop_len%item_len != 0) + if (item_len==0) return -1; if (tree && cap_loop_len>0) { @@ -3489,6 +3489,7 @@ cap_loop_len = tvb_get_guint8(tvb, offset); proto_tree_add_text(tree, tvb, offset, 1, "Application capabilities loop length: %d", cap_loop_len); + offset++; dissect_opp_cap_loop(cap_loop_len, "Application capabilities loop", hf_dvbci_app_cap_bytes, 2,

@@ -25,7 +25,7 @@ * Felix Fei <felix.fei [AT] utstar.com> * and Michael Lum <mlum [AT] telostech.com> * - * $Id: packet-gsm_map.c 49236 2013-05-10 21:44:09Z gerald $ + * $Id: packet-gsm_map.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -18894,8 +18894,8 @@ case 47: /*reportSM-DeliveryStatus*/ offset=dissect_mc_message(tvb, offset, actx, tree, FALSE, dissect_gsm_map_ISDN_AddressString, hf_gsm_map_sm_storedMSISDN, - FALSE, NULL, -1, - FALSE , dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1);/*undefined*/ + FALSE, dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1, + FALSE, NULL, -1);/*undefined*/ break; case 48: /*noteSubscriberPresent*/

@@ -14,7 +14,7 @@ * Header field support for TPDU Parameters added by * Abhik Sarkar. * - * $Id: packet-gsm_sms.c 49823 2013-06-06 21:34:16Z gerald $ + * $Id: packet-gsm_sms.c 54168 2013-12-17 09:59:30Z pascal $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -2091,7 +2091,7 @@ proto_tree *subtree_colour = NULL; - EXACT_DATA_CHECK(length, 4); + SHORT_DATA_CHECK(length, 3); oct = tvb_get_guint8(tvb, offset); proto_tree_add_text(tree, tvb, offset, 1, @@ -2176,23 +2176,28 @@ oct & 0x80 , str); offset++; - oct = tvb_get_guint8(tvb, offset); - item_colour = proto_tree_add_text(tree, tvb, offset, 1, "Text Colour"); - subtree_colour = proto_item_add_subtree(item_colour, ett_udh_tfc); + if (length > 3) + { + oct = tvb_get_guint8(tvb, offset); + item_colour = proto_tree_add_text(tree, tvb, offset, 1, "Text Colour"); + subtree_colour = proto_item_add_subtree(item_colour, ett_udh_tfc); - str = val_to_str(oct & 0x0f, text_color_values, "Unknown"); - proto_tree_add_text(subtree_colour, tvb, offset, 1, - "Foreground Colour : 0x%x %s", - oct & 0x0f , str); - str = val_to_str((oct >> 4) & 0x0f, text_color_values, "Unknown"); - proto_tree_add_text(subtree_colour, - tvb, offset, 1, - "Background Colour : 0x%x %s", - (oct >> 4) & 0x0f , str); + str = val_to_str(oct & 0x0f, text_color_values, "Unknown"); + proto_tree_add_text(subtree_colour, tvb, offset, 1, + "Foreground Colour : 0x%x %s", + oct & 0x0f , str); + + str = val_to_str((oct >> 4) & 0x0f, text_color_values, "Unknown"); + proto_tree_add_text(subtree_colour, + tvb, offset, 1, + "Background Colour : 0x%x %s", + (oct >> 4) & 0x0f , str); + /*offset++;*/ + } } /* 9.2.3.24.10.1.2 */ @@ -3723,7 +3728,7 @@ }; /* Setup protocol subtree array */ -#define NUM_INDIVIDUAL_PARMS 12 +#define NUM_INDIVIDUAL_PARMS 14 gint *ett[NUM_INDIVIDUAL_PARMS/*+NUM_MSGS*/+NUM_UDH_IEIS+2]; ett[0] = &ett_gsm_sms; @@ -3738,6 +3743,8 @@ ett[9] = &ett_dcs; ett[10] = &ett_ud; ett[11] = &ett_udh; + ett[12] = &ett_udh_tfm; + ett[13] = &ett_udh_tfc; last_offset = NUM_INDIVIDUAL_PARMS;

@@ -11,7 +11,7 @@ * Copyright 2001, Eurologic and Mark Burton <markb@ordern.com> * 2004 Request/Response matching and Service Response Time: ronnie sahlberg * - * $Id: packet-iscsi.c 45549 2012-10-14 22:55:51Z guy $ + * $Id: packet-iscsi.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1321,6 +1321,7 @@ proto_tree_add_item(ti, hf_iscsi_TotalAHSLength, tvb, offset + 4, 1, ENC_BIG_ENDIAN); } proto_tree_add_uint(ti, hf_iscsi_DataSegmentLength, tvb, offset + 5, 3, tvb_get_ntoh24(tvb, offset + 5)); + cdata->itlq.data_length=tvb_get_ntoh24(tvb, offset + 5); if(iscsi_protocol_version > ISCSI_PROTOCOL_DRAFT09) { proto_tree_add_item(ti, hf_iscsi_LUN, tvb, offset + 8, 8, ENC_NA); }

@@ -3,7 +3,7 @@ * Copyright 2010, Alexis La Goutte <alexis.lagoutte at gmail dot com> * BSON dissection added 2011, Thomas Buchanan <tom at thomasbuchanan dot com> * - * $Id: packet-mongo.c 45484 2012-10-11 20:45:24Z wmeier $ + * $Id: packet-mongo.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -433,11 +433,8 @@ static int dissect_mongo_msg(tvbuff_t *tvb, guint offset, proto_tree *tree) { - - proto_item *ti; - - ti = proto_tree_add_item(tree, hf_mongo_message, tvb, offset, -1, ENC_ASCII|ENC_NA); - offset += proto_item_get_len(ti); + proto_tree_add_item(tree, hf_mongo_message, tvb, offset, -1, ENC_ASCII|ENC_NA); + offset += tvb_strsize(tvb, offset); return offset; }

@@ -5,7 +5,7 @@ * Devin Heitmueller <dheitmueller@netilla.com> * Copyright 2003, Tim Potter <tpot@samba.org> * - * $Id: packet-ntlmssp.c 53019 2013-11-01 16:17:18Z gerald $ + * $Id: packet-ntlmssp.c 54146 2013-12-16 16:54:46Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -528,9 +528,13 @@ guint8 *sessionkey ,const guint8 *encryptedsessionkey , int flags , const ntlmssp_blob *ntlm_response, const ntlmssp_blob *lm_response _U_, ntlmssp_header_t *ntlmssph ) { - char domain_name_unicode[256]; - char user_uppercase[256]; - char buf[512]; +/* static const would be nicer, but -Werror=vla does not like it */ +#define DOMAIN_NAME_BUF_SIZE 512 +#define USER_BUF_SIZE 256 +#define BUF_SIZE (DOMAIN_NAME_BUF_SIZE + USER_BUF_SIZE) + char domain_name_unicode[DOMAIN_NAME_BUF_SIZE]; + char user_uppercase[USER_BUF_SIZE]; + char buf[BUF_SIZE]; /*guint8 md4[NTLMSSP_KEY_LEN];*/ unsigned char nt_password_hash[NTLMSSP_KEY_LEN]; unsigned char nt_proof[NTLMSSP_KEY_LEN]; @@ -555,10 +559,10 @@ nb_pass = get_md4pass_list(&pass_list,nt_password); #endif i=0; - memset(user_uppercase,0,256); + memset(user_uppercase, 0, USER_BUF_SIZE); user_len = strlen(ntlmssph->acct_name); - if( user_len < 129 ) { - memset(buf,0,512); + if (user_len < USER_BUF_SIZE / 2) { + memset(buf, 0, BUF_SIZE); str_to_unicode(ntlmssph->acct_name,buf); for (j = 0; j < (2*user_len); j++) { if( buf[j] != '\0' ) { @@ -571,7 +575,7 @@ return; } domain_len = strlen(ntlmssph->domain_name); - if( domain_len < 129 ) { + if (domain_len < DOMAIN_NAME_BUF_SIZE / 2) { str_to_unicode(ntlmssph->domain_name,domain_name_unicode); } else { @@ -586,14 +590,14 @@ printnbyte(nt_password_hash,NTLMSSP_KEY_LEN,"Current NT password hash: ","\n"); i++; /* ntowf computation */ - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,user_uppercase,user_len*2); memcpy(buf+user_len*2,domain_name_unicode,domain_len*2); md5_hmac(buf,domain_len*2+user_len*2,nt_password_hash,NTLMSSP_KEY_LEN,ntowf); printnbyte(ntowf,NTLMSSP_KEY_LEN,"NTOWF: ","\n"); /* LM response */ - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,serverchallenge,8); memcpy(buf+8,clientchallenge,8); md5_hmac(buf,NTLMSSP_KEY_LEN,ntowf,NTLMSSP_KEY_LEN,lm_challenge_response); @@ -601,9 +605,9 @@ printnbyte(lm_challenge_response,24,"LM Response: ","\n"); /* NT proof = First NTLMSSP_KEY_LEN bytes of NT response */ - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,serverchallenge,8); - memcpy(buf+8,ntlm_response->contents+NTLMSSP_KEY_LEN,ntlm_response->length-NTLMSSP_KEY_LEN); + memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, MIN(BUF_SIZE - 8, ntlm_response->length-NTLMSSP_KEY_LEN)); md5_hmac(buf,ntlm_response->length-8,ntowf,NTLMSSP_KEY_LEN,nt_proof); printnbyte(nt_proof,NTLMSSP_KEY_LEN,"NT proof: ","\n"); if( !memcmp(nt_proof,ntlm_response->contents,NTLMSSP_KEY_LEN) ) {

@@ -10,7 +10,7 @@ * Copyright 2004, Anders Broman <anders.broman@ericsson.com> * Copyright 2011, Anders Broman <anders.broman@ericsson.com>, Johan Wahl <johan.wahl@ericsson.com> * - * $Id: packet-sip.c 52960 2013-10-29 18:59:51Z gerald $ + * $Id: packet-sip.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1524,13 +1524,14 @@ queried_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, '"'); if(queried_offset==-1){ /* We have an opening quote but no closing quote. */ - queried_offset = line_end_offset; - } - current_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, ';'); + current_offset = line_end_offset; + } else { + current_offset = tvb_pbrk_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, ",;", &c); if(current_offset==-1){ /* Last parameter, line end */ current_offset = line_end_offset; } + } }else{ current_offset = queried_offset; } @@ -2108,6 +2109,10 @@ */ orig_offset = offset; linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); + if(linelen==0){ + return -2; + } + if (tvb_strnlen(tvb, offset, linelen) > -1) { /*

@@ -2,7 +2,7 @@ * ssl manipulation functions * By Paolo Abeni <paolo.abeni@email.com> * - * $Id: packet-ssl-utils.c 49267 2013-05-13 17:40:49Z gerald $ + * $Id: packet-ssl-utils.c 54152 2013-12-16 20:13:40Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1077,6 +1077,8 @@ { 0, NULL } }; +#define DIGEST_MAX_SIZE 48 + /* we keep this internal to packet-ssl-utils, as there should be no need to access it any other way. @@ -1337,6 +1339,7 @@ algo = gcry_md_get_algo (*(md)); len = gcry_md_get_algo_dlen(algo); + DISSECTOR_ASSERT(len <= *datalen); memcpy(data, gcry_md_read(*(md), algo), len); *datalen = len; } @@ -1819,7 +1822,7 @@ guint left; gint tocpy; guint8 *A; - guint8 _A[48],tmp[48]; + guint8 _A[DIGEST_MAX_SIZE],tmp[DIGEST_MAX_SIZE]; guint A_l,tmp_l; SSL_HMAC hm; ptr = out->data; @@ -1834,6 +1837,7 @@ while(left){ ssl_hmac_init(&hm,secret->data,secret->data_len,md); ssl_hmac_update(&hm,A,A_l); + A_l = sizeof(_A); ssl_hmac_final(&hm,_A,&A_l); ssl_hmac_cleanup(&hm); A=_A; @@ -1841,6 +1845,7 @@ ssl_hmac_init(&hm,secret->data,secret->data_len,md); ssl_hmac_update(&hm,A,A_l); ssl_hmac_update(&hm,seed->data,seed->data_len); + tmp_l = sizeof(tmp); ssl_hmac_final(&hm,tmp,&tmp_l); ssl_hmac_cleanup(&hm); @@ -2450,7 +2455,7 @@ SSL_HMAC hm; gint md; guint32 len; - guint8 buf[48]; + guint8 buf[DIGEST_MAX_SIZE]; gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); @@ -2484,6 +2489,7 @@ ssl_hmac_update(&hm,data,datalen); /* get digest and digest len*/ + len = sizeof(buf); ssl_hmac_final(&hm,buf,&len); ssl_hmac_cleanup(&hm); ssl_print_data("Mac", buf, len); @@ -2564,7 +2570,7 @@ SSL_HMAC hm; gint md; guint32 len; - guint8 buf[20]; + guint8 buf[DIGEST_MAX_SIZE]; gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); @@ -2595,6 +2601,7 @@ ssl_hmac_update(&hm,buf,2); ssl_hmac_update(&hm,data,datalen); /* get digest and digest len */ + len = sizeof(buf); ssl_hmac_final(&hm,buf,&len); ssl_hmac_cleanup(&hm); ssl_print_data("Mac", buf, len);

@@ -3,7 +3,7 @@ * * Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-time.c 39503 2011-10-21 02:10:19Z wmeier $ + * $Id: packet-time.c 54151 2013-12-16 19:39:48Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -68,8 +68,8 @@ time_tree = proto_item_add_subtree(ti, ett_time); proto_tree_add_text(time_tree, tvb, 0, 0, - pinfo->srcport==TIME_PORT ? "Type: Response":"Type: Request"); - if (pinfo->srcport == TIME_PORT) { + pinfo->srcport==pinfo->match_uint ? "Type: Response":"Type: Request"); + if (pinfo->srcport == pinfo->match_uint) { /* seconds since 1900-01-01 00:00:00 GMT, *not* 1970 */ guint32 delta_seconds = tvb_get_ntohl(tvb, 0); proto_tree_add_uint_format(time_tree, hf_time_time, tvb, 0, 4,

@@ -14,8 +14,8 @@ 1.6 How much does Wireshark cost? - 1.7 But I just paid someone on eBay for a copy of Wireshark! - Did I get ripped off? + 1.7 But I just paid someone on eBay for a copy of Wireshark! Did I + get ripped off? 1.8 Can I use Wireshark commercially? @@ -25,23 +25,21 @@ 1.11 Are there any plans to support {your favorite protocol}? - 1.12 Can Wireshark read capture files from {your favorite - network analyzer}? + 1.12 Can Wireshark read capture files from {your favorite network + analyzer}? 1.13 What devices can Wireshark use to capture packets? - 1.14 Does Wireshark work on Windows Vista or Windows Server - 2008? + 1.14 Does Wireshark work on Windows Vista or Windows Server 2008? 2. Downloading Wireshark: - 2.1 Why do I get an error when I try to run the Win32 - installer? + 2.1 Why do I get an error when I try to run the Win32 installer? 3. Installing Wireshark: - 3.1 I installed the Wireshark RPM (or other package); why did - it install TShark but not Wireshark? + 3.1 I installed the Wireshark RPM (or other package); why did it + install TShark but not Wireshark? 4. Building Wireshark: @@ -50,8 +48,8 @@ 4.2 Why do I get the error - dftest_DEPENDENCIES was already defined in condition TRUE, - which implies condition HAVE_PLUGINS_TRUE + dftest_DEPENDENCIES was already defined in condition TRUE, which + implies condition HAVE_PLUGINS_TRUE when I try to build Wireshark from SVN or a SVN snapshot? @@ -62,33 +60,32 @@ 4.4 When I try to build Wireshark on Solaris, why does the link fail complaining that plugin_list is undefined? - 4.5 When I try to build Wireshark on Windows, why does the - build fail because of conflicts between winsock.h and - winsock2.h? + 4.5 When I try to build Wireshark on Windows, why does the build + fail because of conflicts between winsock.h and winsock2.h? 5. Starting Wireshark: - 5.1 Why does Wireshark crash with a Bus Error when I try to run - it on Solaris 8? + 5.1 Why does Wireshark crash with a Bus Error when I try to run it + on Solaris 8? - 5.2 When I run Wireshark on Windows NT, why does it die with a - Dr. Watson error, reporting an "Integer division by zero" - exception, when I start it? + 5.2 When I run Wireshark on Windows NT, why does it die with a Dr. + Watson error, reporting an "Integer division by zero" exception, + when I start it? 5.3 When I try to run Wireshark, why does it complain about sprint_realloc_objid being undefined? - 5.4 I've installed Wireshark from Fink on Mac OS X; why is it - very slow to start up? + 5.4 I've installed Wireshark from Fink on Mac OS X; why is it very + slow to start up? 6. Crashes and other fatal errors: - 6.1 I have an XXX network card on my machine; if I try to - capture on it, why does my machine crash or reset itself? + 6.1 I have an XXX network card on my machine; if I try to capture + on it, why does my machine crash or reset itself? 6.2 Why does my machine crash or reset itself when I select - "Start" from the "Capture" menu or select "Preferences" from - the "Edit" menu? + "Start" from the "Capture" menu or select "Preferences" from the + "Edit" menu? 7. Capturing packets: @@ -96,15 +93,14 @@ packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor? - 7.2 When I capture with Wireshark, why can't I see any TCP - packets other than packets to and from my machine, even though - another analyzer on the network sees those packets? + 7.2 When I capture with Wireshark, why can't I see any TCP packets + other than packets to and from my machine, even though another + analyzer on the network sees those packets? 7.3 Why am I only seeing ARP packets when I try to capture traffic? - 7.4 Why am I not seeing any traffic when I try to capture - traffic? + 7.4 Why am I not seeing any traffic when I try to capture traffic? 7.5 Can Wireshark capture on (my T1/E1 line, SS7 links, etc.)? @@ -113,42 +109,41 @@ 7.7 I can set a display filter just fine; why don't capture filters work? - 7.8 I'm entering valid capture filters; why do I still get - "parse error" errors? + 7.8 I'm entering valid capture filters; why do I still get "parse + error" errors? 7.9 How can I capture packets with CRC errors? 7.10 How can I capture entire frames, including the FCS? - 7.11 I'm capturing packets on a machine on a VLAN; why don't - the packets I'm capturing have VLAN tags? + 7.11 I'm capturing packets on a machine on a VLAN; why don't the + packets I'm capturing have VLAN tags? 7.12 Why does Wireshark hang after I stop a capture? 8. Capturing packets on Windows: 8.1 I'm running Wireshark on Windows; why does some network - interface on my machine not show up in the list of interfaces - in the "Interface:" field in the dialog box popped up by - "Capture->Start", and/or why does Wireshark give me an error if - I try to capture on that interface? + interface on my machine not show up in the list of interfaces in + the "Interface:" field in the dialog box popped up by + "Capture->Start", and/or why does Wireshark give me an error if I + try to capture on that interface? - 8.2 I'm running Wireshark on Windows; why do no network - interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + 8.2 I'm running Wireshark on Windows; why do no network interfaces + show up in the list of interfaces in the "Interface:" field in the + dialog box popped up by "Capture->Start"? 8.3 I'm running Wireshark on Windows; why doesn't my serial port/ADSL modem/ISDN modem show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? - 8.4 I'm running Wireshark on Windows NT 4.0/Windows - 2000/Windows XP/Windows Server 2003; my machine has a PPP - (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can - no packets be sent on or received from that network while I'm - trying to capture traffic on that interface? + 8.4 I'm running Wireshark on Windows NT 4.0/Windows 2000/Windows + XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN, + etc.) interface, and it shows up in the "Interface" item in the + "Capture Options" dialog box. Why can no packets be sent on or + received from that network while I'm trying to capture traffic on + that interface? 8.5 I'm running Wireshark on Windows; why am I not seeing any traffic being sent by the machine running Wireshark? @@ -156,11 +151,11 @@ 8.6 When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike - packets to or from my machine. What should I do to arrange that - I see those packets in their entirety? + packets to or from my machine. What should I do to arrange that I + see those packets in their entirety? - 8.7 I'm trying to capture 802.11 traffic on Windows; why am I - not seeing any packets? + 8.7 I'm trying to capture 802.11 traffic on Windows; why am I not + seeing any packets? 8.8 I'm trying to capture 802.11 traffic on Windows; why am I seeing packets received by the machine on which I'm capturing @@ -176,14 +171,13 @@ 9.1 I'm running Wireshark on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of - interfaces in the "Interface:" field in the dialog box popped - up by "Capture->Start", and/or why does Wireshark give me an - error if I try to capture on that interface? + interfaces in the "Interface:" field in the dialog box popped up + by "Capture->Start", and/or why does Wireshark give me an error if + I try to capture on that interface? - 9.2 I'm running Wireshark on a UNIX-flavored OS; why do no - network interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + 9.2 I'm running Wireshark on a UNIX-flavored OS; why do no network + interfaces show up in the list of interfaces in the "Interface:" + field in the dialog box popped up by "Capture->Start"? 9.3 I'm capturing packets on Linux; why do the time stamps have only 100ms resolution, rather than 1us resolution? @@ -197,8 +191,7 @@ 11. Viewing traffic: - 11.1 Why am I seeing lots of packets with incorrect TCP - checksums? + 11.1 Why am I seeing lots of packets with incorrect TCP checksums? 11.2 I've just installed Wireshark, and the traffic on my local LAN is boring. Where can I find more interesting captures? @@ -212,8 +205,7 @@ 12. Filtering traffic: 12.1 I saved a filter and tried to use its name to filter the - display; why do I get an "Unexpected end of filter string" - error? + display; why do I get an "Unexpected end of filter string" error? 12.2 How can I search for, or filter, packets that have a particular string anywhere in them? @@ -224,45 +216,42 @@ Q 1.1: What is Wireshark? - A: Wireshark® is a network protocol analyzer. It lets you - capture and interactively browse the traffic running on a - computer network. It has a rich and powerful feature set and is - world's most popular tool of its kind. It runs on most - computing platforms including Windows, OS X, Linux, and UNIX. - Network professionals, security experts, developers, and - educators around the world use it regularly. It is freely - available as open source, and is released under the GNU General - Public License version 2. + A: Wireshark® is a network protocol analyzer. It lets you capture + and interactively browse the traffic running on a computer + network. It has a rich and powerful feature set and is world's + most popular tool of its kind. It runs on most computing platforms + including Windows, OS X, Linux, and UNIX. Network professionals, + security experts, developers, and educators around the world use + it regularly. It is freely available as open source, and is + released under the GNU General Public License version 2. It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology. - Wireshark used to be known as Ethereal®. See the next question - for details about the name change. If you're still using - Ethereal, it is strongly recommended that you upgrade to - Wireshark. + Wireshark used to be known as Ethereal®. See the next question for + details about the name change. If you're still using Ethereal, it + is strongly recommended that you upgrade to Wireshark. For more information, please see the About Wireshark page. Q 1.2: What's up with the name change? Is Wireshark a fork? - A: In May of 2006, Gerald Combs (the original author of - Ethereal) went to work for CACE Technologies (best known for - WinPcap). Unfortunately, he had to leave the Ethereal - trademarks behind. - This left the project in an awkward position. The only - reasonable way to ensure the continued success of the project - was to change the name. This is how Wireshark was born. - Wireshark is almost (but not quite) a fork. Normally a "fork" - of an open source project results in two names, web sites, - development teams, support infrastructures, etc. This is the - case with Wireshark except for one notable exception -- every - member of the core development team is now working on - Wireshark. There has been no active development on Ethereal - since the name change. Several parts of the Ethereal web site - (such as the mailing lists, source code repository, and build - farm) have gone offline. + A: In May of 2006, Gerald Combs (the original author of Ethereal) + went to work for CACE Technologies (best known for WinPcap). + Unfortunately, he had to leave the Ethereal trademarks behind. + This left the project in an awkward position. The only reasonable + way to ensure the continued success of the project was to change + the name. This is how Wireshark was born. + Wireshark is almost (but not quite) a fork. Normally a "fork" of + an open source project results in two names, web sites, + development teams, support infrastructures, etc. This is the case + with Wireshark except for one notable exception -- every member of + the core development team is now working on Wireshark. There has + been no active development on Ethereal since the name change. + Several parts of the Ethereal web site (such as the mailing lists, + source code repository, and build farm) have gone offline. More information on the name change can be found here: - * - * - * Many other articles in + + * + * + * Many other articles in Q 1.3: Where can I get help? @@ -272,10 +261,9 @@ https://www.wireshark.org/mailman/listinfo. An IRC channel dedicated to Wireshark can be found at irc://irc.freenode.net/wireshark. - Self-paced and instructor-led training is available at - Wireshark University. Wireshark University also offers - certification via the Wireshark Certified Network Analyst - program. + Self-paced and instructor-led training is available at Wireshark + University. Wireshark University also offers certification via the + Wireshark Certified Network Analyst program. Q 1.4: What kind of shark is Wireshark? @@ -283,19 +271,18 @@ Q 1.5: How is Wireshark pronounced, spelled and capitalized? - A: Wireshark is pronounced as the word wire followed - immediately by the word shark. Exact pronunciation and emphasis - may vary depending on your locale (e.g. Arkansas). - It's spelled with a capital W, followed by a lower-case - ireshark. It is not a CamelCase word, i.e., WireShark is - incorrect. + A: Wireshark is pronounced as the word wire followed immediately + by the word shark. Exact pronunciation and emphasis may vary + depending on your locale (e.g. Arkansas). + It's spelled with a capital W, followed by a lower-case ireshark. + It is not a CamelCase word, i.e., WireShark is incorrect. Q 1.6: How much does Wireshark cost? A: Wireshark is "free software"; you can download it without paying any license fee. The version of Wireshark you download - isn't a "demo" version, with limitations not present in a - "full" version; it is the full version. + isn't a "demo" version, with limitations not present in a "full" + version; it is the full version. The license under which Wireshark is issued is the GNU General Public License version 2. See the GNU GPL FAQ for some more information. @@ -303,53 +290,49 @@ Q 1.7: But I just paid someone on eBay for a copy of Wireshark! Did I get ripped off? - A: That depends. Did they provide any sort of value-added - product or service, such as installation support, installation - media, training, trace file analysis, or funky-colored - shark-themed socks? Probably not. - Wireshark is available for anyone to download, absolutely free, - at any time. Paying for a copy implies that you should get - something for your money. + A: That depends. Did they provide any sort of value-added product + or service, such as installation support, installation media, + training, trace file analysis, or funky-colored shark-themed + socks? Probably not. + Wireshark is available for anyone to download, absolutely free, at + any time. Paying for a copy implies that you should get something + for your money. Q 1.8: Can I use Wireshark commercially? A: Yes, if, for example, you mean "I work for a commercial - organization; can I use Wireshark to capture and analyze - network traffic in our company's networks or in our customer's - networks?" + organization; can I use Wireshark to capture and analyze network + traffic in our company's networks or in our customer's networks?" If you mean "Can I use Wireshark as part of my commercial product?", see the next entry in the FAQ. Q 1.9: Can I use Wireshark as part of my commercial product? A: As noted, Wireshark is licensed under the GNU General Public - License. The GPL imposes conditions on your use of GPL'ed code - in your own products; you cannot, for example, make a "derived - work" from Wireshark, by making modifications to it, and then - sell the resulting derived work and not allow recipients to - give away the resulting work. You must also make the changes - you've made to the Wireshark source available to all recipients - of your modified version; those changes must also be licensed - under the terms of the GPL. See the GPL FAQ for more details; - in particular, note the answer to the question about modifying - a GPLed program and selling it commercially, and the question - about linking GPLed code with other code to make a proprietary - program. - You can combine a GPLed program such as Wireshark and a - commercial program as long as they communicate "at arm's - length", as per this item in the GPL FAQ. + License. The GPL imposes conditions on your use of GPL'ed code in + your own products; you cannot, for example, make a "derived work" + from Wireshark, by making modifications to it, and then sell the + resulting derived work and not allow recipients to give away the + resulting work. You must also make the changes you've made to the + Wireshark source available to all recipients of your modified + version; those changes must also be licensed under the terms of + the GPL. See the GPL FAQ for more details; in particular, note the + answer to the question about modifying a GPLed program and selling + it commercially, and the question about linking GPLed code with + other code to make a proprietary program. + You can combine a GPLed program such as Wireshark and a commercial + program as long as they communicate "at arm's length", as per this + item in the GPL FAQ. We recommend keeping Wireshark and your product completely - separate, communicating over sockets or pipes. If you're - loading any part of Wireshark as a DLL, you're probably doing - it wrong. + separate, communicating over sockets or pipes. If you're loading + any part of Wireshark as a DLL, you're probably doing it wrong. Q 1.10: What protocols are currently supported? - A: There are currently hundreds of supported protocols and - media. Details can be found in the wireshark(1) man page. + A: There are currently hundreds of supported protocols and media. + Details can be found in the wireshark(1) man page. - Q 1.11: Are there any plans to support {your favorite - protocol}? + Q 1.11: Are there any plans to support {your favorite protocol}? A: Support for particular protocols is added to Wireshark as a result of people contributing that support; no formal plans for @@ -367,78 +350,77 @@ supported by Wireshark (e.g., in libpcap format), Wireshark may already be able to read them, unless the analyzer has added its own proprietary extensions to that format. - If a network analyzer writes out files in its own format, or - has added proprietary extensions to another format, in order to - make Wireshark read captures from that network analyzer, we - would either have to have a specification for the file format, - or the extensions, sufficient to give us enough information to - read the parts of the file relevant to Wireshark, or would need - at least one capture file in that format AND a detailed textual - analysis of the packets in that capture file (showing packet - time stamps, packet lengths, and the top-level packet header) - in order to reverse-engineer the file format. + If a network analyzer writes out files in its own format, or has + added proprietary extensions to another format, in order to make + Wireshark read captures from that network analyzer, we would + either have to have a specification for the file format, or the + extensions, sufficient to give us enough information to read the + parts of the file relevant to Wireshark, or would need at least + one capture file in that format AND a detailed textual analysis of + the packets in that capture file (showing packet time stamps, + packet lengths, and the top-level packet header) in order to + reverse-engineer the file format. Note that there is no guarantee that we will be able to reverse-engineer a capture file format. Q 1.13: What devices can Wireshark use to capture packets? - A: Wireshark can read live data from Ethernet, Token-Ring, - FDDI, serial (PPP and SLIP) (if the OS on which it's running - allows Wireshark to do so), 802.11 wireless LAN (if the OS on - which it's running allows Wireshark to do so), ATM connections - (if the OS on which it's running allows Wireshark to do so), - and the "any" device supported on Linux by recent versions of - libpcap. + A: Wireshark can read live data from Ethernet, Token-Ring, FDDI, + serial (PPP and SLIP) (if the OS on which it's running allows + Wireshark to do so), 802.11 wireless LAN (if the OS on which it's + running allows Wireshark to do so), ATM connections (if the OS on + which it's running allows Wireshark to do so), and the "any" + device supported on Linux by recent versions of libpcap. See the list of supported capture media on various OSes for - details (several items in there say "Unknown", which doesn't - mean "Wireshark can't capture on them", it means "we don't know - whether it can capture on them"; we expect that it will be able - to capture on many of them, but we haven't tried it ourselves - - if you try one of those types and it works, please update the - wiki page accordingly. + details (several items in there say "Unknown", which doesn't mean + "Wireshark can't capture on them", it means "we don't know whether + it can capture on them"; we expect that it will be able to capture + on many of them, but we haven't tried it ourselves - if you try + one of those types and it works, please update the wiki page + accordingly. It can also read a variety of capture file formats, including: - * AG Group/WildPackets - EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet Grabber - captures - * AIX's iptrace captures - * Accellent's 5Views LAN agent output - * Cinco Networks NetXRay captures - * Cisco Secure Intrusion Detection System IPLog output - * CoSine L2 debug output - * DBS Etherwatch VMS text output - * Endace Measurement Systems' ERF format captures - * EyeSDN USB S0 traces - * HP-UX nettl captures - * ISDN4BSD project i4btrace captures - * Linux Bluez Bluetooth stack hcidump -w traces - * Lucent/Ascend router debug output - * Microsoft Network Monitor captures - * Network Associates Windows-based Sniffer captures - * Network General/Network Associates DOS-based Sniffer + + * AG Group/WildPackets + EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet Grabber captures + * AIX's iptrace captures + * Accellent's 5Views LAN agent output + * Cinco Networks NetXRay captures + * Cisco Secure Intrusion Detection System IPLog output + * CoSine L2 debug output + * DBS Etherwatch VMS text output + * Endace Measurement Systems' ERF format captures + * EyeSDN USB S0 traces + * HP-UX nettl captures + * ISDN4BSD project i4btrace captures + * Linux Bluez Bluetooth stack hcidump -w traces + * Lucent/Ascend router debug output + * Microsoft Network Monitor captures + * Network Associates Windows-based Sniffer captures + * Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures - * Network Instruments Observer version 9 captures - * Novell LANalyzer captures - * RADCOM's WAN/LAN analyzer captures - * Shomiti/Finisar Surveyor captures - * Toshiba's ISDN routers dump output - * VMS TCPIPtrace/TCPtrace/UCX$TRACE output - * Visual Networks' Visual UpTime traffic capture - * libpcap, tcpdump and various other tools using tcpdump's + * Network Instruments Observer version 9 captures + * Novell LANalyzer captures + * RADCOM's WAN/LAN analyzer captures + * Shomiti/Finisar Surveyor captures + * Toshiba's ISDN routers dump output + * VMS TCPIPtrace/TCPtrace/UCX$TRACE output + * Visual Networks' Visual UpTime traffic capture + * libpcap, tcpdump and various other tools using tcpdump's capture format - * snoop and atmsnoop output + * snoop and atmsnoop output - so that it can read traces from various network types, as - captured by other applications or equipment, even if it cannot - itself capture on those network types. + so that it can read traces from various network types, as captured + by other applications or equipment, even if it cannot itself + capture on those network types. Q 1.14: Does Wireshark work on Windows Vista or Windows Server 2008? - A: Yes, but if you want to capture packets as a normal user, - you must make sure npf.sys is loaded. Wireshark's installer - enables this by default. This is not a concern if you run - Wireshark as Administrator, but this is discouraged. See the - CapturePrivileges page on the wiki for more details. + A: Yes, but if you want to capture packets as a normal user, you + must make sure npf.sys is loaded. Wireshark's installer enables + this by default. This is not a concern if you run Wireshark as + Administrator, but this is discouraged. See the CapturePrivileges + page on the wiki for more details. 2. Downloading Wireshark @@ -446,14 +428,15 @@ installer? A: The program you used to download it may have downloaded it - incorrectly. Web browsers and download accelerators sometimes - may do this. + incorrectly. Web browsers and download accelerators sometimes may + do this. Try downloading it with, for example: - * Wget, for which Windows binaries are available from + + * Wget, for which Windows binaries are available from Christopher Lewis or wGetGUI, which offers a GUI interface that uses wget; - * WS_FTP from Ipswitch, - * the ftp command that comes with Windows. + * WS_FTP from Ipswitch, + * the ftp command that comes with Windows. If you use the ftp command, make sure you do the transfer in binary mode rather than ASCII mode, by using the binary command @@ -461,114 +444,110 @@ 3. Installing Wireshark - Q 3.1: I installed the Wireshark RPM (or other package); why - did it install TShark but not Wireshark? + Q 3.1: I installed the Wireshark RPM (or other package); why did + it install TShark but not Wireshark? A: Many distributions have separate Wireshark packages, one for - non-GUI components such as TShark, editcap, dumpcap, etc. and - one for the GUI. If this is the case on your system, there's - probably a separate package named wireshark-gnome or - wireshark-gtk+. Find it and install it. + non-GUI components such as TShark, editcap, dumpcap, etc. and one + for the GUI. If this is the case on your system, there's probably + a separate package named wireshark-gnome or wireshark-gtk+. Find + it and install it. 4. Building Wireshark - Q 4.1: I have libpcap installed; why did the configure script - not find pcap.h or bpf.h? + Q 4.1: I have libpcap installed; why did the configure script not + find pcap.h or bpf.h? A: Are you sure pcap.h and bpf.h are installed? The official - distribution of libpcap only installs the libpcap.a library - file when "make install" is run. To install pcap.h and bpf.h, - you must run "make install-incl". If you're running Debian or - Redhat, make sure you have the "libpcap-dev" or "libpcap-devel" - packages installed. - It's also possible that pcap.h and bpf.h have been installed in - a strange location. If this is the case, you may have to tweak + distribution of libpcap only installs the libpcap.a library file + when "make install" is run. To install pcap.h and bpf.h, you must + run "make install-incl". If you're running Debian or Redhat, make + sure you have the "libpcap-dev" or "libpcap-devel" packages + installed. + It's also possible that pcap.h and bpf.h have been installed in a + strange location. If this is the case, you may have to tweak aclocal.m4. Q 4.2: Why do I get the error - dftest_DEPENDENCIES was already defined in condition TRUE, - which implies condition HAVE_PLUGINS_TRUE + dftest_DEPENDENCIES was already defined in condition TRUE, which + implies condition HAVE_PLUGINS_TRUE when I try to build Wireshark from SVN or a SVN snapshot? - A: You probably have automake 1.5 installed on your machine - (the command automake --version will report the version of - automake on your machine). There is a bug in that version of - automake that causes this problem; upgrade to a later version - of automake (1.6 or later). - - Q 4.3: Why does the linker fail with a number of "Output line - too long." messages followed by linker errors when I try to - build Wireshark? - - A: The version of the sed command on your system is incapable - of handling very long lines. On Solaris, for example, - /usr/bin/sed has a line length limit too low to allow libtool - to work; /usr/xpg4/bin/sed can handle it, as can GNU sed if you - have it installed. + A: You probably have automake 1.5 installed on your machine (the + command automake --version will report the version of automake on + your machine). There is a bug in that version of automake that + causes this problem; upgrade to a later version of automake (1.6 + or later). + + Q 4.3: Why does the linker fail with a number of "Output line too + long." messages followed by linker errors when I try to build + Wireshark? + + A: The version of the sed command on your system is incapable of + handling very long lines. On Solaris, for example, /usr/bin/sed + has a line length limit too low to allow libtool to work; + /usr/xpg4/bin/sed can handle it, as can GNU sed if you have it + installed. On Solaris, changing your command search path to search - /usr/xpg4/bin before /usr/bin should make the problem go away; - on any platform on which you have this problem, installing GNU - sed and changing your command path to search the directory in - which it is installed before searching the directory with the - version of sed that came with the OS should make the problem go - away. - - Q 4.4: When I try to build Wireshark on Solaris, why does the - link fail complaining that plugin_list is undefined? - - A: This appears to be due to a problem with some versions of - the GTK+ and GLib packages from www.sunfreeware.org; un-install - those packages, and try getting the 1.2.10 versions from that - site, or the versions from The Written Word, or the versions - from Sun's GNOME distribution, or the versions from the - supplemental software CD that comes with the Solaris media kit, - or build them from source from the GTK Web site. Then re-run - the configuration script, and try rebuilding Wireshark. (If you - get the 1.2.10 versions from www.sunfreeware.org, and the - problem persists, un-install them and try installing one of the - other versions mentioned.) + /usr/xpg4/bin before /usr/bin should make the problem go away; on + any platform on which you have this problem, installing GNU sed + and changing your command path to search the directory in which it + is installed before searching the directory with the version of + sed that came with the OS should make the problem go away. + + Q 4.4: When I try to build Wireshark on Solaris, why does the link + fail complaining that plugin_list is undefined? + + A: This appears to be due to a problem with some versions of the + GTK+ and GLib packages from www.sunfreeware.org; un-install those + packages, and try getting the 1.2.10 versions from that site, or + the versions from The Written Word, or the versions from Sun's + GNOME distribution, or the versions from the supplemental software + CD that comes with the Solaris media kit, or build them from + source from the GTK Web site. Then re-run the configuration + script, and try rebuilding Wireshark. (If you get the 1.2.10 + versions from www.sunfreeware.org, and the problem persists, + un-install them and try installing one of the other versions + mentioned.) Q 4.5: When I try to build Wireshark on Windows, why does the - build fail because of conflicts between winsock.h and - winsock2.h? + build fail because of conflicts between winsock.h and winsock2.h? - A: As of Wireshark 0.9.5, you must install WinPcap 2.3 or - later, and the corresponding version of the developer's pack, - in order to be able to compile Wireshark; it will not compile - with older versions of the developer's pack. The symptoms of - this failure are conflicts between definitions in winsock.h and - in winsock2.h; Wireshark uses winsock2.h, but pre-2.3 versions - of the WinPcap developer's packet use winsock.h. (2.3 uses - winsock2.h, so if Wireshark were to use winsock.h, it would not - be able to build with current versions of the WinPcap - developer's pack.) - Note that the installed version of the developer's pack should - be the same version as the version of WinPcap you have - installed. + A: As of Wireshark 0.9.5, you must install WinPcap 2.3 or later, + and the corresponding version of the developer's pack, in order to + be able to compile Wireshark; it will not compile with older + versions of the developer's pack. The symptoms of this failure are + conflicts between definitions in winsock.h and in winsock2.h; + Wireshark uses winsock2.h, but pre-2.3 versions of the WinPcap + developer's packet use winsock.h. (2.3 uses winsock2.h, so if + Wireshark were to use winsock.h, it would not be able to build + with current versions of the WinPcap developer's pack.) + Note that the installed version of the developer's pack should be + the same version as the version of WinPcap you have installed. 5. Starting Wireshark - Q 5.1: Why does Wireshark crash with a Bus Error when I try to - run it on Solaris 8? + Q 5.1: Why does Wireshark crash with a Bus Error when I try to run + it on Solaris 8? A: Some versions of the GTK+ library from www.sunfreeware.org appear to be buggy, causing Wireshark to drop core with a Bus Error. Un-install those packages, and try getting the 1.2.10 - version from that site, or the version from The Written Word, - or the version from Sun's GNOME distribution, or the version - from the supplemental software CD that comes with the Solaris - media kit, or build it from source from the GTK Web site. - Update the GLib library to the 1.2.10 version, from the same - source, as well. (If you get the 1.2.10 versions from - www.sunfreeware.org, and the problem persists, un-install them - and try installing one of the other versions mentioned.) - Similar problems may exist with older versions of GTK+ for - earlier versions of Solaris. + version from that site, or the version from The Written Word, or + the version from Sun's GNOME distribution, or the version from the + supplemental software CD that comes with the Solaris media kit, or + build it from source from the GTK Web site. Update the GLib + library to the 1.2.10 version, from the same source, as well. (If + you get the 1.2.10 versions from www.sunfreeware.org, and the + problem persists, un-install them and try installing one of the + other versions mentioned.) + Similar problems may exist with older versions of GTK+ for earlier + versions of Solaris. - Q 5.2: When I run Wireshark on Windows NT, why does it die with - a Dr. Watson error, reporting an "Integer division by zero" + Q 5.2: When I run Wireshark on Windows NT, why does it die with a + Dr. Watson error, reporting an "Integer division by zero" exception, when I start it? A: In at least some case, this appears to be due to using the @@ -578,29 +557,28 @@ Q 5.3: When I try to run Wireshark, why does it complain about sprint_realloc_objid being undefined? - A: Wireshark can only be linked with version 4.2.2 or later of - UCD SNMP. Your version of Wireshark was dynamically linked with - such a version of UCD SNMP; however, you have an older version - of UCD SNMP installed, which means that when Wireshark is run, - it tries to link to the older version, and fails. You will have - to replace that version of UCD SNMP with version 4.2.2 or a - later version. - - Q 5.4: I've installed Wireshark from Fink on Mac OS X; why is - it very slow to start up? - - A: When an application is installed on OS X, prior to 10.4, it - is usually "prebound" to speed up launching the application. - (That's what the "Optimizing" phase of installation is.) - Fink normally performs prebinding automatically when you - install a package. However, in some rare cases, for whatever - reason the prebinding caches get corrupt, and then not only - does prebinding fail, but startup actually becomes much slower, - because the system tries in vain to perform prebinding "on the - fly" as you launch the application. This fails, causing - sometimes huge delays. + A: Wireshark can only be linked with version 4.2.2 or later of UCD + SNMP. Your version of Wireshark was dynamically linked with such a + version of UCD SNMP; however, you have an older version of UCD + SNMP installed, which means that when Wireshark is run, it tries + to link to the older version, and fails. You will have to replace + that version of UCD SNMP with version 4.2.2 or a later version. + + Q 5.4: I've installed Wireshark from Fink on Mac OS X; why is it + very slow to start up? + + A: When an application is installed on OS X, prior to 10.4, it is + usually "prebound" to speed up launching the application. (That's + what the "Optimizing" phase of installation is.) + Fink normally performs prebinding automatically when you install a + package. However, in some rare cases, for whatever reason the + prebinding caches get corrupt, and then not only does prebinding + fail, but startup actually becomes much slower, because the system + tries in vain to perform prebinding "on the fly" as you launch the + application. This fails, causing sometimes huge delays. To fix the prebinding caches, run the command - sudo /sw/var/lib/fink/prebound/update-package-prebinding.pl -f + + sudo /sw/var/lib/fink/prebound/update-package-prebinding.pl -f 6. Crashes and other fatal errors @@ -608,117 +586,117 @@ capture on it, why does my machine crash or reset itself? A: This is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the libpcap/WinPcap library and, if this is Windows, the + + * the operating system you're using; + * the device driver for the interface you're using; + * the libpcap/WinPcap library and, if this is Windows, the WinPcap device driver; so: - * if you are using Windows, see the WinPcap support page - - check the "Submitting bugs" section; - * if you are using some Linux distribution, some version of - BSD, or some other UNIX-flavored OS, you should report the - problem to the company or organization that produces the OS - (in the case of a Linux distribution, report the problem to - whoever produces the distribution). + + * if you are using Windows, see the WinPcap support page - check + the "Submitting bugs" section; + * if you are using some Linux distribution, some version of BSD, + or some other UNIX-flavored OS, you should report the problem + to the company or organization that produces the OS (in the + case of a Linux distribution, report the problem to whoever + produces the distribution). Q 6.2: Why does my machine crash or reset itself when I select - "Start" from the "Capture" menu or select "Preferences" from - the "Edit" menu? + "Start" from the "Capture" menu or select "Preferences" from the + "Edit" menu? - A: Both of those operations cause Wireshark to try to build a - list of the interfaces that it can open; it does so by getting - a list of interfaces and trying to open them. There is probably - an OS, driver, or, for Windows, WinPcap bug that causes the - system to crash when this happens; see the previous question. + A: Both of those operations cause Wireshark to try to build a list + of the interfaces that it can open; it does so by getting a list + of interfaces and trying to open them. There is probably an OS, + driver, or, for Windows, WinPcap bug that causes the system to + crash when this happens; see the previous question. 7. Capturing packets - Q 7.1: When I use Wireshark to capture packets, why do I see - only packets to and from my machine, or not see all the traffic - I'm expecting to see from or to the machine I'm trying to - monitor? - - A: This might be because the interface on which you're - capturing is plugged into an Ethernet or Token Ring switch; on - a switched network, unicast traffic between two ports will not - necessarily appear on other ports - only broadcast and - multicast traffic will be sent to all ports. + Q 7.1: When I use Wireshark to capture packets, why do I see only + packets to and from my machine, or not see all the traffic I'm + expecting to see from or to the machine I'm trying to monitor? + + A: This might be because the interface on which you're capturing + is plugged into an Ethernet or Token Ring switch; on a switched + network, unicast traffic between two ports will not necessarily + appear on other ports - only broadcast and multicast traffic will + be sent to all ports. Note that even if your machine is plugged into a hub, the "hub" may be a switched hub, in which case you're still on a switched network. Note also that on the Linksys Web site, they say that their auto-sensing hubs "broadcast the 10Mb packets to the port that - operate at 10Mb only and broadcast the 100Mb packets to the - ports that operate at 100Mb only", which would indicate that if - you sniff on a 10Mb port, you will not see traffic coming sent - to a 100Mb port, and vice versa. This problem has also been - reported for Netgear dual-speed hubs, and may exist for other + operate at 10Mb only and broadcast the 100Mb packets to the ports + that operate at 100Mb only", which would indicate that if you + sniff on a 10Mb port, you will not see traffic coming sent to a + 100Mb port, and vice versa. This problem has also been reported + for Netgear dual-speed hubs, and may exist for other "auto-sensing" or "dual-speed" hubs. Some switches have the ability to replicate all traffic on all ports to a single port so that you can plug your analyzer into - that single port to sniff all traffic. You would have to check - the documentation for the switch to see if this is possible - and, if so, to see how to do this. See the switch reference - page on the Wireshark Wiki for information on some switches. - (Note that it's a Wiki, so you can update or fix that - information, or add additional information on those switches or - information on new switches, yourself.) + that single port to sniff all traffic. You would have to check the + documentation for the switch to see if this is possible and, if + so, to see how to do this. See the switch reference page on the + Wireshark Wiki for information on some switches. (Note that it's a + Wiki, so you can update or fix that information, or add additional + information on those switches or information on new switches, + yourself.) Note also that many firewall/NAT boxes have a switch built into - them; this includes many of the "cable/DSL router" boxes. If - you have a box of that sort, that has a switch with some number - of Ethernet ports into which you plug machines on your network, - and another Ethernet port used to connect to a cable or DSL - modem, you can, at least, sniff traffic between the machines on - your network and the Internet by plugging the Ethernet port on - the router going to the modem, the Ethernet port on the modem, - and the machine on which you're running Wireshark into a hub - (make sure it's not a switching hub, and that, if it's a - dual-speed hub, all three of those ports are running at the - same speed. + them; this includes many of the "cable/DSL router" boxes. If you + have a box of that sort, that has a switch with some number of + Ethernet ports into which you plug machines on your network, and + another Ethernet port used to connect to a cable or DSL modem, you + can, at least, sniff traffic between the machines on your network + and the Internet by plugging the Ethernet port on the router going + to the modem, the Ethernet port on the modem, and the machine on + which you're running Wireshark into a hub (make sure it's not a + switching hub, and that, if it's a dual-speed hub, all three of + those ports are running at the same speed. If your machine is not plugged into a switched network or a - dual-speed hub, or it is plugged into a switched network but - the port is set up to have all traffic replicated to it, the - problem might be that the network interface on which you're - capturing doesn't support "promiscuous" mode, or because your - OS can't put the interface into promiscuous mode. Normally, - network interfaces supply to the host only: - * packets sent to one of that host's link-layer addresses; - * broadcast packets; - * multicast packets sent to a multicast address that the host + dual-speed hub, or it is plugged into a switched network but the + port is set up to have all traffic replicated to it, the problem + might be that the network interface on which you're capturing + doesn't support "promiscuous" mode, or because your OS can't put + the interface into promiscuous mode. Normally, network interfaces + supply to the host only: + + * packets sent to one of that host's link-layer addresses; + * broadcast packets; + * multicast packets sent to a multicast address that the host has configured the interface to accept. - Most network interfaces can also be put in "promiscuous" mode, - in which they supply to the host all network packets they see. + Most network interfaces can also be put in "promiscuous" mode, in + which they supply to the host all network packets they see. Wireshark will try to put the interface on which it's capturing - into promiscuous mode unless the "Capture packets in - promiscuous mode" option is turned off in the "Capture Options" - dialog box, and TShark will try to put the interface on which - it's capturing into promiscuous mode unless the -p option was - specified. However, some network interfaces don't support - promiscuous mode, and some OSes might not allow interfaces to - be put into promiscuous mode. - If the interface is not running in promiscuous mode, it won't - see any traffic that isn't intended to be seen by your machine. - It will see broadcast packets, and multicast packets sent to a + into promiscuous mode unless the "Capture packets in promiscuous + mode" option is turned off in the "Capture Options" dialog box, + and TShark will try to put the interface on which it's capturing + into promiscuous mode unless the -p option was specified. However, + some network interfaces don't support promiscuous mode, and some + OSes might not allow interfaces to be put into promiscuous mode. + If the interface is not running in promiscuous mode, it won't see + any traffic that isn't intended to be seen by your machine. It + will see broadcast packets, and multicast packets sent to a multicast MAC address the interface is set up to receive. You should ask the vendor of your network interface whether it supports promiscuous mode. If it does, you should ask whoever - supplied the driver for the interface (the vendor, or the - supplier of the OS you're running on your machine) whether it - supports promiscuous mode with that network interface. + supplied the driver for the interface (the vendor, or the supplier + of the OS you're running on your machine) whether it supports + promiscuous mode with that network interface. In the case of token ring interfaces, the drivers for some of them, on Windows, may require you to enable promiscuous mode in - order to capture in promiscuous mode. See the Wireshark Wiki - item on Token Ring capturing for details. + order to capture in promiscuous mode. See the Wireshark Wiki item + on Token Ring capturing for details. In the case of wireless LAN interfaces, it appears that, when - those interfaces are promiscuously sniffing, they're running in - a significantly different mode from the mode that they run in - when they're just acting as network interfaces (to the extent - that it would be a significant effort for those drivers to - support for promiscuously sniffing and acting as regular - network interfaces at the same time), so it may be that Windows - drivers for those interfaces don't support promiscuous mode. + those interfaces are promiscuously sniffing, they're running in a + significantly different mode from the mode that they run in when + they're just acting as network interfaces (to the extent that it + would be a significant effort for those drivers to support for + promiscuously sniffing and acting as regular network interfaces at + the same time), so it may be that Windows drivers for those + interfaces don't support promiscuous mode. Q 7.2: When I capture with Wireshark, why can't I see any TCP packets other than packets to and from my machine, even though @@ -728,435 +706,427 @@ packets to or from your machine, and broadcast and multicast packets; a switch will normally send to a port only unicast traffic sent to the MAC address for the interface on that port, - and broadcast and multicast traffic - it won't send to that - port unicast traffic sent to a MAC address for some other - interface - and a network interface not in promiscuous mode - will receive only unicast traffic sent to the MAC address for - that interface, broadcast traffic, and multicast traffic sent - to a multicast MAC address the interface is set up to receive. - TCP doesn't use broadcast or multicast, so you will only see - your own TCP traffic, but UDP services may use broadcast or - multicast so you'll see some UDP traffic - however, this is not - a problem with TCP traffic, it's a problem with unicast - traffic, as you also won't see all UDP traffic between other - machines. - I.e., this is probably the same question as this earlier one; - see the response to that question. + and broadcast and multicast traffic - it won't send to that port + unicast traffic sent to a MAC address for some other interface - + and a network interface not in promiscuous mode will receive only + unicast traffic sent to the MAC address for that interface, + broadcast traffic, and multicast traffic sent to a multicast MAC + address the interface is set up to receive. + TCP doesn't use broadcast or multicast, so you will only see your + own TCP traffic, but UDP services may use broadcast or multicast + so you'll see some UDP traffic - however, this is not a problem + with TCP traffic, it's a problem with unicast traffic, as you also + won't see all UDP traffic between other machines. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.3: Why am I only seeing ARP packets when I try to capture traffic? - A: You're probably on a switched network, and running Wireshark - on a machine that's not sending traffic to the switch and not - being sent any traffic from other machines on the switch. ARP - packets are often broadcast packets, which are sent to all - switch ports. - I.e., this is probably the same question as this earlier one; - see the response to that question. + A: You're probably on a switched network, and running Wireshark on + a machine that's not sending traffic to the switch and not being + sent any traffic from other machines on the switch. ARP packets + are often broadcast packets, which are sent to all switch ports. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.4: Why am I not seeing any traffic when I try to capture traffic? - A: Is the machine running Wireshark sending out any traffic on - the network interface on which you're capturing, or receiving - any traffic on that network, or is there any broadcast traffic - on the network or multicast traffic to a multicast group to - which the machine running Wireshark belongs? + A: Is the machine running Wireshark sending out any traffic on the + network interface on which you're capturing, or receiving any + traffic on that network, or is there any broadcast traffic on the + network or multicast traffic to a multicast group to which the + machine running Wireshark belongs? If not, this may just be a problem with promiscuous sniffing, - either due to running on a switched network or a dual-speed - hub, or due to problems with the interface not supporting - promiscuous mode; see the response to this earlier question. - Otherwise, on Windows, see the response to this question and, - on a UNIX-flavored OS, see the response to this question. + either due to running on a switched network or a dual-speed hub, + or due to problems with the interface not supporting promiscuous + mode; see the response to this earlier question. + Otherwise, on Windows, see the response to this question and, on a + UNIX-flavored OS, see the response to this question. - Q 7.5: Can Wireshark capture on (my T1/E1 line, SS7 links, - etc.)? + Q 7.5: Can Wireshark capture on (my T1/E1 line, SS7 links, etc.)? A: Wireshark can only capture on devices supported by libpcap/WinPcap. On most OSes, only devices that can act as network interfaces of the type that support IP are supported as - capture devices for libpcap/WinPcap, although the device - doesn't necessarily have to be running as an IP interface in - order to support traffic capture. + capture devices for libpcap/WinPcap, although the device doesn't + necessarily have to be running as an IP interface in order to + support traffic capture. On Linux and FreeBSD, libpcap 0.8 and later support the API for - Endace Measurement Systems' DAG cards, so that a system with - one of those cards, and its driver and libraries, installed can - capture traffic with those cards with libpcap-based - applications. You would either have to have a version of - Wireshark built with that version of libpcap, or a - dynamically-linked version of Wireshark and a shared libpcap - library with DAG support, in order to do so with Wireshark. You - should ask Endace whether that could be used to capture traffic - on, for example, your T1/E1 link. - See the SS7 capture setup page on the Wireshark Wiki for - current information on capturing SS7 traffic on TDM links. + Endace Measurement Systems' DAG cards, so that a system with one + of those cards, and its driver and libraries, installed can + capture traffic with those cards with libpcap-based applications. + You would either have to have a version of Wireshark built with + that version of libpcap, or a dynamically-linked version of + Wireshark and a shared libpcap library with DAG support, in order + to do so with Wireshark. You should ask Endace whether that could + be used to capture traffic on, for example, your T1/E1 link. + See the SS7 capture setup page on the Wireshark Wiki for current + information on capturing SS7 traffic on TDM links. Q 7.6: How do I put an interface into promiscuous mode? A: By not disabling promiscuous mode when running Wireshark or TShark. Note, however, that: - * the form of promiscuous mode that libpcap (the library that + + * the form of promiscuous mode that libpcap (the library that programs such as tcpdump, Wireshark, etc. use to do packet capture) turns on will not necessarily be shown if you run ifconfig on the interface on a UNIX system; - * some network interfaces might not support promiscuous mode, - and some drivers might not allow promiscuous mode to be - turned on - see this earlier question for more information - on that; - * the fact that you're not seeing any traffic, or are only - seeing broadcast traffic, or aren't seeing any - non-broadcast traffic other than traffic to or from the - machine running Wireshark, does not mean that promiscuous - mode isn't on - see this earlier question for more - information on that. + * some network interfaces might not support promiscuous mode, + and some drivers might not allow promiscuous mode to be turned + on - see this earlier question for more information on that; + * the fact that you're not seeing any traffic, or are only + seeing broadcast traffic, or aren't seeing any non-broadcast + traffic other than traffic to or from the machine running + Wireshark, does not mean that promiscuous mode isn't on - see + this earlier question for more information on that. - I.e., this is probably the same question as this earlier one; - see the response to that question. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.7: I can set a display filter just fine; why don't capture filters work? - A: Capture filters currently use a different syntax than - display filters. Here's the corresponding section from the - wireshark(1) man page: - "Display filters in Wireshark are very powerful; more fields - are filterable in Wireshark than in other protocol analyzers, - and the syntax you can use to create your filters is richer. As - Wireshark progresses, expect more and more protocol fields to - be allowed in display filters. - Packet capturing is performed with the pcap library. The - capture filter syntax follows the rules of the pcap library. - This syntax is different from the display filter syntax." + A: Capture filters currently use a different syntax than display + filters. Here's the corresponding section from the wireshark(1) + man page: + "Display filters in Wireshark are very powerful; more fields are + filterable in Wireshark than in other protocol analyzers, and the + syntax you can use to create your filters is richer. As Wireshark + progresses, expect more and more protocol fields to be allowed in + display filters. + Packet capturing is performed with the pcap library. The capture + filter syntax follows the rules of the pcap library. This syntax + is different from the display filter syntax." The capture filter syntax used by libpcap can be found in the tcpdump(8) man page. Q 7.8: I'm entering valid capture filters; why do I still get "parse error" errors? - A: There is a bug in some versions of libpcap/WinPcap that - cause it to report parse errors even for valid expressions if a - previous filter expression was invalid and got a parse error. - Try exiting and restarting Wireshark; if you are using a - version of libpcap/WinPcap with this bug, this will "erase" its - memory of the previous parse error. If the capture filter that - got the "parse error" now works, the earlier error with that - filter was probably due to this bug. - The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions - of libpcap have this bug, but 0.6[.x] and later versions don't. - Versions of WinPcap prior to 2.3 are based on pre-0.6 versions - of libpcap, and have this bug; WinPcap 2.3 is based on libpcap - 0.6.2, and doesn't have this bug. + A: There is a bug in some versions of libpcap/WinPcap that cause + it to report parse errors even for valid expressions if a previous + filter expression was invalid and got a parse error. + Try exiting and restarting Wireshark; if you are using a version + of libpcap/WinPcap with this bug, this will "erase" its memory of + the previous parse error. If the capture filter that got the + "parse error" now works, the earlier error with that filter was + probably due to this bug. + The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of + libpcap have this bug, but 0.6[.x] and later versions don't. + Versions of WinPcap prior to 2.3 are based on pre-0.6 versions of + libpcap, and have this bug; WinPcap 2.3 is based on libpcap 0.6.2, + and doesn't have this bug. If you are running Wireshark on a UNIX-flavored platform, run "wireshark -v", or select "About Wireshark..." from the "Help" - menu in Wireshark, to see what version of libpcap it's using. - If it's not 0.6 or later, you will need either to upgrade your - OS to get a later version of libpcap, or will need to build and - install a later version of libpcap from the tcpdump.org Web - site and then recompile Wireshark from source with that later - version of libpcap. - If you are running Wireshark on Windows with a pre-2.3 version - of WinPcap, you will need to un-install WinPcap and then - download and install WinPcap 2.3. + menu in Wireshark, to see what version of libpcap it's using. If + it's not 0.6 or later, you will need either to upgrade your OS to + get a later version of libpcap, or will need to build and install + a later version of libpcap from the tcpdump.org Web site and then + recompile Wireshark from source with that later version of + libpcap. + If you are running Wireshark on Windows with a pre-2.3 version of + WinPcap, you will need to un-install WinPcap and then download and + install WinPcap 2.3. Q 7.9: How can I capture packets with CRC errors? - A: Wireshark can capture only the packets that the packet - capture library - libpcap on UNIX-flavored OSes, and the - WinPcap port to Windows of libpcap on Windows - can capture, - and libpcap/WinPcap can capture only the packets that the OS's - raw packet capture mechanism (or the WinPcap driver, and the - underlying OS networking code and network interface drivers, on - Windows) will allow it to capture. - Unless the OS always supplies packets with errors such as - invalid CRCs to the raw packet capture mechanism, or can be - configured to do so, invalid CRCs to the raw packet capture - mechanism, Wireshark - and other programs that capture raw - packets, such as tcpdump - cannot capture those packets. You - will have to determine whether your OS needs to be so - configured and, if so, can be so configured, configure it if - necessary and possible, and make whatever changes to libpcap - and the packet capture program you're using are necessary, if - any, to support capturing those packets. - Most OSes probably do not support capturing packets with - invalid CRCs on Ethernet, and probably do not support it on - most other link-layer types. Some drivers on some OSes do - support it, such as some Ethernet drivers on FreeBSD; in those - OSes, you might always get those packets, or you might only get - them if you capture in promiscuous mode (you'd have to - determine which is the case). - Note that libpcap does not currently supply to programs that - use it an indication of whether the packet's CRC was invalid - (because the drivers themselves do not supply that information - to the raw packet capture mechanism); therefore, Wireshark will - not indicate which packets had CRC errors unless the FCS was - captured (see the next question) and you're using Wireshark - 0.9.15 and later, in which case Wireshark will check the CRC - and indicate whether it's correct or not. + A: Wireshark can capture only the packets that the packet capture + library - libpcap on UNIX-flavored OSes, and the WinPcap port to + Windows of libpcap on Windows - can capture, and libpcap/WinPcap + can capture only the packets that the OS's raw packet capture + mechanism (or the WinPcap driver, and the underlying OS networking + code and network interface drivers, on Windows) will allow it to + capture. + Unless the OS always supplies packets with errors such as invalid + CRCs to the raw packet capture mechanism, or can be configured to + do so, invalid CRCs to the raw packet capture mechanism, Wireshark + - and other programs that capture raw packets, such as tcpdump - + cannot capture those packets. You will have to determine whether + your OS needs to be so configured and, if so, can be so + configured, configure it if necessary and possible, and make + whatever changes to libpcap and the packet capture program you're + using are necessary, if any, to support capturing those packets. + Most OSes probably do not support capturing packets with invalid + CRCs on Ethernet, and probably do not support it on most other + link-layer types. Some drivers on some OSes do support it, such as + some Ethernet drivers on FreeBSD; in those OSes, you might always + get those packets, or you might only get them if you capture in + promiscuous mode (you'd have to determine which is the case). + Note that libpcap does not currently supply to programs that use + it an indication of whether the packet's CRC was invalid (because + the drivers themselves do not supply that information to the raw + packet capture mechanism); therefore, Wireshark will not indicate + which packets had CRC errors unless the FCS was captured (see the + next question) and you're using Wireshark 0.9.15 and later, in + which case Wireshark will check the CRC and indicate whether it's + correct or not. Q 7.10: How can I capture entire frames, including the FCS? - A: Wireshark can only capture data that the packet capture - library - libpcap on UNIX-flavored OSes, and the WinPcap port - to Windows of libpcap on Windows - can capture, and - libpcap/WinPcap can capture only the data that the OS's raw - packet capture mechanism (or the WinPcap driver, and the - underlying OS networking code and network interface drivers, on - Windows) will allow it to capture. - For any particular link-layer network type, unless the OS - supplies the FCS of a frame as part of the frame, or can be - configured to do so, Wireshark - and other programs that - capture raw packets, such as tcpdump - cannot capture the FCS - of a frame. You will have to determine whether your OS needs to - be so configured and, if so, can be so configured, configure it - if necessary and possible, and make whatever changes to libpcap - and the packet capture program you're using are necessary, if - any, to support capturing the FCS of a frame. - Most OSes do not support capturing the FCS of a frame on - Ethernet, and probably do not support it on most other - link-layer types. Some drivres on some OSes do support it, such - as some (all?) Ethernet drivers on NetBSD and possibly the - driver for Apple's gigabit Ethernet interface in Mac OS X; in - those OSes, you might always get the FCS, or you might only get - the FCS if you capture in promiscuous mode (you'd have to - determine which is the case). - Versions of Wireshark prior to 0.9.15 will not treat an - Ethernet FCS in a captured packet as an FCS. 0.9.15 and later - will attempt to determine whether there's an FCS at the end of - the frame and, if it thinks there is, will display it as such, - and will check whether it's the correct CRC-32 value or not. + A: Wireshark can only capture data that the packet capture library + - libpcap on UNIX-flavored OSes, and the WinPcap port to Windows + of libpcap on Windows - can capture, and libpcap/WinPcap can + capture only the data that the OS's raw packet capture mechanism + (or the WinPcap driver, and the underlying OS networking code and + network interface drivers, on Windows) will allow it to capture. + For any particular link-layer network type, unless the OS supplies + the FCS of a frame as part of the frame, or can be configured to + do so, Wireshark - and other programs that capture raw packets, + such as tcpdump - cannot capture the FCS of a frame. You will have + to determine whether your OS needs to be so configured and, if so, + can be so configured, configure it if necessary and possible, and + make whatever changes to libpcap and the packet capture program + you're using are necessary, if any, to support capturing the FCS + of a frame. + Most OSes do not support capturing the FCS of a frame on Ethernet, + and probably do not support it on most other link-layer types. + Some drivres on some OSes do support it, such as some (all?) + Ethernet drivers on NetBSD and possibly the driver for Apple's + gigabit Ethernet interface in Mac OS X; in those OSes, you might + always get the FCS, or you might only get the FCS if you capture + in promiscuous mode (you'd have to determine which is the case). + Versions of Wireshark prior to 0.9.15 will not treat an Ethernet + FCS in a captured packet as an FCS. 0.9.15 and later will attempt + to determine whether there's an FCS at the end of the frame and, + if it thinks there is, will display it as such, and will check + whether it's the correct CRC-32 value or not. Q 7.11: I'm capturing packets on a machine on a VLAN; why don't the packets I'm capturing have VLAN tags? A: You might be capturing on what might be called a "VLAN interface" - the way a particular OS makes VLANs plug into the - networking stack might, for example, be to have a network - device object for the physical interface, which takes VLAN - packets, strips off the VLAN header and constructs an Ethernet - header, and passes that packet to an internal network device - object for the VLAN, which then passes the packets onto various - higher-level protocol implementations. + networking stack might, for example, be to have a network device + object for the physical interface, which takes VLAN packets, + strips off the VLAN header and constructs an Ethernet header, and + passes that packet to an internal network device object for the + VLAN, which then passes the packets onto various higher-level + protocol implementations. In order to see the raw Ethernet packets, rather than "de-VLANized" packets, you would have to capture not on the - virtual interface for the VLAN, but on the interface - corresponding to the physical network device, if possible. See - the Wireshark Wiki item on VLAN capturing for details. + virtual interface for the VLAN, but on the interface corresponding + to the physical network device, if possible. See the Wireshark + Wiki item on VLAN capturing for details. Q 7.12: Why does Wireshark hang after I stop a capture? - A: The most likely reason for this is that Wireshark is trying - to look up an IP address in the capture to convert it to a name - (so that, for example, it can display the name in the source - address or destination address columns), and that lookup - process is taking a very long time. - Wireshark calls a routine in the OS of the machine on which - it's running to convert of IP addresses to the corresponding - names. That routine probably does one or more of: - * a search of a system file listing IP addresses and names; - * a lookup using DNS; - * on UNIX systems, a lookup using NIS; - * on Windows systems, a NetBIOS-over-TCP query. + A: The most likely reason for this is that Wireshark is trying to + look up an IP address in the capture to convert it to a name (so + that, for example, it can display the name in the source address + or destination address columns), and that lookup process is taking + a very long time. + Wireshark calls a routine in the OS of the machine on which it's + running to convert of IP addresses to the corresponding names. + That routine probably does one or more of: + + * a search of a system file listing IP addresses and names; + * a lookup using DNS; + * on UNIX systems, a lookup using NIS; + * on Windows systems, a NetBIOS-over-TCP query. If a DNS server that's used in an address lookup is not responding, the lookup will fail, but will only fail after a timeout while the system routine waits for a reply. - In addition, on Windows systems, if the DNS lookup of the - address fails, either because the server isn't responding or - because there are no records in the DNS that could be used to - map the address to a name, a NetBIOS-over-TCP query will be - made. That query involves sending a message to the - NetBIOS-over-TCP name service on that machine, asking for the - name and other information about the machine. If the machine - isn't running software that responds to those queries - for - example, many non-Windows machines wouldn't be running that - software - the lookup will only fail after a timeout. Those - timeouts can cause the lookup to take a long time. - If you disable network address-to-name translation - for - example, by turning off the "Enable network name resolution" - option in the "Capture Options" dialog box for starting a - network capture - the lookups of the address won't be done, - which may speed up the process of reading the capture file - after the capture is stopped. You can make that setting the - default by selecting "Preferences" from the "Edit" menu, - turning off the "Enable network name resolution" option in the - "Name resolution" options in the preferences disalog box, and - using the "Save" button in that dialog box; note that this will - save all your current preference settings. - If Wireshark hangs when reading a capture even with network - name resolution turned off, there might, for example, be a bug - in one of Wireshark's dissectors for a protocol causing it to - loop infinitely. If you're not running the most recent release - of Wireshark, you should first upgrade to that release, as, if + In addition, on Windows systems, if the DNS lookup of the address + fails, either because the server isn't responding or because there + are no records in the DNS that could be used to map the address to + a name, a NetBIOS-over-TCP query will be made. That query involves + sending a message to the NetBIOS-over-TCP name service on that + machine, asking for the name and other information about the + machine. If the machine isn't running software that responds to + those queries - for example, many non-Windows machines wouldn't be + running that software - the lookup will only fail after a timeout. + Those timeouts can cause the lookup to take a long time. + If you disable network address-to-name translation - for example, + by turning off the "Enable network name resolution" option in the + "Capture Options" dialog box for starting a network capture - the + lookups of the address won't be done, which may speed up the + process of reading the capture file after the capture is stopped. + You can make that setting the default by selecting "Preferences" + from the "Edit" menu, turning off the "Enable network name + resolution" option in the "Name resolution" options in the + preferences disalog box, and using the "Save" button in that + dialog box; note that this will save all your current preference + settings. + If Wireshark hangs when reading a capture even with network name + resolution turned off, there might, for example, be a bug in one + of Wireshark's dissectors for a protocol causing it to loop + infinitely. If you're not running the most recent release of + Wireshark, you should first upgrade to that release, as, if there's a bug of that sort, it might've been fixed in a release after the one you're running. If the hang occurs in the most recent release of Wireshark, the bug should be reported to the - Wireshark developers' mailing list at - wireshark-dev@wireshark.org. - On UNIX-flavored OSes, please try to force Wireshark to dump - core, by sending it a SIGABRT signal (usually signal 6) with - the kill command, and then get a stack trace if you have a - debugger installed. A stack trace can be obtained by using your - debugger (gdb in this example), the Wireshark binary, and the - resulting core file. Here's an example of how to use the gdb - command backtrace to do so. - $ gdb wireshark core - (gdb) backtrace - ..... prints the stack trace - (gdb) quit - $ + Wireshark developers' mailing list at wireshark-dev@wireshark.org. + On UNIX-flavored OSes, please try to force Wireshark to dump core, + by sending it a SIGABRT signal (usually signal 6) with the kill + command, and then get a stack trace if you have a debugger + installed. A stack trace can be obtained by using your debugger + (gdb in this example), the Wireshark binary, and the resulting + core file. Here's an example of how to use the gdb command + backtrace to do so. + + $ gdb wireshark core + (gdb) backtrace + ..... prints the stack trace + (gdb) quit + $ The core dump file may be named "wireshark.core" rather than "core" on some platforms (e.g., BSD systems). - Also, if at all possible, please send a copy of the capture - file that caused the problem. When capturing packets, Wireshark - normally writes captured packets to a temporary file, which - will probably be in /tmp or /var/tmp on UNIX-flavored OSes, - \TEMP on the main system disk (normally C:) on Windows 9x/Me/NT - 4.0, \Documents and Settings\your login name \Local - Settings\Temp on the main system disk on Windows 2000/Windows - XP/Windows Server 2003, and \Users\your login - name\AppData\Local\Temp on the main system disk on Windows 7, - so the capture file will probably be there. If you are - capturing on a single interface, it will have a name of the - form, wireshark_iface_YYYYmmddHHMMSS_XXXXXX; otherwise, if you - are capturing on multiple interfaces, it will have a name of - the form, wireshark_<N>_interfaces_YYYYmmddHHMMSS_XXXXXX, where - <N> is the number of simultaneous interfaces you are capturing - on. Please don't send a trace file greater than 1 MB when - compressed; instead, make it available via FTP or HTTP, or say - it's available but leave it up to a developer to ask for it. If - the trace file contains sensitive information (e.g., - passwords), then please do not send it. + Also, if at all possible, please send a copy of the capture file + that caused the problem. When capturing packets, Wireshark + normally writes captured packets to a temporary file, which will + probably be in /tmp or /var/tmp on UNIX-flavored OSes, \TEMP on + the main system disk (normally C:) on Windows 9x/Me/NT 4.0, + \Documents and Settings\your login name \Local Settings\Temp on + the main system disk on Windows 2000/Windows XP/Windows Server + 2003, and \Users\your login name\AppData\Local\Temp on the main + system disk on Windows 7, so the capture file will probably be + there. If you are capturing on a single interface, it will have a + name of the form, wireshark_iface_YYYYmmddHHMMSS_XXXXXX; + otherwise, if you are capturing on multiple interfaces, it will + have a name of the form, + wireshark_<N>_interfaces_YYYYmmddHHMMSS_XXXXXX, where <N> is the + number of simultaneous interfaces you are capturing on. Please + don't send a trace file greater than 1 MB when compressed; + instead, make it available via FTP or HTTP, or say it's available + but leave it up to a developer to ask for it. If the trace file + contains sensitive information (e.g., passwords), then please do + not send it. 8. Capturing packets on Windows Q 8.1: I'm running Wireshark on Windows; why does some network - interface on my machine not show up in the list of interfaces - in the "Interface:" field in the dialog box popped up by - "Capture->Start", and/or why does Wireshark give me an error if - I try to capture on that interface? + interface on my machine not show up in the list of interfaces in + the "Interface:" field in the dialog box popped up by + "Capture->Start", and/or why does Wireshark give me an error if I + try to capture on that interface? - A: If you are running Wireshark on Windows NT 4.0, Windows - 2000, Windows XP, or Windows Server 2003, and this is the first - time you have run a WinPcap-based program (such as Wireshark, - or TShark, or WinDump, or Analyzer, or...) since the machine - was rebooted, you need to run that program from an account with - administrator privileges; once you have run such a program, you - will not need administrator privileges to run any such programs - until you reboot. + A: If you are running Wireshark on Windows NT 4.0, Windows 2000, + Windows XP, or Windows Server 2003, and this is the first time you + have run a WinPcap-based program (such as Wireshark, or TShark, or + WinDump, or Analyzer, or...) since the machine was rebooted, you + need to run that program from an account with administrator + privileges; once you have run such a program, you will not need + administrator privileges to run any such programs until you + reboot. If you are running on Windows Windows 2000/Windows XP/Windows - Server 2003 and have administrator privileges or a - WinPcap-based program has been run with those privileges since - the machine rebooted, this problem might clear up if you - completely un-install WinPcap and then re-install it. + Server 2003 and have administrator privileges or a WinPcap-based + program has been run with those privileges since the machine + rebooted, this problem might clear up if you completely un-install + WinPcap and then re-install it. If that doesn't work, then note that Wireshark relies on the WinPcap library, on the WinPcap device driver, and on the - facilities that come with the OS on which it's running in order - to do captures. - Therefore, if the OS, the WinPcap library, or the WinPcap - driver don't support capturing on a particular network - interface device, Wireshark won't be able to capture on that - device. + facilities that come with the OS on which it's running in order to + do captures. + Therefore, if the OS, the WinPcap library, or the WinPcap driver + don't support capturing on a particular network interface device, + Wireshark won't be able to capture on that device. Note that: - 1. 2.02 and earlier versions of the WinPcap driver and library + + 1. 2.02 and earlier versions of the WinPcap driver and library that Wireshark uses for packet capture didn't support Token Ring interfaces; versions 2.1 and later support Token Ring, - and the current version of Wireshark works with (and, in - fact, requires) WinPcap 2.1 or later. - If you are having problems capturing on Token Ring - interfaces, and you have WinPcap 2.02 or an earlier version - of WinPcap installed, you should uninstall WinPcap, - download and install the current version of WinPcap, and - then install the latest version of Wireshark. - 2. WinPcap 2.3 has problems supporting PPP WAN interfaces on - Windows NT 4.0, Windows 2000, Windows XP, and Windows - Server 2003, and, to avoid those problems, support for PPP - WAN interfaces on those versions of Windows has been - disabled in WinPcap 3.0. Regular dial-up lines, ISDN lines, - ADSL connections using PPPoE or PPPoA, and various other - lines such as T1/E1 lines are all PPP interfaces, so those - interfaces might not show up on the list of interfaces in - the "Capture Options" dialog on those OSes. - On Windows 2000, Windows XP, and Windows Server 2003, but - not Windows NT 4.0 or Windows Vista Beta 1, you should be - able to capture on the "GenericDialupAdapter" with WinPcap - 3.1. (3.1 beta releases called it the "NdisWanAdapter"; if - you're using a 3.1 beta release, you should un-install it - and install the final 3.1 release.) See the Wireshark Wiki - item on PPP capturing for details. - 3. WinPcap prior to 3.0 does not support multiprocessor - machines (note that machines with a single multi-threaded - processor, such as Intel's new multi-threaded x86 - processors, are multiprocessor machines as far as the OS - and WinPcap are concerned), and recent 2.x versions of - WinPcap refuse to operate if they detect that they're - running on a multiprocessor machine, which means that they - may not show any network interfaces. You will need to use - WinPcap 3.0 to capture on a multiprocessor machine. - - If an interface doesn't show up in the list of interfaces in - the "Interface:" field, and you know the name of the interface, - try entering that name in the "Interface:" field and capturing - on that device. - If the attempt to capture on it succeeds, the interface is - somehow not being reported by the mechanism Wireshark uses to - get a list of interfaces. Try listing the interfaces with - WinDump; see the WinDump Web site for information on using - WinDump. - You would run WinDump with the -D flag; if it lists the - interface, please report this to wireshark-dev@wireshark.org - giving full details of the problem, including - * the operating system you're using, and the version of that + and the current version of Wireshark works with (and, in fact, + requires) WinPcap 2.1 or later. + If you are having problems capturing on Token Ring interfaces, + and you have WinPcap 2.02 or an earlier version of WinPcap + installed, you should uninstall WinPcap, download and install + the current version of WinPcap, and then install the latest + version of Wireshark. + 2. WinPcap 2.3 has problems supporting PPP WAN interfaces on + Windows NT 4.0, Windows 2000, Windows XP, and Windows Server + 2003, and, to avoid those problems, support for PPP WAN + interfaces on those versions of Windows has been disabled in + WinPcap 3.0. Regular dial-up lines, ISDN lines, ADSL + connections using PPPoE or PPPoA, and various other lines such + as T1/E1 lines are all PPP interfaces, so those interfaces + might not show up on the list of interfaces in the "Capture + Options" dialog on those OSes. + On Windows 2000, Windows XP, and Windows Server 2003, but not + Windows NT 4.0 or Windows Vista Beta 1, you should be able to + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 + beta releases called it the "NdisWanAdapter"; if you're using + a 3.1 beta release, you should un-install it and install the + final 3.1 release.) See the Wireshark Wiki item on PPP + capturing for details. + 3. WinPcap prior to 3.0 does not support multiprocessor machines + (note that machines with a single multi-threaded processor, + such as Intel's new multi-threaded x86 processors, are + multiprocessor machines as far as the OS and WinPcap are + concerned), and recent 2.x versions of WinPcap refuse to + operate if they detect that they're running on a + multiprocessor machine, which means that they may not show any + network interfaces. You will need to use WinPcap 3.0 to + capture on a multiprocessor machine. + + If an interface doesn't show up in the list of interfaces in the + "Interface:" field, and you know the name of the interface, try + entering that name in the "Interface:" field and capturing on that + device. + If the attempt to capture on it succeeds, the interface is somehow + not being reported by the mechanism Wireshark uses to get a list + of interfaces. Try listing the interfaces with WinDump; see the + WinDump Web site for information on using WinDump. + You would run WinDump with the -D flag; if it lists the interface, + please report this to wireshark-dev@wireshark.org giving full + details of the problem, including + + * the operating system you're using, and the version of that operating system; - * the type of network device you're using; - * the output of WinDump. + * the type of network device you're using; + * the output of WinDump. + + If WinDump does not list the interface, this is almost certainly a + problem with one or more of: - If WinDump does not list the interface, this is almost - certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the WinPcap library and/or the WinPcap device driver; + * the operating system you're using; + * the device driver for the interface you're using; + * the WinPcap library and/or the WinPcap device driver; so first check the WinPcap FAQ or the Wiretapped.net mirror of - that FAQ, to see if your problem is mentioned there. If not, - then see the WinPcap support page - check the "Submitting bugs" + that FAQ, to see if your problem is mentioned there. If not, then + see the WinPcap support page - check the "Submitting bugs" section. If you are having trouble capturing on a particular network interface, first try capturing on that device with WinDump; see the WinDump Web site for information on using WinDump. If you can capture on the interface with WinDump, send mail to - wireshark-users@wireshark.org giving full details of the - problem, including - * the operating system you're using, and the version of that + wireshark-users@wireshark.org giving full details of the problem, + including + + * the operating system you're using, and the version of that operating system; - * the type of network device you're using; - * the error message you get from Wireshark. + * the type of network device you're using; + * the error message you get from Wireshark. If you cannot capture on the interface with WinDump, this is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the WinPcap library and/or the WinPcap device driver; + + * the operating system you're using; + * the device driver for the interface you're using; + * the WinPcap library and/or the WinPcap device driver; so first check the WinPcap FAQ or the Wiretapped.net mirror of - that FAQ, to see if your problem is mentioned there. If not, - then see the WinPcap support page - check the "Submitting bugs" + that FAQ, to see if your problem is mentioned there. If not, then + see the WinPcap support page - check the "Submitting bugs" section. - You may also want to ask the wireshark-users@wireshark.org and - the winpcap-users@winpcap.org mailing lists to see if anybody - happens to know about the problem and know a workaround or fix - for the problem. (Note that you will have to subscribe to that - list in order to be allowed to mail to it; see the WinPcap - support page for information on the mailing list.) In your - mail, please give full details of the problem, as described - above, and also indicate that the problem occurs with WinDump, - not just with Wireshark. + You may also want to ask the wireshark-users@wireshark.org and the + winpcap-users@winpcap.org mailing lists to see if anybody happens + to know about the problem and know a workaround or fix for the + problem. (Note that you will have to subscribe to that list in + order to be allowed to mail to it; see the WinPcap support page + for information on the mailing list.) In your mail, please give + full details of the problem, as described above, and also indicate + that the problem occurs with WinDump, not just with Wireshark. Q 8.2: I'm running Wireshark on Windows; why do no network - interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + interfaces show up in the list of interfaces in the "Interface:" + field in the dialog box popped up by "Capture->Start"? A: This is really the same question as a previous one; see the response to that question. @@ -1167,382 +1137,372 @@ "Capture->Start"? A: Internet access on those devices is often done with the - Point-to-Point (PPP) protocol; WinPcap 2.3 has problems - supporting PPP WAN interfaces on Windows NT 4.0, Windows 2000, - Windows XP, and Windows Server 2003, and, to avoid those - problems, support for PPP WAN interfaces on those versions of - Windows has been disabled in WinPcap 3.0. + Point-to-Point (PPP) protocol; WinPcap 2.3 has problems supporting + PPP WAN interfaces on Windows NT 4.0, Windows 2000, Windows XP, + and Windows Server 2003, and, to avoid those problems, support for + PPP WAN interfaces on those versions of Windows has been disabled + in WinPcap 3.0. On Windows 2000, Windows XP, and Windows Server 2003, but not Windows NT 4.0 or Windows Vista Beta 1, you should be able to - capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 - beta releases called it the "NdisWanAdapter"; if you're using a - 3.1 beta release, you should un-install it and install the - final 3.1 release.) See the Wireshark Wiki item on PPP - capturing for details. + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 beta + releases called it the "NdisWanAdapter"; if you're using a 3.1 + beta release, you should un-install it and install the final 3.1 + release.) See the Wireshark Wiki item on PPP capturing for + details. Q 8.4: I'm running Wireshark on Windows NT 4.0/Windows - 2000/Windows XP/Windows Server 2003; my machine has a PPP - (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can - no packets be sent on or received from that network while I'm - trying to capture traffic on that interface? - - A: Some versions of WinPcap have problems with PPP WAN - interfaces on Windows NT 4.0, Windows 2000, Windows XP, and - Windows Server 2003; one symptom that may be seen is that - attempts to capture in promiscuous mode on the interface cause - the interface to be incapable of sending or receiving packets. - You can disable promiscuous mode using the -p command-line flag - or the item in the "Capture Preferences" dialog box, but this - may mean that outgoing packets, or incoming packets, won't be - seen in the capture. + 2000/Windows XP/Windows Server 2003; my machine has a PPP (dial-up + POTS, ISDN, etc.) interface, and it shows up in the "Interface" + item in the "Capture Options" dialog box. Why can no packets be + sent on or received from that network while I'm trying to capture + traffic on that interface? + + A: Some versions of WinPcap have problems with PPP WAN interfaces + on Windows NT 4.0, Windows 2000, Windows XP, and Windows Server + 2003; one symptom that may be seen is that attempts to capture in + promiscuous mode on the interface cause the interface to be + incapable of sending or receiving packets. You can disable + promiscuous mode using the -p command-line flag or the item in the + "Capture Preferences" dialog box, but this may mean that outgoing + packets, or incoming packets, won't be seen in the capture. On Windows 2000, Windows XP, and Windows Server 2003, but not Windows NT 4.0 or Windows Vista Beta 1, you should be able to - capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 - beta releases called it the "NdisWanAdapter"; if you're using a - 3.1 beta release, you should un-install it and install the - final 3.1 release.) See the Wireshark Wiki item on PPP - capturing for details. - - Q 8.5: I'm running Wireshark on Windows; why am I not seeing - any traffic being sent by the machine running Wireshark? - - A: If you are running some form of VPN client software, it - might be causing this problem; people have seen this problem - when they have Check Point's VPN software installed on their - machine. If that's the cause of the problem, you will have to - remove the VPN software in order to have Wireshark (or any - other application using WinPcap) see outgoing packets; - unfortunately, neither we nor the WinPcap developers know any - way to make WinPcap and the VPN software work well together. - Also, some drivers for Windows (especially some wireless - network interface drivers) apparently do not, when running in - promiscuous mode, arrange that outgoing packets are delivered - to the software that requested that the interface run - promiscuously; try turning promiscuous mode off. + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 beta + releases called it the "NdisWanAdapter"; if you're using a 3.1 + beta release, you should un-install it and install the final 3.1 + release.) See the Wireshark Wiki item on PPP capturing for + details. + + Q 8.5: I'm running Wireshark on Windows; why am I not seeing any + traffic being sent by the machine running Wireshark? + + A: If you are running some form of VPN client software, it might + be causing this problem; people have seen this problem when they + have Check Point's VPN software installed on their machine. If + that's the cause of the problem, you will have to remove the VPN + software in order to have Wireshark (or any other application + using WinPcap) see outgoing packets; unfortunately, neither we nor + the WinPcap developers know any way to make WinPcap and the VPN + software work well together. + Also, some drivers for Windows (especially some wireless network + interface drivers) apparently do not, when running in promiscuous + mode, arrange that outgoing packets are delivered to the software + that requested that the interface run promiscuously; try turning + promiscuous mode off. Q 8.6: When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike - packets to or from my machine. What should I do to arrange that - I see those packets in their entirety? + packets to or from my machine. What should I do to arrange that I + see those packets in their entirety? + + A: In at least some cases, this appears to be the result of PGPnet + running on the network interface on which you're capturing; turn + it off on that interface. + + Q 8.7: I'm trying to capture 802.11 traffic on Windows; why am I + not seeing any packets? - A: In at least some cases, this appears to be the result of - PGPnet running on the network interface on which you're - capturing; turn it off on that interface. - - Q 8.7: I'm trying to capture 802.11 traffic on Windows; why am - I not seeing any packets? - - A: At least some 802.11 card drivers on Windows appear not to - see any packets if they're running in promiscuous mode. Try - turning promiscuous mode off; you'll only be able to see - packets sent by and received by your machine, not third-party - traffic, and it'll look like Ethernet traffic and won't include - any management or control frames, but that's a limitation of - the card drivers. + A: At least some 802.11 card drivers on Windows appear not to see + any packets if they're running in promiscuous mode. Try turning + promiscuous mode off; you'll only be able to see packets sent by + and received by your machine, not third-party traffic, and it'll + look like Ethernet traffic and won't include any management or + control frames, but that's a limitation of the card drivers. See MicroLogix's list of cards supported with WinPcap for information on support of various adapters and drivers with WinPcap. - Q 8.8: I'm trying to capture 802.11 traffic on Windows; why am - I seeing packets received by the machine on which I'm capturing + Q 8.8: I'm trying to capture 802.11 traffic on Windows; why am I + seeing packets received by the machine on which I'm capturing traffic, but not packets sent by that machine? - A: This appears to be another problem with promiscuous mode; - try turning it off. + A: This appears to be another problem with promiscuous mode; try + turning it off. - Q 8.9: I'm trying to capture Ethernet VLAN traffic on Windows, - and I'm capturing on a "raw" Ethernet device rather than a - "VLAN interface", so that I can see the VLAN headers; why am I - seeing packets received by the machine on which I'm capturing - traffic, but not packets sent by that machine? + Q 8.9: I'm trying to capture Ethernet VLAN traffic on Windows, and + I'm capturing on a "raw" Ethernet device rather than a "VLAN + interface", so that I can see the VLAN headers; why am I seeing + packets received by the machine on which I'm capturing traffic, + but not packets sent by that machine? - A: The way the Windows networking code works probably means - that packets are sent on a "VLAN interface" rather than the - "raw" device, so packets sent by the machine will only be seen - when you capture on the "VLAN interface". If so, you will be - unable to see outgoing packets when capturing on the "raw" - device, so you are stuck with a choice between seeing VLAN - headers and seeing outgoing packets. + A: The way the Windows networking code works probably means that + packets are sent on a "VLAN interface" rather than the "raw" + device, so packets sent by the machine will only be seen when you + capture on the "VLAN interface". If so, you will be unable to see + outgoing packets when capturing on the "raw" device, so you are + stuck with a choice between seeing VLAN headers and seeing + outgoing packets. 9. Capturing packets on UN*Xes - Q 9.1: I'm running Wireshark on a UNIX-flavored OS; why does - some network interface on my machine not show up in the list of - interfaces in the "Interface:" field in the dialog box popped - up by "Capture->Start", and/or why does Wireshark give me an - error if I try to capture on that interface? - - A: You may need to run Wireshark from an account with - sufficient privileges to capture packets, such as the - super-user account, or may need to give your account sufficient - privileges to capture packets. Only those interfaces that - Wireshark can open for capturing show up in that list; if you - don't have sufficient privileges to capture on any interfaces, - no interfaces will show up in the list. See the Wireshark Wiki - item on capture privileges for details on how to give a - particular account or account group capture privileges on - platforms where that can be done. + Q 9.1: I'm running Wireshark on a UNIX-flavored OS; why does some + network interface on my machine not show up in the list of + interfaces in the "Interface:" field in the dialog box popped up + by "Capture->Start", and/or why does Wireshark give me an error if + I try to capture on that interface? + + A: You may need to run Wireshark from an account with sufficient + privileges to capture packets, such as the super-user account, or + may need to give your account sufficient privileges to capture + packets. Only those interfaces that Wireshark can open for + capturing show up in that list; if you don't have sufficient + privileges to capture on any interfaces, no interfaces will show + up in the list. See the Wireshark Wiki item on capture privileges + for details on how to give a particular account or account group + capture privileges on platforms where that can be done. If you are running Wireshark from an account with sufficient privileges, then note that Wireshark relies on the libpcap - library, and on the facilities that come with the OS on which - it's running in order to do captures. On some OSes, those - facilities aren't present by default; see the Wireshark Wiki - item on adding capture support for details. + library, and on the facilities that come with the OS on which it's + running in order to do captures. On some OSes, those facilities + aren't present by default; see the Wireshark Wiki item on adding + capture support for details. And, even if you're running with an account that has sufficient - privileges to capture, and capture support is present in your - OS, if the OS or the libpcap library don't support capturing on - a particular network interface device or particular types of + privileges to capture, and capture support is present in your OS, + if the OS or the libpcap library don't support capturing on a + particular network interface device or particular types of devices, Wireshark won't be able to capture on that device. On Solaris, note that libpcap 0.6.2 and earlier didn't support Token Ring interfaces; the current version, 0.7.2, does support Token Ring, and the current version of Wireshark works with libpcap 0.7.2 and later. - If an interface doesn't show up in the list of interfaces in - the "Interface:" field, and you know the name of the interface, - try entering that name in the "Interface:" field and capturing - on that device. - If the attempt to capture on it succeeds, the interface is - somehow not being reported by the mechanism Wireshark uses to - get a list of interfaces; please report this to - wireshark-dev@wireshark.org giving full details of the problem, - including - * the operating system you're using, and the version of that - operating system (for Linux, give both the version number - of the kernel and the name and version number of the - distribution you're using); - * the type of network device you're using. + If an interface doesn't show up in the list of interfaces in the + "Interface:" field, and you know the name of the interface, try + entering that name in the "Interface:" field and capturing on that + device. + If the attempt to capture on it succeeds, the interface is somehow + not being reported by the mechanism Wireshark uses to get a list + of interfaces; please report this to wireshark-dev@wireshark.org + giving full details of the problem, including + + * the operating system you're using, and the version of that + operating system (for Linux, give both the version number of + the kernel and the name and version number of the distribution + you're using); + * the type of network device you're using. If you are having trouble capturing on a particular network interface, and you've made sure that (on platforms that require - it) you've arranged that packet capture support is present, as - per the above, first try capturing on that device with tcpdump. + it) you've arranged that packet capture support is present, as per + the above, first try capturing on that device with tcpdump. If you can capture on the interface with tcpdump, send mail to - wireshark-users@wireshark.org giving full details of the - problem, including - * the operating system you're using, and the version of that - operating system (for Linux, give both the version number - of the kernel and the name and version number of the - distribution you're using); - * the type of network device you're using; - * the error message you get from Wireshark. + wireshark-users@wireshark.org giving full details of the problem, + including + + * the operating system you're using, and the version of that + operating system (for Linux, give both the version number of + the kernel and the name and version number of the distribution + you're using); + * the type of network device you're using; + * the error message you get from Wireshark. If you cannot capture on the interface with tcpdump, this is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the libpcap library; + + * the operating system you're using; + * the device driver for the interface you're using; + * the libpcap library; so you should report the problem to the company or organization - that produces the OS (in the case of a Linux distribution, - report the problem to whoever produces the distribution). - You may also want to ask the wireshark-users@wireshark.org and - the tcpdump-workers@lists.tcpdump.org mailing lists to see if - anybody happens to know about the problem and know a workaround - or fix for the problem. In your mail, please give full details - of the problem, as described above, and also indicate that the - problem occurs with tcpdump not just with Wireshark. + that produces the OS (in the case of a Linux distribution, report + the problem to whoever produces the distribution). + You may also want to ask the wireshark-users@wireshark.org and the + tcpdump-workers@lists.tcpdump.org mailing lists to see if anybody + happens to know about the problem and know a workaround or fix for + the problem. In your mail, please give full details of the + problem, as described above, and also indicate that the problem + occurs with tcpdump not just with Wireshark. Q 9.2: I'm running Wireshark on a UNIX-flavored OS; why do no network interfaces show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? - A: This is really the same question as the previous one; see - the response to that question. + A: This is really the same question as the previous one; see the + response to that question. - Q 9.3: I'm capturing packets on Linux; why do the time stamps - have only 100ms resolution, rather than 1us resolution? + Q 9.3: I'm capturing packets on Linux; why do the time stamps have + only 100ms resolution, rather than 1us resolution? A: Wireshark gets time stamps from libpcap/WinPcap, and libpcap/WinPcap get them from the OS kernel, so Wireshark - and - any other program using libpcap, such as tcpdump - is at the - mercy of the time stamping code in the OS for time stamps. - At least on x86-based machines, Linux can get high-resolution - time stamps on newer processors with the Time Stamp Counter - (TSC) register; for example, Intel x86 processors, starting - with the Pentium Pro, and including all x86 processors since - then, have had a TSC, and other vendors probably added the TSC - at some point to their families of x86 processors. The Linux - kernel must be configured with the CONFIG_X86_TSC option - enabled in order to use the TSC. Make sure this option is - enabled in your kernel. + any other program using libpcap, such as tcpdump - is at the mercy + of the time stamping code in the OS for time stamps. + At least on x86-based machines, Linux can get high-resolution time + stamps on newer processors with the Time Stamp Counter (TSC) + register; for example, Intel x86 processors, starting with the + Pentium Pro, and including all x86 processors since then, have had + a TSC, and other vendors probably added the TSC at some point to + their families of x86 processors. The Linux kernel must be + configured with the CONFIG_X86_TSC option enabled in order to use + the TSC. Make sure this option is enabled in your kernel. In addition, some Linux distributions may have bugs in their versions of the kernel that cause packets not to be given - high-resolution time stamps even if the TSC is enabled. See, - for example, bug 61111 for Red Hat Linux 7.2. If your - distribution has a bug such as this, you may have to run a - standard kernel from kernel.org in order to get high-resolution - time stamps. + high-resolution time stamps even if the TSC is enabled. See, for + example, bug 61111 for Red Hat Linux 7.2. If your distribution has + a bug such as this, you may have to run a standard kernel from + kernel.org in order to get high-resolution time stamps. 10. Capturing packets on wireless LANs Q 10.1: How can I capture raw 802.11 frames, including non-data (management, beacon) frames? - A: That depends on the operating system on which you're - running, and on the 802.11 interface on which you're capturing. - This would probably require that you capture in promiscuous - mode or in the mode called "monitor mode" or "RFMON mode". On - some platforms, or with some cards, this might require that you - capture in monitor mode - promiscuous mode might not be - sufficient. If you want to capture traffic on networks other - than the one with which you're associated, you will have to - capture in monitor mode. - Not all operating systems support capturing non-data packets - and, even on operating systems that do support it, not all - drivers, and thus not all interfaces, support it. Even on those - that do, monitor mode might not be supported by the operating - system or by the drivers for all interfaces. + A: That depends on the operating system on which you're running, + and on the 802.11 interface on which you're capturing. + This would probably require that you capture in promiscuous mode + or in the mode called "monitor mode" or "RFMON mode". On some + platforms, or with some cards, this might require that you capture + in monitor mode - promiscuous mode might not be sufficient. If you + want to capture traffic on networks other than the one with which + you're associated, you will have to capture in monitor mode. + Not all operating systems support capturing non-data packets and, + even on operating systems that do support it, not all drivers, and + thus not all interfaces, support it. Even on those that do, + monitor mode might not be supported by the operating system or by + the drivers for all interfaces. NOTE: an interface running in monitor mode will, on most if not - all platforms, not be able to act as a regular network - interface; putting it into monitor mode will, in effect, take - your machine off of whatever network it's on as long as the - interface is in monitor mode, allowing it only to passively - capture packets. - This means that you should disable name resolution when - capturing in monitor mode; otherwise, when Wireshark (or - TShark, or tcpdump) tries to display IP addresses as host - names, it will probably block for a long time trying to resolve - the name because it will not be able to communicate with any - DNS or NIS servers. + all platforms, not be able to act as a regular network interface; + putting it into monitor mode will, in effect, take your machine + off of whatever network it's on as long as the interface is in + monitor mode, allowing it only to passively capture packets. + This means that you should disable name resolution when capturing + in monitor mode; otherwise, when Wireshark (or TShark, or tcpdump) + tries to display IP addresses as host names, it will probably + block for a long time trying to resolve the name because it will + not be able to communicate with any DNS or NIS servers. See the Wireshark Wiki item on 802.11 capturing for details. Q 10.2: How do I capture on an 802.11 device in monitor mode? - A: Whether you will be able to capture in monitor mode depends - on the operating system, adapter, and driver you're using. See - the previous question for information on monitor mode, - including a link to the Wireshark Wiki page that gives details - on 802.11 capturing. + A: Whether you will be able to capture in monitor mode depends on + the operating system, adapter, and driver you're using. See the + previous question for information on monitor mode, including a + link to the Wireshark Wiki page that gives details on 802.11 + capturing. 11. Viewing traffic Q 11.1: Why am I seeing lots of packets with incorrect TCP checksums? - A: If the packets that have incorrect TCP checksums are all - being sent by the machine on which Wireshark is running, this - is probably because the network interface on which you're - capturing does TCP checksum offloading. That means that the TCP - checksum is added to the packet by the network interface, not - by the OS's TCP/IP stack; when capturing on an interface, - packets being sent by the host on which you're capturing are - directly handed to the capture interface by the OS, which means - that they are handed to the capture interface without a TCP - checksum being added to them. + A: If the packets that have incorrect TCP checksums are all being + sent by the machine on which Wireshark is running, this is + probably because the network interface on which you're capturing + does TCP checksum offloading. That means that the TCP checksum is + added to the packet by the network interface, not by the OS's + TCP/IP stack; when capturing on an interface, packets being sent + by the host on which you're capturing are directly handed to the + capture interface by the OS, which means that they are handed to + the capture interface without a TCP checksum being added to them. The only way to prevent this from happening would be to disable TCP checksum offloading, but - 1. that might not even be possible on some OSes; - 2. that could reduce networking performance significantly. - However, you can disable the check that Wireshark does of the - TCP checksum, so that it won't report any packets as having TCP - checksum errors, and so that it won't refuse to do TCP - reassembly due to a packet having an incorrect TCP checksum. - That can be set as an Wireshark preference by selecting - "Preferences" from the "Edit" menu, opening up the "Protocols" - list in the left-hand pane of the "Preferences" dialog box, - selecting "TCP", from that list, turning off the "Check the - validity of the TCP checksum when possible" option, clicking - "Save" if you want to save that setting in your preference - file, and clicking "OK". - It can also be set on the Wireshark or TShark command line with - a -o tcp.check_checksum:false command-line flag, or manually - set in your preferences file by adding a - tcp.check_checksum:false line. - - Q 11.2: I've just installed Wireshark, and the traffic on my - local LAN is boring. Where can I find more interesting - captures? - - A: We have a collection of strange and exotic sample capture - files at http://wiki.wireshark.org/SampleCaptures - - Q 11.3: Why doesn't Wireshark correctly identify RTP packets? - It shows them only as UDP. - - A: Wireshark can identify a UDP datagram as containing a packet - of a particular protocol running atop UDP only if - 1. The protocol in question has a particular standard port - number, and the UDP source or destination port number is - that port - 2. Packets of that protocol can be identified by looking for a - "signature" of some type in the packet - i.e., some data - that, if Wireshark finds it in some particular part of a - packet, means that the packet is almost certainly a packet - of that type. - 3. Some other traffic earlier in the capture indicated that, - for example, UDP traffic between two particular addresses - and ports will be RTP traffic. + 1. that might not even be possible on some OSes; + 2. that could reduce networking performance significantly. + + However, you can disable the check that Wireshark does of the TCP + checksum, so that it won't report any packets as having TCP + checksum errors, and so that it won't refuse to do TCP reassembly + due to a packet having an incorrect TCP checksum. That can be set + as an Wireshark preference by selecting "Preferences" from the + "Edit" menu, opening up the "Protocols" list in the left-hand pane + of the "Preferences" dialog box, selecting "TCP", from that list, + turning off the "Check the validity of the TCP checksum when + possible" option, clicking "Save" if you want to save that setting + in your preference file, and clicking "OK". + It can also be set on the Wireshark or TShark command line with a + -o tcp.check_checksum:false command-line flag, or manually set in + your preferences file by adding a tcp.check_checksum:false line. + + Q 11.2: I've just installed Wireshark, and the traffic on my local + LAN is boring. Where can I find more interesting captures? + + A: We have a collection of strange and exotic sample capture files + at http://wiki.wireshark.org/SampleCaptures + + Q 11.3: Why doesn't Wireshark correctly identify RTP packets? It + shows them only as UDP. + + A: Wireshark can identify a UDP datagram as containing a packet of + a particular protocol running atop UDP only if + + 1. The protocol in question has a particular standard port + number, and the UDP source or destination port number is that + port + 2. Packets of that protocol can be identified by looking for a + "signature" of some type in the packet - i.e., some data that, + if Wireshark finds it in some particular part of a packet, + means that the packet is almost certainly a packet of that + type. + 3. Some other traffic earlier in the capture indicated that, for + example, UDP traffic between two particular addresses and + ports will be RTP traffic. RTP doesn't have a standard port number, so 1) doesn't work; it doesn't, as far as I know, have any "signature", so 2) doesn't work. That leaves 3). If there's RTSP traffic that sets up an RTP - session, then, at least in some cases, the RTSP dissector will - set things up so that subsequent RTP traffic will be - identified. Currently, that's the only place we do that; there - may be other places. + session, then, at least in some cases, the RTSP dissector will set + things up so that subsequent RTP traffic will be identified. + Currently, that's the only place we do that; there may be other + places. However, there will always be places where Wireshark is simply incapable of deducing that a given UDP flow is RTP; a mechanism would be needed to allow the user to specify that a given conversation should be treated as RTP. As of Wireshark 0.8.16, such a mechanism exists; if you select a UDP or TCP packet, the right mouse button menu will have a "Decode As..." menu item, - which will pop up a dialog box letting you specify that the - source port, the destination port, or both the source and - destination ports of the packet should be dissected as some - particular protocol. + which will pop up a dialog box letting you specify that the source + port, the destination port, or both the source and destination + ports of the packet should be dissected as some particular + protocol. Q 11.4: Why doesn't Wireshark show Yahoo Messenger packets in captures that contain Yahoo Messenger traffic? - A: Wireshark only recognizes as Yahoo Messenger traffic packets - to or from TCP port 3050 that begin with "YPNS", "YHOO", or - "YMSG". TCP segments that start with the middle of a Yahoo - Messenger packet that takes more than one TCP segment will not - be recognized as Yahoo Messenger packets (even if the TCP - segment also contains the beginning of another Yahoo Messenger - packet). + A: Wireshark only recognizes as Yahoo Messenger traffic packets to + or from TCP port 3050 that begin with "YPNS", "YHOO", or "YMSG". + TCP segments that start with the middle of a Yahoo Messenger + packet that takes more than one TCP segment will not be recognized + as Yahoo Messenger packets (even if the TCP segment also contains + the beginning of another Yahoo Messenger packet). 12. Filtering traffic - Q 12.1: I saved a filter and tried to use its name to filter - the display; why do I get an "Unexpected end of filter string" - error? - - A: You cannot use the name of a saved display filter as a - filter. To filter the display, you can enter a display filter - expression - not the name of a saved display filter - in the - "Filter:" box at the bottom of the display, and type the key or - press the "Apply" button (that does not require you to have a - saved filter), or, if you want to use a saved filter, you can - press the "Filter:" button, select the filter in the dialog box - that pops up, and press the "OK" button. + Q 12.1: I saved a filter and tried to use its name to filter the + display; why do I get an "Unexpected end of filter string" error? + + A: You cannot use the name of a saved display filter as a filter. + To filter the display, you can enter a display filter expression - + not the name of a saved display filter - in the "Filter:" box at + the bottom of the display, and type the key or press the "Apply" + button (that does not require you to have a saved filter), or, if + you want to use a saved filter, you can press the "Filter:" + button, select the filter in the dialog box that pops up, and + press the "OK" button. Q 12.2: How can I search for, or filter, packets that have a particular string anywhere in them? A: If you want to do this when capturing, you can't. That's a - feature that would be hard to implement in capture filters - without changes to the capture filter code, which, on many - platforms, is in the OS kernel and, on other platforms, is in - the libpcap library. + feature that would be hard to implement in capture filters without + changes to the capture filter code, which, on many platforms, is + in the OS kernel and, on other platforms, is in the libpcap + library. After capture, you can search for text by selecting Edit→Find - Packet... and making sure String is selected. Alternately, you - can use the "contains" display filter operator or "matches" - operator if it's supported on your system. + Packet... and making sure String is selected. Alternately, you can + use the "contains" display filter operator or "matches" operator + if it's supported on your system. Q 12.3: How do I filter a capture to see traffic for virus XXX? A: For some viruses/worms there might be a capture filter to - recognize the virus traffic. Check the CaptureFilters page on - the Wireshark Wiki to see if anybody's added such a filter. - Note that Wireshark was not designed to be an intrusion - detection system; you might be able to use it as an IDS, but in - most cases software designed to be an IDS, such as Snort or - Prelude, will probably work better. + recognize the virus traffic. Check the CaptureFilters page on the + Wireshark Wiki to see if anybody's added such a filter. + Note that Wireshark was not designed to be an intrusion detection + system; you might be able to use it as an IDS, but in most cases + software designed to be an IDS, such as Snort or Prelude, will + probably work better. The Bleeding Edge of Snort has a collection of signatures for Snort to detect various viruses, worms, and the like.

@@ -2,7 +2,7 @@ # # Copyright 2004 Jörg Mayer (see AUTHORS file) # -# $Id: make-version.pl 53007 2013-10-31 19:22:04Z gerald $ +# $Id: make-version.pl 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -75,7 +75,7 @@ my %version_pref = ( "version_major" => 1, "version_minor" => 8, - "version_micro" => 11, + "version_micro" => 12, "version_build" => 0, "enable" => 1,

@@ -4,7 +4,7 @@ # # /etc/manuf - Ethernet vendor codes, and well-known MAC addresses # -# $Id: manuf 52892 2013-10-27 14:35:00Z gerald $ +# $Id: manuf 54119 2013-12-15 15:34:53Z gerald $ # # Laurent Deniel <laurent.deniel [AT] free.fr> # @@ -136,7 +136,7 @@ 00:00:51 HobElect # HOB ELECTRONIC GMBH & CO. KG 00:00:52 Intrusio # Intrusion.com, Inc. 00:00:53 Compucor # COMPUCORP -00:00:54 Modicon # MODICON, INC. +00:00:54 Schniede # Schnieder Electric 00:00:55 AT&T 00:00:56 DrBStruc # DR. B. STRUCK 00:00:57 Scitex # SCITEX CORPORATION LTD. @@ -146,7 +146,7 @@ 00:00:5B EltecEle # ELTEC ELEKTRONIK AG 00:00:5C Telemati # TELEMATICS INTERNATIONAL INC. 00:00:5D CsTeleco # CS TELECOM -00:00:5E UscInfor # USC INFORMATION SCIENCES INST +00:00:5E IcannIan # ICANN, IANA Department 00:00:5F Sumitomo # SUMITOMO ELECTRIC IND., LTD. 00:00:60 KontronE # KONTRON ELEKTRONIK GMBH 00:00:61 GatewayC # GATEWAY COMMUNICATIONS @@ -1570,7 +1570,7 @@ 00:05:EB BlueRidg # Blue Ridge Networks, Inc. 00:05:EC Mosaic # Mosaic Systems Inc. 00:05:ED Techniku # Technikum Joanneum GmbH -00:05:EE BewatorG # BEWATOR Group +00:05:EE SiemensI # Siemens AB, Infrastructure & Cities, Building Technologies Division, IC BT SSP SP BA PR 00:05:EF AdoirDig # ADOIR Digital Technology 00:05:F0 Satec 00:05:F1 Vrcom # Vrcom, Inc. @@ -2055,7 +2055,7 @@ 00:07:D0 AutomatE # Automat Engenharia de Automação Ltda. 00:07:D1 Spectrum # Spectrum Signal Processing Inc. 00:07:D2 LogopakS # Logopak Systeme GmbH & Co. KG -00:07:D3 StorkPri # Stork Prints B.V. +00:07:D3 Spgprint # SPGPrints B.V. 00:07:D4 Zhejiang # Zhejiang Yutong Network Communication Co Ltd. 00:07:D5 3eTechno # 3e Technologies Int;., Inc. 00:07:D6 Commil # Commil Ltd. @@ -5536,7 +5536,7 @@ 00:15:85 Aonvisio # Aonvision Technolopy Corp. 00:15:86 XiamenOv # Xiamen Overseas Chinese Electronic Co., Ltd. 00:15:87 Takenaka # Takenaka Seisakusho Co.,Ltd -00:15:88 BaldaSol # Balda Solution Malaysia Sdn Bhd +00:15:88 Salutica # Salutica Allied Solutions Sdn Bhd 00:15:89 D-MaxTec # D-MAX Technology Co.,Ltd 00:15:8A SurecomT # SURECOM Technology Corp. 00:15:8B ParkAir # Park Air Systems Ltd @@ -6912,7 +6912,7 @@ 00:1A:E5 MvoxTech # Mvox Technologies Inc. 00:1A:E6 AtlantaA # Atlanta Advanced Communications Holdings Limited 00:1A:E7 AztekNet # Aztek Networks, Inc. -00:1A:E8 SiemensE # Siemens Enterprise Communications GmbH & Co. KG +00:1A:E8 UnifyAnd # Unify GmbH and Co KG 00:1A:E9 Nintendo # Nintendo Co., Ltd. 00:1A:EA RadioTer # Radio Terminal Systems Pty Ltd 00:1A:EB AlliedTe # Allied Telesis K.K. @@ -7909,7 +7909,7 @@ 00:1E:CA 2wire # 2Wire, Inc. 00:1E:CB 2wire # 2Wire, Inc. 00:1E:CC 2wire # 2Wire, Inc. -00:1E:CD 2wire # 2Wire, Inc. +00:1E:CD KylandTe # KYLAND Technology Co. LTD 00:1E:CE 2wire # 2Wire, Inc. 00:1E:CF 2wire # 2Wire, Inc. 00:1E:D0 2wire # 2Wire, Inc. @@ -9049,7 +9049,7 @@ 00:23:3E Alcatel- # Alcatel-Lucent-IPD 00:23:3F Purechoi # Purechoice Inc 00:23:40 MixTelem # MiX Telematics -00:23:41 SiemensI # Siemens AG, Infrastructure & Cities Sector, Building Technologies Division +00:23:41 SiemensI # Siemens AB, Infrastructure & Cities, Building Technologies Division, IC BT SSP SP BA PR 00:23:42 CoffeeEq # Coffee Equipment Company 00:23:43 Tem # TEM AG 00:23:44 Objectiv # Objective Interface Systems, Inc. @@ -9676,7 +9676,7 @@ 00:25:B6 TelecomF # Telecom FM 00:25:B7 CostarEl # Costar electronics, inc., 00:25:B8 AgileCom # Agile Communications, Inc. -00:25:B9 Agilink # Agilink Systems Corp. +00:25:B9 CypressS # Cypress Solutions Inc 00:25:BA Alcatel- # Alcatel-Lucent IPD 00:25:BB Innerint # INNERINT Co., Ltd. 00:25:BC Apple @@ -10413,7 +10413,7 @@ 00:40:63 ViaTechn # VIA TECHNOLOGIES, INC. 00:40:64 KlaInstr # KLA INSTRUMENTS CORPORATION 00:40:65 GteSpace # GTE SPACENET -00:40:66 HitachiC # HITACHI CABLE, LTD. +00:40:66 HitachiM # Hitachi Metals, Ltd 00:40:67 Omnibyte # OMNIBYTE CORPORATION 00:40:68 Extended # EXTENDED SYSTEMS 00:40:69 Lemcom # LEMCOM SYSTEMS, INC. @@ -15048,7 +15048,7 @@ 00:60:A1 Vpnet # VPNet, Inc. 00:60:A2 NihonUni # NIHON UNISYS LIMITED CO. 00:60:A3 Continuu # CONTINUUM TECHNOLOGY CORP. -00:60:A4 Grinaker # GRINAKER SYSTEM TECHNOLOGIES +00:60:A4 GewTechn # GEW Technologies (PTY)Ltd 00:60:A5 Performa # PERFORMANCE TELECOM CORP. 00:60:A6 Particle # PARTICLE MEASURING SYSTEMS 00:60:A7 Microsen # MICROSENS GmbH & CO. KG @@ -15412,6 +15412,7 @@ 00:80:FF SocDeTel # SOC. DE TELEINFORMATIQUE RTC 00:86:A0 Private 00:88:65 Apple +00:8B:43 Rftech 00:8C:10 BlackBox # Black Box Corp. 00:8C:54 AdbBroad # ADB Broadband Italia 00:8C:FA Inventec # Inventec Corporation @@ -16799,6 +16800,7 @@ 00:E6:D3 NixdorfC # NIXDORF COMPUTER CORP. 00:E8:AB MeggittT # Meggitt Training Systems, Inc. 00:EB:2D SonyMobi # Sony Mobile Communications AB +00:EE:BD Htc # HTC Corporation 00:F0:51 Kwb # KWB Gmbh 00:F4:03 OrbisOy # Orbis Systems Oy 00:F4:B9 Apple @@ -16905,6 +16907,7 @@ 04:D7:83 Y&HE&C # Y&H E&C Co.,LTD. 04:DA:D2 Cisco 04:DB:56 Apple # Apple, Inc. +04:DB:8A SuntechI # Suntech International Ltd. 04:DD:4C Velocyte # Velocytech 04:DF:69 CarConne # Car Connectivity Consortium 04:E0:C4 Triumph- # TRIUMPH-ADLER AG @@ -16917,6 +16920,7 @@ 04:E9:E5 PjrcComL # PJRC.COM, LLC 04:EE:91 X-Fabric # x-fabric GmbH 04:F0:21 CompexPt # Compex Systems Pte Ltd +04:F1:3E Apple 04:F1:7D TaranaWi # Tarana Wireless 04:F4:BC XenaNetw # Xena Networks 04:F7:E4 Apple @@ -17097,19 +17101,23 @@ 08:3A:B8 ShinodaP # Shinoda Plasma Co., Ltd. 08:3E:0C ArrisGro # ARRIS Group, Inc. 08:3E:8E HonHaiPr # Hon Hai Precision Ind.Co.Ltd +08:3F:3E Wsh # WSH GmbH 08:3F:76 Intellia # Intellian Technologies, Inc. 08:40:27 Gridstor # Gridstore Inc. 08:48:2C RaycoreT # Raycore Taiwan Co., LTD. +08:49:29 Cybati 08:4E:1C H2aLlc # H2A Systems, LLC 08:4E:BF BroadNet # Broad Net Mux Corporation 08:51:2E OrionDia # Orion Diagnostica Oy 08:52:40 EbvElekt # EbV Elektronikbau- und Vertriebs GmbH +08:57:00 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. 08:5A:E0 Recovisi # Recovision Technology Co., Ltd. 08:5B:0E Fortinet # Fortinet, Inc. 08:60:6E AsustekC # ASUSTek COMPUTER INC. 08:63:61 HuaweiTe # Huawei Technologies Co., Ltd 08:68:D0 JapanSys # Japan System Design 08:68:EA EitoElec # EITO ELECTRONICS CO., LTD. +08:6D:F2 Shenzhen # Shenzhen MIMOWAVE Technology Co.,Ltd 08:70:45 Apple 08:75:72 ObeluxOy # Obelux Oy 08:76:18 VieTechn # ViE Technologies Sdn. Bhd. @@ -17186,6 +17194,7 @@ 0C:47:3D HitronTe # Hitron Technologies. Inc 0C:4C:39 Mitrasta # Mitrastar Technology 0C:4D:E9 Apple +0C:4F:5A Asa-RtSR # ASA-RT s.r.l. 0C:51:F7 ChauvinA # CHAUVIN ARNOUX 0C:54:A5 Pegatron # PEGATRON CORPORATION 0C:55:21 Axiros # Axiros GmbH @@ -17253,6 +17262,7 @@ 0C:DC:CC InalaTec # Inala Technologies 0C:DD:EF Nokia # Nokia Corporation 0C:DF:A4 SamsungE # Samsung Electronics Co.,Ltd +0C:E0:E4 Plantron # Plantronics, Inc 0C:E5:D3 DhElectr # DH electronics GmbH 0C:E7:09 FoxCrypt # Fox Crypto B.V. 0C:E8:2F Bonfigli # Bonfiglioli Vectron GmbH @@ -17359,6 +17369,7 @@ 10:D5:42 SamsungE # Samsung Electronics Co.,Ltd 10:DD:B1 Apple 10:DD:F4 MaxwayEl # Maxway Electronics CO.,LTD +10:DE:E4 Automati # automationNEXT GmbH 10:E2:D5 QiHardwa # Qi Hardware Inc. 10:E3:C7 SeohwaTe # Seohwa Telecom 10:E4:AF AprLlc # APR, LLC @@ -17429,6 +17440,8 @@ 14:B1:26 Industri # Industrial Software Co 14:B1:C8 Infiniwi # InfiniWing, Inc. 14:B7:3D ArcheanT # ARCHEAN Technologies +14:B9:68 HuaweiTe # Huawei Technologies Co., Ltd +14:C0:89 DuneHd # DUNE HD LTD 14:C2:1D SabtechI # Sabtech Industries 14:CC:20 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD 14:CF:8D OhsungEl # OHSUNG ELECTRONICS CO., LTD. @@ -17469,6 +17482,7 @@ 18:1E:B0 SamsungE # Samsung Electronics Co.,Ltd 18:20:12 AztechAs # Aztech Associates Inc. 18:20:32 Apple +18:20:A6 Sage # Sage Co., Ltd. 18:26:66 SamsungE # Samsung Electronics Co.,Ltd 18:28:61 AirtiesW # AirTies Wireless Networks 18:2A:7B Nintendo # Nintendo Co., Ltd. @@ -17562,6 +17576,7 @@ 1C:17:D3 Cisco # CISCO SYSTEMS, INC. 1C:18:4A Shenzhen # ShenZhen RicherLink Technologies Co.,LTD 1C:19:DE Eyevis # eyevis GmbH +1C:1B:68 ArrisGro # ARRIS Group, Inc. 1C:1D:67 Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 1C:1D:86 Cisco 1C:33:4D ItsTelec # ITS Telecom @@ -17635,17 +17650,21 @@ 1C:E2:CC TexasIns # Texas Instruments 1C:E6:2B Apple 1C:E6:C7 Cisco +1C:EE:E8 IlshinEl # Ilshin Elecom 1C:F0:61 Scaps # SCAPS GmbH 1C:F4:CA Private 1C:F5:E7 TurtleIn # Turtle Industry Co., Ltd. 1C:FA:68 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. +1C:FC:BB Realfict # Realfiction ApS 1C:FE:A7 Identyte # IDentytech Solutins Ltd. 20:01:4F LineaRes # Linea Research Ltd 20:02:AF MurataMa # Murata Manufactuaring Co.,Ltd. 20:05:05 RadmaxCo # RADMAX COMMUNICATION PRIVATE LIMITED 20:05:E8 OooInpro # OOO InProMedia +20:08:ED HuaweiTe # Huawei Technologies Co., Ltd 20:0A:5E Xiangsha # Xiangshan Giant Eagle Technology Developing co.,LTD 20:0B:C7 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD +20:0C:C8 Netgear # NETGEAR INC., 20:0E:95 Iec–Tc9W # IEC – TC9 WG43 20:10:7A GemtekTe # Gemtek Technology Co., Ltd. 20:12:57 MostLuck # Most Lucky Trading Ltd @@ -17722,6 +17741,7 @@ 20:E5:2A Netgear # NETGEAR INC., 20:E5:64 ArrisGro # ARRIS Group, Inc. 20:E7:91 SiemensH # Siemens Healthcare Diagnostics, Inc +20:EA:C7 Shenzhen # SHENZHEN RIOPINE ELECTRONICS CO., LTD 20:EE:C6 Elefirst # Elefirst Science & Tech Co ., ltd 20:F0:02 MtdataDe # MTData Developments Pty. Ltd. 20:F3:A3 HuaweiTe # Huawei Technologies Co., Ltd @@ -17738,11 +17758,13 @@ 24:0B:B1 KostalIn # KOSTAL Industrie Elektrik GmbH 24:10:64 Shenzhen # Shenzhen Ecsino Tecnical Co. Ltd 24:11:25 Hutek # Hutek Co., Ltd. +24:11:48 Entropix # Entropix, LLC 24:11:D0 Chongqin # Chongqing Ehs Science and Technology Development Co.,Ltd. 24:1A:8C Squarehe # Squarehead Technology AS 24:1B:13 Shanghai # Shanghai Nutshell Electronic Co., Ltd. 24:1F:2C Calsys # Calsys, Inc. 24:21:AB SonyEric # Sony Ericsson Mobile Communications +24:26:42 Sharp # SHARP Corporation. 24:2F:FA ToshibaG # Toshiba Global Commerce Solutions 24:37:4C CiscoSpv # Cisco SPVTG 24:37:EF EmcElect # EMC Electronic Media Communication SA @@ -17825,6 +17847,7 @@ 28:17:CE Omnisens # Omnisense Ltd 28:18:78 Microsof # Microsoft Corporation 28:18:FD AdityaIn # Aditya Infotech Ltd. +28:22:46 BeijingS # Beijing Sinoix Communication Co., LTD 28:26:A6 PbrElect # PBR electronics GmbH 28:28:5D ZyxelCom # ZyXEL Communications Corporation 28:29:D9 Globalbe # GlobalBeiMing technology (Beijing)Co. Ltd @@ -17848,6 +17871,8 @@ 28:5F:DB Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 28:60:46 LantechC # Lantech Communications Global, Inc. 28:60:94 Capelec +28:63:36 Siemens- # Siemens AG - Industrial Automation - EWA +28:65:6B Keystone # Keystone Microtech Corporation 28:6A:B8 Apple 28:6A:BA Apple 28:6D:97 Samjin # SAMJIN Co., Ltd. @@ -17866,6 +17891,7 @@ 28:94:AF SamhwaTe # Samhwa Telecom 28:98:7B SamsungE # Samsung Electronics Co.,Ltd 28:9A:4B Steelser # SteelSeries ApS +28:9A:FA TctMobil # TCT Mobile Limited 28:9E:DF DanfossT # Danfoss Turbocor Compressors, Inc 28:A1:86 Enblink 28:A1:92 GerpSolu # GERP Solution @@ -17878,11 +17904,13 @@ 28:B3:AB GenmarkA # Genmark Automation 28:BA:18 NextnavL # NextNav, LLC 28:BA:B5 SamsungE # Samsung Electronics Co.,Ltd +28:BB:59 RnetTech # RNET Technologies, Inc. 28:BE:9B Technico # Technicolor USA Inc. 28:C0:DA JuniperN # Juniper Networks 28:C6:71 YotaDevi # Yota Devices OY 28:C6:8E Netgear # NETGEAR INC., 28:C7:18 Altierre +28:C8:25 Dellking # DellKing Industrial Co., Ltd 28:C9:14 Taimag # Taimag Corporation 28:CB:EB One 28:CC:01 SamsungE # Samsung Electronics Co.,Ltd @@ -17898,6 +17926,7 @@ 28:D9:3E Telecor # Telecor Inc. 28:D9:97 YuduanMo # Yuduan Mobile Co., Ltd. 28:DB:81 Shanghai # Shanghai Guao Electronic Technology Co., Ltd +28:DE:F6 Biomerie # bioMerieux Inc. 28:E0:2C Apple 28:E1:4C Apple # Apple, Inc. 28:E2:97 Shanghai # Shanghai InfoTM Microelectronics Co.,Ltd. @@ -17916,6 +17945,7 @@ 2C:00:33 Econtrol # EControls, LLC 2C:00:F7 Xos 2C:06:23 WinLeade # Win Leader Inc. +2C:07:3C Devline # DEVLINE LIMITED 2C:10:C1 Nintendo # Nintendo Co., Ltd. 2C:18:AE TrendEle # Trend Electronics Co., Ltd. 2C:19:84 IdnTelec # IDN Telecom, Inc. @@ -17941,6 +17971,7 @@ 2C:44:01 SamsungE # Samsung Electronics Co.,Ltd 2C:44:1B Spectrum # Spectrum Medical Limited 2C:44:FD HewlettP # Hewlett Packard +2C:53:4A Shenzhen # Shenzhen Winyao Electronic Limited 2C:54:2D Cisco # CISCO SYSTEMS, INC. 2C:55:3C Gainspee # Gainspeed, Inc. 2C:59:E5 HewlettP # Hewlett Packard @@ -17966,6 +17997,7 @@ 2C:91:27 Eintechn # Eintechno Corporation 2C:92:2C KishuGik # Kishu Giken Kogyou Company Ltd,. 2C:94:64 Cincoze # Cincoze Co., Ltd. +2C:95:7F Zte # zte corporation 2C:97:17 ICYBV # I.C.Y. B.V. 2C:9E:5F ArrisGro # ARRIS Group, Inc. 2C:9E:FC Canon # CANON INC. @@ -18054,11 +18086,13 @@ 30:90:AB Apple 30:92:F6 Shanghai # SHANGHAI SUNMON COMMUNICATION TECHNOGY CO.,LTD 30:9B:AD BbkElect # BBK Electronics Corp., Ltd., +30:A8:DB SonyMobi # Sony Mobile Communications AB 30:AA:BD Shanghai # Shanghai Reallytek Information Technology Co.,Ltd 30:AE:7B DeqingDu # Deqing Dusun Electron CO., LTD 30:AE:F6 RadioMob # Radio Mobile Access 30:B2:16 HytecGer # Hytec Geraetebau GmbH 30:B3:A2 Shenzhen # Shenzhen Heguang Measurement & Control Technology Co.,Ltd +30:B5:C2 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. 30:C8:2A Wi-NextS # Wi-Next s.r.l. 30:CD:A7 SamsungE # Samsung Electronics ITS, Printer division 30:D3:57 Logosol # Logosol, Inc. @@ -18071,6 +18105,7 @@ 30:EF:D1 AlstomSt # Alstom Strongwish (Shenzhen) Co., Ltd. 30:F3:1D Zte # zte corporation 30:F3:3A +PluggSr # +plugg srl +30:F4:2F Esp 30:F7:0D Cisco # Cisco Systems 30:F7:C5 Apple 30:F9:ED Sony # Sony Corporation @@ -18080,6 +18115,7 @@ 34:13:A8 Mediplan # Mediplan Limited 34:13:E8 IntelCor # Intel Corporate 34:15:9E Apple +34:17:EB DellPcba # Dell Inc PCBA Test 34:1A:4C Shenzhen # SHENZHEN WEIBU ELECTRONICS CO.,LTD. 34:1B:22 Grandbei # Grandbeing Technology Co., Ltd 34:21:09 JensenSc # Jensen Scandinavia AS @@ -18090,9 +18126,11 @@ 34:2F:6E Anywire # Anywire corporation 34:31:11 SamsungE # Samsung Electronics Co.,Ltd 34:40:B5 Ibm +34:46:6F HitemEng # HiTEM Engineering 34:4B:3D Fiberhom # Fiberhome Telecommunication Tech.Co.,Ltd. 34:4B:50 Zte # ZTE Corporation 34:4F:3F Io-Power # IO-Power Technology Co., Ltd. +34:4F:5C R&Amp;M # R&M AG 34:4F:69 EkinopsS # EKINOPS SAS 34:51:C9 Apple 34:5B:11 EviHeat # EVI HEAT AB @@ -18157,6 +18195,8 @@ 34:D2:C4 RenaPrin # RENA GmbH Print Systeme 34:D7:B4 Tributar # Tributary Systems, Inc. 34:DB:FD Cisco +34:DE:1A IntelCor # Intel Corporate +34:DE:34 Zte # zte corporation 34:DF:2A FujikonI # Fujikon Industrial Co.,Limited 34:E0:CF Zte # zte corporation 34:E0:D7 Dongguan # DONGGUAN QISHENG ELECTRONICS INDUSTRIAL CO., LTD @@ -18203,6 +18243,7 @@ 38:66:45 OosicTec # OOSIC Technology CO.,Ltd 38:67:93 AsiaOpti # Asia Optical Co., Inc. 38:6B:BB ArrisGro # ARRIS Group, Inc. +38:6C:9B IvyBiome # Ivy Biomedical 38:6E:21 WasionGr # Wasion Group Ltd. 38:72:C0 Comtrend 38:7B:47 Akela # AKELA, Inc. @@ -18243,7 +18284,9 @@ 38:EC:11 NovatekM # Novatek Microelectronics Corp. 38:EC:E4 SamsungE # Samsung Electronics 38:EE:9D Anedo # Anedo Ltd. +38:F0:98 VaporSto # Vapor Stone Rail Systems 38:F5:97 Home2net # home2net GmbH +38:F7:08 National # National Resource Management, Inc. 38:F8:B7 V2comPar # V2COM PARTICIPACOES S.A. 38:FE:C5 EllipsBV # Ellips B.V. 3C:00:00 3Com @@ -18253,7 +18296,9 @@ 3C:07:54 Apple 3C:07:71 Sony # Sony Corporation 3C:08:1E BeijingY # Beijing Yupont Electric Power Technology Co.,Ltd +3C:08:F6 Cisco 3C:09:6D Powerhou # Powerhouse Dynamics +3C:0C:48 Servergy # Servergy, Inc. 3C:0E:23 Cisco 3C:0F:C1 KbcNetwo # KBC Networks 3C:10:40 DaesungN # daesung network @@ -18300,6 +18345,7 @@ 3C:81:D8 Sagemcom # SAGEMCOM SAS 3C:83:B5 AdvanceV # Advance Vision Electronics Co. Ltd. 3C:86:A8 Sangshin # Sangshin elecom .co,, LTD +3C:89:A6 Kapelse 3C:8A:B0 JuniperN # Juniper Networks 3C:8A:E5 TensunIn # Tensun Information Technology(Hangzhou) Co.,LTD 3C:8B:FE SamsungE # Samsung Electronics @@ -18332,6 +18378,7 @@ 3C:D7:DA SkMtekMi # SK Mtek microelectronics(shenzhen)limited 3C:D9:2B Hewlett- # Hewlett-Packard Company 3C:DF:1E Cisco # CISCO SYSTEMS, INC. +3C:DF:BD HuaweiTe # Huawei Technologies Co., Ltd 3C:E0:72 Apple 3C:E5:A6 Hangzhou # Hangzhou H3C Technologies Co., Ltd. 3C:E5:B4 KidasenI # KIDASEN INDUSTRIA E COMERCIO DE ANTENAS LTDA @@ -18392,6 +18439,7 @@ 40:70:4A PowerIde # Power Idea Technology Limited 40:70:74 LifeTech # Life Technology (China) Co., Ltd 40:74:96 AfunTech # aFUN TECHNOLOGY INC. +40:78:75 Imbel-In # IMBEL - Industria de Material Belico do Brasil 40:7A:80 Nokia # Nokia Corporation 40:7B:1B MettleNe # Mettle Networks Inc. 40:83:DE Motorola @@ -18408,6 +18456,7 @@ 40:9F:C7 Baekchun # BAEKCHUN I&C Co., Ltd. 40:A6:A4 Passivsy # PassivSystems Ltd 40:A6:D9 Apple +40:A8:F0 HewlettP # Hewlett Packard 40:AC:8D DataMana # Data Management, Inc. 40:B0:FA LgElectr # LG Electronics 40:B2:C8 NortelNe # Nortel Networks @@ -18841,6 +18890,62 @@ 40:D8:55:19:C0:00/36 ParrisSe # Parris Service Corporation 40:D8:55:19:D0:00/36 Emac # EMAC, Inc. 40:D8:55:19:E0:00/36 Thirdway # Thirdwayv Inc. +40:D8:55:19:F0:00/36 PatriaAv # Patria Aviation Oy +40:D8:55:1A:00:00/36 Futaba # Futaba Corporation +40:D8:55:1A:10:00/36 Kronotec # KRONOTECH SRL +40:D8:55:1A:20:00/36 Hipodrom # HIPODROMO DE AGUA CALIENTE, S.A. DE C.V. +40:D8:55:1A:30:00/36 Noritake # Noritake Itron Corporation +40:D8:55:1A:40:00/36 Cibite # cibite AG +40:D8:55:1A:50:00/36 Demopad +40:D8:55:1A:60:00/36 Rb-LinkW # RB-LINK Wireless +40:D8:55:1A:70:00/36 EntecEle # ENTEC Electric & Electronic CO., LTD +40:D8:55:1A:80:00/36 Multiobr # Multiobrabotka +40:D8:55:1A:90:00/36 LubinoSR # Lubino s.r.o. +40:D8:55:1A:A0:00/36 Broachli # Broachlink Technology Co.,Limited +40:D8:55:1A:B0:00/36 Rosslare # Rosslare Enterprises Limited +40:D8:55:1A:C0:00/36 Elan # ELAN SYSTEMS +40:D8:55:1A:D0:00/36 WicherDi # WICHER DIGITAL TECHNIK +40:D8:55:1A:E0:00/36 Autonomo # Autonomous Solutions, Inc +40:D8:55:1A:F0:00/36 Vigitron # Vigitron Inc. +40:D8:55:1B:00:00/36 Shin-EiE # Shin-ei Electronic Measuring Co.,Ltd. +40:D8:55:1B:10:00/36 Logos01S # Logos 01 S.r.l. +40:D8:55:1B:20:00/36 AgeAGilg # AGE A. Gilg Elektronik +40:D8:55:1B:30:00/36 BettiniS # BETTINI SRL +40:D8:55:1B:40:00/36 InforceC # Inforce Computing Inc. +40:D8:55:1B:50:00/36 A+EcKlei # A+EC Klein Ingenieurbuero +40:D8:55:1B:60:00/36 Magic # Magic Systems +40:D8:55:1B:70:00/36 TewsElek # TEWS Elektronik GmbH & Co. KG +40:D8:55:1B:80:00/36 Orion # Orion Systems, Inc +40:D8:55:1B:90:00/36 BekingIn # Beking Industrieele automatisering +40:D8:55:1B:A0:00/36 Creative # Creative Lighting And Sound Systems Pty Ltd +40:D8:55:1B:B0:00/36 Micromeg # Micromega Dynamics SA +40:D8:55:1B:C0:00/36 Kbdevice # KbDevice,Inc. +40:D8:55:1B:D0:00/36 HoribaAb # HORIBA ABX +40:D8:55:1B:E0:00/36 PeekTraf # PEEK TRAFFIC +40:D8:55:1B:F0:00/36 Shanghai # shanghai mingding information tech co.Ltd +40:D8:55:1C:00:00/36 NpbAutom # NPB Automation AB +40:D8:55:1C:10:00/36 TriamecM # Triamec Motion AG +40:D8:55:1C:20:00/36 DigitalD # Digital Display Systems +40:D8:55:1C:30:00/36 CornfedL # Cornfed Systems LLC +40:D8:55:1C:40:00/36 QedAdvan # QED Advanced Systems Limited +40:D8:55:1C:60:00/36 DeviceSo # Device Solutions Ltd +40:D8:55:1C:70:00/36 Wexiödis # Wexiödisk AB +40:D8:55:1C:80:00/36 SensataT # Sensata Technologies +40:D8:55:1C:90:00/36 Andy-L # Andy-L Ltd. +40:D8:55:1C:A0:00/36 RigelEng # Rigel Engineering +40:D8:55:1C:B0:00/36 MgSRL # MG S.r.l. +40:D8:55:1C:D0:00/36 YxlonInt # YXLON International A/S +40:D8:55:1C:E0:00/36 PeterHub # Peter Huber +40:D8:55:1C:F0:00/36 OmnikNew # Omnik New Energy Co., Ltd +40:D8:55:1D:00:00/36 WebeasyB # Webeasy BV +40:D8:55:1D:10:00/36 FounderB # Founder Broadband Network Service Co.,Ltd. +40:D8:55:1D:20:00/36 Inventla # InventLab s.c. +40:D8:55:1D:30:00/36 KalugaTe # Kaluga Teletypes Manufacturing Plant +40:D8:55:1D:40:00/36 PrismaEn # Prisma Engineering srl +40:D8:55:1D:50:00/36 Fst21 # FST21 Ltd. +40:D8:55:1D:60:00/36 EmsCompu # EMS Computers Pty Ltd +40:D8:55:1D:70:00/36 Wheatsto # Wheatstone Corporation +40:D8:55:1D:80:00/36 OwlCompu # Owl Computing Technologies, Inc. 40:E7:30 DeyStora # DEY Storage Systems, Inc. 40:E7:93 Shenzhen # Shenzhen Siviton Technology Co.,Ltd 40:EC:F8 Siemens # Siemens AG @@ -18879,6 +18984,7 @@ 44:3E:B2 Deotron # DEOTRON Co., LTD. 44:45:53 Microsoft 44:46:49 DfiDiamo # DFI (Diamond Flower Industries) +44:48:91 HdmiLice # HDMI Licensing, LLC 44:4A:65 Silverfl # Silverflare Ltd. 44:4C:0C Apple 44:4E:1A SamsungE # Samsung Electronics Co.,Ltd @@ -18901,6 +19007,7 @@ 44:7B:C4 Dualshin # DualShine Technology(SZ)Co.,Ltd 44:7C:7F Innoligh # Innolight Technology Corporation 44:7D:A5 VtionInf # VTION INFORMATION TECHNOLOGY (FUJIAN) CO.,LTD +44:7E:76 TrekTech # Trek Technology (S) Pte Ltd 44:7E:95 AlphaAnd # Alpha and Omega, Inc 44:83:12 Star-Net 44:85:00 IntelCor # Intel Corporate @@ -18924,6 +19031,7 @@ 44:B3:82 Kuang-Ch # Kuang-chi Institute of Advanced Technology 44:C1:5C TexasIns # Texas Instruments 44:C2:33 Guangzho # Guangzhou Comet Technology Development Co.Ltd +44:C3:06 Sifrom # SIFROM Inc. 44:C3:9B OooRubez # OOO RUBEZH NPO 44:C4:A9 OpticomC # Opticom Communication, LLC 44:C5:6F NgnEasyS # NGN Easy Satfinder (Tianjin) Electronic Co., Ltd @@ -18951,6 +19059,7 @@ 48:12:49 LuxcomTe # Luxcom Technologies Inc. 48:13:F3 BbkElect # BBK Electronics Corp., Ltd. 48:17:4C Micropow # MicroPower technologies +48:18:42 Shanghai # Shanghai Winaas Co. Equipment Co. Ltd. 48:1B:D2 IntronSc # Intron Scientific co., ltd. 48:28:2F Zte # ZTE Corporation 48:2C:EA Motorola # Motorola Inc Business Light Radios @@ -18966,6 +19075,7 @@ 48:52:61 Soreel 48:54:E8 Winbond? 48:5A:3F Wisol +48:5A:B6 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 48:5B:39 AsustekC # ASUSTek COMPUTER INC. 48:5D:60 Azurewav # Azurewave Technologies, Inc. 48:60:BC Apple @@ -18974,6 +19084,8 @@ 48:6E:73 Pica8 # Pica8, Inc. 48:6F:D2 Storsimp # StorSimple Inc 48:71:19 SgbGroup # SGB GROUP LTD. +48:74:6E Apple +48:76:04 Private 48:8E:42 Digalog # DIGALOG GmbH 48:91:53 Weinmann # Weinmann Geräte für Medizin GmbH + Co. KG 48:91:F6 Shenzhen # Shenzhen Reach software technology CO.,LTD @@ -18984,6 +19096,7 @@ 48:A6:D2 GjsunOpt # GJsun Optical Science and Tech Co.,Ltd. 48:AA:5D StoreEle # Store Electronic Systems 48:B2:53 Marketax # Marketaxess Corporation +48:B5:A7 GloryHor # Glory Horse Industries Ltd. 48:B8:DE Homewins # HOMEWINS TECHNOLOGY CO.,LTD. 48:B9:77 PulseonO # PulseOn Oy 48:B9:C2 Teletics # Teletics Inc. @@ -18992,6 +19105,7 @@ 48:C8:62 SimoWire # Simo Wireless,Inc. 48:C8:B6 Systec # SysTec GmbH 48:CB:6E CelloEle # Cello Electronics (UK) Ltd +48:D0:CF Universa # Universal Electronics, Inc. 48:D2:24 LiteonTe # Liteon Technology Corporation 48:D5:4C JedaNetw # Jeda Networks 48:D7:FF BlankomA # BLANKOM Antennentechnik GmbH @@ -19002,6 +19116,7 @@ 48:EA:63 Zhejiang # Zhejiang Uniview Technologies Co., Ltd. 48:EB:30 EternaTe # ETERNA TECHNOLOGY, INC. 48:ED:80 DaesungE # daesung eltec +48:EE:86 Utstarco # UTStarcom (China) Co.,Ltd 48:F2:30 Ubizcore # Ubizcore Co.,LTD 48:F3:17 Private 48:F4:7D Techvisi # TechVision Holding Internation Limited @@ -19107,6 +19222,7 @@ 50:11:EB Silverne # SilverNet Ltd 50:17:FF Cisco 50:1A:C5 Microsof # Microsoft +50:1C:BF Cisco 50:20:6B EmersonC # Emerson Climate Technologies Transportation Solutions 50:22:67 Pixelink 50:25:2B NethraIm # Nethra Imaging Incorporated @@ -19129,9 +19245,11 @@ 50:4A:5E Masimo # Masimo Corporation 50:4F:94 LoxoneEl # Loxone Electronics GmbH 50:56:63 TexasIns # Texas Instruments +50:56:A8 Jolla # Jolla Ltd 50:57:A8 Cisco # CISCO SYSTEMS, INC. 50:5A:C6 Guangdon # GUANGDONG SUPER TELECOM CO.,LTD. 50:60:28 Xirrus # Xirrus Inc. +50:61:84 Avaya # Avaya, Inc 50:61:D6 Indu-Sol # Indu-Sol GmbH 50:63:13 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 50:64:41 Greenlee @@ -19154,6 +19272,7 @@ 50:97:72 Westingh # Westinghouse Digital 50:98:71 Inventum # Inventum Technologies Private Limited 50:9F:27 HuaweiTe # Huawei Technologies Co., Ltd +50:A0:54 Actineon 50:A0:BF AlbaFibe # Alba Fiber Systems Inc. 50:A4:C8 SamsungE # Samsung Electronics Co.,Ltd 50:A6:E3 DavidCla # David Clark Company @@ -19161,6 +19280,7 @@ 50:A7:33 RuckusWi # Ruckus Wireless 50:AB:BF HoseoTel # Hoseo Telecom 50:AF:73 Shenzhen # Shenzhen Bitland Information Technology Co., Ltd. +50:B6:95 Micropoi # Micropoint Biotechnologies,Inc. 50:B7:C3 SamsungE # Samsung Electronics CO., LTD 50:B8:88 Wi2beTec # wi2be Tecnologia S/A 50:B8:A2 ImtechTe # ImTech Technologies LLC, @@ -19204,10 +19324,12 @@ 54:21:60 Resoluti # Resolution Products 54:22:F8 Zte # zte corporation 54:26:96 Apple +54:27:1E Azurewav # AzureWave Technonloies, Inc. 54:2A:9C LsyDefen # LSY Defense, LLC. 54:2C:EA Protectr # PROTECTRON 54:2F:89 EuclidLa # Euclid Laboratories, Inc. 54:31:31 RasterVi # Raster Vision Ltd +54:35:30 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 54:35:DF Symeo # Symeo GmbH 54:39:68 Edgewate # Edgewater Networks Inc 54:39:DF HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD @@ -19221,6 +19343,7 @@ 54:5E:BD NlTechno # NL Technologies 54:5F:A9 Teracom # Teracom Limited 54:61:EA Zaplox # Zaplox AB +54:72:4F Apple 54:73:98 ToyoElec # Toyo Electronics Corporation 54:74:E6 WebtechW # Webtech Wireless 54:75:D0 Cisco # CISCO SYSTEMS, INC. @@ -19241,14 +19364,18 @@ 54:9B:12 SamsungE # Samsung Electronics 54:9D:85 Eneracce # EnerAccess inc 54:A0:4F T-MacTec # t-mac Technologies Ltd +54:A3:1B Shenzhen # Shenzhen Linkworld Technology Co,.LTD 54:A5:1B Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 54:A5:4B NscCommu # NSC Communications Siberia Ltd 54:A6:19 Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd 54:A9:D4 Minibar # Minibar Systems +54:AE:27 Apple 54:B6:20 SuhdolE& # SUHDOL E&C Co.Ltd. 54:BE:F7 Pegatron # PEGATRON CORPORATION 54:CD:A7 FujianSh # Fujian Shenzhou Electronic Co.,Ltd +54:CD:EE Shenzhen # ShenZhen Apexis Electronic Co.,Ltd 54:D0:ED AximComm # AXIM Communications +54:D1:63 Max-Tech # MAX-TECH,INC 54:D1:B0 Universa # Universal Laser Systems, Inc 54:D4:6F CiscoSpv # Cisco SPVTG 54:DF:63 Intrakey # Intrakey technologies GmbH @@ -19263,10 +19390,12 @@ 54:FB:58 Wiseware # WISEWARE, Lda 54:FD:BF ScheidtB # Scheidt & Bachmann GmbH 56:58:57 AculabPl # Aculab plc audio bridges +58:05:28 LabrisNe # LABRIS NETWORKS 58:05:56 Elettron # Elettronica GF S.r.L. 58:08:FA FiberOpt # Fiber Optic & telecommunication INC. 58:09:43 Private 58:09:E5 Kivic # Kivic Inc. +58:0A:20 Cisco 58:12:43 AcsipTec # AcSiP Technology Corp. 58:16:26 Avaya # Avaya, Inc 58:17:0C SonyEric # Sony Ericsson Mobile Communications AB @@ -19283,10 +19412,12 @@ 58:46:8F KoncarEl # Koncar Electronics and Informatics 58:46:E1 BaxterHe # Baxter Healthcare 58:48:C0 Coflec +58:49:3B PaloAlto # Palo Alto Networks 58:49:BA ChitaiEl # Chitai Electronic Corp. 58:4C:19 Chongqin # Chongqing Guohong Technology Development Company Limited 58:4C:EE DigitalO # Digital One Technologies, Limited 58:50:76 LinearEq # Linear Equipamentos Eletronicos SA +58:50:AB Tls # TLS Corporation 58:50:E6 BestBuy # Best Buy Corporation 58:55:CA Apple 58:56:E8 ArrisGro # ARRIS Group, Inc. @@ -19317,6 +19448,7 @@ 58:97:1E Cisco 58:98:35 Technico # Technicolor 58:98:6F Revoluti # Revolution Display +58:9C:FC FreebsdF # FreeBSD Foundation 58:A2:B5 LgElectr # LG Electronics 58:A7:6F Id # iD corporation 58:B0:35 Apple @@ -19362,6 +19494,7 @@ 5C:20:D0 AsoniCom # Asoni Communication Co., Ltd. 5C:22:C4 DaeEunEl # DAE EUN ELETRONICS CO., LTD 5C:24:79 Baltech # Baltech AG +5C:25:4C AvireGlo # Avire Global Pte Ltd 5C:26:0A Dell # Dell Inc. 5C:2A:EF OpenAcce # Open Access Pty Ltd 5C:33:27 SpazioIt # Spazio Italia srl @@ -19405,6 +19538,7 @@ 5C:B5:24 SonyEric # Sony Ericsson Mobile Communications AB 5C:BD:9E Hongkong # HONGKONG MIRACLE EAGLE TECHNOLOGY(GROUP) LIMITED 5C:C2:13 FrSauter # Fr. Sauter AG +5C:C5:D4 IntelCor # Intel Corporate 5C:C6:D0 Skyworth # Skyworth Digital technology(shenzhen)co.ltd. 5C:C9:D3 Palladiu # PALLADIUM ENERGY ELETRONICA DA AMAZONIA LTDA 5C:CA:32 Theben # Theben AG @@ -19422,12 +19556,14 @@ 5C:E2:23 DelphinT # Delphin Technology AG 5C:E2:86 NortelNe # Nortel Networks 5C:E2:F4 AcsipTec # AcSiP Technology Corp. +5C:E7:BF NewSingu # New Singularity International Technical Development Co.,Ltd 5C:E8:EB SamsungE # Samsung Electronics 5C:EB:4E RStahlHm # R. STAHL HMI Systems GmbH 5C:EE:79 GlobalDi # Global Digitech Co LTD 5C:F2:07 SpecoTec # Speco Technologies 5C:F3:70 Cc&CTech # CC&C Technologies, Inc 5C:F3:FC Ibm # IBM Corp +5C:F5:0D Institut # Institute of microelectronic applications 5C:F6:DC SamsungE # Samsung Electronics Co.,LTD 5C:F8:A1 MurataMa # Murata Manufactuaring Co.,Ltd. 5C:F9:38 Apple # Apple, Inc @@ -19445,6 +19581,7 @@ 60:19:29 Voltroni # VOLTRONIC POWER TECHNOLOGY(SHENZHEN) CORP. 60:1D:0F MidniteS # Midnite Solar 60:1E:02 Eltexala # EltexAlatau +60:21:03 Stcube # STCUBE.INC 60:21:C0 MurataMa # Murata Manufactuaring Co.,Ltd. 60:24:C1 JiangsuZ # Jiangsu Zhongxun Electronic Technology Co., Ltd 60:2A:54 Cardiote # CardioTek B.V. @@ -19527,8 +19664,10 @@ 60:FA:CD Apple 60:FB:42 Apple 60:FE:1E ChinaPal # China Palms Telecom.Ltd +60:FE:20 2Wire # 2 Wire 60:FE:C5 Apple 60:FE:F9 ThomasBe # Thomas & Betts +60:FF:DD CEElectr # C.E. ELECTRONICS, INC 64:00:F1 Cisco # CISCO SYSTEMS, INC. 64:05:BE NewLight # NEW LIGHT LED 64:09:4C BeijingS # Beijing Superbee Wireless Technology Co.,Ltd @@ -19564,6 +19703,7 @@ 64:54:22 EquinoxP # Equinox Payments 64:55:63 Inteligh # Intelight Inc. 64:55:7F NsfocusI # NSFOCUS Information Technology Co., Ltd. +64:55:B1 ArrisGro # ARRIS Group, Inc. 64:56:01 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD 64:5A:04 ChiconyE # Chicony Electronics Co., Ltd. 64:5D:D7 Shenzhen # Shenzhen Lifesense Medical Electronics Co., Ltd. @@ -19609,6 +19749,7 @@ 64:AE:0C Cisco # CISCO SYSTEMS, INC. 64:AE:88 Polytec # Polytec GmbH 64:B3:10 SamsungE # Samsung Electronics Co.,Ltd +64:B3:70 Powercom # PowerComm Solutons LLC 64:B6:4A Vivotech # ViVOtech, Inc. 64:B9:E8 Apple 64:BA:BD SdjTechn # SDJ Technologies, Inc. @@ -19633,8 +19774,10 @@ 64:E6:25 WoxuWire # Woxu Wireless Co., Ltd 64:E6:82 Apple 64:E8:4F Serialwa # Serialway Communication Technology Co. Ltd +64:E8:92 MorioDen # Morio Denki Co., Ltd. 64:E8:E6 GlobalMo # global moisture management system 64:E9:50 Cisco +64:EB:8C SeikoEps # Seiko Epson Corporation 64:ED:57 ArrisGro # ARRIS Group, Inc. 64:ED:62 Woori # WOORI SYSTEMS Co., Ltd 64:F2:42 GerdesAk # Gerdes Aktiengesellschaft @@ -19678,6 +19821,7 @@ 68:6E:23 Wi3 # Wi3 Inc. 68:72:51 Ubiquiti # Ubiquiti Networks 68:76:4F SonyMobi # Sony Mobile Communications AB +68:78:48 Westunit # Westunitis Co., Ltd. 68:78:4C NortelNe # Nortel Networks 68:79:24 Els-Gmbh # ELS-GmbH & Co. KG 68:79:ED Sharp # SHARP Corporation @@ -19686,6 +19830,7 @@ 68:83:1A PandoraM # Pandora Mobility Corporation 68:84:70 Essys # eSSys Co.,Ltd 68:85:40 IgiMobil # IGI Mobile, Inc. +68:85:6A Outerlin # OuterLink Corporation 68:86:A7 Cisco 68:86:E7 Orbotix # Orbotix, Inc. 68:87:6B InqMobil # INQ Mobile Limited @@ -19716,6 +19861,7 @@ 68:CD:0F UTek # U Tek Company Limited 68:CE:4E L-3Commu # L-3 Communications Infrared Products 68:D1:FD Shenzhen # Shenzhen Trimax Technology Co.,Ltd +68:D2:47 Portalis # Portalis LC 68:D9:25 ProsysDe # ProSys Development Services 68:DB:67 NantongC # Nantong Coship Electronics Co., Ltd 68:DB:96 OpwillTe # OPWILL Technologies CO .,LTD @@ -19733,6 +19879,7 @@ 68:FB:95 Generalp # Generalplus Technology Inc. 68:FC:B3 NextLeve # Next Level Security Systems, Inc. 6C:04:60 RbhAcces # RBH Access Technologies Inc. +6C:09:D6 Digiques # Digiquest Electronics LTD 6C:0E:0D SonyEric # Sony Ericsson Mobile Communications AB 6C:0F:6A JdcTech # JDC Tech Co., Ltd. 6C:15:F9 Nautroni # Nautronix Limited @@ -19761,8 +19908,10 @@ 6C:5C:DE Sunrepor # SunReports, Inc. 6C:5D:63 Shenzhen # ShenZhen Rapoo Technology Co., Ltd. 6C:5E:7A Ubiquito # Ubiquitous Internet Telecom Co., Ltd +6C:5F:1C LenovoMo # Lenovo Mobile Communication Technology Ltd. 6C:61:26 RinicomH # Rinicom Holdings 6C:62:6D Micro-St # Micro-Star INT'L CO., LTD +6C:64:1A PenguinC # Penguin Computing 6C:6F:18 Stereota # Stereotaxis, Inc. 6C:70:39 Novar # Novar GmbH 6C:71:D9 Azurewav # AzureWave Technologies, Inc @@ -19777,6 +19926,7 @@ 6C:90:B1 Sanlogic # SanLogic Inc 6C:92:BF InspurEl # Inspur Electronic Information Industry Co.,Ltd. 6C:98:EB Xyne # Xyne GmbH +6C:99:89 Cisco 6C:9A:C9 Valentin # Valentine Research, Inc. 6C:9B:02 Nokia # Nokia Corporation 6C:9C:E9 NimbleSt # Nimble Storage @@ -19830,6 +19980,7 @@ 70:25:26 Alcatel- # Alcatel-Lucent 70:25:59 Cybertan # CyberTAN Technology, Inc. 70:2B:1D E-DomusI # E-Domus International Limited +70:2C:1F Wisol 70:2F:4B Polyvisi # PolyVision Inc. 70:2F:97 AavaMobi # Aava Mobile Oy 70:30:18 Avaya # Avaya, Inc @@ -19846,6 +19997,7 @@ 70:4A:AE XstreamF # Xstream Flow (Pty) Ltd 70:4A:E4 Rinstrum # Rinstrum Pty Ltd 70:4C:ED Tmrg # TMRG, Inc. +70:4E:01 Kwangwon # KWANGWON TECH CO., LTD. 70:52:C5 Avaya # Avaya, Inc. 70:53:3F AlfaInst # Alfa Instrumentos Eletronicos Ltda. 70:54:D2 Pegatron # PEGATRON CORPORATION @@ -19953,6 +20105,7 @@ 74:65:D1 Atlinks 74:66:30 T:MiYtti # T:mi Ytti 74:6A:89 Rezolt # Rezolt Corporation +74:6A:8F VsVision # VS Vision Systems GmbH 74:6B:82 Movek 74:6F:3D Contec # Contec GmbH 74:72:F2 ChipsipT # Chipsip Technology Co., Ltd. @@ -19962,6 +20115,7 @@ 74:7E:1A RedEmbed # Red Embedded Design Limited 74:7E:2D BeijingT # Beijing Thomson CITIC Digital Technology Co. LTD. 74:86:7A DellPcba # Dell Inc PCBA Test +74:88:2A HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD 74:88:8B AdbBroad # ADB Broadband Italia 74:8E:08 Bestek # Bestek Corp. 74:8E:F8 BrocadeC # Brocade Communications Systems, Inc. @@ -19971,6 +20125,7 @@ 74:93:A4 ZebraTec # Zebra Technologies Corp. 74:94:3D Agjuncti # AgJunction 74:99:75 Ibm # IBM Corporation +74:9C:52 HuizhouD # Huizhou Desay SV Automotive Co., Ltd. 74:9D:DC 2wire 74:A4:A7 QrsMusic # QRS Music Technologies, Inc. 74:A4:B5 Powerlea # Powerleader Science and Technology Co. Ltd. @@ -19981,6 +20136,7 @@ 74:B9:EB FujianJi # Fujian JinQianMao Electronic Technology Co.,Ltd 74:BE:08 AtekProd # ATEK Products, LLC 74:BF:A1 Hyunteck +74:C6:21 Zhejiang # Zhejiang Hite Renewable Energy Co.,LTD 74:C9:9A Ericsson # Ericsson AB 74:CA:25 Calxeda # Calxeda, Inc. 74:CD:0C SmithMye # Smith Myers Communications Ltd. @@ -20027,9 +20183,11 @@ 78:2E:EF Nokia # Nokia Corporation 78:30:3B StephenT # Stephen Technologies Co.,Limited 78:30:E1 Ultracle # UltraClenz, LLC +78:31:C1 Apple 78:32:4F Millenni # Millennium Group, Inc. 78:3C:E3 Kai-Ee 78:3D:5B TelnetRe # TELNET Redes Inteligentes S.A. +78:3E:53 Bskyb # BSkyB Ltd 78:3F:15 Easysync # EasySYNC Ltd. 78:44:05 FujituHo # FUJITU(HONG KONG) ELECTRONIC Co.,LTD. 78:44:76 ZioncomT # Zioncom technology co.,ltd @@ -20038,6 +20196,7 @@ 78:47:1D SamsungE # Samsung Electronics Co.,Ltd 78:49:1D Will-Bur # The Will-Burt Company 78:4B:08 FRobotic # f.robotics acquisitions ltd +78:4B:87 MurataMa # Murata Manufacturing Co.,Ltd. 78:51:0C Liveu # LiveU Ltd. 78:52:1A SamsungE # Samsung Electronics Co.,Ltd 78:52:62 Shenzhen # Shenzhen Hojy Software Co., Ltd. @@ -20050,6 +20209,7 @@ 78:5C:72 HiosoTec # Hioso Technology Co., Ltd. 78:61:7C MitsumiE # MITSUMI ELECTRIC CO.,LTD 78:66:AE ZtecInst # ZTEC Instruments, Inc. +78:6A:89 HuaweiTe # Huawei Technologies Co., Ltd 78:6C:1C Apple 78:7F:62 GikMbh # GiK mbH 78:81:8F ServerRa # Server Racks Australia Pty Ltd @@ -20071,6 +20231,7 @@ 78:A1:83 Advidia 78:A2:A0 Nintendo # Nintendo Co., Ltd. 78:A3:E4 Apple +78:A5:04 TexasIns # Texas Instruments 78:A5:DD Shenzhen # Shenzhen Smarteye Digital Electronics Co., Ltd 78:A6:83 Precidat # Precidata 78:A6:BD DaeyeonC # DAEYEON Control&Instrument Co,.Ltd @@ -20102,6 +20263,7 @@ 78:D3:8D Hongkong # HONGKONG YUNLINK TECHNOLOGY LIMITED 78:D5:B5 Navielek # NAVIELEKTRO KY 78:D6:F0 SamsungE # Samsung Electro Mechanics +78:D7:52 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD 78:D9:9F NucomHk # NuCom HK Ltd. 78:DA:6E Cisco 78:DA:B3 GboTechn # GBO Technology @@ -20121,6 +20283,7 @@ 78:F7:D0 Silverbr # Silverbrook Research 78:FE:3D JuniperN # Juniper Networks 78:FE:41 SocusNet # Socus networks +78:FE:E2 Shanghai # Shanghai Diveo Technology Co., Ltd 78:FF:57 IntelCor # Intel Corporate 7C:01:87 CurtisIn # Curtis Instruments, Inc. 7C:02:BC HansungE # Hansung Electronics Co. LTD @@ -20135,6 +20298,7 @@ 7C:11:BE Apple 7C:14:76 DamallTe # Damall Technologies SAS 7C:16:0D Saia-Bur # Saia-Burgess Controls AG +7C:1A:03 8locatio # 8Locations Co., Ltd. 7C:1A:FC DalianCo # Dalian Co-Edifice Video Technology Co., Ltd 7C:1E:52 Microsof # Microsoft 7C:1E:B3 2nTeleko # 2N TELEKOMUNIKACE a.s. @@ -20178,6 +20342,7 @@ 7C:7D:41 JinmuyuE # Jinmuyu Electronics Co., Ltd. 7C:82:2D Nortec 7C:83:06 GlenDimp # Glen Dimplex Nordic as +7C:8D:91 Shanghai # Shanghai Hongzhuo Information Technology co.,LTD 7C:8E:E4 TexasIns # Texas Instruments 7C:94:B2 PhilipsH # Philips Healthcare PCCI 7C:95:F3 Cisco @@ -20216,6 +20381,8 @@ 7C:DD:20 IoxosTec # IOXOS Technologies S.A. 7C:DD:90 Shenzhen # Shenzhen Ogemray Technology Co., Ltd. 7C:E0:44 Neon # NEON Inc +7C:E1:FF Computer # Computer Performance, Inc. DBA Digital Loggers, Inc. +7C:E4:AA Private 7C:E5:6B EsenOpto # ESEN Optoelectronics Technology Co.,Ltd. 7C:E9:D3 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 7C:EB:EA Asct @@ -20230,6 +20397,7 @@ 7C:FE:28 Salutron # Salutron Inc. 80:00:0B IntelCor # Intel Corporate 80:00:10 AttBellL # ATT BELL LABORATORIES +80:00:6E Apple 80:05:DF MontageT # Montage Technology Group Limited 80:07:A2 EssonTec # Esson Technology Inc. 80:0A:06 Comtec # COMTEC co.,ltd @@ -20262,6 +20430,7 @@ 80:57:19 SamsungE # Samsung Electronics Co.,Ltd 80:58:C5 NovatecK # NovaTec Kommunikationstechnik GmbH 80:60:07 Rim +80:61:8F Shenzhen # Shenzhen sangfei consumer communications co.,ltd 80:64:59 Nimbus # Nimbus Inc. 80:65:E9 Benq # BenQ Corporation 80:66:29 Prescope # Prescope Technologies CO.,LTD. @@ -20365,8 +20534,10 @@ 84:82:F4 BeijingH # Beijing Huasun Unicreate Technology Co., Ltd 84:83:36 Newrun 84:83:71 Avaya # Avaya, Inc +84:84:33 ParadoxE # Paradox Engineering SA 84:85:06 Apple 84:8D:84 Rajant # Rajant Corporation +84:8E:0C Apple 84:8E:96 Embertec # Embertec Pty Ltd 84:8F:69 Dell # Dell Inc. 84:90:00 ArnoldRi # Arnold & Richter Cine Technik @@ -20441,11 +20612,13 @@ 88:86:A0 SimtonTe # Simton Technologies, Ltd. 88:87:17 Canon # CANON INC. 88:87:DD Darbeevi # DarbeeVision Inc. +88:89:14 AllCompo # All Components Incorporated 88:89:64 GsiElect # GSI Electronics Inc. 88:8B:5D StorageA # Storage Appliance Corporation 88:8C:19 BradyAsi # Brady Corp Asia Pacific Ltd 88:91:66 Viewcoop # Viewcooper Corp. 88:91:DD Racktivi # Racktivity +88:94:71 BrocadeC # Brocade Communications Systems, Inc. 88:94:F9 GemicomT # Gemicom Technology, Inc. 88:95:B9 UnifiedP # Unified Packet Systems Crop 88:96:76 TtcMarco # TTC MARCONI s.r.o. @@ -20456,6 +20629,7 @@ 88:9F:FA HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 88:A3:CC AmatisCo # Amatis Controls 88:A5:BD Qpcom # QPCOM INC. +88:A7:3C Ragentek # Ragentek Technology Group 88:AC:C1 Generito # Generiton Co., Ltd. 88:AE:1D CompalIn # COMPAL INFORMATION(KUNSHAN)CO.,LTD 88:B1:68 DeltaCon # Delta Control GmbH @@ -20467,17 +20641,21 @@ 88:C6:63 Apple 88:CB:87 Apple 88:D7:BC Dep # DEP Company +88:D9:62 CanopusU # Canopus Systems US LLC 88:DC:96 SenaoNet # SENAO Networks, Inc. 88:DD:79 Voltaire 88:E0:A0 Shenzhen # Shenzhen VisionSTOR Technologies Co., Ltd 88:E0:F3 JuniperN # Juniper Networks +88:E3:AB HuaweiTe # Huawei Technologies Co., Ltd 88:E7:12 Whirlpoo # Whirlpool Corporation 88:E7:A6 Iknowled # iKnowledge Integration Corp. +88:E8:F8 YongTaiE # YONG TAI ELECTRONIC (DONGGUAN) LTD. 88:E9:17 Tamaggo 88:ED:1C CudoComm # Cudo Communication Co., Ltd. 88:F0:77 Cisco # CISCO SYSTEMS, INC. 88:F4:88 CellonCo # cellon communications technology(shenzhen)Co.,Ltd. 88:F4:90 Jetmobil # Jetmobile Pte Ltd +88:F7:C7 Technico # Technicolor USA Inc. 88:FD:15 Lineeye # LINEEYE CO., LTD 88:FE:D6 Shanghai # ShangHai WangYong Software Co., Ltd. 8C:00:6D Apple @@ -20493,12 +20671,14 @@ 8C:21:0A Tp-LinkT # TP-LINK TECHNOLOGIES CO., LTD. 8C:27:1D Quanthou # QuantHouse 8C:27:8A Vocollec # Vocollect Inc +8C:29:37 Apple 8C:2D:AA Apple 8C:2F:39 IbaDosim # IBA Dosimetry GmbH 8C:33:30 Emfirst # EmFirst Co., Ltd. 8C:3A:E3 LgElectr # LG Electronics 8C:3C:07 SkivaTec # Skiva Technologies, Inc. 8C:3C:4A NakayoTe # NAKAYO TELECOMMUNICATIONS,INC. +8C:41:F2 RdaTechn # RDA Technologies Ltd. 8C:44:35 Shanghai # Shanghai BroadMobi Communication Technology Co., Ltd. 8C:4A:EE GigaTms # GIGA TMS INC 8C:4B:59 3dImagin # 3D Imaging & Simulations Corp @@ -20528,6 +20708,7 @@ 8C:77:12 SamsungE # Samsung Electronics Co.,Ltd 8C:77:16 Longchee # LONGCHEER TELECOMMUNICATION LIMITED 8C:7B:9D Apple +8C:7C:92 Apple 8C:7C:B5 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 8C:7C:FF BrocadeC # Brocade Communications Systems, Inc. 8C:7E:B3 Lytro # Lytro, Inc. @@ -20547,6 +20728,7 @@ 8C:B7:F7 Shenzhen # Shenzhen UniStrong Science & Technology Co., Ltd 8C:B8:2C IpitomyC # IPitomy Communications 8C:B8:64 AcsipTec # AcSiP Technology Corp. +8C:BE:BE XiaomiTe # Xiaomi Technology Co.,Ltd 8C:C1:21 Panasoni # Panasonic Corporation AVC Networks Company 8C:C5:E1 Shenzhen # ShenZhen Konka Telecommunication Technology Co.,Ltd 8C:C7:AA RadinetC # Radinet Communications Inc. @@ -20606,6 +20788,7 @@ 90:47:16 Rorze # RORZE CORPORATION 90:49:FA Intel # Intel Corporation 90:4C:E5 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. +90:4E:2B HuaweiTe # Huawei Technologies Co., Ltd 90:50:7B Advanced # Advanced PANMOBIL Systems GmbH & Co. KG 90:51:3F Elettron # Elettronica Santerno 90:54:46 TesElect # TES ELECTRONIC SOLUTIONS @@ -20640,6 +20823,7 @@ 90:90:60 RsiVideo # RSI VIDEO TECHNOLOGIES 90:92:B4 DiehlBgt # Diehl BGT Defence GmbH & Co. KG 90:94:E4 D-LinkIn # D-Link International +90:98:64 Impex-Sa # Impex-Sat GmbH&Co KG 90:99:16 ElveesNe # ELVEES NeoTek OJSC 90:9D:E0 NewlandD # Newland Design + Assoc. Inc. 90:9F:43 Accutron # Accutron Instruments Inc. @@ -20665,10 +20849,14 @@ 90:D8:52 Comtec # Comtec Co., Ltd. 90:D9:2C Hug-Wits # HUG-WITSCHI AG 90:DA:4E Avanu +90:DB:46 E-LeadEl # E-LEAD ELECTRONIC CO., LTD +90:DF:B7 SMSSmart # s.m.s smart microwave sensors GmbH 90:E0:F0 HarmanIn # Harman International 90:E2:BA IntelCor # Intel Corporate 90:E6:BA AsustekC # ASUSTek COMPUTER INC. 90:EA:60 SpiLaser # SPI Lasers Ltd +90:F1:AA SamsungE # Samsung Electronics Co.,LTD +90:F1:B0 Hangzhou # Hangzhou Anheng Info&Tech CO.,LTD 90:F2:78 RadiusGa # Radius Gateway 90:F3:B7 KirisunC # Kirisun Communications Co., Ltd. 90:F4:C1 RandMcna # Rand McNally @@ -20725,6 +20913,7 @@ 94:98:A2 Shanghai # Shanghai LISTEN TECH.LTD 94:9B:FD TransNew # Trans New Technology, Inc. 94:9C:55 AltaData # Alta Data Technologies +94:9F:3F OptekDig # Optek Digital Technology company limited 94:9F:B4 ChengduJ # ChengDu JiaFaAnTai Technology Co.,Ltd 94:A7:BC Bodymedi # BodyMedia, Inc. 94:AA:B8 JoviewBe # Joview(Beijing) Technology Co. Ltd. @@ -20812,6 +21001,7 @@ 98:6D:C8 ToshibaM # TOSHIBA MITSUBISHI-ELECTRIC INDUSTRIAL SYSTEMS CORPORATION 98:73:C4 SageElec # Sage Electronic Engineering LLC 98:76:B6 Adafruit +98:77:70 PepDigit # Pep Digital Technology (Guangzhou) Co., Ltd 98:82:17 Disrupti # Disruptive Ltd 98:86:B1 Flyaudio # Flyaudio corporation (China) 98:89:ED AnademIn # Anadem Information Inc. @@ -20829,6 +21019,7 @@ 98:B8:E3 Apple 98:BC:57 SvaTechn # SVA TECHNOLOGIES CO.LTD 98:BC:99 Edeltech # Edeltech Co.,Ltd. +98:C0:EB GlobalRe # Global Regency Ltd 98:C8:45 Packetac # PacketAccess 98:CD:B4 Virident # Virident Systems, Inc. 98:D3:31 Shenzhen # Shenzhen Bolutek Technology Co.,Ltd. @@ -20841,6 +21032,7 @@ 98:E1:65 Accutome 98:E7:9A FoxconnN # Foxconn(NanJing) Communication Co.,Ltd. 98:EC:65 CosesyAp # Cosesy ApS +98:F0:AB Apple 98:F5:37 Zte # zte corporation 98:F8:C1 IdtTechn # IDT Technology Limited 98:F8:DB MariniIm # Marini Impianti Industriali s.r.l. @@ -20870,6 +21062,7 @@ 9C:31:78 FoshanHu # Foshan Huadian Intelligent Communications Teachnologies Co.,Ltd 9C:31:B6 KuliteSe # Kulite Semiconductor Products Inc 9C:3A:AF SamsungE # Samsung Electronics Co.,Ltd +9C:3E:AA Envylogi # EnvyLogic Co.,Ltd. 9C:41:7C HameTech # Hame Technology Co., Limited 9C:44:3D ChengduX # CHENGDU XUGUANG TECHNOLOGY CO, LTD 9C:44:A6 Swifttes # SwiftTest, Inc. @@ -20892,6 +21085,7 @@ 9C:5E:73 CalibreU # Calibre UK Ltd 9C:61:1D Omni-IdU # Omni-ID USA, Inc. 9C:64:5E HarmanCo # Harman Consumer Group +9C:65:F9 AcsipTec # AcSiP Technology Corp. 9C:66:50 GlodioTe # Glodio Technolies Co.,Ltd Tianjin Branch 9C:6A:BE QeesAps # QEES ApS. 9C:75:14 WildixSr # Wildix srl @@ -20900,6 +21094,7 @@ 9C:7B:D2 NeolabCo # NEOLAB Convergence 9C:80:7D Syscable # SYSCABLE Korea Inc. 9C:80:DF Arcadyan # Arcadyan Technology Corporation +9C:86:DA PhoenixG # Phoenix Geophysics Ltd. 9C:88:88 SimacTec # Simac Techniek NV 9C:8B:F1 Warehous # The Warehouse Limited 9C:8D:1A IntegPro # INTEG process group inc @@ -20923,6 +21118,7 @@ 9C:B7:0D LiteonTe # Liteon Technology Corporation 9C:B7:93 Creatcom # Creatcomm Technology Inc. 9C:BB:98 ShenZhen # Shen Zhen RND Electronic Co.,LTD +9C:BD:9D Skydisk # SkyDisk, Inc. 9C:C0:77 Printcou # PrintCounts, LLC 9C:C0:D2 Conducti # Conductix-Wampfler AG 9C:C7:A6 Avm # AVM GmbH @@ -20982,6 +21178,7 @@ A0:5D:C1 Tmct # TMCT Co., LTD. A0:5D:E7 Directv # DIRECTV, Inc. A0:5E:6B Melper # MELPER Co., Ltd. +A0:65:18 VnptTech # VNPT TECHNOLOGY A0:67:BE SiconSRL # Sicon s.r.l. A0:69:86 WellavTe # Wellav Technologies Ltd A0:6A:00 Verilink # Verilink Corporation @@ -21000,6 +21197,7 @@ A0:86:EC SaehanHi # SAEHAN HITEC Co., Ltd A0:88:69 IntelCor # Intel Corporate A0:88:B4 IntelCor # Intel Corporate +A0:89:E4 Skyworth # Skyworth Digital Technology(Shenzhen) Co.,Ltd A0:8A:87 HuizhouK # HuiZhou KaiYue Electronic Co.,Ltd A0:8C:15 GerhardD # Gerhard D. Wempe KG A0:8C:9B XtremeTe # Xtreme Technologies Corp @@ -21046,6 +21244,7 @@ A0:F3:E4 AlcatelL # Alcatel Lucent IPD A0:F4:19 Nokia # Nokia Corporation A0:F4:50 Htc # HTC Corporation +A0:F4:59 Fn-LinkT # FN-LINK TECHNOLOGY LIMITED A0:FE:91 AvatAuto # AVAT Automation GmbH A4:01:30 Abisyste # ABIsystems Co., LTD A4:05:9E StaInfin # STA Infinity LLP @@ -21081,6 +21280,7 @@ A4:5C:27 Nintendo # Nintendo Co., Ltd. A4:5D:36 HewlettP # Hewlett Packard A4:67:06 Apple +A4:6C:C1 LtiReene # LTi REEnergy GmbH A4:6E:79 DftSyste # DFT System Co.Ltd A4:77:33 Google A4:77:60 Nokia # Nokia Corporation @@ -21113,6 +21313,7 @@ A4:B8:18 PentaGes # PENTA Gesellschaft für elektronische Industriedatenverarbeitung mbH A4:B9:80 ParkingB # Parking BOXX Inc. A4:BA:DB Dell # Dell Inc. +A4:BB:AF LimeInst # Lime Instruments A4:BE:61 Eutrovis # EutroVision System, Inc. A4:C0:C7 Shenzhen # ShenZhen Hitom Communication Technology Co..LTD A4:C0:E1 Nintendo # Nintendo Co., Ltd. @@ -21155,6 +21356,7 @@ A8:1B:18 Xts # XTS CORP A8:1F:AF KryptonP # KRYPTON POLSKA A8:20:66 Apple +A8:24:EB ZaoNpoIn # ZAO NPO Introtest A8:26:D9 Htc # HTC Corporation A8:29:4C Precisio # Precision Optical Transceivers, Inc. A8:2B:D6 ShinaSys # Shina System Co., Ltd @@ -21166,6 +21368,7 @@ A8:49:A5 Lisantec # Lisantech Co., Ltd. A8:54:B2 WistronN # Wistron Neweb Corp. A8:55:6A Pocketne # Pocketnet Technology Inc. +A8:57:4E Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. A8:5B:B0 Shenzhen # Shenzhen Dehoo Technology Co.,Ltd A8:5B:F3 Audivo # Audivo GmbH A8:61:AA Cloudvie # Cloudview Limited @@ -21180,6 +21383,7 @@ A8:77:6F Zonoff A8:7B:39 Nokia # Nokia Corporation A8:7E:33 NokiaDan # Nokia Danmark A/S +A8:81:F1 BmeyeBV # BMEYE B.V. A8:86:DD Apple # Apple, Inc. A8:87:92 Broadban # Broadband Antenna Tracking Systems A8:87:ED ArcWirel # ARC Wireless LLC @@ -21197,8 +21401,10 @@ A8:AD:3D Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd A8:B0:AE Leoni A8:B1:D4 Cisco # CISCO SYSTEMS, INC. +A8:B9:B3 Essys A8:BB:CF Apple A8:BD:1A HoneyBee # Honey Bee (Hong Kong) Limited +A8:BD:3A Unionman # UNIONMAN TECHNOLOGY CO.,LTD A8:C2:22 Tm-Resea # TM-Research Inc. A8:CB:95 EastBest # EAST BEST CO., LTD. A8:CC:C5 SaabPubl # Saab AB (publ) @@ -21221,6 +21427,7 @@ AA:00:03 DigitalE # DIGITAL EQUIPMENT CORPORATION AA:00:04 DigitalE # DIGITAL EQUIPMENT CORPORATION AC:01:42 UrielTec # Uriel Technologies SIA +AC:02:CA HiSoluti # HI Solutions, Inc. AC:02:CF RwTecnol # RW Tecnologia Industria e Comercio Ltda AC:02:EF Comsis AC:06:13 Senselog # Senselogix Ltd @@ -21238,6 +21445,7 @@ AC:2F:A8 Humannix # Humannix Co.,Ltd. AC:31:9D Shenzhen # Shenzhen TG-NET Botone Technology Co.,Ltd. AC:34:CB ShanhaiG # Shanhai GBCOM Communication Technology Co. Ltd +AC:36:13 SamsungE # Samsung Electronics Co.,Ltd AC:3C:0B Apple AC:3C:B4 Nilan # Nilan A/S AC:3D:05 Instores # Instorescreen Aisa @@ -21304,12 +21512,14 @@ AC:CC:8E AxisComm # Axis Communications AB AC:CE:8F HwaYaoTe # HWA YAO TECHNOLOGIES CO., LTD AC:CF:23 Hi-Flyin # Hi-flying electronics technology Co.,Ltd +AC:CF:5C Apple AC:D1:80 Crexendo # Crexendo Business Solutions, Inc. AC:D3:64 AbbAbbSa # ABB SPA, ABB SACE DIV. AC:D6:57 ShaanxiG # Shaanxi Guolian Digital TV Technology Co., Ltd. AC:D9:D6 Tci # tci GmbH AC:DB:DA Shenzhen # Shenzhen Geniatech Inc, Ltd AC:DE:48 Private +AC:E0:69 IsaacIns # ISAAC Instruments AC:E2:15 HuaweiTe # Huawei Technologies Co., Ltd AC:E3:48 Madgetec # MadgeTech, Inc AC:E4:2E SkHynix # SK hynix @@ -21334,6 +21544,7 @@ B0:1B:7C OntrolAS # Ontrol A.S. B0:1C:91 Elim # Elim Co B0:24:F3 Progeny # Progeny Systems +B0:34:95 Apple B0:35:8D Nokia # Nokia Corporation B0:38:29 Siliconw # Siliconware Precision Industries Co., Ltd. B0:38:50 NanjingC # Nanjing CAS-ZDC IOT SYSTEM CO.,LTD @@ -21349,6 +21560,7 @@ B0:5C:E5 Nokia # Nokia Corporation B0:65:63 Shanghai # Shanghai Railway Communication Factory B0:65:BD Apple +B0:68:B6 Hangzhou # Hangzhou OYE Technology Co. Ltd B0:6C:BF 3alityDi # 3ality Digital Systems GmbH B0:75:0C QaCafe # QA Cafe B0:75:D5 Zte # ZTE Corporation @@ -21359,6 +21571,7 @@ B0:7D:62 Dipl-Ing # Dipl.-Ing. H. Horstmann GmbH B0:80:8C LaserLig # Laser Light Engines B0:81:D8 I-Sys # I-sys Corp +B0:86:9E Chloride # Chloride S.r.L B0:88:07 StrataWo # Strata Worldwide B0:89:91 Lge B0:8E:1A Uradio # URadio Systems Co., Ltd @@ -21384,6 +21597,7 @@ B0:BD:A1 ZakladEl # ZAKLAD ELEKTRONICZNY SIMS B0:BF:99 Wizitdon # WIZITDONGDO B0:C4:E7 SamsungE # Samsung Electronics +B0:C5:54 D-LinkIn # D-Link International B0:C6:9A JuniperN # Juniper Networks B0:C7:45 Buffalo # Buffalo Inc. B0:C8:3F JiangsuC # Jiangsu Cynray IOT Co., Ltd. @@ -21401,6 +21615,7 @@ B0:E8:92 SeikoEps # SEIKO EPSON CORPORATION B0:E9:7E Advanced # Advanced Micro Peripherals B0:EC:71 SamsungE # Samsung Electronics Co.,Ltd +B0:EC:8F GmxSas # GMX SAS B0:EE:45 Azurewav # AzureWave Technologies, Inc. B0:F1:BC DhemaxIn # Dhemax Ingenieros Ltda B0:FA:EB Cisco @@ -21416,12 +21631,14 @@ B4:0E:DC Lg-Erics # LG-Ericsson Co.,Ltd. B4:14:89 Cisco # CISCO SYSTEMS, INC. B4:15:13 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD +B4:18:D1 Apple B4:1D:EF Internet # Internet Laboratories, Inc. B4:21:1D BeijingG # Beijing GuangXin Technology Co., Ltd B4:21:8A DogHunte # Dog Hunter LLC B4:24:E7 CodetekT # Codetek Technology Co.,Ltd B4:28:F1 E-Prime # E-Prime Co., Ltd. B4:2A:39 OrbitMer # ORBIT MERRET, spol. s r. o. +B4:2C:92 Zhejiang # Zhejiang Weirong Electronic Co., Ltd B4:2C:BE DirectPa # Direct Payment Solutions Limited B4:31:B8 Aviwest B4:34:6C Matsunic # MATSUNICHI DIGITAL TECHNOLOGY (HONG KONG) LIMITED @@ -21433,6 +21650,7 @@ B4:3D:B2 Degreane # Degreane Horizon B4:3E:3B Viablewa # Viableware, Inc B4:41:7A Shenzhen # ShenZhen Gongjin Electronics Co.,Ltd +B4:43:0D Broadlin # Broadlink Pty Ltd B4:4C:C2 NrElectr # NR ELECTRIC CO., LTD B4:51:F9 NbSoftwa # NB Software B4:52:53 SeagateT # Seagate Technology @@ -21453,22 +21671,25 @@ B4:82:7B AkgAcous # AKG Acoustics GmbH B4:82:C5 Relay2 # Relay2, Inc. B4:82:FE AskeyCom # Askey Computer Corp +B4:85:47 AmptownS # Amptown System Company GmbH B4:89:10 CosterTE # Coster T.E. S.P.A. B4:94:4E Weteleco # WeTelecom Co., Ltd. B4:98:42 Zte # zte corporation +B4:99:4C TexasIns # Texas Instruments B4:99:BA Hewlett- # Hewlett-Packard Company B4:9D:B4 AxionTec # Axion Technologies Inc. B4:9E:E6 Shenzhen # SHENZHEN TECHNOLOGY CO LTD B4:A4:B5 ZenEye # Zen Eye Co.,Ltd B4:A4:E3 Cisco # CISCO SYSTEMS, INC. B4:A5:A9 Modi # MODI GmbH -B4:A8:2B Histar +B4:A8:2B HistarDi # Histar Digital Electronics Co., Ltd. B4:A9:5A Avaya # Avaya, Inc B4:AA:4D Ensequen # Ensequence, Inc. B4:AB:2C MtmTechn # MtM Technology Corporation B4:B0:17 Avaya # Avaya, Inc B4:B3:62 Zte # ZTE Corporation B4:B5:2F HewlettP # Hewlett Packard +B4:B5:42 HubbellP # Hubbell Power Systems, Inc. B4:B5:AF MinsungE # Minsung Electronics B4:B6:76 IntelCor # Intel Corporate B4:B8:8D Thuh # Thuh Company @@ -21512,6 +21733,7 @@ B8:2C:A0 Honeywel # Honeywell HomMed B8:30:A8 Road-Tra # Road-Track Telematics Development B8:36:D8 Videoswi # Videoswitch +B8:38:61 Cisco B8:38:CA KyokkoTs # Kyokko Tsushin System CO.,LTD B8:3A:7B Worldpla # Worldplay (Canada) Inc. B8:3D:4E Shenzhen # Shenzhen Cultraview Digital Technology Co.,Ltd Shanghai Branch @@ -21687,6 +21909,7 @@ BC:EE:7B AsustekC # ASUSTek COMPUTER INC. BC:F2:AF Devolo # devolo AG BC:F5:AC LgElectr # LG Electronics +BC:F6:1C Geomodel # Geomodeling Wuxi Technology Co. Ltd. BC:F6:85 D-LinkIn # D-Link International BC:FE:8C Altronic # Altronic, LLC BC:FF:AC Topcon # TOPCON CORPORATION @@ -21775,16 +21998,20 @@ C0:E5:4E DenxComp # DENX Computer Systems GmbH C0:EA:E4 Sonicwal # Sonicwall C0:F1:C4 Pacidal # Pacidal Corporation Ltd. +C0:F7:9D Powercod # Powercode C0:F8:DA HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. C0:F9:91 GmeStand # GME Standard Communications P/L C4:01:42 Maxmedia # MaxMedia Technology Limited C4:01:7C RuckusWi # Ruckus Wireless C4:01:B1 Seektech # SeekTech INC C4:04:15 Netgear # NETGEAR INC., +C4:05:28 HuaweiTe # Huawei Technologies Co., Ltd C4:09:38 FujianSt # Fujian Star-net Communication Co., Ltd C4:0A:CB Cisco # CISCO SYSTEMS, INC. +C4:0E:45 AckNetwo # ACK Networks,Inc. C4:0F:09 HermesEl # Hermes electronic GmbH C4:10:8A RuckusWi # Ruckus Wireless +C4:14:3C Cisco C4:16:FA Prysm # Prysm Inc C4:17:FE HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. C4:19:8B Dominion # Dominion Voting Systems Corporation @@ -21795,6 +22022,7 @@ C4:24:2E Galvanic # Galvanic Applied Sciences Inc C4:26:28 AiroWire # Airo Wireless C4:27:95 Technico # Technicolor USA Inc. +C4:29:1D KlemsanE # KLEMSAN ELEKTRIK ELEKTRONIK SAN.VE TIC.AS. C4:2C:03 Apple C4:36:DA Rustelet # Rusteletech Ltd. C4:38:D3 Tagatec # TAGATEC CO.,LTD @@ -21809,7 +22037,9 @@ C4:48:38 SatcomDi # Satcom Direct, Inc. C4:4A:D0 Fireflie # FIREFLIES SYSTEMS C4:4B:44 Omniprin # Omniprint Inc. +C4:4E:1F Bluen C4:4E:AC Shenzhen # Shenzhen Shiningworth Technology Co., Ltd. +C4:50:06 SamsungE # Samsung Electronics Co.,Ltd C4:54:44 QuantaCo # QUANTA COMPUTER INC. C4:55:A6 CadacHol # Cadac Holdings Ltd C4:55:C2 Bach-Sim # Bach-Simpson @@ -21843,6 +22073,7 @@ C4:93:80 Speedyte # Speedytel technology C4:95:A2 Shenzhen # SHENZHEN WEIJIU INDUSTRY AND TRADE DEVELOPMENT CO., LTD C4:98:05 MinieumN # Minieum Networks, Inc +C4:A8:1D D-LinkIn # D-Link International C4:AA:A1 SummitDe # SUMMIT DEVELOPMENT, spol.s r.o. C4:AD:21 Mediaedg # MEDIAEDGE Corporation C4:B5:12 GeneralE # General Electric Digital Energy @@ -21850,6 +22081,7 @@ C4:C0:AE MidoriEl # MIDORI ELECTRONIC CO., LTD. C4:C1:9F National # National Oilwell Varco Instrumentation, Monitoring, and Optimization (NOV IMO) C4:C7:55 BeijingH # Beijing HuaqinWorld Technology Co.,Ltd +C4:C9:19 EnergyIm # Energy Imports Ltd C4:CA:D9 Hangzhou # Hangzhou H3C Technologies Co., Limited C4:CD:45 BeijingB # Beijing Boomsense Technology CO.,LTD. C4:D4:89 JiangsuJ # JiangSu Joyque Information Industry Co.,Ltd @@ -21860,6 +22092,7 @@ C4:E1:7C U2s # U2S co. C4:E7:BE Scspro # SCSpro Co.,Ltd C4:E9:2F Sciex # AB Sciex +C4:E9:84 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. C4:EB:E3 RrcnSas # RRCN SAS C4:ED:BA TexasIns # Texas Instruments C4:EE:AE VssMonit # VSS Monitoring @@ -21874,6 +22107,7 @@ C8:0E:77 LeShiZhi # Le Shi Zhi Xin Electronic Technology (Tianjin) Co.,Ltd C8:0E:95 Omnilync # OmniLync Inc. C8:14:79 SamsungE # Samsung Electronics Co.,Ltd +C8:16:BD HisenseE # HISENSE ELECTRIC CO.,LTD. C8:19:F7 SamsungE # Samsung Electronics Co.,Ltd C8:1A:FE Dlogic # DLOGIC GmbH C8:1E:8E AdvSecur # ADV Security (S) Pte Ltd @@ -21945,6 +22179,7 @@ C8:D1:D1 AgaitTec # AGAiT Technology Corporation C8:D2:C1 JetlunSh # Jetlun (Shenzhen) Corporation C8:D3:A3 D-LinkIn # D-Link International +C8:D4:29 Muehlbau # Muehlbauer AG C8:D5:FE Shenzhen # Shenzhen Zowee Technology Co., Ltd C8:D7:19 CiscoCon # Cisco Consumer Products, LLC C8:DD:C9 LenovoMo # Lenovo Mobile Communication Technology Ltd. @@ -21987,6 +22222,7 @@ CC:34:29 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. CC:34:D7 GewissSP # GEWISS S.P.A. CC:35:40 Technico # Technicolor USA Inc. +CC:39:8C Shiningt # Shiningtek CC:3A:61 SamsungE # SAMSUNG ELECTRO MECHANICS CO., LTD. CC:3C:3F SaSSDate # SA.S.S. Datentechnik AG CC:3E:5F HewlettP # Hewlett Packard @@ -22020,14 +22256,19 @@ CC:7B:35 Zte # zte corporation CC:7D:37 ArrisGro # ARRIS Group, Inc. CC:7E:E7 Panasoni # Panasonic AVC Networks Company +CC:85:6C Shenzhen # SHENZHEN MDK DIGITAL TECHNOLOGY CO.,LTD +CC:89:FD Nokia # Nokia Corporation CC:8C:E3 TexasIns # Texas Instruments CC:90:93 HansongT # Hansong Tehnologies CC:91:2B TeConnec # TE Connectivity Touch Solutions CC:94:4A Pfeiffer # Pfeiffer Vacuum GmbH +CC:95:D7 Vizio # VIZIO, Inc CC:96:A0 Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd CC:9E:00 Nintendo # Nintendo Co., Ltd. +CC:9F:35 Transbit # Transbit Sp. z o.o. CC:A3:74 Guangdon # Guangdong Guanglian Electronic Technology Co.Ltd CC:A4:62 ArrisGro # ARRIS Group, Inc. +CC:A6:14 AifaTech # AIFA TECHNOLOGY CORP. CC:AF:78 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. CC:B2:55 D-LinkIn # D-Link International CC:B3:F8 FujitsuI # FUJITSU ISOTEC LIMITED @@ -22061,6 +22302,7 @@ CC:F8:F0 XiAnHisu # Xi'an HISU Multimedia Technology Co.,Ltd. CC:F9:54 Avaya # Avaya, Inc CC:F9:E8 SamsungE # Samsung Electronics Co.,Ltd +CC:FA:00 LgElectr # LG Electronics CC:FB:65 Nintendo # Nintendo Co., Ltd. CC:FC:6D RizTrans # RIZ TRANSMITTERS CC:FC:B1 Wireless # Wireless Technology, Inc. @@ -22088,6 +22330,7 @@ D0:54:2D Cambridg # Cambridge Industries(Group) Co.,Ltd. D0:57:4C Cisco # CISCO SYSTEMS, INC. D0:57:85 Pantech # Pantech Co., Ltd. +D0:57:A1 WermaSig # Werma Signaltechnik GmbH & Co. KG D0:58:75 ActiveCo # Active Control Technology Inc. D0:59:C3 Ceramicr # CeraMicro Technology Corporation D0:5A:0F I-BtDigi # I-BT DIGITAL CO.,LTD @@ -22097,12 +22340,15 @@ D0:66:7B SamsungE # Samsung Electronics Co., LTD D0:67:E5 Dell # Dell Inc D0:69:9E LuminexL # LUMINEX Lighting Control Equipment +D0:69:D0 VertoMed # Verto Medical Solutions, LLC D0:73:7F Mini-Cir # Mini-Circuits D0:73:8E DongOhPr # DONG OH PRECISION CO., LTD. D0:73:D5 LifiLabs # LIFI LABS MANAGEMENT PTY LTD D0:75:BE RenoA&E # Reno A&E +D0:7A:B5 HuaweiTe # Huawei Technologies Co., Ltd D0:7D:E5 ForwardP # Forward Pay Systems, Inc. D0:7E:28 HewlettP # Hewlett Packard +D0:7E:35 IntelCor # Intel Corporate D0:89:99 Apcon # APCON, Inc. D0:8A:55 Skullcan # Skullcandy D0:8B:7E PassifSe # Passif Semiconductor @@ -22111,6 +22357,7 @@ D0:93:F8 Stonestr # Stonestreet One LLC D0:95:C7 Pantech # Pantech Co., Ltd. D0:9B:05 Emtronix +D0:9C:30 FosterEl # Foster Electric Company, Limited D0:9D:0A Linkcom D0:A3:11 Neuberge # Neuberger Gebäudeautomation GmbH D0:AE:EC AlphaNet # Alpha Networks Inc. @@ -22168,10 +22415,13 @@ D4:1F:0C TviVisio # TVI Vision Oy D4:20:6D Htc # HTC Corporation D4:22:3F LenovoMo # Lenovo Mobile Communication Technology Ltd. +D4:22:4E AlcatelL # Alcatel Lucent D4:27:51 Infopia # Infopia Co., Ltd D4:28:B2 Iobridge # ioBridge, Inc. D4:29:EA Zimory # Zimory GmbH D4:2C:3D SkyLight # Sky Light Digital Limited +D4:2F:23 AkenoriP # Akenori PTE Ltd +D4:31:9D Sinwatec D4:3A:65 IgrsEngi # IGRS Engineering Lab Ltd. D4:3A:E9 Dongguan # DONGGUAN ipt INDUSTRIAL CO., LTD D4:3D:67 CarmaInd # Carma Industries Inc. @@ -22260,6 +22510,7 @@ D8:08:F5 ArcadiaN # Arcadia Networks Co. Ltd. D8:09:C3 Cercacor # Cercacor Labs D8:0D:E3 FxiTechn # FXI TECHNOLOGIES AS +D8:15:0D Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. D8:16:0A NipponEl # Nippon Electro-Sensory Devices D8:18:2B ContiTem # Conti Temic Microelectronic GmbH D8:19:CE Telesqua # Telesquare @@ -22272,6 +22523,7 @@ D8:28:C9 GeneralE # General Electric Consumer and Industrial D8:29:16 AscentCo # Ascent Communication Technology D8:29:86 BestWish # Best Wish Technology LTD +D8:2A:15 Leitner # Leitner SpA D8:2A:7E Nokia # Nokia Corporation D8:2D:9B Shenzhen # Shenzhen G.Credit Communication Technology Co., Ltd D8:2D:E1 Tricasca # Tricascade Inc. @@ -22288,7 +22540,9 @@ D8:58:D7 CzNicZSP # CZ.NIC, z.s.p.o. D8:5D:4C Tp-LinkT # TP-LINK Technologies Co.,Ltd. D8:5D:84 CaxSoft # CAx soft GmbH +D8:61:94 Objetivo # Objetivos y Sevicios de Valor Añadido D8:62:DB Eno # Eno Inc. +D8:65:95 ToySMyth # Toy's Myth Inc. D8:66:C6 Shenzhen # Shenzhen Daystar Technology Co.,ltd D8:67:D9 Cisco # CISCO SYSTEMS, INC. D8:69:60 Steinsvi # Steinsvik @@ -22300,6 +22554,7 @@ D8:78:E5 KuhnSa # KUHN SA D8:79:88 HonHaiPr # Hon Hai Precision Ind. Co., Ltd. D8:7C:DD Sanix # SANIX INCORPORATED +D8:81:CE Ahn # AHN INC. D8:8A:3B Unit-Em D8:90:E8 SamsungE # Samsung Electronics Co.,Ltd D8:95:2F TexasIns # Texas Instruments @@ -22335,17 +22590,22 @@ D8:D6:7E GskCncEq # GSK CNC EQUIPMENT CO.,LTD D8:DA:52 ApatorSA # APATOR S.A. D8:DC:E9 KunshanE # Kunshan Erlab ductless filtration system Co.,Ltd +D8:DD:5F Balmuda # BALMUDA Inc. +D8:DD:FD TexasIns # Texas Instruments D8:DF:0D Beronet # beroNet GmbH D8:E3:AE CirtecMe # CIRTEC MEDICAL SYSTEMS D8:E7:2B OnpathTe # OnPATH Technologies D8:E7:43 Wush # Wush, Inc D8:E9:52 Keopsys D8:EB:97 Trendnet # TRENDnet, Inc. +D8:EE:78 MoogProt # Moog Protokraft D8:F0:F2 Zeebo # Zeebo Inc +D8:FC:93 IntelCor # Intel Corporate D8:FE:8F Idfone # IDFone Co., Ltd. D8:FE:E3 D-LinkIn # D-Link International DC:02:65 Meditech # Meditech Kft DC:02:8E Zte # zte corporation +DC:05:2F National # National Products Inc. DC:05:75 SiemensE # SIEMENS ENERGY AUTOMATION DC:05:ED Nabtesco # Nabtesco Corporation DC:07:C1 Hangzhou # HangZhou QiYang Technology Co.,Ltd. @@ -22387,6 +22647,7 @@ DC:85:DE Azurewav # Azurewave Technologies., inc. DC:86:D8 Apple # Apple, Inc DC:9B:1E Intercom # Intercom, Inc. +DC:9B:9C Apple DC:9C:52 Sapphire # Sapphire Technology Limited. DC:9F:A4 Nokia # Nokia Corporation DC:9F:DB Ubiquiti # Ubiquiti Networks, Inc. @@ -22404,6 +22665,7 @@ DC:C0:DB Shenzhen # Shenzhen Kaiboer Technology Co., Ltd. DC:C1:01 SolidTec # SOLiD Technologies, Inc. DC:C4:22 Systemba # Systembase Limited +DC:C7:93 Nokia # Nokia Corporation DC:CB:A8 ExploraT # Explora Technologies Inc DC:CE:41 FeGlobal # FE GLOBAL HONG KONG LIMITED DC:CE:BC Shenzhen # Shenzhen JSR Technology Co.,Ltd. @@ -22415,6 +22677,7 @@ DC:D8:7F Shenzhen # Shenzhen JoinCyber Telecom Equipment Ltd DC:DE:CA Akyllor DC:E2:AC LumensDi # Lumens Digital Optics Inc. +DC:E5:78 Experime # Experimental Factory of Scientific Engineering and Special Design Department DC:E7:1C AugElekt # AUG Elektronik GmbH DC:F0:5D LettaTek # Letta Teknoloji DC:F7:55 Sitronik @@ -22441,10 +22704,12 @@ E0:2F:6D Cisco E0:30:05 Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd E0:31:D0 SzTelsta # SZ Telstar CO., LTD +E0:36:E3 StageOne # Stage One International Co., Ltd. E0:39:D7 Plexxi # Plexxi, Inc. E0:3C:5B Shenzhen # SHENZHEN JIAXINJIE ELECTRON CO.,LTD E0:3E:4A Cavanagh # Cavanagh Group International E0:3E:7D Data-Com # data-complex GmbH +E0:3F:49 AsustekC # ASUSTek COMPUTER INC. E0:46:9A Netgear E0:55:97 Emergent # Emergent Vision Technologies Inc. E0:56:F4 Axesnetw # AxesNetwork Solutions inc. @@ -22505,10 +22770,12 @@ E0:CF:2D Gemintek # Gemintek Corporation E0:D1:0A Katouden # Katoudenkikougyousyo co ltd E0:D1:E6 AliphDba # Aliph dba Jawbone +E0:D3:1A EquesTec # EQUES Technology Co., Limited E0:D7:BA TexasIns # Texas Instruments E0:D9:A2 HippihAp # Hippih aps E0:DA:DC JvcKenwo # JVC KENWOOD Corporation E0:DB:55 Dell # Dell Inc +E0:DB:88 OpenStan # Open Standard Digital-IF Interface for SATCOM Systems E0:DC:A0 SiemensE # Siemens Electrical Apparatus Ltd., Suzhou Chengdu Branch E0:E6:31 SnbTechn # SNB TECHNOLOGIES LIMITED E0:E7:51 Nintendo # Nintendo Co., Ltd. @@ -22527,6 +22794,7 @@ E2:0C:0F Kingston # Kingston Technologies E4:04:39 TomtomSo # TomTom Software Ltd E4:11:5B HewlettP # Hewlett Packard +E4:12:1D SamsungE # Samsung Electronics Co.,Ltd E4:12:89 Topsyste # topsystem Systemhaus GmbH E4:1C:4B V2Techno # V2 TECHNOLOGY, INC. E4:1F:13 Ibm # IBM Corp @@ -22548,6 +22816,7 @@ E4:41:E6 OttecTec # Ottec Technology GmbH E4:46:BD C&CTechn # C&C TECHNIC TAIWAN CO., LTD. E4:48:C7 CiscoSpv # Cisco SPVTG +E4:4C:6C Shenzhen # Shenzhen Guo Wei Electronic Co,. Ltd. E4:4E:18 Gardasof # Gardasoft VisionLimited E4:4F:29 MaLighti # MA Lighting Technology GmbH E4:4F:5F EdsElekt # EDS Elektronik Destek San.Tic.Ltd.Sti @@ -22608,12 +22877,14 @@ E8:04:F3 Throught # Throughtek Co., Ltd. E8:05:6D NortelNe # Nortel Networks E8:06:88 Apple +E8:08:8B HuaweiTe # Huawei Technologies Co., Ltd E8:0B:13 AkibTaiw # Akib Systems Taiwan, INC E8:0C:38 Daeyoung # DAEYOUNG INFORMATION SYSTEM CO., LTD E8:0C:75 Syncbak # Syncbak, Inc. E8:10:2E ReallySi # Really Simple Software, Inc E8:11:32 SamsungE # Samsung Electronics CO., LTD E8:13:24 Guangzho # GuangZhou Bonsoninfo System CO.,LTD +E8:17:FC Nifty # NIFTY Corporation E8:28:77 Tmy # TMY Co., Ltd. E8:28:D5 CotsTech # Cots Technology E8:2A:EA IntelCor # Intel Corporate @@ -22640,6 +22911,7 @@ E8:5B:F0 ImagingD # Imaging Diagnostics E8:5E:53 Infratec # Infratec Datentechnik GmbH E8:61:1F DawningI # Dawning Information Industry Co.,Ltd +E8:61:7E LiteonTe # Liteon Technology Corporation E8:61:83 BlackDia # Black Diamond Advanced Technology, LLC E8:6C:DA Supercom # Supercomputers and Neurocomputers Research Center E8:6D:52 ArrisGro # ARRIS Group, Inc. @@ -22665,6 +22937,7 @@ E8:A3:64 SignalPa # Signal Path International / Peachtree Audio E8:A4:C1 DeepSeaE # Deep Sea Electronics PLC E8:AB:FA Shenzhen # Shenzhen Reecam Tech.Ltd. +E8:B1:FC IntelCor # Intel Corporate E8:B4:AE Shenzhen # Shenzhen C&D Electronics Co.,Ltd E8:B7:48 Cisco # CISCO SYSTEMS, INC. E8:BA:70 Cisco # CISCO SYSTEMS, INC. @@ -22692,11 +22965,13 @@ E8:E7:70 Warp9Tec # Warp9 Tech Design, Inc. E8:E7:76 Shenzhen # Shenzhen Kootion Technology Co., Ltd E8:E8:75 Is5Commu # iS5 Communications Inc. +E8:EA:6A Startech # StarTech.com E8:EA:DA DenkoviA # Denkovi Assembly Electroncs LTD E8:ED:F3 Cisco E8:F1:B0 Sagemcom # SAGEMCOM SAS E8:F2:26 MillsonC # MILLSON CUSTOM SOLUTIONS INC. E8:F9:28 RftechSr # RFTECH SRL +E8:FC:60 ElcomInn # ELCOM Innovations Private Limited EC:0E:D6 ItechIns # ITECH INSTRUMENTS SAS EC:10:00 EnanceSo # Enance Source Co., Ltd. PC clones(?) EC:11:20 Flodesig # FloDesign Wind Turbine Corporation @@ -22772,6 +23047,7 @@ EC:F0:0E Abocom EC:F2:36 Neomonta # NEOMONTANA ELECTRONICS EC:F3:5B Nokia # Nokia Corporation +EC:F4:BB DellPcba # Dell Inc PCBA Test EC:FA:AA Ims # The IMS Company EC:FC:55 AEberle # A. Eberle GmbH & Co. KG EC:FE:7E Blueradi # BlueRadios, Inc. @@ -22796,7 +23072,9 @@ F0:2F:D8 Bi2-Visi # Bi2-Vision F0:32:1A Mita-Tek # Mita-Teknik A/S F0:37:A1 HuikeEle # Huike Electronics (SHENZHEN) CO., LTD. +F0:3A:4B Bloombas # Bloombase, Inc. F0:3A:55 OmegaEle # Omega Elektronik AS +F0:3F:F8 RLDrake # R L Drake F0:43:35 DvnShang # DVN(Shanghai)Ltd. F0:4A:2B PyramidC # PYRAMID Computer GmbH F0:4B:6A Scientif # Scientific Production Association Siberian Arsenal, Ltd. @@ -22822,8 +23100,10 @@ F0:7D:68 D-Link # D-Link Corporation F0:7F:0C LeopoldK # Leopold Kostal GmbH &Co. KG F0:81:AF IrzAutom # IRZ AUTOMATION TECHNOLOGIES LTD +F0:82:61 Sagemcom F0:84:2F AdbBroad # ADB Broadband Italia F0:84:C9 Zte # zte corporation +F0:8A:28 JiangsuH # JIANGSU HENGSION ELECTRONIC S and T CO.,LTD F0:8B:FE Costel # COSTEL.,CO.LTD F0:8E:DB Veloclou # VeloCloud Networks F0:92:1C HewlettP # Hewlett Packard @@ -22853,6 +23133,7 @@ F0:D7:67 AxemaPas # Axema Passagekontroll AB F0:DA:7C RlhIndus # RLH INDUSTRIES,INC. F0:DB:30 Yottabyt # Yottabyte +F0:DB:F8 Apple F0:DC:E2 Apple F0:DE:71 Shanghai # Shanghai EDO Technologies Co.,Ltd. F0:DE:B9 Shanghai # ShangHai Y&Y Electronics Co., Ltd @@ -22887,6 +23168,7 @@ F4:20:12 Cucinial # Cuciniale GmbH F4:28:96 SpectoPa # SPECTO PAINEIS ELETRONICOS LTDA F4:36:E1 AbilisSa # Abilis Systems SARL +F4:37:B7 Apple F4:38:14 Shanghai # Shanghai Howell Electronic Co.,Ltd F4:3D:80 FagIndus # FAG Industrial Services GmbH F4:3E:61 Shenzhen # Shenzhen Gongjin Electronics Co., Ltd @@ -22921,6 +23203,7 @@ F4:81:39 Canon # CANON INC. F4:87:71 Infoblox F4:8E:09 Nokia # Nokia Corporation +F4:90:CA Tensorco # Tensorcom F4:90:EA DecisoBV # Deciso B.V. F4:94:61 NexgenSt # NexGen Storage F4:94:66 Countmax # CountMax, ltd @@ -22931,7 +23214,9 @@ F4:AC:C1 Cisco # CISCO SYSTEMS, INC. F4:B1:64 Lightnin # Lightning Telecommunications Technology Co. Ltd F4:B3:81 Windowma # WindowMaster A/S +F4:B5:2F JuniperN # Juniper networks F4:B5:49 YeastarT # Yeastar Technology Co., Ltd. +F4:B6:E5 Terrasem # TerraSem Co.,Ltd F4:B7:2A TimeInte # TIME INTERCONNECT LTD F4:B7:E2 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. F4:BD:7C ChengduJ # Chengdu jinshi communication Co., LTD @@ -22945,6 +23230,7 @@ F4:D9:FB SamsungE # Samsung Electronics CO., LTD F4:DC:4D BeijingC # Beijing CCD Digital Technology Co., Ltd F4:DC:DA ZhuhaiJi # Zhuhai Jiahe Communication Technology Co., limited +F4:DC:F9 HuaweiTe # Huawei Technologies Co., Ltd F4:E1:42 DeltaEle # Delta Elektronika BV F4:E6:D7 SolarPow # Solar Power Technologies, Inc. F4:EA:67 Cisco # CISCO SYSTEMS, INC. @@ -22996,6 +23282,7 @@ F8:54:AF EciTelec # ECI Telecom Ltd. F8:57:2E CoreBran # Core Brands, LLC F8:5B:C9 M-Cube # M-Cube Spa +F8:5C:45 IcNexus # IC Nexus Co. Ltd. F8:5F:2A Nokia # Nokia Corporation F8:62:AA Xn # xn systems F8:66:F2 Cisco # CISCO SYSTEMS, INC. @@ -23023,6 +23310,7 @@ F8:A2:B4 Rhewa-Wa # RHEWA-WAAGENFABRIK August Freudewald GmbH &Co. KG F8:A4:5F BeijingX # Beijing Xiaomi communications co.,ltd F8:A9:63 CompalIn # COMPAL INFORMATION (KUNSHAN) CO., LTD. +F8:A9:D0 LgElectr # LG Electronics F8:A9:DE Puissanc # PUISSANCE PLUS F8:AA:8A AxviewTe # Axview Technology (Shenzhen) Co.,Ltd F8:AC:6D Deltenna # Deltenna Ltd @@ -23047,11 +23335,13 @@ F8:DB:88 DellPcba # Dell Inc PCBA Test F8:DC:7A Variscit # Variscite LTD F8:DF:A8 Zte # ZTE Corporation +F8:E0:79 Motorola # Motorola Mobility LLC F8:E4:FB Actionte # Actiontec Electronics, Inc F8:E7:B5 ΜtechTec # µTech Tecnologia LTDA F8:E9:68 EgkerKft # Egker Kft. F8:EA:0A Dipl-Mat # Dipl.-Math. Michael Rauch F8:ED:A5 ArrisGro # ARRIS Group, Inc. +F8:F0:05 NewportM # Newport Media Inc. F8:F0:14 Rackware # RackWare Inc. F8:F0:82 OrionNet # Orion Networks International, Inc F8:F1:B6 Motorola # Motorola Mobility LLC @@ -23066,12 +23356,17 @@ FC:01:9E Vievu FC:01:CD Fundacio # FUNDACION TEKNIKER FC:06:47 Cortland # Cortland Research, LLC +FC:07:A0 LreMedic # LRE Medical GmbH FC:08:77 PrentkeR # Prentke Romich Company FC:09:D8 ActeonGr # ACTEON Group +FC:09:F6 Guangdon # GUANGDONG TONZE ELECTRIC CO.,LTD FC:0A:81 Motorola # Motorola Solutions Inc. FC:0F:E6 SonyComp # Sony Computer Entertainment Inc. FC:10:BD ControlS # Control Sistematizado S.A. FC:11:86 Logic3 # Logic3 plc +FC:13:49 GlobalAp # Global Apps Corp. +FC:15:B4 HewlettP # Hewlett Packard +FC:16:07 TaianTec # Taian Technology(Wuxi) Co.,Ltd. FC:17:94 Intercre # InterCreative Co., Ltd FC:19:D0 CloudVis # Cloud Vision Networks Technology Co.,Ltd. FC:1B:FF V-Zug # V-ZUG AG @@ -23081,6 +23376,7 @@ FC:1F:C0 Eurecam FC:22:9C HanKyung # Han Kyung I Net Co.,Ltd. FC:25:3F Apple +FC:27:A2 TransEle # TRANS ELECTRIC CO., LTD. FC:2A:54 Connecte # Connected Data, Inc. FC:2E:2D LoromInd # Lorom Industrial Co.LTD. FC:2F:40 Calxeda # Calxeda, Inc. @@ -23112,6 +23408,7 @@ FC:8B:97 Shenzhen # Shenzhen Gongjin Electronics Co.,Ltd FC:8E:7E Pace # Pace plc FC:8F:C4 Intellig # Intelligent Technology Inc. +FC:92:3B Nokia # Nokia Corporation FC:94:6C Ubivelox FC:94:E3 Technico # Technicolor USA Inc. FC:99:47 Cisco @@ -23122,6 +23419,7 @@ FC:AD:0F QtsNetwo # QTS NETWORKS FC:AF:6A Conemtec # Conemtech AB FC:B0:C4 Shanghai # Shanghai DareGlobal Technologies Co., Ltd +FC:BB:A1 Shenzhen # Shenzhen Minicreate Technology Co.,Ltd FC:C2:3D Atmel # Atmel Corporation FC:C7:34 SamsungE # Samsung Electronics Co.,Ltd FC:C8:97 Zte # ZTE Corporation @@ -23142,6 +23440,7 @@ FC:F1:CD Optex-Fa # OPTEX-FA CO.,LTD. FC:F5:28 ZyxelCom # ZyXEL Communications Corporation FC:F8:AE IntelCor # Intel Corporate +FC:F8:B7 TronteqE # TRONTEQ Electronic FC:FA:F7 Shanghai # Shanghai Baud Data Communication Co.,Ltd. FC:FB:FB Cisco # CISCO SYSTEMS, INC. FC:FE:77 HitachiR # Hitachi Reftechno, Inc. @@ -23149,7 +23448,7 @@ # # Well-known addresses. # -# $Id: manuf 52892 2013-10-27 14:35:00Z gerald $ +# $Id: manuf 54119 2013-12-15 15:34:53Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald [AT] wireshark.org>

@@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>Wireshark</string> <key>CFBundleGetInfoString</key> - <string>1.8.11, Copyright 1998-2012 Wireshark Development Team</string> + <string>1.8.12, Copyright 1998-2012 Wireshark Development Team</string> <key>CFBundleIconFile</key> <string>Wireshark.icns</string> <key>CFBundleIdentifier</key> @@ -56,11 +56,11 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>1.8.11</string> + <string>1.8.12</string> <key>CFBundleSignature</key> <string>Wshk</string> <key>CFBundleVersion</key> - <string>1.8.11</string> + <string>1.8.12</string> <key>NSHumanReadableCopyright</key> <string>Copyright 1998-2012 Wireshark Developers, GNU General Public License.</string> <key>LSMinimumSystemVersion</key>

@@ -1,6 +1,6 @@ # This is a local copy of the IANA port-numbers file. # -# $Id: services 52892 2013-10-27 14:35:00Z gerald $ +# $Id: services 54119 2013-12-15 15:34:53Z gerald $ # # Wireshark uses it to resolve port numbers into human readable # service names, e.g. TCP port 80 -> http. @@ -1606,6 +1606,7 @@ icp 1112/udp # Intelligent Communication Protocol [Mark_H_David] [Mark_H_David] ltp-deepspace 1113/tcp # Licklider Transmission Protocol [RFC5326] ltp-deepspace 1113/udp # Licklider Transmission Protocol [RFC5326] +ltp-deepspace 1113/dccp # Licklider Transmission Protocol [Hans_Kruse] [Hans_Kruse] 2013-11-12 [RFC-irtf-dtnrg-dgram-clayer-05] 7107696 mini-sql 1114/tcp # Mini SQL [David_Hughes] [David_Hughes] mini-sql 1114/udp # Mini SQL [David_Hughes] [David_Hughes] ardus-trns 1115/tcp # ARDUS Transfer @@ -8010,6 +8011,7 @@ rsip 4555/udp # RSIP Port [RFC3103] dtn-bundle-tcp 4556/tcp # DTN Bundle TCP CL Protocol dtn-bundle-udp 4556/udp # DTN Bundle UDP CL Protocol [Michael_Demmer] [Michael_Demmer] 2006-11 +dtn-bundle-dccp 4556/dccp # DTN Bundle DCCP CL Protocol [Hans_Kruse] [Hans_Kruse] 2013-11-12 [RFC-irtf-dtnrg-dgram-clayer-05] 1685351985 mtcevrunqss 4557/udp # Marathon everRun Quorum Service Server [David_Schwartz_2] [David_Schwartz_2] 2009-06-18 mtcevrunqman 4558/udp # Marathon everRun Quorum Service Manager [David_Schwartz_2] [David_Schwartz_2] 2009-06-18 hylafax 4559/tcp # HylaFAX [Lee_Howard] [Lee_Howard] 2002-03 @@ -9169,6 +9171,7 @@ pmcs 6355/udp # PMCS applications [Pavel_Mendl] [Pavel_Mendl] 2007-03 metaedit-mu 6360/tcp # MetaEdit+ Multi-User [Steven_Kelly] [Steven_Kelly] 2007-11-12 metaedit-mu 6360/udp # MetaEdit+ Multi-User [Steven_Kelly] [Steven_Kelly] 2007-11-12 +ndn 6363/udp # Named Data Networking [Regents_of_the_University_of_California] [Jeff_Burke] 2013-10-30 metaedit-se 6370/tcp # MetaEdit+ Server Administration [Steven_Kelly] [Steven_Kelly] 2007-11-12 metaedit-se 6370/udp # MetaEdit+ Server Administration [Steven_Kelly] [Steven_Kelly] 2007-11-12 metatude-mds 6382/tcp # Metatude Dialogue Server [Menno_Zweistra] [Menno_Zweistra] @@ -9319,7 +9322,7 @@ afesc-mc 6628/udp # AFE Stock Channel M/C [K_K_Ho] [K_K_Ho] 2004-04 mxodbc-connect 6632/tcp # eGenix mxODBC Connect [Marc_Andre_Lemburg] [Marc_Andre_Lemburg] 2009-11-13 Unauthorized Use Known on port 6632 cisco-vpath-tun 6633/udp # Cisco vPath Services Overlay [Cisco2] [Surendra_Kumar] 2012-06-11 -ovsdb 6640/tcp # Open vSwitch Database protocol [Bruce_Davie_2] [Bruce_Davie_2] 2013-07-31 [draft-pfaff-ovsdb-proto-02] +ovsdb 6640/tcp # Open vSwitch Database protocol [Bruce_Davie_2] [Bruce_Davie_2] 2013-07-31 [RFC-pfaff-ovsdb-proto-04] openflow 6653/tcp # OpenFlow [Open_Networking_Foundation] [Puneet_Agarwal] 2013-07-18 openflow 6653/udp # OpenFlow [Open_Networking_Foundation] [Puneet_Agarwal] 2013-07-18 pcs-sf-ui-man 6655/tcp # PC SOFT - Software factory UI/manager [Jerome_AERTS] [Jerome_AERTS] 2010-11-30 @@ -10753,6 +10756,7 @@ amt-redir-tls 16995/udp # Intel(R) AMT Redirection/TLS [Nimrod_Diamant] [Nimrod_Diamant] 2005-02 isode-dua 17007/tcp # isode-dua 17007/udp # +vestasdlp 17184/tcp # Vestas Data Layer Protocol [Vestas_Wind_Systems] [Teunis_de_Wit] 2013-10-30 soundsvirtual 17185/tcp # Sounds Virtual [Richard_Snider] [Richard_Snider] soundsvirtual 17185/udp # Sounds Virtual [Richard_Snider] [Richard_Snider] chipper 17219/tcp # Chipper [Ronald_Jimmink] [Ronald_Jimmink] @@ -11214,6 +11218,7 @@ turbonote-1 39681/udp # TurboNote Default Port [Peter_Hyde] [Peter_Hyde] safetynetp 40000/tcp # SafetyNET p [Roland_Rupp] [Roland_Rupp] 2006-11 safetynetp 40000/udp # SafetyNET p [Roland_Rupp] [Roland_Rupp] 2006-11 +sptx 40404/tcp # Simplify Printing TX [Tricerat] [Eric_Musgrave] 2013-12-09 cscp 40841/tcp # CSCP [Michael_Dodge] [Michael_Dodge] cscp 40841/udp # CSCP [Michael_Dodge] [Michael_Dodge] csccredir 40842/tcp # CSCCREDIR [Sudhir_Menon] [Sudhir_Menon]

@@ -1,2 +1,2 @@ -#define SVNVERSION "SVN Rev 53023" +#define SVNVERSION "SVN Rev 54185" #define SVNPATH "/trunk-1.8"

@@ -1,7 +1,7 @@ # Makefile.am # Automake file for Wiretap # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -30,7 +30,7 @@ noinst_LTLIBRARIES = libwiretap_generated.la lib_LTLIBRARIES = libwiretap.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwiretap_la_LDFLAGS = -version-info 3:11:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ +libwiretap_la_LDFLAGS = -version-info 3:12:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ if HAVE_WARNINGS_AS_ERRORS AM_NON_GENERATED_CFLAGS = -Werror

@@ -18,7 +18,7 @@ # Makefile.am # Automake file for Wiretap # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -611,7 +611,7 @@ noinst_LTLIBRARIES = libwiretap_generated.la lib_LTLIBRARIES = libwiretap.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwiretap_la_LDFLAGS = -version-info 3:11:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ +libwiretap_la_LDFLAGS = -version-info 3:12:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ @HAVE_WARNINGS_AS_ERRORS_TRUE@AM_NON_GENERATED_CFLAGS = -Werror AM_CPPFLAGS = -I$(srcdir)/.. CLEANFILES = \

@@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c 42872 2012-05-28 00:43:13Z guy $ + * $Id: libpcap.c 53124 2013-11-07 02:02:22Z guy $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -783,21 +783,8 @@ return -1; } - if (hdr->hdr.orig_len > WTAP_MAX_PACKET_SIZE) { - /* - * Probably a corrupt capture file; return an error, - * so that our caller doesn't blow up trying to - * cope with a huge "real" packet length, and so that - * the code to try to guess what type of libpcap file - * this is can tell when it's not the type we're guessing - * it is. - */ - *err = WTAP_ERR_BAD_FILE; - if (err_info != NULL) { - *err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", - hdr->hdr.orig_len, WTAP_MAX_PACKET_SIZE); - } - return -1; + if (hdr->hdr.incl_len > wth->snapshot_length) { + g_warning("pcap: File has packet larger than file's snapshot length."); } return bytes_read; @@ -965,7 +952,7 @@ rec_hdr.hdr.incl_len = phdr->caplen + phdrsize; rec_hdr.hdr.orig_len = phdr->len + phdrsize; - if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE || rec_hdr.hdr.orig_len > WTAP_MAX_PACKET_SIZE) { + if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { *err = WTAP_ERR_BAD_FILE; return FALSE; }

[-] [+]	Changed	wireshark.changes
@@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Sat Dec 21 07:58:39 UTC 2013 - cs@linux-administrator.com + +- update to release 1.8.12 + +------------------------------------------------------------------- Sat Nov 2 09:40:17 UTC 2013 - cs@linux-administrator.com - update to release 1.8.11
[-] [+]	Changed	wireshark.spec ^
@@ -22,7 +22,7 @@ License: GPLv2+ Group: Productivity/Networking/Diagnostic Summary: A Network Traffic Analyser -Version: 1.8.11 +Version: 1.8.12 Release: 1 Url: http://www.wireshark.org/ Source: http://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/ChangeLog ^
@@ -1,589 +1,300 @@ ------------------------------------------------------------------------ -r51941 \| gerald \| 2013-09-10 13:02:31 -0700 (Tue, 10 Sep 2013) \| 2 lines +r53023 \| gerald \| 2013-11-01 10:01:59 -0700 (Fri, 01 Nov 2013) \| 2 lines Changed paths: M /trunk-1.8/ChangeLog - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/make-version.pl + M /trunk-1.8/NEWS -1.8.10 → 1.8.11. +Build 1.8.11. ------------------------------------------------------------------------ -r52059 \| gerald \| 2013-09-15 07:34:57 -0700 (Sun, 15 Sep 2013) \| 1 line +r53032 \| gerald \| 2013-11-01 13:53:05 -0700 (Fri, 01 Nov 2013) \| 2 lines Changed paths: - M /trunk-1.8/manuf - M /trunk-1.8/services + M /trunk-1.8/ChangeLog + M /trunk-1.8/config.nmake + M /trunk-1.8/configure.in + M /trunk-1.8/debian/changelog + M /trunk-1.8/debian/wireshark-common.files + M /trunk-1.8/docbook/asciidoc.conf + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/Makefile.am + M /trunk-1.8/make-version.pl + M /trunk-1.8/version.conf + M /trunk-1.8/wiretap/Makefile.am + +1.8.11 → 1.8.12. -[Automatic manuf, services and enterprise-numbers update for 2013-09-15] ------------------------------------------------------------------------ -r52171 \| gerald \| 2013-09-22 07:34:54 -0700 (Sun, 22 Sep 2013) \| 1 line +r53066 \| gerald \| 2013-11-03 07:35:02 -0800 (Sun, 03 Nov 2013) \| 1 line Changed paths: M /trunk-1.8/manuf M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-09-22] ------------------------------------------------------------------------- -r52174 \| eapache \| 2013-09-22 09:50:24 -0700 (Sun, 22 Sep 2013) \| 3 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-gluster.h - M /trunk-1.8/epan/dissectors/packet-glusterfs.c - -Manual backport of r52142 and r52144 to fix collision between gluster defines -and system header dirent.h - ------------------------------------------------------------------------- -r52196 \| eapache \| 2013-09-23 16:38:34 -0700 (Mon, 23 Sep 2013) \| 13 lines -Changed paths: - M /trunk-1.8/epan/reassemble.c - -Manual backport of r52195 from trunk-1.10: - -Replace r51826 with a slightly different backport fix for -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9027 -that doesn't leak memory. I thought the leaks would be pretty minor and not -worth worrying about, but -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9169 -showed otherwise. - -Major thanks to Jakub for figuring out we could create a dummy TVB hooked up to -the parent, even though the 1.8 reassembly code doesn't know about the real -child TVB. - ------------------------------------------------------------------------- -r52200 \| eapache \| 2013-09-23 18:50:23 -0700 (Mon, 23 Sep 2013) \| 7 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-ntlmssp.c - -Simply don't store (or look for) the conversation struct in the packet proto -data, since it leads to mis-casts and bad corruptions. This is effectively a -backport for Jeff's r50734 fixing -https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8941 -but since we don't have the index count for p_add_proto_data I had to go through -and prove to myself that the entire thing can be safely removed. - +[Automatic manuf, services and enterprise-numbers update for 2013-11-03] ------------------------------------------------------------------------ -r52240 \| guy \| 2013-09-28 10:47:45 -0700 (Sat, 28 Sep 2013) \| 9 lines +r53124 \| guy \| 2013-11-06 18:02:22 -0800 (Wed, 06 Nov 2013) \| 19 lines Changed paths: M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c + M /trunk-1.8/wiretap/libpcap.c -Copy over r52238 from trunk: +Copy over r49999 from trunk: ------------------------------------------------------------------------ - r52238 \| guy \| 2013-09-28 10:44:50 -0700 (Sat, 28 Sep 2013) \| 4 lines - - There's no interface ID in a Simple Packet Block. - - Fixes one problem found by the file in bug 9200. - ------------------------------------------------------------------------- -r52243 \| guy \| 2013-09-28 11:12:50 -0700 (Sat, 28 Sep 2013) \| 17 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52241 from trunk, with manual intervention: - - ------------------------------------------------------------------------ - r52241 \| guy \| 2013-09-28 11:03:20 -0700 (Sat, 28 Sep 2013) \| 12 lines - - In a Simple Packet Block, the captured length isn't the block length - minus the lengths of the two length fields and the packet length field, - it's the minimum of that and the packet length, as there might be - padding. + r49999 \| eapache \| 2013-06-17 18:02:26 -0700 (Mon, 17 Jun 2013) \| 10 lines - Fixes one problem found by the file in bug 9200. + Don't limit the on-the-wire length of packets to 64KB, there are larger packets + out there (especially over USB) and we should be able to load them as long as + they are snapped to a sane length. - While we're at it, pcapng_read_packet_block() and - pcapng_read_simple_packet_block() return an integer, not a Boolean; - return 0, not FALSE (they have the same value, but returning 0 makes it - clearer that the return value isn't restricted to TRUE or FALSE). + Also validate that packets do not specify a snapshot length larger than the one + in the file header, though only make it a warning, as this is not necessarily a + fatally corrupt packet. ------------------------------------------------------------------------- -r52246 \| guy \| 2013-09-28 11:26:58 -0700 (Sat, 28 Sep 2013) \| 11 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52244 from trunk: + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808 ------------------------------------------------------------------------ - r52244 \| guy \| 2013-09-28 11:25:07 -0700 (Sat, 28 Sep 2013) \| 6 lines - Correctly calculate the captured length in a Simple Packet Block - - subtract out the minimum SPB size, which includes the length of - everything except for the packet data. - - Fixes one problem found by the file in bug 9200. +Also fixes bug 9390. ------------------------------------------------------------------------ -r52249 \| guy \| 2013-09-28 12:27:55 -0700 (Sat, 28 Sep 2013) \| 9 lines +r53127 \| guy \| 2013-11-06 18:14:02 -0800 (Wed, 06 Nov 2013) \| 2 lines Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52247 from trunk: - - ------------------------------------------------------------------------ - r52247 \| guy \| 2013-09-28 12:26:23 -0700 (Sat, 28 Sep 2013) \| 4 lines - - Fix cut-and-pasteo. - - Finishes the fix for bug 9200. - ------------------------------------------------------------------------- -r52252 \| guy \| 2013-09-28 13:11:56 -0700 (Sat, 28 Sep 2013) \| 15 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52250 from trunk: - - ------------------------------------------------------------------------ - r52250 \| guy \| 2013-09-28 13:08:39 -0700 (Sat, 28 Sep 2013) \| 10 lines - - Actually, the captured length must be the minimum of: - - the number of bytes available for packet data in the block; - - the packet length; - - and the snapshot length for the interface. - - One more fix for bug 9200, so it should now be fixed. - ------------------------------------------------------------------------- -r52255 \| guy \| 2013-09-28 14:08:49 -0700 (Sat, 28 Sep 2013) \| 8 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/wiretap/pcapng.c - -Copy over r52253 from trunk: - - ------------------------------------------------------------------------ - r52253 \| guy \| 2013-09-28 14:06:17 -0700 (Sat, 28 Sep 2013) \| 3 lines + M /trunk-1.8/docbook/release-notes.asciidoc - The pcap-ng spec says the captured length is the minimum of the - interface snapshot length and the packet length; make it so. +Note that bug 8808 and bug 9390 are fixed. ------------------------------------------------------------------------ -r52259 \| guy \| 2013-09-28 14:32:08 -0700 (Sat, 28 Sep 2013) \| 2 lines +r53197 \| pascal \| 2013-11-09 07:44:39 -0800 (Sat, 09 Nov 2013) \| 3 lines Changed paths: - M /trunk-1.8/docbook/release-notes.xml + M /trunk-1.8/epan/dissectors/packet-sip.c -Mention bug 9200 being fixed. +Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388 : +Avoid an infinite loop in SIP dissector (backport of r51738) ------------------------------------------------------------------------ -r52267 \| gerald \| 2013-09-29 07:34:51 -0700 (Sun, 29 Sep 2013) \| 1 line +r53229 \| gerald \| 2013-11-10 07:34:55 -0800 (Sun, 10 Nov 2013) \| 1 line Changed paths: M /trunk-1.8/manuf -[Automatic manuf, services and enterprise-numbers update for 2013-09-29] +[Automatic manuf, services and enterprise-numbers update for 2013-11-10] ------------------------------------------------------------------------ -r52326 \| guy \| 2013-10-01 14:55:57 -0700 (Tue, 01 Oct 2013) \| 3 lines -Changed paths: - M /trunk-1.8/packaging/macosx/Read_me_first.rtf - -We install the wrapper scripts for the command-line tools in -/usr/local/bin, not in /Library/Wireshark. - ------------------------------------------------------------------------- -r52402 \| gerald \| 2013-10-06 07:35:01 -0700 (Sun, 06 Oct 2013) \| 1 line +r53397 \| gerald \| 2013-11-17 07:34:54 -0800 (Sun, 17 Nov 2013) \| 1 line Changed paths: M /trunk-1.8/manuf + M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-06] ------------------------------------------------------------------------- -r52466 \| pascal \| 2013-10-09 09:08:55 -0700 (Wed, 09 Oct 2013) \| 9 lines -Changed paths: - M /trunk-1.8/epan/dissectors/packet-wccp.c - -Copy over manually from the trunk: ------------------------------------------------------------------------- -r52464 \| pascal \| 2013-10-09 18:07:24 +0200 (mer., 09 oct. 2013) \| 3 lines - -From Peter Van Eynde via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9252 : -Fix WCCP fix hash buckets assignment info decoding - ------------------------------------------------------------------------- - ------------------------------------------------------------------------- -r52491 \| eapache \| 2013-10-10 06:10:47 -0700 (Thu, 10 Oct 2013) \| 21 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/epan/dissectors/packet-openwire.c - -Copy over from trunk to pacify the fuzzbot and so Michael's patch backports -cleanly - - ------------------------------------------------------------------------ - r52458 \| eapache \| 2013-10-08 19:16:53 -0400 (Tue, 08 Oct 2013) \| 10 lines - Changed paths: - M /trunk/epan/dissectors/packet-openwire.c - - Hacky fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248 - Just break out of the loop if offset doesn't go up. - - There's almost certainly a better fix - the dissector is weird, and I'm not sure - if all the _length_remaining() checks are important or legacy, and what affect - they have on this issue. - - At the very least this will pacify the fuzzbots until somebody has time to - figure it out properly. - - ------------------------------------------------------------------------ - - +[Automatic manuf, services and enterprise-numbers update for 2013-11-17] ------------------------------------------------------------------------ -r52547 \| morriss \| 2013-10-11 11:18:56 -0700 (Fri, 11 Oct 2013) \| 9 lines +r53548 \| gerald \| 2013-11-24 07:36:04 -0800 (Sun, 24 Nov 2013) \| 1 line Changed paths: - M /trunk-1.8/epan/dissectors/packet-ncp-sss.c - -Copy over with manual intervention (to eliminate imlicit declaration warning): - - ------------------------------------------------------------------------ - r51451 \| darkjames \| 2013-08-21 13:01:05 -0400 (Wed, 21 Aug 2013) \| 2 lines - - small fix for r51448 isprint() is locale aware, we want just ascii - ------------------------------------------------------------------------ - + M /trunk-1.8/manuf +[Automatic manuf, services and enterprise-numbers update for 2013-11-24] ------------------------------------------------------------------------ -r52586 \| gerald \| 2013-10-13 07:34:52 -0700 (Sun, 13 Oct 2013) \| 1 line +r53697 \| gerald \| 2013-12-01 07:35:03 -0800 (Sun, 01 Dec 2013) \| 1 line Changed paths: M /trunk-1.8/manuf - M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-13] +[Automatic manuf, services and enterprise-numbers update for 2013-12-01] ------------------------------------------------------------------------ -r52714 \| gerald \| 2013-10-20 07:34:51 -0700 (Sun, 20 Oct 2013) \| 1 line +r53858 \| gerald \| 2013-12-08 07:34:55 -0800 (Sun, 08 Dec 2013) \| 1 line Changed paths: M /trunk-1.8/manuf -[Automatic manuf, services and enterprise-numbers update for 2013-10-20] +[Automatic manuf, services and enterprise-numbers update for 2013-12-08] ------------------------------------------------------------------------ -r52892 \| gerald \| 2013-10-27 07:35:00 -0700 (Sun, 27 Oct 2013) \| 1 line +r54119 \| gerald \| 2013-12-15 07:34:53 -0800 (Sun, 15 Dec 2013) \| 1 line Changed paths: M /trunk-1.8/manuf M /trunk-1.8/services -[Automatic manuf, services and enterprise-numbers update for 2013-10-27] +[Automatic manuf, services and enterprise-numbers update for 2013-12-15] ------------------------------------------------------------------------ -r52956 \| gerald \| 2013-10-29 11:37:57 -0700 (Tue, 29 Oct 2013) \| 19 lines +r54146 \| gerald \| 2013-12-16 08:54:46 -0800 (Mon, 16 Dec 2013) \| 16 lines Changed paths: - M /trunk-1.8 - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-ieee802154.c + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-ntlmssp.c -Copy over revisions from the trunk: +Copy over r53626 with manual intervention. ------------------------------------------------------------------------ - r52036 \| eapache \| 2013-09-14 06:15:31 -0700 (Sat, 14 Sep 2013) \| 8 lines + r53626 \| rbalint \| 2013-11-28 08:39:04 -0800 (Thu, 28 Nov 2013) \| 5 lines Changed paths: - M /trunk/epan/dissectors/packet-ieee802154.c - - _lookup_extended takes a pointer to the key-pointer since it has to set the old - key pointer value. _insert just takes the key-pointer, not a pointer to it. - Passing a pointer-to-a-pointer causes the outer pointer to be dereferenced as a - struct (when it in fact points to a pointer to struct) and leads to incorrect - behaviour and uninitialized/out-of-bounds memory accesses. - - Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 - ------------------------------------------------------------------------ - - -Update the release notes. + M /trunk/epan/dissectors/packet-ntlmssp.c ------------------------------------------------------------------------- -r52958 \| gerald \| 2013-10-29 11:46:49 -0700 (Tue, 29 Oct 2013) \| 14 lines -Changed paths: - M /trunk-1.8/asn1/nbap/nbap.cnf - M /trunk-1.8/asn1/nbap/packet-nbap-template.c - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-nbap.c + Support long Domain Names in NTLMSSP v2 -Copy over r52154 by hand: + ... instead of crashing on them. :-) - ------------------------------------------------------------------------ - r52154 \| etxrab \| 2013-09-20 07:19:31 -0700 (Fri, 20 Sep 2013) \| 1 line - Changed paths: - M /trunk/asn1/nbap/nbap.cnf - M /trunk/asn1/nbap/packet-nbap-template.c - M /trunk/epan/dissectors/packet-nbap.c - - DCH-ID can be 255 + Discovered by Garming Sam <garming@catalyst.net.nz> ------------------------------------------------------------------------ Update the release notes. ------------------------------------------------------------------------ -r52960 \| gerald \| 2013-10-29 11:59:51 -0700 (Tue, 29 Oct 2013) \| 13 lines +r54147 \| gerald \| 2013-12-16 10:16:51 -0800 (Mon, 16 Dec 2013) \| 50 lines Changed paths: M /trunk-1.8 - M /trunk-1.8/docbook/release-notes.xml + M /trunk-1.8/asn1/gsm_map/packet-gsm_map-template.c + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-gsm_map.c + M /trunk-1.8/epan/dissectors/packet-iscsi.c + M /trunk-1.8/epan/dissectors/packet-mongo.c M /trunk-1.8/epan/dissectors/packet-sip.c -Copy over r52354 from the trunk: +Copy over revisions from the trunk: ------------------------------------------------------------------------ - r52354 \| pascal \| 2013-10-04 03:29:57 -0700 (Fri, 04 Oct 2013) \| 3 lines + r53071 \| pascal \| 2013-11-03 10:07:46 -0800 (Sun, 03 Nov 2013) \| 3 lines Changed paths: M /trunk/epan/dissectors/packet-sip.c - Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 : - Ensure that decompressed tvb exists before trying to add it to the tree - ------------------------------------------------------------------------ - -Update the release notes. - ------------------------------------------------------------------------- -r52962 \| gerald \| 2013-10-29 12:55:46 -0700 (Tue, 29 Oct 2013) \| 14 lines -Changed paths: - M /trunk-1.8/docbook/release-notes.xml - M /trunk-1.8/epan/dissectors/packet-tcp.c - -Copy over r52570 with manual intervention: - + Fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9031 : + SIP contact-param parsing fails in case the last parameter includes a quoted string ------------------------------------------------------------------------ - r52570 \| cmaynard \| 2013-10-12 11:03:34 -0700 (Sat, 12 Oct 2013) \| 4 lines + r53148 \| pascal \| 2013-11-07 13:08:15 -0800 (Thu, 07 Nov 2013) \| 3 lines Changed paths: - M /trunk/epan/dissectors/packet-tcp.c - - Don't assume that tvb_length_remaining() or tvb_reported_length_remaining() always return a value >= 0. Part of fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 + M /trunk/asn1/gsm_map/packet-gsm_map-template.c + M /trunk/epan/dissectors/packet-gsm_map.c - #BACKPORT(1.10,1.8) + From Vasil Velichkov via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9382 : + Fix dissection of GSM MAPv3 ReportSM_DeliveryStatusRes ------------------------------------------------------------------------ - -Update the release notes. - ------------------------------------------------------------------------- -r53005 \| gerald \| 2013-10-31 11:57:01 -0700 (Thu, 31 Oct 2013) \| 3 lines -Changed paths: - M /trunk-1.8/config.nmake - M /trunk-1.8/configure.in - M /trunk-1.8/docbook/Makefile.am - M /trunk-1.8/docbook/Makefile.common - M /trunk-1.8/docbook/Makefile.nmake - A /trunk-1.8/docbook/asciidoc.conf (from /trunk-1.10/docbook/asciidoc.conf:53004) - A /trunk-1.8/docbook/release-notes.asciidoc (from /trunk-1.8/docbook/release-notes.xml:53004) - D /trunk-1.8/docbook/release-notes.xml - -Convert the release notes to AsciiDoc. Apply r48307 for most files, -convert the notes themselves using Pandoc followed by manual fixups. - ------------------------------------------------------------------------- -r53006 \| gerald \| 2013-10-31 12:09:42 -0700 (Thu, 31 Oct 2013) \| 2 lines -Changed paths: - M /trunk-1.8/docbook/release-notes.asciidoc - -Fix the sample bug entry. - ------------------------------------------------------------------------- -r53007 \| gerald \| 2013-10-31 12:22:04 -0700 (Thu, 31 Oct 2013) \| 3 lines -Changed paths: - M /trunk-1.8/docbook/asciidoc.conf - M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/make-version.pl - M /trunk-1.8/tools/svnadd - -Backport asciidoc.conf support in make-version.pl from r48405. Backport -AsciiDoc support in svnadd from r48392. Set some keywords. - ------------------------------------------------------------------------- -r53008 \| gerald \| 2013-10-31 12:24:22 -0700 (Thu, 31 Oct 2013) \| 2 lines -Changed paths: - M /trunk-1.8/config.nmake - M /trunk-1.8/configure.in - M /trunk-1.8/debian/changelog - M /trunk-1.8/debian/wireshark-common.files - M /trunk-1.8/epan/Makefile.am - M /trunk-1.8/wiretap/Makefile.am - -1.8.10 → 1.8.11. - ------------------------------------------------------------------------- -r53010 \| gerald \| 2013-10-31 14:52:27 -0700 (Thu, 31 Oct 2013) \| 37 lines -Changed paths: - M /trunk-1.8 - M /trunk-1.8/diameter/dictionary.xml - M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-bssgp.c - M /trunk-1.8/epan/dissectors/packet-enip.c - M /trunk-1.8/ui/win32/print_win32.c - -Copy over revisions from the trunk: - - ------------------------------------------------------------------------ - r51942 \| pascal \| 2013-09-10 14:18:28 -0700 (Tue, 10 Sep 2013) \| 3 lines + r53247 \| martink \| 2013-11-11 02:57:30 -0800 (Mon, 11 Nov 2013) \| 3 lines Changed paths: - M /trunk/diameter/dictionary.xml + M /trunk/epan/dissectors/packet-mongo.c - From Philippe Rosenfeld via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9126 : - Fix the value of 'SEND_TO_UE' in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP + fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9409 + don't call proto_item_get_len() when the argument can be NULL ------------------------------------------------------------------------ - r52131 \| pascal \| 2013-09-17 14:56:35 -0700 (Tue, 17 Sep 2013) \| 3 lines + r53838 \| mmann \| 2013-12-07 17:15:55 -0800 (Sat, 07 Dec 2013) \| 3 lines Changed paths: - M /trunk/epan/dissectors/packet-bssgp.c + M /trunk/epan/dissectors/packet-iscsi.c - From Jason Wzhy via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9157 : - BSSGP: Fix dissection of Trace Type IE in SGSN-INVOKE-TRACE message + Correctly update the data length of the SCSI payload within ISCSI. Bug 9521 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9521) + + From Yaniv Kaul ------------------------------------------------------------------------ - r52157 \| mmann \| 2013-09-20 11:35:10 -0700 (Fri, 20 Sep 2013) \| 4 lines - Changed paths: - M /trunk/epan/dissectors/packet-enip.c - Bugfix a few items: - 1. Correct Interface Flag enumeration - 2. Dissect ARP data without making it look like its an ARP packet by disabling column writing. +Copy over r53627 from trunk-1.10: + ------------------------------------------------------------------------ - r52221 \| cmaynard \| 2013-09-26 10:27:53 -0700 (Thu, 26 Sep 2013) \| 4 lines + r53627 \| mmann \| 2013-11-28 08:51:08 -0800 (Thu, 28 Nov 2013) \| 5 lines Changed paths: - M /trunk/ui/win32/print_win32.c + M /trunk-1.10/ui/gtk/decode_as_dlg.c - When a line of text wraps to the next line, the character that caused the line to wrap was not being printed. + Crash when selecting "Decode As" based on SCTP PPID. Bug 8976 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8976) - #BACKPORT(1.10,1.8) + Fixed by defaulting PPID value to LAST_PPID (which should make Decode As a no-op) ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53011 \| gerald \| 2013-10-31 15:46:40 -0700 (Thu, 31 Oct 2013) \| 63 lines +r54151 \| gerald \| 2013-12-16 11:39:48 -0800 (Mon, 16 Dec 2013) \| 32 lines Changed paths: M /trunk-1.8 M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-dcerpc-nt.c - M /trunk-1.8/epan/dissectors/packet-dcerpc.c - M /trunk-1.8/epan/dissectors/packet-eth.c - M /trunk-1.8/epan/dissectors/packet-ethertype.c - M /trunk-1.8/epan/packet.c - M /trunk-1.8/plugins/wimax/packet-wmx.c - M /trunk-1.8/tshark.c - M /trunk-1.8/ui/gtk/uat_gui.c + M /trunk-1.8/epan/dissectors/packet-dvb-bat.c + M /trunk-1.8/epan/dissectors/packet-time.c Copy over revisions from the trunk: ------------------------------------------------------------------------ - r52209 \| mmann \| 2013-09-24 14:06:05 -0700 (Tue, 24 Sep 2013) \| 3 lines + r54138 \| martink \| 2013-12-16 00:20:22 -0800 (Mon, 16 Dec 2013) \| 4 lines Changed paths: - M /trunk/plugins/wimax/packet-wmx.c - - Prevent crashing as a result of tree removal in r52208. Tree removal + this patch should be the "quick" fix to bug 5349 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5349). I knew the tree check was preventing some dissection/column data/etc, but from the comments in bug 5349, the tree check was also protecting this (and maybe other) crashes (due to missed NULL checking). + M /trunk/epan/dissectors/packet-time.c - I want to follow up with some massive cleanup (remove PITEM_FINFO calls), but this with r52208 should be good enough to backport to 1.8 and 1.10 to fix bug 5349. Cleanup shouldn't need to be backported. + From Wesley + fix "decode as" for time protocol + https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9563 ------------------------------------------------------------------------ - r52734 \| mmann \| 2013-10-21 08:50:23 -0700 (Mon, 21 Oct 2013) \| 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-dcerpc-nt.c - Datablob size is NDR64/32 dependant. Bug 9301 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9301). - From Matthieu Patou +Copy over with manual intervention: + ------------------------------------------------------------------------ - r52735 \| mmann \| 2013-10-21 08:58:52 -0700 (Mon, 21 Oct 2013) \| 1 line + r52987 \| martink \| 2013-10-30 15:34:16 -0700 (Wed, 30 Oct 2013) \| 2 lines Changed paths: - M /trunk/epan/dissectors/packet-dcerpc-nt.c + M /trunk/epan/dissectors/packet-dvb-bat.c - Fix compile errors introduced in r52734. + BAT has a Bouquet ID, no Service ID ------------------------------------------------------------------------ - r52736 \| mmann \| 2013-10-21 09:00:37 -0700 (Mon, 21 Oct 2013) \| 3 lines + r53222 \| darkjames \| 2013-11-10 05:04:21 -0800 (Sun, 10 Nov 2013) \| 2 lines Changed paths: - M /trunk/epan/dissectors/packet-dcerpc.c - - dce-rpc: properly dissect multiple PDU in the same packet. Bug 9302 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9302). + M /trunk/epan/tvbtest.c - From Matthieu Patou + missing include for tvbtest + add 'const' (silent most of warnings). ------------------------------------------------------------------------ - r52738 \| cmaynard \| 2013-10-21 10:31:22 -0700 (Mon, 21 Oct 2013) \| 4 lines - Changed paths: - M /trunk/epan/dissectors/packet-eth.c - M /trunk/epan/dissectors/packet-ethertype.c - Remove if (fh_tree) checks as add_ethernet_trailer() calls such functions as dissector_try_heuristic(), expert_add_info(), and col_append_str(), which all need to be called whether fh_tree is NULL or not. - #BACKPORT(1.10,1.8) - ------------------------------------------------------------------------ - r52838 \| cmaynard \| 2013-10-25 05:51:16 -0700 (Fri, 25 Oct 2013) \| 4 lines - Changed paths: - M /trunk/tshark.c +Update the release notes. + +------------------------------------------------------------------------ +r54152 \| gerald \| 2013-12-16 12:13:40 -0800 (Mon, 16 Dec 2013) \| 15 lines +Changed paths: + M /trunk-1.8/docbook/release-notes.asciidoc + M /trunk-1.8/epan/dissectors/packet-ssl-utils.c - Display the frame number on the packet summary line if it's one of the configured columns. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317 +Copy over r53842 with manual intervention: - #BACKPORT(1.10,1.8) ------------------------------------------------------------------------ - r52977 \| eapache \| 2013-10-29 18:42:11 -0700 (Tue, 29 Oct 2013) \| 6 lines + r53842 \| mmann \| 2013-12-07 17:52:02 -0800 (Sat, 07 Dec 2013) \| 3 lines Changed paths: - M /trunk/epan/packet.c + M /trunk/epan/dissectors/packet-ssl-utils.c - When adding an entry to a dissector string table, take a copy of the pattern - string (and pass g_free to g_hash_table_new_full to free it). + dtls: fix buffer overflow in mac check. Bug 9512 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9512) - This means callers don't have to worry about the scope of the memory they pass - in, and fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296 + From Hauke Mehrtens ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53015 \| pascal \| 2013-11-01 08:12:40 -0700 (Fri, 01 Nov 2013) \| 14 lines +r54155 \| gerald \| 2013-12-16 12:29:10 -0800 (Mon, 16 Dec 2013) \| 13 lines Changed paths: M /trunk-1.8 M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-ptp.c + M /trunk-1.8/epan/dissectors/packet-dvbci.c -Copy over from the trunk with manual intervention: +Copy over r53322 from the trunk: ------------------------------------------------------------------------ - r52566 \| pascal \| 2013-10-12 16:05:32 +0200 (sam. 12 oct. 2013) \| 3 lignes - Chemins modifiés : - M /trunk/epan/dissectors/packet-ptp.c - - From Todd Newton via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9262 : - Fix dissection of PTP Management messages + r53322 \| martink \| 2013-11-14 13:44:05 -0800 (Thu, 14 Nov 2013) \| 2 lines + Changed paths: + M /trunk/epan/dissectors/packet-dvbci.c + fix application capability handling ------------------------------------------------------------------------ + Update the release notes. ------------------------------------------------------------------------ -r53019 \| gerald \| 2013-11-01 09:17:18 -0700 (Fri, 01 Nov 2013) \| 16 lines +r54168 \| pascal \| 2013-12-17 01:59:30 -0800 (Tue, 17 Dec 2013) \| 12 lines Changed paths: M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-ntlmssp.c + M /trunk-1.8/epan/dissectors/packet-gsm_sms.c -Copy over r52732 by hand. This appears to be in response to r52213 and -wmemification in the trunk, neither of which have been backported. The extra -check doesn't hurt, however. +Copy over from the trunk: - ------------------------------------------------------------------------ - r52732 \| mmann \| 2013-10-21 08:39:07 -0700 (Mon, 21 Oct 2013) \| 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-ntlmssp.c +------------------------------------------------------------------------ +r53940 \| pascal \| 2013-12-11 19:47:15 +0100 (mer., 11 déc. 2013) \| 3 lines - NULL check ref_nt_challenge_response and ref_lm_challenge_response. Bug 9299 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9299) +From Michael Lum via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9550 : +GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th - From Matthieu Patou - ------------------------------------------------------------------------ +------------------------------------------------------------------------ Update the release notes. ------------------------------------------------------------------------ -r53021 \| gerald \| 2013-11-01 09:29:10 -0700 (Fri, 01 Nov 2013) \| 13 lines +r54169 \| pascal \| 2013-12-17 02:00:58 -0800 (Tue, 17 Dec 2013) \| 2 lines Changed paths: M /trunk-1.8/docbook/release-notes.asciidoc - M /trunk-1.8/epan/dissectors/packet-irc.c - -Copy over r53016 with manual intervention. - ------------------------------------------------------------------------ - r53016 \| pascal \| 2013-11-01 08:48:57 -0700 (Fri, 01 Nov 2013) \| 3 lines - Changed paths: - M /trunk/epan/dissectors/packet-irc.c - - From Peter Wu via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9360 : - Fix IRC response command filter - ------------------------------------------------------------------------ - -Update the release notes. +Add bug reference to release notes ------------------------------------------------------------------------
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/NEWS ^
@@ -1,4 +1,4 @@ - Wireshark 1.8.11 Release Notes + Wireshark 1.8.12 Release Notes __________________________________________________________ What is Wireshark? @@ -13,51 +13,32 @@ Bug Fixes The following vulnerabilities have been fixed. - * [1]wnpa-sec-2013-61 - The IEEE 802.15.4 dissector could crash. ([2]Bug 9139) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [3]CVE-2013-6336 - * [4]wnpa-sec-2013-62 - The NBAP dissector could crash. Discovered by Laurent - Butti. ([5]Bug 9168) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [6]CVE-2013-6337 - * [7]wnpa-sec-2013-63 - The SIP dissector could crash. ([8]Bug 9228) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [9]CVE-2013-6338 - * [10]wnpa-sec-2013-64 - The OpenWire dissector could go into a large loop. - Discovered by Murali. ([11]Bug 9248) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [12]CVE-2013-6339 - * [13]wnpa-sec-2013-65 - The TCP dissector could crash. ([14]Bug 9263) - Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 - [15]CVE-2013-6340 + * [1]wnpa-sec-2013-66 + The SIP dissector could go into an infinite loop. + Discovered by Alain Botti. ([2]Bug 9388) + Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + [3]CVE-2013-7112 + * [4]wnpa-sec-2013-68 + The NTLMSSP v2 dissector could crash. Discovered by Garming + Sam. ([5]Bug 9488) + Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + [6]CVE-2013-7114 The following bugs have been fixed: - * new_packet_list: EAP-TLS reassemble does not happen when - NEW_PACKET_LIST is toggled. ([16]Bug 5349) - * The value of SEND_TO_UE in the DIAMETER Gx dictionary for - Packet-Filter-Usage AVP is 0 instead of 1. ([17]Bug 9126) - * Bssgp => SGSN-INVOKE-TRACE use the wrong function... - ([18]Bug 9157) - * Files with pcap-ng Simple Packet Blocks can't be read. - ([19]Bug 9200) - * Wireshark lua dissector unable to load for - media_type=application/octet-stream. ([20]Bug 9296) - * Wireshark crash when dissecting packet with NTLMSSP. - ([21]Bug 9299) - * DCERPC data_blobs are not correctly dissected when NDR64 - encoding is used. ([22]Bug 9301) - * multiple PDU in the same DCERPC packet are not correctly - decrypted. ([23]Bug 9302) - * The tshark summary line doesn't display the frame number or - displays it sporadically. ([24]Bug 9317) - * Fix dissection of PTP Management messages. ([25]Bug 9262) - * Duplicate IRC header field abbreviation breaks filter - (example: irc.response.command). ([26]Bug 9360) + * "On-the-wire" packet lengths are limited to 65535 bytes. + ([7]Bug 8808, ws-buglink:9390) + * Crash when selecting "Decode As" based on SCTP PPID. + ([8]Bug 8976) + * Wireshark fails to decode single-line, multiple Contact: + URIs in SIP responses. ([9]Bug 9031) + * gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus + result. ([10]Bug 9382) + * DTLS: fix buffer overflow in mac check. ([11]Bug 9512) + * Correct data length in SCSI_DATA_IN packets (within iSCSI). + ([12]Bug 9521) + * Fix "decode as ..." for packet-time.c. ([13]Bug 9563) + * GSM SMS UDH EMS control expects 4 octets instead of 3 with + OPTIONAL 4th. ([14]Bug 9550) New and Updated Features @@ -69,24 +50,24 @@ Updated Protocol Support - BSSGP, DCERPC, DCERPC NT, DIAMETER, Ethernet, EtherNet/IP, IEEE - 802.15.4, IRC, NBAP, NTLMSSP, OpenWire, SIP, and WiMax + DTLS, DVB-BAT, DVB-CI, GSM MAP, GSM SMS, iSCSI, SCTP, SIP, and + Time New and Updated Capture File Support - and . + and Pcap-ng. Getting Wireshark Wireshark source code and installation packages are available - from [27]http://www.wireshark.org/download.html. + from [15]http://www.wireshark.org/download.html. Vendor-supplied Packages Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list - of third-party packages can be found on the [28]download page + of third-party packages can be found on the [16]download page on the Wireshark web site. __________________________________________________________ @@ -100,93 +81,81 @@ Known Problems - Dumpcap might not quit if Wireshark or TShark crashes. ([29]Bug + Dumpcap might not quit if Wireshark or TShark crashes. ([17]Bug 1419) - The BER dissector might infinitely loop. ([30]Bug 1516) + The BER dissector might infinitely loop. ([18]Bug 1516) Capture filters aren't applied when capturing from named pipes. - ([31]Bug 1814) + ([19]Bug 1814) Filtering tshark captures with display filters (-R) no longer - works. ([32]Bug 2234) + works. ([20]Bug 2234) The 64-bit Windows installer does not support Kerberos - decryption. ([33]Win64 development page) + decryption. ([21]Win64 development page) - Application crash when changing real-time option. ([34]Bug + Application crash when changing real-time option. ([22]Bug 4035) - Hex pane display issue after startup. ([35]Bug 4056) + Hex pane display issue after startup. ([23]Bug 4056) - Packet list rows are oversized. ([36]Bug 4357) + Packet list rows are oversized. ([24]Bug 4357) Summary pane selected frame highlighting not maintained. - ([37]Bug 4445) + ([25]Bug 4445) Wireshark and TShark will display incorrect delta times in some - cases. ([38]Bug 4985) + cases. ([26]Bug 4985) __________________________________________________________ Getting Help - Community support is available on [39]Wireshark's Q&A site and + Community support is available on [27]Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found - on [40]the web site. + on [28]the web site. Official Wireshark training and certification are available - from [41]Wireshark University. + from [29]Wireshark University. __________________________________________________________ Frequently Asked Questions - A complete FAQ is available on the [42]Wireshark web site. + A complete FAQ is available on the [30]Wireshark web site. __________________________________________________________ - Last updated 2013-11-01 09:29:10 PDT + Last updated 2013-12-17 09:10:38 PST References - 1. https://www.wireshark.org/security/wnpa-sec-2013-61.html - 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 - 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336 - 4. https://www.wireshark.org/security/wnpa-sec-2013-62.html - 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 - 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337 - 7. https://www.wireshark.org/security/wnpa-sec-2013-63.html - 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 - 9. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338 - 10. https://www.wireshark.org/security/wnpa-sec-2013-64.html - 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9248 - 12. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339 - 13. https://www.wireshark.org/security/wnpa-sec-2013-65.html - 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 - 15. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340 - 16. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5349 - 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9126 - 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9157 - 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9200 - 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9296 - 21. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9299 - 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9301 - 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9302 - 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9317 - 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9262 - 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9360 - 27. http://www.wireshark.org/download.html - 28. http://www.wireshark.org/download.html#thirdparty - 29. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 - 30. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 - 31. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 - 32. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 - 33. https://wiki.wireshark.org/Development/Win64 - 34. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 - 35. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056 - 36. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357 - 37. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445 - 38. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 - 39. http://ask.wireshark.org/ - 40. http://www.wireshark.org/lists/ - 41. http://www.wiresharktraining.com/ - 42. http://www.wireshark.org/faq.html + 1. https://www.wireshark.org/security/wnpa-sec-2013-66.html + 2. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388 + 3. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112 + 4. https://www.wireshark.org/security/wnpa-sec-2013-68.html + 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488 + 6. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114 + 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8808 + 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8976 + 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9031 + 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9382 + 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9512 + 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9521 + 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9563 + 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9550 + 15. http://www.wireshark.org/download.html + 16. http://www.wireshark.org/download.html#thirdparty + 17. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419 + 18. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516 + 19. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814 + 20. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 + 21. https://wiki.wireshark.org/Development/Win64 + 22. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035 + 23. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056 + 24. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357 + 25. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4445 + 26. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985 + 27. http://ask.wireshark.org/ + 28. http://www.wireshark.org/lists/ + 29. http://www.wiresharktraining.com/ + 30. http://www.wireshark.org/faq.html
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/asn1/gsm_map/packet-gsm_map-template.c ^
@@ -17,7 +17,7 @@ * Felix Fei <felix.fei [AT] utstar.com> * and Michael Lum <mlum [AT] telostech.com> * - * $Id: packet-gsm_map-template.c 49236 2013-05-10 21:44:09Z gerald $ + * $Id: packet-gsm_map-template.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1472,8 +1472,8 @@ case 47: /reportSM-DeliveryStatus/ offset=dissect_mc_message(tvb, offset, actx, tree, FALSE, dissect_gsm_map_ISDN_AddressString, hf_gsm_map_sm_storedMSISDN, - FALSE, NULL, -1, - FALSE , dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1);/undefined/ + FALSE, dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1, + FALSE, NULL, -1);/undefined/ break; case 48: /noteSubscriberPresent/
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/config.nmake ^
@@ -1,4 +1,4 @@ -# $Id: config.nmake 53008 2013-10-31 19:24:22Z gerald $ +# $Id: config.nmake 53032 2013-11-01 20:53:05Z gerald $ # Some more information about the settings in this file can be found in # the file README.windows and the Developer's Guide (available online). @@ -13,13 +13,13 @@ ##### Versions ##### # The SVN revision of our build. Updated by make-version.pl -SVN_REVISION=53023 +SVN_REVISION=54185 # The current Wireshark version. Recommended: Leave unchanged. # Updated by make-version.pl VERSION_MAJOR=1 VERSION_MINOR=8 -VERSION_MICRO=11 +VERSION_MICRO=12 VERSION_BUILD=$(SVN_REVISION) # Local build information. Recommended: Unique string for your
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for wireshark 1.8.11. +# Generated by GNU Autoconf 2.68 for wireshark 1.8.12. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -567,8 +567,8 @@ # Identity of this package. PACKAGE_NAME='wireshark' PACKAGE_TARNAME='wireshark' -PACKAGE_VERSION='1.8.11' -PACKAGE_STRING='wireshark 1.8.11' +PACKAGE_VERSION='1.8.12' +PACKAGE_STRING='wireshark 1.8.12' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1522,7 +1522,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures wireshark 1.8.11 to adapt to many kinds of systems. +\`configure' configures wireshark 1.8.12 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1593,7 +1593,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of wireshark 1.8.11:";; + short \| recursive ) echo "Configuration of wireshark 1.8.12:";; esac cat <<\_ACEOF @@ -1792,7 +1792,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -wireshark configure 1.8.11 +wireshark configure 1.8.12 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2332,7 +2332,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by wireshark $as_me 1.8.11, which was +It was created by wireshark $as_me 1.8.12, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3260,7 +3260,7 @@ # Define the identity of the package. PACKAGE='wireshark' - VERSION='1.8.11' + VERSION='1.8.12' cat >>confdefs.h <<_ACEOF @@ -29473,7 +29473,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by wireshark $as_me 1.8.11, which was +This file was extended by wireshark $as_me 1.8.12, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -29539,7 +29539,7 @@ cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -wireshark config.status 1.8.11 +wireshark config.status 1.8.12 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/configure.in ^
@@ -1,8 +1,8 @@ -# $Id: configure.in 53008 2013-10-31 19:24:22Z gerald $ +# $Id: configure.in 53032 2013-11-01 20:53:05Z gerald $ # AC_PREREQ(2.60) -AC_INIT(wireshark, 1.8.11) +AC_INIT(wireshark, 1.8.12) dnl Check for CPU / vendor / OS dnl The user is encouraged to use either `AC_CANONICAL_BUILD', or
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/debian/changelog ^
@@ -1,4 +1,4 @@ -wireshark (1.8.11) unstable; urgency=low +wireshark (1.8.12) unstable; urgency=low * Self-made package
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/debian/wireshark-common.files ^
@@ -7,9 +7,9 @@ /usr/bin/rawshark /usr/bin/text2pcap /usr/lib/wireshark/libwireshark.so.2 -/usr/lib/wireshark/libwireshark.so.2.0.11 +/usr/lib/wireshark/libwireshark.so.2.0.12 /usr/lib/wireshark/libwiretap.so.2 -/usr/lib/wireshark/libwiretap.so.2.1.11 +/usr/lib/wireshark/libwiretap.so.2.1.12 /usr/lib/wireshark/libwsutil.so.2 /usr/lib/wireshark/libwsutil.so.2.0.0 /usr/lib/wireshark/plugins/*
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/docbook/asciidoc.conf ^
@@ -1,10 +1,10 @@ # AsciiDoc configuration for Wireshark -# $Id: asciidoc.conf 53007 2013-10-31 19:22:04Z gerald $ +# $Id: asciidoc.conf 53032 2013-11-01 20:53:05Z gerald $ [replacements] # Yes, this is a fake macro. -wireshark-version:\[\]=1.8.11 +wireshark-version:\[\]=1.8.12 [macros]
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/docbook/release-notes.asciidoc ^
@@ -1,5 +1,5 @@ = Wireshark wireshark-version:[] Release Notes -// $Id: release-notes.asciidoc 53021 2013-11-01 16:29:10Z gerald $ +// $Id: release-notes.asciidoc 54185 2013-12-17 17:22:52Z gerald $ == What is Wireshark? @@ -17,66 +17,28 @@ //* ws-salink:2013-11[] //* cve-idlink:2013-2486[] -* ws-salink:2013-61[] +* ws-salink:2013-66[] + -The IEEE 802.15.4 dissector could crash. -// Fixed in trunk: r52036 -// Fixed in trunk-1.10: r52954 -// Fixed in trunk-1.8: r52956 -(ws-buglink:9139[]) +The SIP dissector could go into an infinite loop. Discovered by Alain Botti. +// Fixed in trunk-1.10: r53195 +// Fixed in trunk-1.8: r53197 +(ws-buglink:9388[]) + -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 +Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + -cve-idlink:2013-6336[] +cve-idlink:2013-7112[] -* ws-salink:2013-62[] +* ws-salink:2013-68[] + -The NBAP dissector could crash. Discovered by Laurent Butti. -// Fixed in trunk: r52154 -// Fixed in trunk-1.10: r52957 -// Fixed in trunk-1.8: r52958 -(ws-buglink:9168[]) +The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. +// Fixed in trunk: r53626 +// Fixed in trunk-1.10: r54072 +// Fixed in trunk-1.8: r54146 +(ws-buglink:9488[]) + -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 +Versions affected: 1.10.0 to 1.10.3, 1.8.0 to 1.8.11 + -cve-idlink:2013-6337[] - -* ws-salink:2013-63[] -+ -The SIP dissector could crash. -// Fixed in trunk: r52354 -// Fixed in trunk-1.10: r52959 -// Fixed in trunk-1.8: r52960 -(ws-buglink:9228[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6338[] - -* ws-salink:2013-64[] -+ -The OpenWire dissector could go into a large loop. Discovered by Murali. -// Fixed in trunk: r52457, r52458, r52463 -// Fixed in trunk-1.10: r52490 -// Fixed in trunk-1.8: r52490 -(ws-buglink:9248[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6339[] - -* ws-salink:2013-65[] -+ -The TCP dissector could crash. -// Fixed in trunk: r52570 -// Fixed in trunk-1.10: r52961 -// Fixed in trunk-1.8: r52962 -(ws-buglink:9263[]) -+ -Versions affected: 1.10.0 to 1.10.2, 1.8.0 to 1.8.10 -+ -cve-idlink:2013-6340[] - +cve-idlink:2013-7114[] The following bugs have been fixed: @@ -84,28 +46,21 @@ //flame job to the hood and fenders using gray, red, and black primer. //(ws-buglink:0000[]) -* new_packet_list: EAP-TLS reassemble does not happen when NEW_PACKET_LIST is toggled. (ws-buglink:5349[]) - -* The value of 'SEND_TO_UE' in the DIAMETER Gx dictionary for Packet-Filter-Usage AVP is 0 instead of 1. (ws-buglink:9126[]) - -* Bssgp => SGSN-INVOKE-TRACE use the wrong function... (ws-buglink:9157[]) - -* Files with pcap-ng Simple Packet Blocks can't be read. -(ws-buglink:9200[]) +* "On-the-wire" packet lengths are limited to 65535 bytes. (ws-buglink:8808[], ws-buglink:9390) -* Wireshark lua dissector unable to load for media_type=application/octet-stream. (ws-buglink:9296[]) +* Crash when selecting "Decode As" based on SCTP PPID. (ws-buglink:8976[]) -* Wireshark crash when dissecting packet with NTLMSSP. (ws-buglink:9299[]) +* Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses. (ws-buglink:9031[]) -* DCERPC data_blobs are not correctly dissected when NDR64 encoding is used. (ws-buglink:9301[]) +* gsm_map doesn't decode MAPv3 reportSM-DeliveryStatus result. (ws-buglink:9382[]) -* multiple PDU in the same DCERPC packet are not correctly decrypted. (ws-buglink:9302[]) +* DTLS: fix buffer overflow in mac check. (ws-buglink:9512[]) -* The tshark summary line doesn't display the frame number or displays it sporadically. (ws-buglink:9317[]) +* Correct data length in SCSI_DATA_IN packets (within iSCSI). (ws-buglink:9521[]) -* Fix dissection of PTP Management messages. (ws-buglink:9262[]) +* Fix "decode as ..." for packet-time.c. (ws-buglink:9563[]) -* Duplicate IRC header field abbreviation breaks filter (example: irc.response.command). (ws-buglink:9360[]) +* GSM SMS UDH EMS control expects 4 octets instead of 3 with OPTIONAL 4th. (ws-buglink:9550[]) === New and Updated Features @@ -119,19 +74,15 @@ --sort-and-group-- -BSSGP -DCERPC -DCERPC NT -DIAMETER -Ethernet -EtherNet/IP -IEEE 802.15.4 -IRC -NBAP -NTLMSSP -OpenWire +DTLS +DVB-BAT +DVB-CI +GSM MAP +GSM SMS +iSCSI +SCTP SIP -WiMax +Time --sort-and-group-- @@ -139,7 +90,7 @@ --sort-and-group-- -. +Pcap-ng. --sort-and-group--
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/Makefile.am ^
@@ -3,7 +3,7 @@ # (EPAN is a historical name; it stands for Ethereal Protocol ANalyzer # Library) # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -56,7 +56,7 @@ noinst_LTLIBRARIES = libwireshark_generated.la libwireshark_asmopt.la lib_LTLIBRARIES = libwireshark.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwireshark_la_LDFLAGS = -version-info 2:11:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ +libwireshark_la_LDFLAGS = -version-info 2:12:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ include Makefile.common
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/Makefile.in ^
@@ -20,7 +20,7 @@ # (EPAN is a historical name; it stands for Ethereal Protocol ANalyzer # Library) # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -573,7 +573,7 @@ noinst_LTLIBRARIES = libwireshark_generated.la libwireshark_asmopt.la lib_LTLIBRARIES = libwireshark.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwireshark_la_LDFLAGS = -version-info 2:11:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ +libwireshark_la_LDFLAGS = -version-info 2:12:0 -export-symbols libwireshark.sym @LDFLAGS_SHAREDLIB@ LIBWIRESHARK_SRC = \ addr_and_mask.c \ addr_resolv.c \
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-dvb-bat.c ^
@@ -2,7 +2,7 @@ * Routines for DVB (ETSI EN 300 468) Bouquet Association Table (BAT) dissection * Copyright 2012, Guy Martin <gmsoft@tuxicoman.be> * - * $Id: packet-dvb-bat.c 41836 2012-03-30 01:17:46Z morriss $ + * $Id: packet-dvb-bat.c 54151 2013-12-16 19:39:48Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -183,7 +183,7 @@ static hf_register_info hf[] = { { &hf_dvb_bat_bouquet_id, { - "Service ID", "dvb_bat.sid", + "Bouquet ID", "dvb_bat.bouquet_id", FT_UINT16, BASE_HEX, NULL, 0, NULL, HFILL } },
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-dvbci.c ^
@@ -2,7 +2,7 @@ * Routines for DVB-CI (Common Interface) dissection * Copyright 2011-2012, Martin Kaiser <martin@kaiser.cx> * - * $Id: packet-dvbci.c 50476 2013-07-09 21:07:16Z martink $ + * $Id: packet-dvbci.c 54155 2013-12-16 20:29:10Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1526,7 +1526,7 @@ if (!title) return -1; - if (item_len==0 \|\| cap_loop_len%item_len != 0) + if (item_len==0) return -1; if (tree && cap_loop_len>0) { @@ -3489,6 +3489,7 @@ cap_loop_len = tvb_get_guint8(tvb, offset); proto_tree_add_text(tree, tvb, offset, 1, "Application capabilities loop length: %d", cap_loop_len); + offset++; dissect_opp_cap_loop(cap_loop_len, "Application capabilities loop", hf_dvbci_app_cap_bytes, 2,
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-gsm_map.c ^
@@ -25,7 +25,7 @@ * Felix Fei <felix.fei [AT] utstar.com> * and Michael Lum <mlum [AT] telostech.com> * - * $Id: packet-gsm_map.c 49236 2013-05-10 21:44:09Z gerald $ + * $Id: packet-gsm_map.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -18894,8 +18894,8 @@ case 47: /reportSM-DeliveryStatus/ offset=dissect_mc_message(tvb, offset, actx, tree, FALSE, dissect_gsm_map_ISDN_AddressString, hf_gsm_map_sm_storedMSISDN, - FALSE, NULL, -1, - FALSE , dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1);/undefined/ + FALSE, dissect_gsm_map_sm_ReportSM_DeliveryStatusRes, -1, + FALSE, NULL, -1);/undefined/ break; case 48: /noteSubscriberPresent/
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-gsm_sms.c ^
@@ -14,7 +14,7 @@ * Header field support for TPDU Parameters added by * Abhik Sarkar. * - * $Id: packet-gsm_sms.c 49823 2013-06-06 21:34:16Z gerald $ + * $Id: packet-gsm_sms.c 54168 2013-12-17 09:59:30Z pascal $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -2091,7 +2091,7 @@ proto_tree subtree_colour = NULL; - EXACT_DATA_CHECK(length, 4); + SHORT_DATA_CHECK(length, 3); oct = tvb_get_guint8(tvb, offset); proto_tree_add_text(tree, tvb, offset, 1, @@ -2176,23 +2176,28 @@ oct & 0x80 , str); offset++; - oct = tvb_get_guint8(tvb, offset); - item_colour = proto_tree_add_text(tree, tvb, offset, 1, "Text Colour"); - subtree_colour = proto_item_add_subtree(item_colour, ett_udh_tfc); + if (length > 3) + { + oct = tvb_get_guint8(tvb, offset); + item_colour = proto_tree_add_text(tree, tvb, offset, 1, "Text Colour"); + subtree_colour = proto_item_add_subtree(item_colour, ett_udh_tfc); - str = val_to_str(oct & 0x0f, text_color_values, "Unknown"); - proto_tree_add_text(subtree_colour, tvb, offset, 1, - "Foreground Colour : 0x%x %s", - oct & 0x0f , str); - str = val_to_str((oct >> 4) & 0x0f, text_color_values, "Unknown"); - proto_tree_add_text(subtree_colour, - tvb, offset, 1, - "Background Colour : 0x%x %s", - (oct >> 4) & 0x0f , str); + str = val_to_str(oct & 0x0f, text_color_values, "Unknown"); + proto_tree_add_text(subtree_colour, tvb, offset, 1, + "Foreground Colour : 0x%x %s", + oct & 0x0f , str); + + str = val_to_str((oct >> 4) & 0x0f, text_color_values, "Unknown"); + proto_tree_add_text(subtree_colour, + tvb, offset, 1, + "Background Colour : 0x%x %s", + (oct >> 4) & 0x0f , str); + /offset++;/ + } } / 9.2.3.24.10.1.2 / @@ -3723,7 +3728,7 @@ }; / Setup protocol subtree array / -#define NUM_INDIVIDUAL_PARMS 12 +#define NUM_INDIVIDUAL_PARMS 14 gint ett[NUM_INDIVIDUAL_PARMS/+NUM_MSGS/+NUM_UDH_IEIS+2]; ett[0] = &ett_gsm_sms; @@ -3738,6 +3743,8 @@ ett[9] = &ett_dcs; ett[10] = &ett_ud; ett[11] = &ett_udh; + ett[12] = &ett_udh_tfm; + ett[13] = &ett_udh_tfc; last_offset = NUM_INDIVIDUAL_PARMS;
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-iscsi.c ^
@@ -11,7 +11,7 @@ * Copyright 2001, Eurologic and Mark Burton <markb@ordern.com> * 2004 Request/Response matching and Service Response Time: ronnie sahlberg * - * $Id: packet-iscsi.c 45549 2012-10-14 22:55:51Z guy $ + * $Id: packet-iscsi.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1321,6 +1321,7 @@ proto_tree_add_item(ti, hf_iscsi_TotalAHSLength, tvb, offset + 4, 1, ENC_BIG_ENDIAN); } proto_tree_add_uint(ti, hf_iscsi_DataSegmentLength, tvb, offset + 5, 3, tvb_get_ntoh24(tvb, offset + 5)); + cdata->itlq.data_length=tvb_get_ntoh24(tvb, offset + 5); if(iscsi_protocol_version > ISCSI_PROTOCOL_DRAFT09) { proto_tree_add_item(ti, hf_iscsi_LUN, tvb, offset + 8, 8, ENC_NA); }
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-mongo.c ^
@@ -3,7 +3,7 @@ * Copyright 2010, Alexis La Goutte <alexis.lagoutte at gmail dot com> * BSON dissection added 2011, Thomas Buchanan <tom at thomasbuchanan dot com> * - * $Id: packet-mongo.c 45484 2012-10-11 20:45:24Z wmeier $ + * $Id: packet-mongo.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -433,11 +433,8 @@ static int dissect_mongo_msg(tvbuff_t tvb, guint offset, proto_tree tree) { - - proto_item *ti; - - ti = proto_tree_add_item(tree, hf_mongo_message, tvb, offset, -1, ENC_ASCII\|ENC_NA); - offset += proto_item_get_len(ti); + proto_tree_add_item(tree, hf_mongo_message, tvb, offset, -1, ENC_ASCII\|ENC_NA); + offset += tvb_strsize(tvb, offset); return offset; }
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-ntlmssp.c ^
@@ -5,7 +5,7 @@ * Devin Heitmueller <dheitmueller@netilla.com> * Copyright 2003, Tim Potter <tpot@samba.org> * - * $Id: packet-ntlmssp.c 53019 2013-11-01 16:17:18Z gerald $ + * $Id: packet-ntlmssp.c 54146 2013-12-16 16:54:46Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -528,9 +528,13 @@ guint8 sessionkey ,const guint8 encryptedsessionkey , int flags , const ntlmssp_blob ntlm_response, const ntlmssp_blob lm_response _U_, ntlmssp_header_t ntlmssph ) { - char domain_name_unicode[256]; - char user_uppercase[256]; - char buf[512]; +/ static const would be nicer, but -Werror=vla does not like it / +#define DOMAIN_NAME_BUF_SIZE 512 +#define USER_BUF_SIZE 256 +#define BUF_SIZE (DOMAIN_NAME_BUF_SIZE + USER_BUF_SIZE) + char domain_name_unicode[DOMAIN_NAME_BUF_SIZE]; + char user_uppercase[USER_BUF_SIZE]; + char buf[BUF_SIZE]; /guint8 md4[NTLMSSP_KEY_LEN];/ unsigned char nt_password_hash[NTLMSSP_KEY_LEN]; unsigned char nt_proof[NTLMSSP_KEY_LEN]; @@ -555,10 +559,10 @@ nb_pass = get_md4pass_list(&pass_list,nt_password); #endif i=0; - memset(user_uppercase,0,256); + memset(user_uppercase, 0, USER_BUF_SIZE); user_len = strlen(ntlmssph->acct_name); - if( user_len < 129 ) { - memset(buf,0,512); + if (user_len < USER_BUF_SIZE / 2) { + memset(buf, 0, BUF_SIZE); str_to_unicode(ntlmssph->acct_name,buf); for (j = 0; j < (2user_len); j++) { if( buf[j] != '\0' ) { @@ -571,7 +575,7 @@ return; } domain_len = strlen(ntlmssph->domain_name); - if( domain_len < 129 ) { + if (domain_len < DOMAIN_NAME_BUF_SIZE / 2) { str_to_unicode(ntlmssph->domain_name,domain_name_unicode); } else { @@ -586,14 +590,14 @@ printnbyte(nt_password_hash,NTLMSSP_KEY_LEN,"Current NT password hash: ","\n"); i++; /* ntowf computation / - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,user_uppercase,user_len2); memcpy(buf+user_len2,domain_name_unicode,domain_len2); md5_hmac(buf,domain_len2+user_len2,nt_password_hash,NTLMSSP_KEY_LEN,ntowf); printnbyte(ntowf,NTLMSSP_KEY_LEN,"NTOWF: ","\n"); /* LM response / - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,serverchallenge,8); memcpy(buf+8,clientchallenge,8); md5_hmac(buf,NTLMSSP_KEY_LEN,ntowf,NTLMSSP_KEY_LEN,lm_challenge_response); @@ -601,9 +605,9 @@ printnbyte(lm_challenge_response,24,"LM Response: ","\n"); / NT proof = First NTLMSSP_KEY_LEN bytes of NT response */ - memset(buf,0,512); + memset(buf, 0, BUF_SIZE); memcpy(buf,serverchallenge,8); - memcpy(buf+8,ntlm_response->contents+NTLMSSP_KEY_LEN,ntlm_response->length-NTLMSSP_KEY_LEN); + memcpy(buf+8, ntlm_response->contents+NTLMSSP_KEY_LEN, MIN(BUF_SIZE - 8, ntlm_response->length-NTLMSSP_KEY_LEN)); md5_hmac(buf,ntlm_response->length-8,ntowf,NTLMSSP_KEY_LEN,nt_proof); printnbyte(nt_proof,NTLMSSP_KEY_LEN,"NT proof: ","\n"); if( !memcmp(nt_proof,ntlm_response->contents,NTLMSSP_KEY_LEN) ) {
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-sip.c ^
@@ -10,7 +10,7 @@ * Copyright 2004, Anders Broman <anders.broman@ericsson.com> * Copyright 2011, Anders Broman <anders.broman@ericsson.com>, Johan Wahl <johan.wahl@ericsson.com> * - * $Id: packet-sip.c 52960 2013-10-29 18:59:51Z gerald $ + * $Id: packet-sip.c 54147 2013-12-16 18:16:51Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1524,13 +1524,14 @@ queried_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, '"'); if(queried_offset==-1){ /* We have an opening quote but no closing quote. / - queried_offset = line_end_offset; - } - current_offset = tvb_find_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, ';'); + current_offset = line_end_offset; + } else { + current_offset = tvb_pbrk_guint8(tvb, queried_offset+1, line_end_offset - queried_offset, ",;", &c); if(current_offset==-1){ / Last parameter, line end / current_offset = line_end_offset; } + } }else{ current_offset = queried_offset; } @@ -2108,6 +2109,10 @@ / orig_offset = offset; linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE); + if(linelen==0){ + return -2; + } + if (tvb_strnlen(tvb, offset, linelen) > -1) { /*
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-ssl-utils.c ^
@@ -2,7 +2,7 @@ * ssl manipulation functions * By Paolo Abeni <paolo.abeni@email.com> * - * $Id: packet-ssl-utils.c 49267 2013-05-13 17:40:49Z gerald $ + * $Id: packet-ssl-utils.c 54152 2013-12-16 20:13:40Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -1077,6 +1077,8 @@ { 0, NULL } }; +#define DIGEST_MAX_SIZE 48 + /* we keep this internal to packet-ssl-utils, as there should be no need to access it any other way. @@ -1337,6 +1339,7 @@ algo = gcry_md_get_algo ((md)); len = gcry_md_get_algo_dlen(algo); + DISSECTOR_ASSERT(len <= datalen); memcpy(data, gcry_md_read((md), algo), len); datalen = len; } @@ -1819,7 +1822,7 @@ guint left; gint tocpy; guint8 A; - guint8 _A[48],tmp[48]; + guint8 _A[DIGEST_MAX_SIZE],tmp[DIGEST_MAX_SIZE]; guint A_l,tmp_l; SSL_HMAC hm; ptr = out->data; @@ -1834,6 +1837,7 @@ while(left){ ssl_hmac_init(&hm,secret->data,secret->data_len,md); ssl_hmac_update(&hm,A,A_l); + A_l = sizeof(_A); ssl_hmac_final(&hm,_A,&A_l); ssl_hmac_cleanup(&hm); A=_A; @@ -1841,6 +1845,7 @@ ssl_hmac_init(&hm,secret->data,secret->data_len,md); ssl_hmac_update(&hm,A,A_l); ssl_hmac_update(&hm,seed->data,seed->data_len); + tmp_l = sizeof(tmp); ssl_hmac_final(&hm,tmp,&tmp_l); ssl_hmac_cleanup(&hm); @@ -2450,7 +2455,7 @@ SSL_HMAC hm; gint md; guint32 len; - guint8 buf[48]; + guint8 buf[DIGEST_MAX_SIZE]; gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); @@ -2484,6 +2489,7 @@ ssl_hmac_update(&hm,data,datalen); / get digest and digest len/ + len = sizeof(buf); ssl_hmac_final(&hm,buf,&len); ssl_hmac_cleanup(&hm); ssl_print_data("Mac", buf, len); @@ -2564,7 +2570,7 @@ SSL_HMAC hm; gint md; guint32 len; - guint8 buf[20]; + guint8 buf[DIGEST_MAX_SIZE]; gint16 temp; md=ssl_get_digest_by_name(digests[decoder->cipher_suite->dig-0x40]); @@ -2595,6 +2601,7 @@ ssl_hmac_update(&hm,buf,2); ssl_hmac_update(&hm,data,datalen); / get digest and digest len */ + len = sizeof(buf); ssl_hmac_final(&hm,buf,&len); ssl_hmac_cleanup(&hm); ssl_print_data("Mac", buf, len);
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/epan/dissectors/packet-time.c ^
@@ -3,7 +3,7 @@ * * Richard Sharpe <rsharpe@ns.aus.com> * - * $Id: packet-time.c 39503 2011-10-21 02:10:19Z wmeier $ + * $Id: packet-time.c 54151 2013-12-16 19:39:48Z gerald $ * * Wireshark - Network traffic analyzer * By Gerald Combs <gerald@wireshark.org> @@ -68,8 +68,8 @@ time_tree = proto_item_add_subtree(ti, ett_time); proto_tree_add_text(time_tree, tvb, 0, 0, - pinfo->srcport==TIME_PORT ? "Type: Response":"Type: Request"); - if (pinfo->srcport == TIME_PORT) { + pinfo->srcport==pinfo->match_uint ? "Type: Response":"Type: Request"); + if (pinfo->srcport == pinfo->match_uint) { /* seconds since 1900-01-01 00:00:00 GMT, not 1970 */ guint32 delta_seconds = tvb_get_ntohl(tvb, 0); proto_tree_add_uint_format(time_tree, hf_time_time, tvb, 0, 4,
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/help/faq.txt ^
@@ -14,8 +14,8 @@ 1.6 How much does Wireshark cost? - 1.7 But I just paid someone on eBay for a copy of Wireshark! - Did I get ripped off? + 1.7 But I just paid someone on eBay for a copy of Wireshark! Did I + get ripped off? 1.8 Can I use Wireshark commercially? @@ -25,23 +25,21 @@ 1.11 Are there any plans to support {your favorite protocol}? - 1.12 Can Wireshark read capture files from {your favorite - network analyzer}? + 1.12 Can Wireshark read capture files from {your favorite network + analyzer}? 1.13 What devices can Wireshark use to capture packets? - 1.14 Does Wireshark work on Windows Vista or Windows Server - 2008? + 1.14 Does Wireshark work on Windows Vista or Windows Server 2008? 2. Downloading Wireshark: - 2.1 Why do I get an error when I try to run the Win32 - installer? + 2.1 Why do I get an error when I try to run the Win32 installer? 3. Installing Wireshark: - 3.1 I installed the Wireshark RPM (or other package); why did - it install TShark but not Wireshark? + 3.1 I installed the Wireshark RPM (or other package); why did it + install TShark but not Wireshark? 4. Building Wireshark: @@ -50,8 +48,8 @@ 4.2 Why do I get the error - dftest_DEPENDENCIES was already defined in condition TRUE, - which implies condition HAVE_PLUGINS_TRUE + dftest_DEPENDENCIES was already defined in condition TRUE, which + implies condition HAVE_PLUGINS_TRUE when I try to build Wireshark from SVN or a SVN snapshot? @@ -62,33 +60,32 @@ 4.4 When I try to build Wireshark on Solaris, why does the link fail complaining that plugin_list is undefined? - 4.5 When I try to build Wireshark on Windows, why does the - build fail because of conflicts between winsock.h and - winsock2.h? + 4.5 When I try to build Wireshark on Windows, why does the build + fail because of conflicts between winsock.h and winsock2.h? 5. Starting Wireshark: - 5.1 Why does Wireshark crash with a Bus Error when I try to run - it on Solaris 8? + 5.1 Why does Wireshark crash with a Bus Error when I try to run it + on Solaris 8? - 5.2 When I run Wireshark on Windows NT, why does it die with a - Dr. Watson error, reporting an "Integer division by zero" - exception, when I start it? + 5.2 When I run Wireshark on Windows NT, why does it die with a Dr. + Watson error, reporting an "Integer division by zero" exception, + when I start it? 5.3 When I try to run Wireshark, why does it complain about sprint_realloc_objid being undefined? - 5.4 I've installed Wireshark from Fink on Mac OS X; why is it - very slow to start up? + 5.4 I've installed Wireshark from Fink on Mac OS X; why is it very + slow to start up? 6. Crashes and other fatal errors: - 6.1 I have an XXX network card on my machine; if I try to - capture on it, why does my machine crash or reset itself? + 6.1 I have an XXX network card on my machine; if I try to capture + on it, why does my machine crash or reset itself? 6.2 Why does my machine crash or reset itself when I select - "Start" from the "Capture" menu or select "Preferences" from - the "Edit" menu? + "Start" from the "Capture" menu or select "Preferences" from the + "Edit" menu? 7. Capturing packets: @@ -96,15 +93,14 @@ packets to and from my machine, or not see all the traffic I'm expecting to see from or to the machine I'm trying to monitor? - 7.2 When I capture with Wireshark, why can't I see any TCP - packets other than packets to and from my machine, even though - another analyzer on the network sees those packets? + 7.2 When I capture with Wireshark, why can't I see any TCP packets + other than packets to and from my machine, even though another + analyzer on the network sees those packets? 7.3 Why am I only seeing ARP packets when I try to capture traffic? - 7.4 Why am I not seeing any traffic when I try to capture - traffic? + 7.4 Why am I not seeing any traffic when I try to capture traffic? 7.5 Can Wireshark capture on (my T1/E1 line, SS7 links, etc.)? @@ -113,42 +109,41 @@ 7.7 I can set a display filter just fine; why don't capture filters work? - 7.8 I'm entering valid capture filters; why do I still get - "parse error" errors? + 7.8 I'm entering valid capture filters; why do I still get "parse + error" errors? 7.9 How can I capture packets with CRC errors? 7.10 How can I capture entire frames, including the FCS? - 7.11 I'm capturing packets on a machine on a VLAN; why don't - the packets I'm capturing have VLAN tags? + 7.11 I'm capturing packets on a machine on a VLAN; why don't the + packets I'm capturing have VLAN tags? 7.12 Why does Wireshark hang after I stop a capture? 8. Capturing packets on Windows: 8.1 I'm running Wireshark on Windows; why does some network - interface on my machine not show up in the list of interfaces - in the "Interface:" field in the dialog box popped up by - "Capture->Start", and/or why does Wireshark give me an error if - I try to capture on that interface? + interface on my machine not show up in the list of interfaces in + the "Interface:" field in the dialog box popped up by + "Capture->Start", and/or why does Wireshark give me an error if I + try to capture on that interface? - 8.2 I'm running Wireshark on Windows; why do no network - interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + 8.2 I'm running Wireshark on Windows; why do no network interfaces + show up in the list of interfaces in the "Interface:" field in the + dialog box popped up by "Capture->Start"? 8.3 I'm running Wireshark on Windows; why doesn't my serial port/ADSL modem/ISDN modem show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? - 8.4 I'm running Wireshark on Windows NT 4.0/Windows - 2000/Windows XP/Windows Server 2003; my machine has a PPP - (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can - no packets be sent on or received from that network while I'm - trying to capture traffic on that interface? + 8.4 I'm running Wireshark on Windows NT 4.0/Windows 2000/Windows + XP/Windows Server 2003; my machine has a PPP (dial-up POTS, ISDN, + etc.) interface, and it shows up in the "Interface" item in the + "Capture Options" dialog box. Why can no packets be sent on or + received from that network while I'm trying to capture traffic on + that interface? 8.5 I'm running Wireshark on Windows; why am I not seeing any traffic being sent by the machine running Wireshark? @@ -156,11 +151,11 @@ 8.6 When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike - packets to or from my machine. What should I do to arrange that - I see those packets in their entirety? + packets to or from my machine. What should I do to arrange that I + see those packets in their entirety? - 8.7 I'm trying to capture 802.11 traffic on Windows; why am I - not seeing any packets? + 8.7 I'm trying to capture 802.11 traffic on Windows; why am I not + seeing any packets? 8.8 I'm trying to capture 802.11 traffic on Windows; why am I seeing packets received by the machine on which I'm capturing @@ -176,14 +171,13 @@ 9.1 I'm running Wireshark on a UNIX-flavored OS; why does some network interface on my machine not show up in the list of - interfaces in the "Interface:" field in the dialog box popped - up by "Capture->Start", and/or why does Wireshark give me an - error if I try to capture on that interface? + interfaces in the "Interface:" field in the dialog box popped up + by "Capture->Start", and/or why does Wireshark give me an error if + I try to capture on that interface? - 9.2 I'm running Wireshark on a UNIX-flavored OS; why do no - network interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + 9.2 I'm running Wireshark on a UNIX-flavored OS; why do no network + interfaces show up in the list of interfaces in the "Interface:" + field in the dialog box popped up by "Capture->Start"? 9.3 I'm capturing packets on Linux; why do the time stamps have only 100ms resolution, rather than 1us resolution? @@ -197,8 +191,7 @@ 11. Viewing traffic: - 11.1 Why am I seeing lots of packets with incorrect TCP - checksums? + 11.1 Why am I seeing lots of packets with incorrect TCP checksums? 11.2 I've just installed Wireshark, and the traffic on my local LAN is boring. Where can I find more interesting captures? @@ -212,8 +205,7 @@ 12. Filtering traffic: 12.1 I saved a filter and tried to use its name to filter the - display; why do I get an "Unexpected end of filter string" - error? + display; why do I get an "Unexpected end of filter string" error? 12.2 How can I search for, or filter, packets that have a particular string anywhere in them? @@ -224,45 +216,42 @@ Q 1.1: What is Wireshark? - A: Wireshark® is a network protocol analyzer. It lets you - capture and interactively browse the traffic running on a - computer network. It has a rich and powerful feature set and is - world's most popular tool of its kind. It runs on most - computing platforms including Windows, OS X, Linux, and UNIX. - Network professionals, security experts, developers, and - educators around the world use it regularly. It is freely - available as open source, and is released under the GNU General - Public License version 2. + A: Wireshark® is a network protocol analyzer. It lets you capture + and interactively browse the traffic running on a computer + network. It has a rich and powerful feature set and is world's + most popular tool of its kind. It runs on most computing platforms + including Windows, OS X, Linux, and UNIX. Network professionals, + security experts, developers, and educators around the world use + it regularly. It is freely available as open source, and is + released under the GNU General Public License version 2. It is developed and maintained by a global team of protocol experts, and it is an example of a disruptive technology. - Wireshark used to be known as Ethereal®. See the next question - for details about the name change. If you're still using - Ethereal, it is strongly recommended that you upgrade to - Wireshark. + Wireshark used to be known as Ethereal®. See the next question for + details about the name change. If you're still using Ethereal, it + is strongly recommended that you upgrade to Wireshark. For more information, please see the About Wireshark page. Q 1.2: What's up with the name change? Is Wireshark a fork? - A: In May of 2006, Gerald Combs (the original author of - Ethereal) went to work for CACE Technologies (best known for - WinPcap). Unfortunately, he had to leave the Ethereal - trademarks behind. - This left the project in an awkward position. The only - reasonable way to ensure the continued success of the project - was to change the name. This is how Wireshark was born. - Wireshark is almost (but not quite) a fork. Normally a "fork" - of an open source project results in two names, web sites, - development teams, support infrastructures, etc. This is the - case with Wireshark except for one notable exception -- every - member of the core development team is now working on - Wireshark. There has been no active development on Ethereal - since the name change. Several parts of the Ethereal web site - (such as the mailing lists, source code repository, and build - farm) have gone offline. + A: In May of 2006, Gerald Combs (the original author of Ethereal) + went to work for CACE Technologies (best known for WinPcap). + Unfortunately, he had to leave the Ethereal trademarks behind. + This left the project in an awkward position. The only reasonable + way to ensure the continued success of the project was to change + the name. This is how Wireshark was born. + Wireshark is almost (but not quite) a fork. Normally a "fork" of + an open source project results in two names, web sites, + development teams, support infrastructures, etc. This is the case + with Wireshark except for one notable exception -- every member of + the core development team is now working on Wireshark. There has + been no active development on Ethereal since the name change. + Several parts of the Ethereal web site (such as the mailing lists, + source code repository, and build farm) have gone offline. More information on the name change can be found here: - * - * - * Many other articles in + + * + * + * Many other articles in Q 1.3: Where can I get help? @@ -272,10 +261,9 @@ https://www.wireshark.org/mailman/listinfo. An IRC channel dedicated to Wireshark can be found at irc://irc.freenode.net/wireshark. - Self-paced and instructor-led training is available at - Wireshark University. Wireshark University also offers - certification via the Wireshark Certified Network Analyst - program. + Self-paced and instructor-led training is available at Wireshark + University. Wireshark University also offers certification via the + Wireshark Certified Network Analyst program. Q 1.4: What kind of shark is Wireshark? @@ -283,19 +271,18 @@ Q 1.5: How is Wireshark pronounced, spelled and capitalized? - A: Wireshark is pronounced as the word wire followed - immediately by the word shark. Exact pronunciation and emphasis - may vary depending on your locale (e.g. Arkansas). - It's spelled with a capital W, followed by a lower-case - ireshark. It is not a CamelCase word, i.e., WireShark is - incorrect. + A: Wireshark is pronounced as the word wire followed immediately + by the word shark. Exact pronunciation and emphasis may vary + depending on your locale (e.g. Arkansas). + It's spelled with a capital W, followed by a lower-case ireshark. + It is not a CamelCase word, i.e., WireShark is incorrect. Q 1.6: How much does Wireshark cost? A: Wireshark is "free software"; you can download it without paying any license fee. The version of Wireshark you download - isn't a "demo" version, with limitations not present in a - "full" version; it is the full version. + isn't a "demo" version, with limitations not present in a "full" + version; it is the full version. The license under which Wireshark is issued is the GNU General Public License version 2. See the GNU GPL FAQ for some more information. @@ -303,53 +290,49 @@ Q 1.7: But I just paid someone on eBay for a copy of Wireshark! Did I get ripped off? - A: That depends. Did they provide any sort of value-added - product or service, such as installation support, installation - media, training, trace file analysis, or funky-colored - shark-themed socks? Probably not. - Wireshark is available for anyone to download, absolutely free, - at any time. Paying for a copy implies that you should get - something for your money. + A: That depends. Did they provide any sort of value-added product + or service, such as installation support, installation media, + training, trace file analysis, or funky-colored shark-themed + socks? Probably not. + Wireshark is available for anyone to download, absolutely free, at + any time. Paying for a copy implies that you should get something + for your money. Q 1.8: Can I use Wireshark commercially? A: Yes, if, for example, you mean "I work for a commercial - organization; can I use Wireshark to capture and analyze - network traffic in our company's networks or in our customer's - networks?" + organization; can I use Wireshark to capture and analyze network + traffic in our company's networks or in our customer's networks?" If you mean "Can I use Wireshark as part of my commercial product?", see the next entry in the FAQ. Q 1.9: Can I use Wireshark as part of my commercial product? A: As noted, Wireshark is licensed under the GNU General Public - License. The GPL imposes conditions on your use of GPL'ed code - in your own products; you cannot, for example, make a "derived - work" from Wireshark, by making modifications to it, and then - sell the resulting derived work and not allow recipients to - give away the resulting work. You must also make the changes - you've made to the Wireshark source available to all recipients - of your modified version; those changes must also be licensed - under the terms of the GPL. See the GPL FAQ for more details; - in particular, note the answer to the question about modifying - a GPLed program and selling it commercially, and the question - about linking GPLed code with other code to make a proprietary - program. - You can combine a GPLed program such as Wireshark and a - commercial program as long as they communicate "at arm's - length", as per this item in the GPL FAQ. + License. The GPL imposes conditions on your use of GPL'ed code in + your own products; you cannot, for example, make a "derived work" + from Wireshark, by making modifications to it, and then sell the + resulting derived work and not allow recipients to give away the + resulting work. You must also make the changes you've made to the + Wireshark source available to all recipients of your modified + version; those changes must also be licensed under the terms of + the GPL. See the GPL FAQ for more details; in particular, note the + answer to the question about modifying a GPLed program and selling + it commercially, and the question about linking GPLed code with + other code to make a proprietary program. + You can combine a GPLed program such as Wireshark and a commercial + program as long as they communicate "at arm's length", as per this + item in the GPL FAQ. We recommend keeping Wireshark and your product completely - separate, communicating over sockets or pipes. If you're - loading any part of Wireshark as a DLL, you're probably doing - it wrong. + separate, communicating over sockets or pipes. If you're loading + any part of Wireshark as a DLL, you're probably doing it wrong. Q 1.10: What protocols are currently supported? - A: There are currently hundreds of supported protocols and - media. Details can be found in the wireshark(1) man page. + A: There are currently hundreds of supported protocols and media. + Details can be found in the wireshark(1) man page. - Q 1.11: Are there any plans to support {your favorite - protocol}? + Q 1.11: Are there any plans to support {your favorite protocol}? A: Support for particular protocols is added to Wireshark as a result of people contributing that support; no formal plans for @@ -367,78 +350,77 @@ supported by Wireshark (e.g., in libpcap format), Wireshark may already be able to read them, unless the analyzer has added its own proprietary extensions to that format. - If a network analyzer writes out files in its own format, or - has added proprietary extensions to another format, in order to - make Wireshark read captures from that network analyzer, we - would either have to have a specification for the file format, - or the extensions, sufficient to give us enough information to - read the parts of the file relevant to Wireshark, or would need - at least one capture file in that format AND a detailed textual - analysis of the packets in that capture file (showing packet - time stamps, packet lengths, and the top-level packet header) - in order to reverse-engineer the file format. + If a network analyzer writes out files in its own format, or has + added proprietary extensions to another format, in order to make + Wireshark read captures from that network analyzer, we would + either have to have a specification for the file format, or the + extensions, sufficient to give us enough information to read the + parts of the file relevant to Wireshark, or would need at least + one capture file in that format AND a detailed textual analysis of + the packets in that capture file (showing packet time stamps, + packet lengths, and the top-level packet header) in order to + reverse-engineer the file format. Note that there is no guarantee that we will be able to reverse-engineer a capture file format. Q 1.13: What devices can Wireshark use to capture packets? - A: Wireshark can read live data from Ethernet, Token-Ring, - FDDI, serial (PPP and SLIP) (if the OS on which it's running - allows Wireshark to do so), 802.11 wireless LAN (if the OS on - which it's running allows Wireshark to do so), ATM connections - (if the OS on which it's running allows Wireshark to do so), - and the "any" device supported on Linux by recent versions of - libpcap. + A: Wireshark can read live data from Ethernet, Token-Ring, FDDI, + serial (PPP and SLIP) (if the OS on which it's running allows + Wireshark to do so), 802.11 wireless LAN (if the OS on which it's + running allows Wireshark to do so), ATM connections (if the OS on + which it's running allows Wireshark to do so), and the "any" + device supported on Linux by recent versions of libpcap. See the list of supported capture media on various OSes for - details (several items in there say "Unknown", which doesn't - mean "Wireshark can't capture on them", it means "we don't know - whether it can capture on them"; we expect that it will be able - to capture on many of them, but we haven't tried it ourselves - - if you try one of those types and it works, please update the - wiki page accordingly. + details (several items in there say "Unknown", which doesn't mean + "Wireshark can't capture on them", it means "we don't know whether + it can capture on them"; we expect that it will be able to capture + on many of them, but we haven't tried it ourselves - if you try + one of those types and it works, please update the wiki page + accordingly. It can also read a variety of capture file formats, including: - * AG Group/WildPackets - EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet Grabber - captures - * AIX's iptrace captures - * Accellent's 5Views LAN agent output - * Cinco Networks NetXRay captures - * Cisco Secure Intrusion Detection System IPLog output - * CoSine L2 debug output - * DBS Etherwatch VMS text output - * Endace Measurement Systems' ERF format captures - * EyeSDN USB S0 traces - * HP-UX nettl captures - * ISDN4BSD project i4btrace captures - * Linux Bluez Bluetooth stack hcidump -w traces - * Lucent/Ascend router debug output - * Microsoft Network Monitor captures - * Network Associates Windows-based Sniffer captures - * Network General/Network Associates DOS-based Sniffer + + * AG Group/WildPackets + EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet Grabber captures + * AIX's iptrace captures + * Accellent's 5Views LAN agent output + * Cinco Networks NetXRay captures + * Cisco Secure Intrusion Detection System IPLog output + * CoSine L2 debug output + * DBS Etherwatch VMS text output + * Endace Measurement Systems' ERF format captures + * EyeSDN USB S0 traces + * HP-UX nettl captures + * ISDN4BSD project i4btrace captures + * Linux Bluez Bluetooth stack hcidump -w traces + * Lucent/Ascend router debug output + * Microsoft Network Monitor captures + * Network Associates Windows-based Sniffer captures + * Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures - * Network Instruments Observer version 9 captures - * Novell LANalyzer captures - * RADCOM's WAN/LAN analyzer captures - * Shomiti/Finisar Surveyor captures - * Toshiba's ISDN routers dump output - * VMS TCPIPtrace/TCPtrace/UCX$TRACE output - * Visual Networks' Visual UpTime traffic capture - * libpcap, tcpdump and various other tools using tcpdump's + * Network Instruments Observer version 9 captures + * Novell LANalyzer captures + * RADCOM's WAN/LAN analyzer captures + * Shomiti/Finisar Surveyor captures + * Toshiba's ISDN routers dump output + * VMS TCPIPtrace/TCPtrace/UCX$TRACE output + * Visual Networks' Visual UpTime traffic capture + * libpcap, tcpdump and various other tools using tcpdump's capture format - * snoop and atmsnoop output + * snoop and atmsnoop output - so that it can read traces from various network types, as - captured by other applications or equipment, even if it cannot - itself capture on those network types. + so that it can read traces from various network types, as captured + by other applications or equipment, even if it cannot itself + capture on those network types. Q 1.14: Does Wireshark work on Windows Vista or Windows Server 2008? - A: Yes, but if you want to capture packets as a normal user, - you must make sure npf.sys is loaded. Wireshark's installer - enables this by default. This is not a concern if you run - Wireshark as Administrator, but this is discouraged. See the - CapturePrivileges page on the wiki for more details. + A: Yes, but if you want to capture packets as a normal user, you + must make sure npf.sys is loaded. Wireshark's installer enables + this by default. This is not a concern if you run Wireshark as + Administrator, but this is discouraged. See the CapturePrivileges + page on the wiki for more details. 2. Downloading Wireshark @@ -446,14 +428,15 @@ installer? A: The program you used to download it may have downloaded it - incorrectly. Web browsers and download accelerators sometimes - may do this. + incorrectly. Web browsers and download accelerators sometimes may + do this. Try downloading it with, for example: - * Wget, for which Windows binaries are available from + + * Wget, for which Windows binaries are available from Christopher Lewis or wGetGUI, which offers a GUI interface that uses wget; - * WS_FTP from Ipswitch, - * the ftp command that comes with Windows. + * WS_FTP from Ipswitch, + * the ftp command that comes with Windows. If you use the ftp command, make sure you do the transfer in binary mode rather than ASCII mode, by using the binary command @@ -461,114 +444,110 @@ 3. Installing Wireshark - Q 3.1: I installed the Wireshark RPM (or other package); why - did it install TShark but not Wireshark? + Q 3.1: I installed the Wireshark RPM (or other package); why did + it install TShark but not Wireshark? A: Many distributions have separate Wireshark packages, one for - non-GUI components such as TShark, editcap, dumpcap, etc. and - one for the GUI. If this is the case on your system, there's - probably a separate package named wireshark-gnome or - wireshark-gtk+. Find it and install it. + non-GUI components such as TShark, editcap, dumpcap, etc. and one + for the GUI. If this is the case on your system, there's probably + a separate package named wireshark-gnome or wireshark-gtk+. Find + it and install it. 4. Building Wireshark - Q 4.1: I have libpcap installed; why did the configure script - not find pcap.h or bpf.h? + Q 4.1: I have libpcap installed; why did the configure script not + find pcap.h or bpf.h? A: Are you sure pcap.h and bpf.h are installed? The official - distribution of libpcap only installs the libpcap.a library - file when "make install" is run. To install pcap.h and bpf.h, - you must run "make install-incl". If you're running Debian or - Redhat, make sure you have the "libpcap-dev" or "libpcap-devel" - packages installed. - It's also possible that pcap.h and bpf.h have been installed in - a strange location. If this is the case, you may have to tweak + distribution of libpcap only installs the libpcap.a library file + when "make install" is run. To install pcap.h and bpf.h, you must + run "make install-incl". If you're running Debian or Redhat, make + sure you have the "libpcap-dev" or "libpcap-devel" packages + installed. + It's also possible that pcap.h and bpf.h have been installed in a + strange location. If this is the case, you may have to tweak aclocal.m4. Q 4.2: Why do I get the error - dftest_DEPENDENCIES was already defined in condition TRUE, - which implies condition HAVE_PLUGINS_TRUE + dftest_DEPENDENCIES was already defined in condition TRUE, which + implies condition HAVE_PLUGINS_TRUE when I try to build Wireshark from SVN or a SVN snapshot? - A: You probably have automake 1.5 installed on your machine - (the command automake --version will report the version of - automake on your machine). There is a bug in that version of - automake that causes this problem; upgrade to a later version - of automake (1.6 or later). - - Q 4.3: Why does the linker fail with a number of "Output line - too long." messages followed by linker errors when I try to - build Wireshark? - - A: The version of the sed command on your system is incapable - of handling very long lines. On Solaris, for example, - /usr/bin/sed has a line length limit too low to allow libtool - to work; /usr/xpg4/bin/sed can handle it, as can GNU sed if you - have it installed. + A: You probably have automake 1.5 installed on your machine (the + command automake --version will report the version of automake on + your machine). There is a bug in that version of automake that + causes this problem; upgrade to a later version of automake (1.6 + or later). + + Q 4.3: Why does the linker fail with a number of "Output line too + long." messages followed by linker errors when I try to build + Wireshark? + + A: The version of the sed command on your system is incapable of + handling very long lines. On Solaris, for example, /usr/bin/sed + has a line length limit too low to allow libtool to work; + /usr/xpg4/bin/sed can handle it, as can GNU sed if you have it + installed. On Solaris, changing your command search path to search - /usr/xpg4/bin before /usr/bin should make the problem go away; - on any platform on which you have this problem, installing GNU - sed and changing your command path to search the directory in - which it is installed before searching the directory with the - version of sed that came with the OS should make the problem go - away. - - Q 4.4: When I try to build Wireshark on Solaris, why does the - link fail complaining that plugin_list is undefined? - - A: This appears to be due to a problem with some versions of - the GTK+ and GLib packages from www.sunfreeware.org; un-install - those packages, and try getting the 1.2.10 versions from that - site, or the versions from The Written Word, or the versions - from Sun's GNOME distribution, or the versions from the - supplemental software CD that comes with the Solaris media kit, - or build them from source from the GTK Web site. Then re-run - the configuration script, and try rebuilding Wireshark. (If you - get the 1.2.10 versions from www.sunfreeware.org, and the - problem persists, un-install them and try installing one of the - other versions mentioned.) + /usr/xpg4/bin before /usr/bin should make the problem go away; on + any platform on which you have this problem, installing GNU sed + and changing your command path to search the directory in which it + is installed before searching the directory with the version of + sed that came with the OS should make the problem go away. + + Q 4.4: When I try to build Wireshark on Solaris, why does the link + fail complaining that plugin_list is undefined? + + A: This appears to be due to a problem with some versions of the + GTK+ and GLib packages from www.sunfreeware.org; un-install those + packages, and try getting the 1.2.10 versions from that site, or + the versions from The Written Word, or the versions from Sun's + GNOME distribution, or the versions from the supplemental software + CD that comes with the Solaris media kit, or build them from + source from the GTK Web site. Then re-run the configuration + script, and try rebuilding Wireshark. (If you get the 1.2.10 + versions from www.sunfreeware.org, and the problem persists, + un-install them and try installing one of the other versions + mentioned.) Q 4.5: When I try to build Wireshark on Windows, why does the - build fail because of conflicts between winsock.h and - winsock2.h? + build fail because of conflicts between winsock.h and winsock2.h? - A: As of Wireshark 0.9.5, you must install WinPcap 2.3 or - later, and the corresponding version of the developer's pack, - in order to be able to compile Wireshark; it will not compile - with older versions of the developer's pack. The symptoms of - this failure are conflicts between definitions in winsock.h and - in winsock2.h; Wireshark uses winsock2.h, but pre-2.3 versions - of the WinPcap developer's packet use winsock.h. (2.3 uses - winsock2.h, so if Wireshark were to use winsock.h, it would not - be able to build with current versions of the WinPcap - developer's pack.) - Note that the installed version of the developer's pack should - be the same version as the version of WinPcap you have - installed. + A: As of Wireshark 0.9.5, you must install WinPcap 2.3 or later, + and the corresponding version of the developer's pack, in order to + be able to compile Wireshark; it will not compile with older + versions of the developer's pack. The symptoms of this failure are + conflicts between definitions in winsock.h and in winsock2.h; + Wireshark uses winsock2.h, but pre-2.3 versions of the WinPcap + developer's packet use winsock.h. (2.3 uses winsock2.h, so if + Wireshark were to use winsock.h, it would not be able to build + with current versions of the WinPcap developer's pack.) + Note that the installed version of the developer's pack should be + the same version as the version of WinPcap you have installed. 5. Starting Wireshark - Q 5.1: Why does Wireshark crash with a Bus Error when I try to - run it on Solaris 8? + Q 5.1: Why does Wireshark crash with a Bus Error when I try to run + it on Solaris 8? A: Some versions of the GTK+ library from www.sunfreeware.org appear to be buggy, causing Wireshark to drop core with a Bus Error. Un-install those packages, and try getting the 1.2.10 - version from that site, or the version from The Written Word, - or the version from Sun's GNOME distribution, or the version - from the supplemental software CD that comes with the Solaris - media kit, or build it from source from the GTK Web site. - Update the GLib library to the 1.2.10 version, from the same - source, as well. (If you get the 1.2.10 versions from - www.sunfreeware.org, and the problem persists, un-install them - and try installing one of the other versions mentioned.) - Similar problems may exist with older versions of GTK+ for - earlier versions of Solaris. + version from that site, or the version from The Written Word, or + the version from Sun's GNOME distribution, or the version from the + supplemental software CD that comes with the Solaris media kit, or + build it from source from the GTK Web site. Update the GLib + library to the 1.2.10 version, from the same source, as well. (If + you get the 1.2.10 versions from www.sunfreeware.org, and the + problem persists, un-install them and try installing one of the + other versions mentioned.) + Similar problems may exist with older versions of GTK+ for earlier + versions of Solaris. - Q 5.2: When I run Wireshark on Windows NT, why does it die with - a Dr. Watson error, reporting an "Integer division by zero" + Q 5.2: When I run Wireshark on Windows NT, why does it die with a + Dr. Watson error, reporting an "Integer division by zero" exception, when I start it? A: In at least some case, this appears to be due to using the @@ -578,29 +557,28 @@ Q 5.3: When I try to run Wireshark, why does it complain about sprint_realloc_objid being undefined? - A: Wireshark can only be linked with version 4.2.2 or later of - UCD SNMP. Your version of Wireshark was dynamically linked with - such a version of UCD SNMP; however, you have an older version - of UCD SNMP installed, which means that when Wireshark is run, - it tries to link to the older version, and fails. You will have - to replace that version of UCD SNMP with version 4.2.2 or a - later version. - - Q 5.4: I've installed Wireshark from Fink on Mac OS X; why is - it very slow to start up? - - A: When an application is installed on OS X, prior to 10.4, it - is usually "prebound" to speed up launching the application. - (That's what the "Optimizing" phase of installation is.) - Fink normally performs prebinding automatically when you - install a package. However, in some rare cases, for whatever - reason the prebinding caches get corrupt, and then not only - does prebinding fail, but startup actually becomes much slower, - because the system tries in vain to perform prebinding "on the - fly" as you launch the application. This fails, causing - sometimes huge delays. + A: Wireshark can only be linked with version 4.2.2 or later of UCD + SNMP. Your version of Wireshark was dynamically linked with such a + version of UCD SNMP; however, you have an older version of UCD + SNMP installed, which means that when Wireshark is run, it tries + to link to the older version, and fails. You will have to replace + that version of UCD SNMP with version 4.2.2 or a later version. + + Q 5.4: I've installed Wireshark from Fink on Mac OS X; why is it + very slow to start up? + + A: When an application is installed on OS X, prior to 10.4, it is + usually "prebound" to speed up launching the application. (That's + what the "Optimizing" phase of installation is.) + Fink normally performs prebinding automatically when you install a + package. However, in some rare cases, for whatever reason the + prebinding caches get corrupt, and then not only does prebinding + fail, but startup actually becomes much slower, because the system + tries in vain to perform prebinding "on the fly" as you launch the + application. This fails, causing sometimes huge delays. To fix the prebinding caches, run the command - sudo /sw/var/lib/fink/prebound/update-package-prebinding.pl -f + + sudo /sw/var/lib/fink/prebound/update-package-prebinding.pl -f 6. Crashes and other fatal errors @@ -608,117 +586,117 @@ capture on it, why does my machine crash or reset itself? A: This is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the libpcap/WinPcap library and, if this is Windows, the + + * the operating system you're using; + * the device driver for the interface you're using; + * the libpcap/WinPcap library and, if this is Windows, the WinPcap device driver; so: - * if you are using Windows, see the WinPcap support page - - check the "Submitting bugs" section; - * if you are using some Linux distribution, some version of - BSD, or some other UNIX-flavored OS, you should report the - problem to the company or organization that produces the OS - (in the case of a Linux distribution, report the problem to - whoever produces the distribution). + + * if you are using Windows, see the WinPcap support page - check + the "Submitting bugs" section; + * if you are using some Linux distribution, some version of BSD, + or some other UNIX-flavored OS, you should report the problem + to the company or organization that produces the OS (in the + case of a Linux distribution, report the problem to whoever + produces the distribution). Q 6.2: Why does my machine crash or reset itself when I select - "Start" from the "Capture" menu or select "Preferences" from - the "Edit" menu? + "Start" from the "Capture" menu or select "Preferences" from the + "Edit" menu? - A: Both of those operations cause Wireshark to try to build a - list of the interfaces that it can open; it does so by getting - a list of interfaces and trying to open them. There is probably - an OS, driver, or, for Windows, WinPcap bug that causes the - system to crash when this happens; see the previous question. + A: Both of those operations cause Wireshark to try to build a list + of the interfaces that it can open; it does so by getting a list + of interfaces and trying to open them. There is probably an OS, + driver, or, for Windows, WinPcap bug that causes the system to + crash when this happens; see the previous question. 7. Capturing packets - Q 7.1: When I use Wireshark to capture packets, why do I see - only packets to and from my machine, or not see all the traffic - I'm expecting to see from or to the machine I'm trying to - monitor? - - A: This might be because the interface on which you're - capturing is plugged into an Ethernet or Token Ring switch; on - a switched network, unicast traffic between two ports will not - necessarily appear on other ports - only broadcast and - multicast traffic will be sent to all ports. + Q 7.1: When I use Wireshark to capture packets, why do I see only + packets to and from my machine, or not see all the traffic I'm + expecting to see from or to the machine I'm trying to monitor? + + A: This might be because the interface on which you're capturing + is plugged into an Ethernet or Token Ring switch; on a switched + network, unicast traffic between two ports will not necessarily + appear on other ports - only broadcast and multicast traffic will + be sent to all ports. Note that even if your machine is plugged into a hub, the "hub" may be a switched hub, in which case you're still on a switched network. Note also that on the Linksys Web site, they say that their auto-sensing hubs "broadcast the 10Mb packets to the port that - operate at 10Mb only and broadcast the 100Mb packets to the - ports that operate at 100Mb only", which would indicate that if - you sniff on a 10Mb port, you will not see traffic coming sent - to a 100Mb port, and vice versa. This problem has also been - reported for Netgear dual-speed hubs, and may exist for other + operate at 10Mb only and broadcast the 100Mb packets to the ports + that operate at 100Mb only", which would indicate that if you + sniff on a 10Mb port, you will not see traffic coming sent to a + 100Mb port, and vice versa. This problem has also been reported + for Netgear dual-speed hubs, and may exist for other "auto-sensing" or "dual-speed" hubs. Some switches have the ability to replicate all traffic on all ports to a single port so that you can plug your analyzer into - that single port to sniff all traffic. You would have to check - the documentation for the switch to see if this is possible - and, if so, to see how to do this. See the switch reference - page on the Wireshark Wiki for information on some switches. - (Note that it's a Wiki, so you can update or fix that - information, or add additional information on those switches or - information on new switches, yourself.) + that single port to sniff all traffic. You would have to check the + documentation for the switch to see if this is possible and, if + so, to see how to do this. See the switch reference page on the + Wireshark Wiki for information on some switches. (Note that it's a + Wiki, so you can update or fix that information, or add additional + information on those switches or information on new switches, + yourself.) Note also that many firewall/NAT boxes have a switch built into - them; this includes many of the "cable/DSL router" boxes. If - you have a box of that sort, that has a switch with some number - of Ethernet ports into which you plug machines on your network, - and another Ethernet port used to connect to a cable or DSL - modem, you can, at least, sniff traffic between the machines on - your network and the Internet by plugging the Ethernet port on - the router going to the modem, the Ethernet port on the modem, - and the machine on which you're running Wireshark into a hub - (make sure it's not a switching hub, and that, if it's a - dual-speed hub, all three of those ports are running at the - same speed. + them; this includes many of the "cable/DSL router" boxes. If you + have a box of that sort, that has a switch with some number of + Ethernet ports into which you plug machines on your network, and + another Ethernet port used to connect to a cable or DSL modem, you + can, at least, sniff traffic between the machines on your network + and the Internet by plugging the Ethernet port on the router going + to the modem, the Ethernet port on the modem, and the machine on + which you're running Wireshark into a hub (make sure it's not a + switching hub, and that, if it's a dual-speed hub, all three of + those ports are running at the same speed. If your machine is not plugged into a switched network or a - dual-speed hub, or it is plugged into a switched network but - the port is set up to have all traffic replicated to it, the - problem might be that the network interface on which you're - capturing doesn't support "promiscuous" mode, or because your - OS can't put the interface into promiscuous mode. Normally, - network interfaces supply to the host only: - * packets sent to one of that host's link-layer addresses; - * broadcast packets; - * multicast packets sent to a multicast address that the host + dual-speed hub, or it is plugged into a switched network but the + port is set up to have all traffic replicated to it, the problem + might be that the network interface on which you're capturing + doesn't support "promiscuous" mode, or because your OS can't put + the interface into promiscuous mode. Normally, network interfaces + supply to the host only: + + * packets sent to one of that host's link-layer addresses; + * broadcast packets; + * multicast packets sent to a multicast address that the host has configured the interface to accept. - Most network interfaces can also be put in "promiscuous" mode, - in which they supply to the host all network packets they see. + Most network interfaces can also be put in "promiscuous" mode, in + which they supply to the host all network packets they see. Wireshark will try to put the interface on which it's capturing - into promiscuous mode unless the "Capture packets in - promiscuous mode" option is turned off in the "Capture Options" - dialog box, and TShark will try to put the interface on which - it's capturing into promiscuous mode unless the -p option was - specified. However, some network interfaces don't support - promiscuous mode, and some OSes might not allow interfaces to - be put into promiscuous mode. - If the interface is not running in promiscuous mode, it won't - see any traffic that isn't intended to be seen by your machine. - It will see broadcast packets, and multicast packets sent to a + into promiscuous mode unless the "Capture packets in promiscuous + mode" option is turned off in the "Capture Options" dialog box, + and TShark will try to put the interface on which it's capturing + into promiscuous mode unless the -p option was specified. However, + some network interfaces don't support promiscuous mode, and some + OSes might not allow interfaces to be put into promiscuous mode. + If the interface is not running in promiscuous mode, it won't see + any traffic that isn't intended to be seen by your machine. It + will see broadcast packets, and multicast packets sent to a multicast MAC address the interface is set up to receive. You should ask the vendor of your network interface whether it supports promiscuous mode. If it does, you should ask whoever - supplied the driver for the interface (the vendor, or the - supplier of the OS you're running on your machine) whether it - supports promiscuous mode with that network interface. + supplied the driver for the interface (the vendor, or the supplier + of the OS you're running on your machine) whether it supports + promiscuous mode with that network interface. In the case of token ring interfaces, the drivers for some of them, on Windows, may require you to enable promiscuous mode in - order to capture in promiscuous mode. See the Wireshark Wiki - item on Token Ring capturing for details. + order to capture in promiscuous mode. See the Wireshark Wiki item + on Token Ring capturing for details. In the case of wireless LAN interfaces, it appears that, when - those interfaces are promiscuously sniffing, they're running in - a significantly different mode from the mode that they run in - when they're just acting as network interfaces (to the extent - that it would be a significant effort for those drivers to - support for promiscuously sniffing and acting as regular - network interfaces at the same time), so it may be that Windows - drivers for those interfaces don't support promiscuous mode. + those interfaces are promiscuously sniffing, they're running in a + significantly different mode from the mode that they run in when + they're just acting as network interfaces (to the extent that it + would be a significant effort for those drivers to support for + promiscuously sniffing and acting as regular network interfaces at + the same time), so it may be that Windows drivers for those + interfaces don't support promiscuous mode. Q 7.2: When I capture with Wireshark, why can't I see any TCP packets other than packets to and from my machine, even though @@ -728,435 +706,427 @@ packets to or from your machine, and broadcast and multicast packets; a switch will normally send to a port only unicast traffic sent to the MAC address for the interface on that port, - and broadcast and multicast traffic - it won't send to that - port unicast traffic sent to a MAC address for some other - interface - and a network interface not in promiscuous mode - will receive only unicast traffic sent to the MAC address for - that interface, broadcast traffic, and multicast traffic sent - to a multicast MAC address the interface is set up to receive. - TCP doesn't use broadcast or multicast, so you will only see - your own TCP traffic, but UDP services may use broadcast or - multicast so you'll see some UDP traffic - however, this is not - a problem with TCP traffic, it's a problem with unicast - traffic, as you also won't see all UDP traffic between other - machines. - I.e., this is probably the same question as this earlier one; - see the response to that question. + and broadcast and multicast traffic - it won't send to that port + unicast traffic sent to a MAC address for some other interface - + and a network interface not in promiscuous mode will receive only + unicast traffic sent to the MAC address for that interface, + broadcast traffic, and multicast traffic sent to a multicast MAC + address the interface is set up to receive. + TCP doesn't use broadcast or multicast, so you will only see your + own TCP traffic, but UDP services may use broadcast or multicast + so you'll see some UDP traffic - however, this is not a problem + with TCP traffic, it's a problem with unicast traffic, as you also + won't see all UDP traffic between other machines. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.3: Why am I only seeing ARP packets when I try to capture traffic? - A: You're probably on a switched network, and running Wireshark - on a machine that's not sending traffic to the switch and not - being sent any traffic from other machines on the switch. ARP - packets are often broadcast packets, which are sent to all - switch ports. - I.e., this is probably the same question as this earlier one; - see the response to that question. + A: You're probably on a switched network, and running Wireshark on + a machine that's not sending traffic to the switch and not being + sent any traffic from other machines on the switch. ARP packets + are often broadcast packets, which are sent to all switch ports. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.4: Why am I not seeing any traffic when I try to capture traffic? - A: Is the machine running Wireshark sending out any traffic on - the network interface on which you're capturing, or receiving - any traffic on that network, or is there any broadcast traffic - on the network or multicast traffic to a multicast group to - which the machine running Wireshark belongs? + A: Is the machine running Wireshark sending out any traffic on the + network interface on which you're capturing, or receiving any + traffic on that network, or is there any broadcast traffic on the + network or multicast traffic to a multicast group to which the + machine running Wireshark belongs? If not, this may just be a problem with promiscuous sniffing, - either due to running on a switched network or a dual-speed - hub, or due to problems with the interface not supporting - promiscuous mode; see the response to this earlier question. - Otherwise, on Windows, see the response to this question and, - on a UNIX-flavored OS, see the response to this question. + either due to running on a switched network or a dual-speed hub, + or due to problems with the interface not supporting promiscuous + mode; see the response to this earlier question. + Otherwise, on Windows, see the response to this question and, on a + UNIX-flavored OS, see the response to this question. - Q 7.5: Can Wireshark capture on (my T1/E1 line, SS7 links, - etc.)? + Q 7.5: Can Wireshark capture on (my T1/E1 line, SS7 links, etc.)? A: Wireshark can only capture on devices supported by libpcap/WinPcap. On most OSes, only devices that can act as network interfaces of the type that support IP are supported as - capture devices for libpcap/WinPcap, although the device - doesn't necessarily have to be running as an IP interface in - order to support traffic capture. + capture devices for libpcap/WinPcap, although the device doesn't + necessarily have to be running as an IP interface in order to + support traffic capture. On Linux and FreeBSD, libpcap 0.8 and later support the API for - Endace Measurement Systems' DAG cards, so that a system with - one of those cards, and its driver and libraries, installed can - capture traffic with those cards with libpcap-based - applications. You would either have to have a version of - Wireshark built with that version of libpcap, or a - dynamically-linked version of Wireshark and a shared libpcap - library with DAG support, in order to do so with Wireshark. You - should ask Endace whether that could be used to capture traffic - on, for example, your T1/E1 link. - See the SS7 capture setup page on the Wireshark Wiki for - current information on capturing SS7 traffic on TDM links. + Endace Measurement Systems' DAG cards, so that a system with one + of those cards, and its driver and libraries, installed can + capture traffic with those cards with libpcap-based applications. + You would either have to have a version of Wireshark built with + that version of libpcap, or a dynamically-linked version of + Wireshark and a shared libpcap library with DAG support, in order + to do so with Wireshark. You should ask Endace whether that could + be used to capture traffic on, for example, your T1/E1 link. + See the SS7 capture setup page on the Wireshark Wiki for current + information on capturing SS7 traffic on TDM links. Q 7.6: How do I put an interface into promiscuous mode? A: By not disabling promiscuous mode when running Wireshark or TShark. Note, however, that: - * the form of promiscuous mode that libpcap (the library that + + * the form of promiscuous mode that libpcap (the library that programs such as tcpdump, Wireshark, etc. use to do packet capture) turns on will not necessarily be shown if you run ifconfig on the interface on a UNIX system; - * some network interfaces might not support promiscuous mode, - and some drivers might not allow promiscuous mode to be - turned on - see this earlier question for more information - on that; - * the fact that you're not seeing any traffic, or are only - seeing broadcast traffic, or aren't seeing any - non-broadcast traffic other than traffic to or from the - machine running Wireshark, does not mean that promiscuous - mode isn't on - see this earlier question for more - information on that. + * some network interfaces might not support promiscuous mode, + and some drivers might not allow promiscuous mode to be turned + on - see this earlier question for more information on that; + * the fact that you're not seeing any traffic, or are only + seeing broadcast traffic, or aren't seeing any non-broadcast + traffic other than traffic to or from the machine running + Wireshark, does not mean that promiscuous mode isn't on - see + this earlier question for more information on that. - I.e., this is probably the same question as this earlier one; - see the response to that question. + I.e., this is probably the same question as this earlier one; see + the response to that question. Q 7.7: I can set a display filter just fine; why don't capture filters work? - A: Capture filters currently use a different syntax than - display filters. Here's the corresponding section from the - wireshark(1) man page: - "Display filters in Wireshark are very powerful; more fields - are filterable in Wireshark than in other protocol analyzers, - and the syntax you can use to create your filters is richer. As - Wireshark progresses, expect more and more protocol fields to - be allowed in display filters. - Packet capturing is performed with the pcap library. The - capture filter syntax follows the rules of the pcap library. - This syntax is different from the display filter syntax." + A: Capture filters currently use a different syntax than display + filters. Here's the corresponding section from the wireshark(1) + man page: + "Display filters in Wireshark are very powerful; more fields are + filterable in Wireshark than in other protocol analyzers, and the + syntax you can use to create your filters is richer. As Wireshark + progresses, expect more and more protocol fields to be allowed in + display filters. + Packet capturing is performed with the pcap library. The capture + filter syntax follows the rules of the pcap library. This syntax + is different from the display filter syntax." The capture filter syntax used by libpcap can be found in the tcpdump(8) man page. Q 7.8: I'm entering valid capture filters; why do I still get "parse error" errors? - A: There is a bug in some versions of libpcap/WinPcap that - cause it to report parse errors even for valid expressions if a - previous filter expression was invalid and got a parse error. - Try exiting and restarting Wireshark; if you are using a - version of libpcap/WinPcap with this bug, this will "erase" its - memory of the previous parse error. If the capture filter that - got the "parse error" now works, the earlier error with that - filter was probably due to this bug. - The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions - of libpcap have this bug, but 0.6[.x] and later versions don't. - Versions of WinPcap prior to 2.3 are based on pre-0.6 versions - of libpcap, and have this bug; WinPcap 2.3 is based on libpcap - 0.6.2, and doesn't have this bug. + A: There is a bug in some versions of libpcap/WinPcap that cause + it to report parse errors even for valid expressions if a previous + filter expression was invalid and got a parse error. + Try exiting and restarting Wireshark; if you are using a version + of libpcap/WinPcap with this bug, this will "erase" its memory of + the previous parse error. If the capture filter that got the + "parse error" now works, the earlier error with that filter was + probably due to this bug. + The bug was fixed in libpcap 0.6; 0.4[.x] and 0.5[.x] versions of + libpcap have this bug, but 0.6[.x] and later versions don't. + Versions of WinPcap prior to 2.3 are based on pre-0.6 versions of + libpcap, and have this bug; WinPcap 2.3 is based on libpcap 0.6.2, + and doesn't have this bug. If you are running Wireshark on a UNIX-flavored platform, run "wireshark -v", or select "About Wireshark..." from the "Help" - menu in Wireshark, to see what version of libpcap it's using. - If it's not 0.6 or later, you will need either to upgrade your - OS to get a later version of libpcap, or will need to build and - install a later version of libpcap from the tcpdump.org Web - site and then recompile Wireshark from source with that later - version of libpcap. - If you are running Wireshark on Windows with a pre-2.3 version - of WinPcap, you will need to un-install WinPcap and then - download and install WinPcap 2.3. + menu in Wireshark, to see what version of libpcap it's using. If + it's not 0.6 or later, you will need either to upgrade your OS to + get a later version of libpcap, or will need to build and install + a later version of libpcap from the tcpdump.org Web site and then + recompile Wireshark from source with that later version of + libpcap. + If you are running Wireshark on Windows with a pre-2.3 version of + WinPcap, you will need to un-install WinPcap and then download and + install WinPcap 2.3. Q 7.9: How can I capture packets with CRC errors? - A: Wireshark can capture only the packets that the packet - capture library - libpcap on UNIX-flavored OSes, and the - WinPcap port to Windows of libpcap on Windows - can capture, - and libpcap/WinPcap can capture only the packets that the OS's - raw packet capture mechanism (or the WinPcap driver, and the - underlying OS networking code and network interface drivers, on - Windows) will allow it to capture. - Unless the OS always supplies packets with errors such as - invalid CRCs to the raw packet capture mechanism, or can be - configured to do so, invalid CRCs to the raw packet capture - mechanism, Wireshark - and other programs that capture raw - packets, such as tcpdump - cannot capture those packets. You - will have to determine whether your OS needs to be so - configured and, if so, can be so configured, configure it if - necessary and possible, and make whatever changes to libpcap - and the packet capture program you're using are necessary, if - any, to support capturing those packets. - Most OSes probably do not support capturing packets with - invalid CRCs on Ethernet, and probably do not support it on - most other link-layer types. Some drivers on some OSes do - support it, such as some Ethernet drivers on FreeBSD; in those - OSes, you might always get those packets, or you might only get - them if you capture in promiscuous mode (you'd have to - determine which is the case). - Note that libpcap does not currently supply to programs that - use it an indication of whether the packet's CRC was invalid - (because the drivers themselves do not supply that information - to the raw packet capture mechanism); therefore, Wireshark will - not indicate which packets had CRC errors unless the FCS was - captured (see the next question) and you're using Wireshark - 0.9.15 and later, in which case Wireshark will check the CRC - and indicate whether it's correct or not. + A: Wireshark can capture only the packets that the packet capture + library - libpcap on UNIX-flavored OSes, and the WinPcap port to + Windows of libpcap on Windows - can capture, and libpcap/WinPcap + can capture only the packets that the OS's raw packet capture + mechanism (or the WinPcap driver, and the underlying OS networking + code and network interface drivers, on Windows) will allow it to + capture. + Unless the OS always supplies packets with errors such as invalid + CRCs to the raw packet capture mechanism, or can be configured to + do so, invalid CRCs to the raw packet capture mechanism, Wireshark + - and other programs that capture raw packets, such as tcpdump - + cannot capture those packets. You will have to determine whether + your OS needs to be so configured and, if so, can be so + configured, configure it if necessary and possible, and make + whatever changes to libpcap and the packet capture program you're + using are necessary, if any, to support capturing those packets. + Most OSes probably do not support capturing packets with invalid + CRCs on Ethernet, and probably do not support it on most other + link-layer types. Some drivers on some OSes do support it, such as + some Ethernet drivers on FreeBSD; in those OSes, you might always + get those packets, or you might only get them if you capture in + promiscuous mode (you'd have to determine which is the case). + Note that libpcap does not currently supply to programs that use + it an indication of whether the packet's CRC was invalid (because + the drivers themselves do not supply that information to the raw + packet capture mechanism); therefore, Wireshark will not indicate + which packets had CRC errors unless the FCS was captured (see the + next question) and you're using Wireshark 0.9.15 and later, in + which case Wireshark will check the CRC and indicate whether it's + correct or not. Q 7.10: How can I capture entire frames, including the FCS? - A: Wireshark can only capture data that the packet capture - library - libpcap on UNIX-flavored OSes, and the WinPcap port - to Windows of libpcap on Windows - can capture, and - libpcap/WinPcap can capture only the data that the OS's raw - packet capture mechanism (or the WinPcap driver, and the - underlying OS networking code and network interface drivers, on - Windows) will allow it to capture. - For any particular link-layer network type, unless the OS - supplies the FCS of a frame as part of the frame, or can be - configured to do so, Wireshark - and other programs that - capture raw packets, such as tcpdump - cannot capture the FCS - of a frame. You will have to determine whether your OS needs to - be so configured and, if so, can be so configured, configure it - if necessary and possible, and make whatever changes to libpcap - and the packet capture program you're using are necessary, if - any, to support capturing the FCS of a frame. - Most OSes do not support capturing the FCS of a frame on - Ethernet, and probably do not support it on most other - link-layer types. Some drivres on some OSes do support it, such - as some (all?) Ethernet drivers on NetBSD and possibly the - driver for Apple's gigabit Ethernet interface in Mac OS X; in - those OSes, you might always get the FCS, or you might only get - the FCS if you capture in promiscuous mode (you'd have to - determine which is the case). - Versions of Wireshark prior to 0.9.15 will not treat an - Ethernet FCS in a captured packet as an FCS. 0.9.15 and later - will attempt to determine whether there's an FCS at the end of - the frame and, if it thinks there is, will display it as such, - and will check whether it's the correct CRC-32 value or not. + A: Wireshark can only capture data that the packet capture library + - libpcap on UNIX-flavored OSes, and the WinPcap port to Windows + of libpcap on Windows - can capture, and libpcap/WinPcap can + capture only the data that the OS's raw packet capture mechanism + (or the WinPcap driver, and the underlying OS networking code and + network interface drivers, on Windows) will allow it to capture. + For any particular link-layer network type, unless the OS supplies + the FCS of a frame as part of the frame, or can be configured to + do so, Wireshark - and other programs that capture raw packets, + such as tcpdump - cannot capture the FCS of a frame. You will have + to determine whether your OS needs to be so configured and, if so, + can be so configured, configure it if necessary and possible, and + make whatever changes to libpcap and the packet capture program + you're using are necessary, if any, to support capturing the FCS + of a frame. + Most OSes do not support capturing the FCS of a frame on Ethernet, + and probably do not support it on most other link-layer types. + Some drivres on some OSes do support it, such as some (all?) + Ethernet drivers on NetBSD and possibly the driver for Apple's + gigabit Ethernet interface in Mac OS X; in those OSes, you might + always get the FCS, or you might only get the FCS if you capture + in promiscuous mode (you'd have to determine which is the case). + Versions of Wireshark prior to 0.9.15 will not treat an Ethernet + FCS in a captured packet as an FCS. 0.9.15 and later will attempt + to determine whether there's an FCS at the end of the frame and, + if it thinks there is, will display it as such, and will check + whether it's the correct CRC-32 value or not. Q 7.11: I'm capturing packets on a machine on a VLAN; why don't the packets I'm capturing have VLAN tags? A: You might be capturing on what might be called a "VLAN interface" - the way a particular OS makes VLANs plug into the - networking stack might, for example, be to have a network - device object for the physical interface, which takes VLAN - packets, strips off the VLAN header and constructs an Ethernet - header, and passes that packet to an internal network device - object for the VLAN, which then passes the packets onto various - higher-level protocol implementations. + networking stack might, for example, be to have a network device + object for the physical interface, which takes VLAN packets, + strips off the VLAN header and constructs an Ethernet header, and + passes that packet to an internal network device object for the + VLAN, which then passes the packets onto various higher-level + protocol implementations. In order to see the raw Ethernet packets, rather than "de-VLANized" packets, you would have to capture not on the - virtual interface for the VLAN, but on the interface - corresponding to the physical network device, if possible. See - the Wireshark Wiki item on VLAN capturing for details. + virtual interface for the VLAN, but on the interface corresponding + to the physical network device, if possible. See the Wireshark + Wiki item on VLAN capturing for details. Q 7.12: Why does Wireshark hang after I stop a capture? - A: The most likely reason for this is that Wireshark is trying - to look up an IP address in the capture to convert it to a name - (so that, for example, it can display the name in the source - address or destination address columns), and that lookup - process is taking a very long time. - Wireshark calls a routine in the OS of the machine on which - it's running to convert of IP addresses to the corresponding - names. That routine probably does one or more of: - * a search of a system file listing IP addresses and names; - * a lookup using DNS; - * on UNIX systems, a lookup using NIS; - * on Windows systems, a NetBIOS-over-TCP query. + A: The most likely reason for this is that Wireshark is trying to + look up an IP address in the capture to convert it to a name (so + that, for example, it can display the name in the source address + or destination address columns), and that lookup process is taking + a very long time. + Wireshark calls a routine in the OS of the machine on which it's + running to convert of IP addresses to the corresponding names. + That routine probably does one or more of: + + * a search of a system file listing IP addresses and names; + * a lookup using DNS; + * on UNIX systems, a lookup using NIS; + * on Windows systems, a NetBIOS-over-TCP query. If a DNS server that's used in an address lookup is not responding, the lookup will fail, but will only fail after a timeout while the system routine waits for a reply. - In addition, on Windows systems, if the DNS lookup of the - address fails, either because the server isn't responding or - because there are no records in the DNS that could be used to - map the address to a name, a NetBIOS-over-TCP query will be - made. That query involves sending a message to the - NetBIOS-over-TCP name service on that machine, asking for the - name and other information about the machine. If the machine - isn't running software that responds to those queries - for - example, many non-Windows machines wouldn't be running that - software - the lookup will only fail after a timeout. Those - timeouts can cause the lookup to take a long time. - If you disable network address-to-name translation - for - example, by turning off the "Enable network name resolution" - option in the "Capture Options" dialog box for starting a - network capture - the lookups of the address won't be done, - which may speed up the process of reading the capture file - after the capture is stopped. You can make that setting the - default by selecting "Preferences" from the "Edit" menu, - turning off the "Enable network name resolution" option in the - "Name resolution" options in the preferences disalog box, and - using the "Save" button in that dialog box; note that this will - save all your current preference settings. - If Wireshark hangs when reading a capture even with network - name resolution turned off, there might, for example, be a bug - in one of Wireshark's dissectors for a protocol causing it to - loop infinitely. If you're not running the most recent release - of Wireshark, you should first upgrade to that release, as, if + In addition, on Windows systems, if the DNS lookup of the address + fails, either because the server isn't responding or because there + are no records in the DNS that could be used to map the address to + a name, a NetBIOS-over-TCP query will be made. That query involves + sending a message to the NetBIOS-over-TCP name service on that + machine, asking for the name and other information about the + machine. If the machine isn't running software that responds to + those queries - for example, many non-Windows machines wouldn't be + running that software - the lookup will only fail after a timeout. + Those timeouts can cause the lookup to take a long time. + If you disable network address-to-name translation - for example, + by turning off the "Enable network name resolution" option in the + "Capture Options" dialog box for starting a network capture - the + lookups of the address won't be done, which may speed up the + process of reading the capture file after the capture is stopped. + You can make that setting the default by selecting "Preferences" + from the "Edit" menu, turning off the "Enable network name + resolution" option in the "Name resolution" options in the + preferences disalog box, and using the "Save" button in that + dialog box; note that this will save all your current preference + settings. + If Wireshark hangs when reading a capture even with network name + resolution turned off, there might, for example, be a bug in one + of Wireshark's dissectors for a protocol causing it to loop + infinitely. If you're not running the most recent release of + Wireshark, you should first upgrade to that release, as, if there's a bug of that sort, it might've been fixed in a release after the one you're running. If the hang occurs in the most recent release of Wireshark, the bug should be reported to the - Wireshark developers' mailing list at - wireshark-dev@wireshark.org. - On UNIX-flavored OSes, please try to force Wireshark to dump - core, by sending it a SIGABRT signal (usually signal 6) with - the kill command, and then get a stack trace if you have a - debugger installed. A stack trace can be obtained by using your - debugger (gdb in this example), the Wireshark binary, and the - resulting core file. Here's an example of how to use the gdb - command backtrace to do so. - $ gdb wireshark core - (gdb) backtrace - ..... prints the stack trace - (gdb) quit - $ + Wireshark developers' mailing list at wireshark-dev@wireshark.org. + On UNIX-flavored OSes, please try to force Wireshark to dump core, + by sending it a SIGABRT signal (usually signal 6) with the kill + command, and then get a stack trace if you have a debugger + installed. A stack trace can be obtained by using your debugger + (gdb in this example), the Wireshark binary, and the resulting + core file. Here's an example of how to use the gdb command + backtrace to do so. + + $ gdb wireshark core + (gdb) backtrace + ..... prints the stack trace + (gdb) quit + $ The core dump file may be named "wireshark.core" rather than "core" on some platforms (e.g., BSD systems). - Also, if at all possible, please send a copy of the capture - file that caused the problem. When capturing packets, Wireshark - normally writes captured packets to a temporary file, which - will probably be in /tmp or /var/tmp on UNIX-flavored OSes, - \TEMP on the main system disk (normally C:) on Windows 9x/Me/NT - 4.0, \Documents and Settings\your login name \Local - Settings\Temp on the main system disk on Windows 2000/Windows - XP/Windows Server 2003, and \Users\your login - name\AppData\Local\Temp on the main system disk on Windows 7, - so the capture file will probably be there. If you are - capturing on a single interface, it will have a name of the - form, wireshark_iface_YYYYmmddHHMMSS_XXXXXX; otherwise, if you - are capturing on multiple interfaces, it will have a name of - the form, wireshark_<N>_interfaces_YYYYmmddHHMMSS_XXXXXX, where - <N> is the number of simultaneous interfaces you are capturing - on. Please don't send a trace file greater than 1 MB when - compressed; instead, make it available via FTP or HTTP, or say - it's available but leave it up to a developer to ask for it. If - the trace file contains sensitive information (e.g., - passwords), then please do not send it. + Also, if at all possible, please send a copy of the capture file + that caused the problem. When capturing packets, Wireshark + normally writes captured packets to a temporary file, which will + probably be in /tmp or /var/tmp on UNIX-flavored OSes, \TEMP on + the main system disk (normally C:) on Windows 9x/Me/NT 4.0, + \Documents and Settings\your login name \Local Settings\Temp on + the main system disk on Windows 2000/Windows XP/Windows Server + 2003, and \Users\your login name\AppData\Local\Temp on the main + system disk on Windows 7, so the capture file will probably be + there. If you are capturing on a single interface, it will have a + name of the form, wireshark_iface_YYYYmmddHHMMSS_XXXXXX; + otherwise, if you are capturing on multiple interfaces, it will + have a name of the form, + wireshark_<N>_interfaces_YYYYmmddHHMMSS_XXXXXX, where <N> is the + number of simultaneous interfaces you are capturing on. Please + don't send a trace file greater than 1 MB when compressed; + instead, make it available via FTP or HTTP, or say it's available + but leave it up to a developer to ask for it. If the trace file + contains sensitive information (e.g., passwords), then please do + not send it. 8. Capturing packets on Windows Q 8.1: I'm running Wireshark on Windows; why does some network - interface on my machine not show up in the list of interfaces - in the "Interface:" field in the dialog box popped up by - "Capture->Start", and/or why does Wireshark give me an error if - I try to capture on that interface? + interface on my machine not show up in the list of interfaces in + the "Interface:" field in the dialog box popped up by + "Capture->Start", and/or why does Wireshark give me an error if I + try to capture on that interface? - A: If you are running Wireshark on Windows NT 4.0, Windows - 2000, Windows XP, or Windows Server 2003, and this is the first - time you have run a WinPcap-based program (such as Wireshark, - or TShark, or WinDump, or Analyzer, or...) since the machine - was rebooted, you need to run that program from an account with - administrator privileges; once you have run such a program, you - will not need administrator privileges to run any such programs - until you reboot. + A: If you are running Wireshark on Windows NT 4.0, Windows 2000, + Windows XP, or Windows Server 2003, and this is the first time you + have run a WinPcap-based program (such as Wireshark, or TShark, or + WinDump, or Analyzer, or...) since the machine was rebooted, you + need to run that program from an account with administrator + privileges; once you have run such a program, you will not need + administrator privileges to run any such programs until you + reboot. If you are running on Windows Windows 2000/Windows XP/Windows - Server 2003 and have administrator privileges or a - WinPcap-based program has been run with those privileges since - the machine rebooted, this problem might clear up if you - completely un-install WinPcap and then re-install it. + Server 2003 and have administrator privileges or a WinPcap-based + program has been run with those privileges since the machine + rebooted, this problem might clear up if you completely un-install + WinPcap and then re-install it. If that doesn't work, then note that Wireshark relies on the WinPcap library, on the WinPcap device driver, and on the - facilities that come with the OS on which it's running in order - to do captures. - Therefore, if the OS, the WinPcap library, or the WinPcap - driver don't support capturing on a particular network - interface device, Wireshark won't be able to capture on that - device. + facilities that come with the OS on which it's running in order to + do captures. + Therefore, if the OS, the WinPcap library, or the WinPcap driver + don't support capturing on a particular network interface device, + Wireshark won't be able to capture on that device. Note that: - 1. 2.02 and earlier versions of the WinPcap driver and library + + 1. 2.02 and earlier versions of the WinPcap driver and library that Wireshark uses for packet capture didn't support Token Ring interfaces; versions 2.1 and later support Token Ring, - and the current version of Wireshark works with (and, in - fact, requires) WinPcap 2.1 or later. - If you are having problems capturing on Token Ring - interfaces, and you have WinPcap 2.02 or an earlier version - of WinPcap installed, you should uninstall WinPcap, - download and install the current version of WinPcap, and - then install the latest version of Wireshark. - 2. WinPcap 2.3 has problems supporting PPP WAN interfaces on - Windows NT 4.0, Windows 2000, Windows XP, and Windows - Server 2003, and, to avoid those problems, support for PPP - WAN interfaces on those versions of Windows has been - disabled in WinPcap 3.0. Regular dial-up lines, ISDN lines, - ADSL connections using PPPoE or PPPoA, and various other - lines such as T1/E1 lines are all PPP interfaces, so those - interfaces might not show up on the list of interfaces in - the "Capture Options" dialog on those OSes. - On Windows 2000, Windows XP, and Windows Server 2003, but - not Windows NT 4.0 or Windows Vista Beta 1, you should be - able to capture on the "GenericDialupAdapter" with WinPcap - 3.1. (3.1 beta releases called it the "NdisWanAdapter"; if - you're using a 3.1 beta release, you should un-install it - and install the final 3.1 release.) See the Wireshark Wiki - item on PPP capturing for details. - 3. WinPcap prior to 3.0 does not support multiprocessor - machines (note that machines with a single multi-threaded - processor, such as Intel's new multi-threaded x86 - processors, are multiprocessor machines as far as the OS - and WinPcap are concerned), and recent 2.x versions of - WinPcap refuse to operate if they detect that they're - running on a multiprocessor machine, which means that they - may not show any network interfaces. You will need to use - WinPcap 3.0 to capture on a multiprocessor machine. - - If an interface doesn't show up in the list of interfaces in - the "Interface:" field, and you know the name of the interface, - try entering that name in the "Interface:" field and capturing - on that device. - If the attempt to capture on it succeeds, the interface is - somehow not being reported by the mechanism Wireshark uses to - get a list of interfaces. Try listing the interfaces with - WinDump; see the WinDump Web site for information on using - WinDump. - You would run WinDump with the -D flag; if it lists the - interface, please report this to wireshark-dev@wireshark.org - giving full details of the problem, including - * the operating system you're using, and the version of that + and the current version of Wireshark works with (and, in fact, + requires) WinPcap 2.1 or later. + If you are having problems capturing on Token Ring interfaces, + and you have WinPcap 2.02 or an earlier version of WinPcap + installed, you should uninstall WinPcap, download and install + the current version of WinPcap, and then install the latest + version of Wireshark. + 2. WinPcap 2.3 has problems supporting PPP WAN interfaces on + Windows NT 4.0, Windows 2000, Windows XP, and Windows Server + 2003, and, to avoid those problems, support for PPP WAN + interfaces on those versions of Windows has been disabled in + WinPcap 3.0. Regular dial-up lines, ISDN lines, ADSL + connections using PPPoE or PPPoA, and various other lines such + as T1/E1 lines are all PPP interfaces, so those interfaces + might not show up on the list of interfaces in the "Capture + Options" dialog on those OSes. + On Windows 2000, Windows XP, and Windows Server 2003, but not + Windows NT 4.0 or Windows Vista Beta 1, you should be able to + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 + beta releases called it the "NdisWanAdapter"; if you're using + a 3.1 beta release, you should un-install it and install the + final 3.1 release.) See the Wireshark Wiki item on PPP + capturing for details. + 3. WinPcap prior to 3.0 does not support multiprocessor machines + (note that machines with a single multi-threaded processor, + such as Intel's new multi-threaded x86 processors, are + multiprocessor machines as far as the OS and WinPcap are + concerned), and recent 2.x versions of WinPcap refuse to + operate if they detect that they're running on a + multiprocessor machine, which means that they may not show any + network interfaces. You will need to use WinPcap 3.0 to + capture on a multiprocessor machine. + + If an interface doesn't show up in the list of interfaces in the + "Interface:" field, and you know the name of the interface, try + entering that name in the "Interface:" field and capturing on that + device. + If the attempt to capture on it succeeds, the interface is somehow + not being reported by the mechanism Wireshark uses to get a list + of interfaces. Try listing the interfaces with WinDump; see the + WinDump Web site for information on using WinDump. + You would run WinDump with the -D flag; if it lists the interface, + please report this to wireshark-dev@wireshark.org giving full + details of the problem, including + + * the operating system you're using, and the version of that operating system; - * the type of network device you're using; - * the output of WinDump. + * the type of network device you're using; + * the output of WinDump. + + If WinDump does not list the interface, this is almost certainly a + problem with one or more of: - If WinDump does not list the interface, this is almost - certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the WinPcap library and/or the WinPcap device driver; + * the operating system you're using; + * the device driver for the interface you're using; + * the WinPcap library and/or the WinPcap device driver; so first check the WinPcap FAQ or the Wiretapped.net mirror of - that FAQ, to see if your problem is mentioned there. If not, - then see the WinPcap support page - check the "Submitting bugs" + that FAQ, to see if your problem is mentioned there. If not, then + see the WinPcap support page - check the "Submitting bugs" section. If you are having trouble capturing on a particular network interface, first try capturing on that device with WinDump; see the WinDump Web site for information on using WinDump. If you can capture on the interface with WinDump, send mail to - wireshark-users@wireshark.org giving full details of the - problem, including - * the operating system you're using, and the version of that + wireshark-users@wireshark.org giving full details of the problem, + including + + * the operating system you're using, and the version of that operating system; - * the type of network device you're using; - * the error message you get from Wireshark. + * the type of network device you're using; + * the error message you get from Wireshark. If you cannot capture on the interface with WinDump, this is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the WinPcap library and/or the WinPcap device driver; + + * the operating system you're using; + * the device driver for the interface you're using; + * the WinPcap library and/or the WinPcap device driver; so first check the WinPcap FAQ or the Wiretapped.net mirror of - that FAQ, to see if your problem is mentioned there. If not, - then see the WinPcap support page - check the "Submitting bugs" + that FAQ, to see if your problem is mentioned there. If not, then + see the WinPcap support page - check the "Submitting bugs" section. - You may also want to ask the wireshark-users@wireshark.org and - the winpcap-users@winpcap.org mailing lists to see if anybody - happens to know about the problem and know a workaround or fix - for the problem. (Note that you will have to subscribe to that - list in order to be allowed to mail to it; see the WinPcap - support page for information on the mailing list.) In your - mail, please give full details of the problem, as described - above, and also indicate that the problem occurs with WinDump, - not just with Wireshark. + You may also want to ask the wireshark-users@wireshark.org and the + winpcap-users@winpcap.org mailing lists to see if anybody happens + to know about the problem and know a workaround or fix for the + problem. (Note that you will have to subscribe to that list in + order to be allowed to mail to it; see the WinPcap support page + for information on the mailing list.) In your mail, please give + full details of the problem, as described above, and also indicate + that the problem occurs with WinDump, not just with Wireshark. Q 8.2: I'm running Wireshark on Windows; why do no network - interfaces show up in the list of interfaces in the - "Interface:" field in the dialog box popped up by - "Capture->Start"? + interfaces show up in the list of interfaces in the "Interface:" + field in the dialog box popped up by "Capture->Start"? A: This is really the same question as a previous one; see the response to that question. @@ -1167,382 +1137,372 @@ "Capture->Start"? A: Internet access on those devices is often done with the - Point-to-Point (PPP) protocol; WinPcap 2.3 has problems - supporting PPP WAN interfaces on Windows NT 4.0, Windows 2000, - Windows XP, and Windows Server 2003, and, to avoid those - problems, support for PPP WAN interfaces on those versions of - Windows has been disabled in WinPcap 3.0. + Point-to-Point (PPP) protocol; WinPcap 2.3 has problems supporting + PPP WAN interfaces on Windows NT 4.0, Windows 2000, Windows XP, + and Windows Server 2003, and, to avoid those problems, support for + PPP WAN interfaces on those versions of Windows has been disabled + in WinPcap 3.0. On Windows 2000, Windows XP, and Windows Server 2003, but not Windows NT 4.0 or Windows Vista Beta 1, you should be able to - capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 - beta releases called it the "NdisWanAdapter"; if you're using a - 3.1 beta release, you should un-install it and install the - final 3.1 release.) See the Wireshark Wiki item on PPP - capturing for details. + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 beta + releases called it the "NdisWanAdapter"; if you're using a 3.1 + beta release, you should un-install it and install the final 3.1 + release.) See the Wireshark Wiki item on PPP capturing for + details. Q 8.4: I'm running Wireshark on Windows NT 4.0/Windows - 2000/Windows XP/Windows Server 2003; my machine has a PPP - (dial-up POTS, ISDN, etc.) interface, and it shows up in the - "Interface" item in the "Capture Options" dialog box. Why can - no packets be sent on or received from that network while I'm - trying to capture traffic on that interface? - - A: Some versions of WinPcap have problems with PPP WAN - interfaces on Windows NT 4.0, Windows 2000, Windows XP, and - Windows Server 2003; one symptom that may be seen is that - attempts to capture in promiscuous mode on the interface cause - the interface to be incapable of sending or receiving packets. - You can disable promiscuous mode using the -p command-line flag - or the item in the "Capture Preferences" dialog box, but this - may mean that outgoing packets, or incoming packets, won't be - seen in the capture. + 2000/Windows XP/Windows Server 2003; my machine has a PPP (dial-up + POTS, ISDN, etc.) interface, and it shows up in the "Interface" + item in the "Capture Options" dialog box. Why can no packets be + sent on or received from that network while I'm trying to capture + traffic on that interface? + + A: Some versions of WinPcap have problems with PPP WAN interfaces + on Windows NT 4.0, Windows 2000, Windows XP, and Windows Server + 2003; one symptom that may be seen is that attempts to capture in + promiscuous mode on the interface cause the interface to be + incapable of sending or receiving packets. You can disable + promiscuous mode using the -p command-line flag or the item in the + "Capture Preferences" dialog box, but this may mean that outgoing + packets, or incoming packets, won't be seen in the capture. On Windows 2000, Windows XP, and Windows Server 2003, but not Windows NT 4.0 or Windows Vista Beta 1, you should be able to - capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 - beta releases called it the "NdisWanAdapter"; if you're using a - 3.1 beta release, you should un-install it and install the - final 3.1 release.) See the Wireshark Wiki item on PPP - capturing for details. - - Q 8.5: I'm running Wireshark on Windows; why am I not seeing - any traffic being sent by the machine running Wireshark? - - A: If you are running some form of VPN client software, it - might be causing this problem; people have seen this problem - when they have Check Point's VPN software installed on their - machine. If that's the cause of the problem, you will have to - remove the VPN software in order to have Wireshark (or any - other application using WinPcap) see outgoing packets; - unfortunately, neither we nor the WinPcap developers know any - way to make WinPcap and the VPN software work well together. - Also, some drivers for Windows (especially some wireless - network interface drivers) apparently do not, when running in - promiscuous mode, arrange that outgoing packets are delivered - to the software that requested that the interface run - promiscuously; try turning promiscuous mode off. + capture on the "GenericDialupAdapter" with WinPcap 3.1. (3.1 beta + releases called it the "NdisWanAdapter"; if you're using a 3.1 + beta release, you should un-install it and install the final 3.1 + release.) See the Wireshark Wiki item on PPP capturing for + details. + + Q 8.5: I'm running Wireshark on Windows; why am I not seeing any + traffic being sent by the machine running Wireshark? + + A: If you are running some form of VPN client software, it might + be causing this problem; people have seen this problem when they + have Check Point's VPN software installed on their machine. If + that's the cause of the problem, you will have to remove the VPN + software in order to have Wireshark (or any other application + using WinPcap) see outgoing packets; unfortunately, neither we nor + the WinPcap developers know any way to make WinPcap and the VPN + software work well together. + Also, some drivers for Windows (especially some wireless network + interface drivers) apparently do not, when running in promiscuous + mode, arrange that outgoing packets are delivered to the software + that requested that the interface run promiscuously; try turning + promiscuous mode off. Q 8.6: When I capture on Windows in promiscuous mode, I can see packets other than those sent to or from my machine; however, those packets show up with a "Short Frame" indication, unlike - packets to or from my machine. What should I do to arrange that - I see those packets in their entirety? + packets to or from my machine. What should I do to arrange that I + see those packets in their entirety? + + A: In at least some cases, this appears to be the result of PGPnet + running on the network interface on which you're capturing; turn + it off on that interface. + + Q 8.7: I'm trying to capture 802.11 traffic on Windows; why am I + not seeing any packets? - A: In at least some cases, this appears to be the result of - PGPnet running on the network interface on which you're - capturing; turn it off on that interface. - - Q 8.7: I'm trying to capture 802.11 traffic on Windows; why am - I not seeing any packets? - - A: At least some 802.11 card drivers on Windows appear not to - see any packets if they're running in promiscuous mode. Try - turning promiscuous mode off; you'll only be able to see - packets sent by and received by your machine, not third-party - traffic, and it'll look like Ethernet traffic and won't include - any management or control frames, but that's a limitation of - the card drivers. + A: At least some 802.11 card drivers on Windows appear not to see + any packets if they're running in promiscuous mode. Try turning + promiscuous mode off; you'll only be able to see packets sent by + and received by your machine, not third-party traffic, and it'll + look like Ethernet traffic and won't include any management or + control frames, but that's a limitation of the card drivers. See MicroLogix's list of cards supported with WinPcap for information on support of various adapters and drivers with WinPcap. - Q 8.8: I'm trying to capture 802.11 traffic on Windows; why am - I seeing packets received by the machine on which I'm capturing + Q 8.8: I'm trying to capture 802.11 traffic on Windows; why am I + seeing packets received by the machine on which I'm capturing traffic, but not packets sent by that machine? - A: This appears to be another problem with promiscuous mode; - try turning it off. + A: This appears to be another problem with promiscuous mode; try + turning it off. - Q 8.9: I'm trying to capture Ethernet VLAN traffic on Windows, - and I'm capturing on a "raw" Ethernet device rather than a - "VLAN interface", so that I can see the VLAN headers; why am I - seeing packets received by the machine on which I'm capturing - traffic, but not packets sent by that machine? + Q 8.9: I'm trying to capture Ethernet VLAN traffic on Windows, and + I'm capturing on a "raw" Ethernet device rather than a "VLAN + interface", so that I can see the VLAN headers; why am I seeing + packets received by the machine on which I'm capturing traffic, + but not packets sent by that machine? - A: The way the Windows networking code works probably means - that packets are sent on a "VLAN interface" rather than the - "raw" device, so packets sent by the machine will only be seen - when you capture on the "VLAN interface". If so, you will be - unable to see outgoing packets when capturing on the "raw" - device, so you are stuck with a choice between seeing VLAN - headers and seeing outgoing packets. + A: The way the Windows networking code works probably means that + packets are sent on a "VLAN interface" rather than the "raw" + device, so packets sent by the machine will only be seen when you + capture on the "VLAN interface". If so, you will be unable to see + outgoing packets when capturing on the "raw" device, so you are + stuck with a choice between seeing VLAN headers and seeing + outgoing packets. 9. Capturing packets on UNXes - Q 9.1: I'm running Wireshark on a UNIX-flavored OS; why does - some network interface on my machine not show up in the list of - interfaces in the "Interface:" field in the dialog box popped - up by "Capture->Start", and/or why does Wireshark give me an - error if I try to capture on that interface? - - A: You may need to run Wireshark from an account with - sufficient privileges to capture packets, such as the - super-user account, or may need to give your account sufficient - privileges to capture packets. Only those interfaces that - Wireshark can open for capturing show up in that list; if you - don't have sufficient privileges to capture on any interfaces, - no interfaces will show up in the list. See the Wireshark Wiki - item on capture privileges for details on how to give a - particular account or account group capture privileges on - platforms where that can be done. + Q 9.1: I'm running Wireshark on a UNIX-flavored OS; why does some + network interface on my machine not show up in the list of + interfaces in the "Interface:" field in the dialog box popped up + by "Capture->Start", and/or why does Wireshark give me an error if + I try to capture on that interface? + + A: You may need to run Wireshark from an account with sufficient + privileges to capture packets, such as the super-user account, or + may need to give your account sufficient privileges to capture + packets. Only those interfaces that Wireshark can open for + capturing show up in that list; if you don't have sufficient + privileges to capture on any interfaces, no interfaces will show + up in the list. See the Wireshark Wiki item on capture privileges + for details on how to give a particular account or account group + capture privileges on platforms where that can be done. If you are running Wireshark from an account with sufficient privileges, then note that Wireshark relies on the libpcap - library, and on the facilities that come with the OS on which - it's running in order to do captures. On some OSes, those - facilities aren't present by default; see the Wireshark Wiki - item on adding capture support for details. + library, and on the facilities that come with the OS on which it's + running in order to do captures. On some OSes, those facilities + aren't present by default; see the Wireshark Wiki item on adding + capture support for details. And, even if you're running with an account that has sufficient - privileges to capture, and capture support is present in your - OS, if the OS or the libpcap library don't support capturing on - a particular network interface device or particular types of + privileges to capture, and capture support is present in your OS, + if the OS or the libpcap library don't support capturing on a + particular network interface device or particular types of devices, Wireshark won't be able to capture on that device. On Solaris, note that libpcap 0.6.2 and earlier didn't support Token Ring interfaces; the current version, 0.7.2, does support Token Ring, and the current version of Wireshark works with libpcap 0.7.2 and later. - If an interface doesn't show up in the list of interfaces in - the "Interface:" field, and you know the name of the interface, - try entering that name in the "Interface:" field and capturing - on that device. - If the attempt to capture on it succeeds, the interface is - somehow not being reported by the mechanism Wireshark uses to - get a list of interfaces; please report this to - wireshark-dev@wireshark.org giving full details of the problem, - including - the operating system you're using, and the version of that - operating system (for Linux, give both the version number - of the kernel and the name and version number of the - distribution you're using); - * the type of network device you're using. + If an interface doesn't show up in the list of interfaces in the + "Interface:" field, and you know the name of the interface, try + entering that name in the "Interface:" field and capturing on that + device. + If the attempt to capture on it succeeds, the interface is somehow + not being reported by the mechanism Wireshark uses to get a list + of interfaces; please report this to wireshark-dev@wireshark.org + giving full details of the problem, including + + * the operating system you're using, and the version of that + operating system (for Linux, give both the version number of + the kernel and the name and version number of the distribution + you're using); + * the type of network device you're using. If you are having trouble capturing on a particular network interface, and you've made sure that (on platforms that require - it) you've arranged that packet capture support is present, as - per the above, first try capturing on that device with tcpdump. + it) you've arranged that packet capture support is present, as per + the above, first try capturing on that device with tcpdump. If you can capture on the interface with tcpdump, send mail to - wireshark-users@wireshark.org giving full details of the - problem, including - * the operating system you're using, and the version of that - operating system (for Linux, give both the version number - of the kernel and the name and version number of the - distribution you're using); - * the type of network device you're using; - * the error message you get from Wireshark. + wireshark-users@wireshark.org giving full details of the problem, + including + + * the operating system you're using, and the version of that + operating system (for Linux, give both the version number of + the kernel and the name and version number of the distribution + you're using); + * the type of network device you're using; + * the error message you get from Wireshark. If you cannot capture on the interface with tcpdump, this is almost certainly a problem with one or more of: - * the operating system you're using; - * the device driver for the interface you're using; - * the libpcap library; + + * the operating system you're using; + * the device driver for the interface you're using; + * the libpcap library; so you should report the problem to the company or organization - that produces the OS (in the case of a Linux distribution, - report the problem to whoever produces the distribution). - You may also want to ask the wireshark-users@wireshark.org and - the tcpdump-workers@lists.tcpdump.org mailing lists to see if - anybody happens to know about the problem and know a workaround - or fix for the problem. In your mail, please give full details - of the problem, as described above, and also indicate that the - problem occurs with tcpdump not just with Wireshark. + that produces the OS (in the case of a Linux distribution, report + the problem to whoever produces the distribution). + You may also want to ask the wireshark-users@wireshark.org and the + tcpdump-workers@lists.tcpdump.org mailing lists to see if anybody + happens to know about the problem and know a workaround or fix for + the problem. In your mail, please give full details of the + problem, as described above, and also indicate that the problem + occurs with tcpdump not just with Wireshark. Q 9.2: I'm running Wireshark on a UNIX-flavored OS; why do no network interfaces show up in the list of interfaces in the "Interface:" field in the dialog box popped up by "Capture->Start"? - A: This is really the same question as the previous one; see - the response to that question. + A: This is really the same question as the previous one; see the + response to that question. - Q 9.3: I'm capturing packets on Linux; why do the time stamps - have only 100ms resolution, rather than 1us resolution? + Q 9.3: I'm capturing packets on Linux; why do the time stamps have + only 100ms resolution, rather than 1us resolution? A: Wireshark gets time stamps from libpcap/WinPcap, and libpcap/WinPcap get them from the OS kernel, so Wireshark - and - any other program using libpcap, such as tcpdump - is at the - mercy of the time stamping code in the OS for time stamps. - At least on x86-based machines, Linux can get high-resolution - time stamps on newer processors with the Time Stamp Counter - (TSC) register; for example, Intel x86 processors, starting - with the Pentium Pro, and including all x86 processors since - then, have had a TSC, and other vendors probably added the TSC - at some point to their families of x86 processors. The Linux - kernel must be configured with the CONFIG_X86_TSC option - enabled in order to use the TSC. Make sure this option is - enabled in your kernel. + any other program using libpcap, such as tcpdump - is at the mercy + of the time stamping code in the OS for time stamps. + At least on x86-based machines, Linux can get high-resolution time + stamps on newer processors with the Time Stamp Counter (TSC) + register; for example, Intel x86 processors, starting with the + Pentium Pro, and including all x86 processors since then, have had + a TSC, and other vendors probably added the TSC at some point to + their families of x86 processors. The Linux kernel must be + configured with the CONFIG_X86_TSC option enabled in order to use + the TSC. Make sure this option is enabled in your kernel. In addition, some Linux distributions may have bugs in their versions of the kernel that cause packets not to be given - high-resolution time stamps even if the TSC is enabled. See, - for example, bug 61111 for Red Hat Linux 7.2. If your - distribution has a bug such as this, you may have to run a - standard kernel from kernel.org in order to get high-resolution - time stamps. + high-resolution time stamps even if the TSC is enabled. See, for + example, bug 61111 for Red Hat Linux 7.2. If your distribution has + a bug such as this, you may have to run a standard kernel from + kernel.org in order to get high-resolution time stamps. 10. Capturing packets on wireless LANs Q 10.1: How can I capture raw 802.11 frames, including non-data (management, beacon) frames? - A: That depends on the operating system on which you're - running, and on the 802.11 interface on which you're capturing. - This would probably require that you capture in promiscuous - mode or in the mode called "monitor mode" or "RFMON mode". On - some platforms, or with some cards, this might require that you - capture in monitor mode - promiscuous mode might not be - sufficient. If you want to capture traffic on networks other - than the one with which you're associated, you will have to - capture in monitor mode. - Not all operating systems support capturing non-data packets - and, even on operating systems that do support it, not all - drivers, and thus not all interfaces, support it. Even on those - that do, monitor mode might not be supported by the operating - system or by the drivers for all interfaces. + A: That depends on the operating system on which you're running, + and on the 802.11 interface on which you're capturing. + This would probably require that you capture in promiscuous mode + or in the mode called "monitor mode" or "RFMON mode". On some + platforms, or with some cards, this might require that you capture + in monitor mode - promiscuous mode might not be sufficient. If you + want to capture traffic on networks other than the one with which + you're associated, you will have to capture in monitor mode. + Not all operating systems support capturing non-data packets and, + even on operating systems that do support it, not all drivers, and + thus not all interfaces, support it. Even on those that do, + monitor mode might not be supported by the operating system or by + the drivers for all interfaces. NOTE: an interface running in monitor mode will, on most if not - all platforms, not be able to act as a regular network - interface; putting it into monitor mode will, in effect, take - your machine off of whatever network it's on as long as the - interface is in monitor mode, allowing it only to passively - capture packets. - This means that you should disable name resolution when - capturing in monitor mode; otherwise, when Wireshark (or - TShark, or tcpdump) tries to display IP addresses as host - names, it will probably block for a long time trying to resolve - the name because it will not be able to communicate with any - DNS or NIS servers. + all platforms, not be able to act as a regular network interface; + putting it into monitor mode will, in effect, take your machine + off of whatever network it's on as long as the interface is in + monitor mode, allowing it only to passively capture packets. + This means that you should disable name resolution when capturing + in monitor mode; otherwise, when Wireshark (or TShark, or tcpdump) + tries to display IP addresses as host names, it will probably + block for a long time trying to resolve the name because it will + not be able to communicate with any DNS or NIS servers. See the Wireshark Wiki item on 802.11 capturing for details. Q 10.2: How do I capture on an 802.11 device in monitor mode? - A: Whether you will be able to capture in monitor mode depends - on the operating system, adapter, and driver you're using. See - the previous question for information on monitor mode, - including a link to the Wireshark Wiki page that gives details - on 802.11 capturing. + A: Whether you will be able to capture in monitor mode depends on + the operating system, adapter, and driver you're using. See the + previous question for information on monitor mode, including a + link to the Wireshark Wiki page that gives details on 802.11 + capturing. 11. Viewing traffic Q 11.1: Why am I seeing lots of packets with incorrect TCP checksums? - A: If the packets that have incorrect TCP checksums are all - being sent by the machine on which Wireshark is running, this - is probably because the network interface on which you're - capturing does TCP checksum offloading. That means that the TCP - checksum is added to the packet by the network interface, not - by the OS's TCP/IP stack; when capturing on an interface, - packets being sent by the host on which you're capturing are - directly handed to the capture interface by the OS, which means - that they are handed to the capture interface without a TCP - checksum being added to them. + A: If the packets that have incorrect TCP checksums are all being + sent by the machine on which Wireshark is running, this is + probably because the network interface on which you're capturing + does TCP checksum offloading. That means that the TCP checksum is + added to the packet by the network interface, not by the OS's + TCP/IP stack; when capturing on an interface, packets being sent + by the host on which you're capturing are directly handed to the + capture interface by the OS, which means that they are handed to + the capture interface without a TCP checksum being added to them. The only way to prevent this from happening would be to disable TCP checksum offloading, but - 1. that might not even be possible on some OSes; - 2. that could reduce networking performance significantly. - However, you can disable the check that Wireshark does of the - TCP checksum, so that it won't report any packets as having TCP - checksum errors, and so that it won't refuse to do TCP - reassembly due to a packet having an incorrect TCP checksum. - That can be set as an Wireshark preference by selecting - "Preferences" from the "Edit" menu, opening up the "Protocols" - list in the left-hand pane of the "Preferences" dialog box, - selecting "TCP", from that list, turning off the "Check the - validity of the TCP checksum when possible" option, clicking - "Save" if you want to save that setting in your preference - file, and clicking "OK". - It can also be set on the Wireshark or TShark command line with - a -o tcp.check_checksum:false command-line flag, or manually - set in your preferences file by adding a - tcp.check_checksum:false line. - - Q 11.2: I've just installed Wireshark, and the traffic on my - local LAN is boring. Where can I find more interesting - captures? - - A: We have a collection of strange and exotic sample capture - files at http://wiki.wireshark.org/SampleCaptures - - Q 11.3: Why doesn't Wireshark correctly identify RTP packets? - It shows them only as UDP. - - A: Wireshark can identify a UDP datagram as containing a packet - of a particular protocol running atop UDP only if - 1. The protocol in question has a particular standard port - number, and the UDP source or destination port number is - that port - 2. Packets of that protocol can be identified by looking for a - "signature" of some type in the packet - i.e., some data - that, if Wireshark finds it in some particular part of a - packet, means that the packet is almost certainly a packet - of that type. - 3. Some other traffic earlier in the capture indicated that, - for example, UDP traffic between two particular addresses - and ports will be RTP traffic. + 1. that might not even be possible on some OSes; + 2. that could reduce networking performance significantly. + + However, you can disable the check that Wireshark does of the TCP + checksum, so that it won't report any packets as having TCP + checksum errors, and so that it won't refuse to do TCP reassembly + due to a packet having an incorrect TCP checksum. That can be set + as an Wireshark preference by selecting "Preferences" from the + "Edit" menu, opening up the "Protocols" list in the left-hand pane + of the "Preferences" dialog box, selecting "TCP", from that list, + turning off the "Check the validity of the TCP checksum when + possible" option, clicking "Save" if you want to save that setting + in your preference file, and clicking "OK". + It can also be set on the Wireshark or TShark command line with a + -o tcp.check_checksum:false command-line flag, or manually set in + your preferences file by adding a tcp.check_checksum:false line. + + Q 11.2: I've just installed Wireshark, and the traffic on my local + LAN is boring. Where can I find more interesting captures? + + A: We have a collection of strange and exotic sample capture files + at http://wiki.wireshark.org/SampleCaptures + + Q 11.3: Why doesn't Wireshark correctly identify RTP packets? It + shows them only as UDP. + + A: Wireshark can identify a UDP datagram as containing a packet of + a particular protocol running atop UDP only if + + 1. The protocol in question has a particular standard port + number, and the UDP source or destination port number is that + port + 2. Packets of that protocol can be identified by looking for a + "signature" of some type in the packet - i.e., some data that, + if Wireshark finds it in some particular part of a packet, + means that the packet is almost certainly a packet of that + type. + 3. Some other traffic earlier in the capture indicated that, for + example, UDP traffic between two particular addresses and + ports will be RTP traffic. RTP doesn't have a standard port number, so 1) doesn't work; it doesn't, as far as I know, have any "signature", so 2) doesn't work. That leaves 3). If there's RTSP traffic that sets up an RTP - session, then, at least in some cases, the RTSP dissector will - set things up so that subsequent RTP traffic will be - identified. Currently, that's the only place we do that; there - may be other places. + session, then, at least in some cases, the RTSP dissector will set + things up so that subsequent RTP traffic will be identified. + Currently, that's the only place we do that; there may be other + places. However, there will always be places where Wireshark is simply incapable of deducing that a given UDP flow is RTP; a mechanism would be needed to allow the user to specify that a given conversation should be treated as RTP. As of Wireshark 0.8.16, such a mechanism exists; if you select a UDP or TCP packet, the right mouse button menu will have a "Decode As..." menu item, - which will pop up a dialog box letting you specify that the - source port, the destination port, or both the source and - destination ports of the packet should be dissected as some - particular protocol. + which will pop up a dialog box letting you specify that the source + port, the destination port, or both the source and destination + ports of the packet should be dissected as some particular + protocol. Q 11.4: Why doesn't Wireshark show Yahoo Messenger packets in captures that contain Yahoo Messenger traffic? - A: Wireshark only recognizes as Yahoo Messenger traffic packets - to or from TCP port 3050 that begin with "YPNS", "YHOO", or - "YMSG". TCP segments that start with the middle of a Yahoo - Messenger packet that takes more than one TCP segment will not - be recognized as Yahoo Messenger packets (even if the TCP - segment also contains the beginning of another Yahoo Messenger - packet). + A: Wireshark only recognizes as Yahoo Messenger traffic packets to + or from TCP port 3050 that begin with "YPNS", "YHOO", or "YMSG". + TCP segments that start with the middle of a Yahoo Messenger + packet that takes more than one TCP segment will not be recognized + as Yahoo Messenger packets (even if the TCP segment also contains + the beginning of another Yahoo Messenger packet). 12. Filtering traffic - Q 12.1: I saved a filter and tried to use its name to filter - the display; why do I get an "Unexpected end of filter string" - error? - - A: You cannot use the name of a saved display filter as a - filter. To filter the display, you can enter a display filter - expression - not the name of a saved display filter - in the - "Filter:" box at the bottom of the display, and type the key or - press the "Apply" button (that does not require you to have a - saved filter), or, if you want to use a saved filter, you can - press the "Filter:" button, select the filter in the dialog box - that pops up, and press the "OK" button. + Q 12.1: I saved a filter and tried to use its name to filter the + display; why do I get an "Unexpected end of filter string" error? + + A: You cannot use the name of a saved display filter as a filter. + To filter the display, you can enter a display filter expression - + not the name of a saved display filter - in the "Filter:" box at + the bottom of the display, and type the key or press the "Apply" + button (that does not require you to have a saved filter), or, if + you want to use a saved filter, you can press the "Filter:" + button, select the filter in the dialog box that pops up, and + press the "OK" button. Q 12.2: How can I search for, or filter, packets that have a particular string anywhere in them? A: If you want to do this when capturing, you can't. That's a - feature that would be hard to implement in capture filters - without changes to the capture filter code, which, on many - platforms, is in the OS kernel and, on other platforms, is in - the libpcap library. + feature that would be hard to implement in capture filters without + changes to the capture filter code, which, on many platforms, is + in the OS kernel and, on other platforms, is in the libpcap + library. After capture, you can search for text by selecting Edit→Find - Packet... and making sure String is selected. Alternately, you - can use the "contains" display filter operator or "matches" - operator if it's supported on your system. + Packet... and making sure String is selected. Alternately, you can + use the "contains" display filter operator or "matches" operator + if it's supported on your system. Q 12.3: How do I filter a capture to see traffic for virus XXX? A: For some viruses/worms there might be a capture filter to - recognize the virus traffic. Check the CaptureFilters page on - the Wireshark Wiki to see if anybody's added such a filter. - Note that Wireshark was not designed to be an intrusion - detection system; you might be able to use it as an IDS, but in - most cases software designed to be an IDS, such as Snort or - Prelude, will probably work better. + recognize the virus traffic. Check the CaptureFilters page on the + Wireshark Wiki to see if anybody's added such a filter. + Note that Wireshark was not designed to be an intrusion detection + system; you might be able to use it as an IDS, but in most cases + software designed to be an IDS, such as Snort or Prelude, will + probably work better. The Bleeding Edge of Snort has a collection of signatures for Snort to detect various viruses, worms, and the like.
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/make-version.pl ^
@@ -2,7 +2,7 @@ # # Copyright 2004 Jörg Mayer (see AUTHORS file) # -# $Id: make-version.pl 53007 2013-10-31 19:22:04Z gerald $ +# $Id: make-version.pl 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -75,7 +75,7 @@ my %version_pref = ( "version_major" => 1, "version_minor" => 8, - "version_micro" => 11, + "version_micro" => 12, "version_build" => 0, "enable" => 1,
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/manuf ^
@@ -4,7 +4,7 @@ # # /etc/manuf - Ethernet vendor codes, and well-known MAC addresses # -# $Id: manuf 52892 2013-10-27 14:35:00Z gerald $ +# $Id: manuf 54119 2013-12-15 15:34:53Z gerald $ # # Laurent Deniel <laurent.deniel [AT] free.fr> # @@ -136,7 +136,7 @@ 00:00:51 HobElect # HOB ELECTRONIC GMBH & CO. KG 00:00:52 Intrusio # Intrusion.com, Inc. 00:00:53 Compucor # COMPUCORP -00:00:54 Modicon # MODICON, INC. +00:00:54 Schniede # Schnieder Electric 00:00:55 AT&T 00:00:56 DrBStruc # DR. B. STRUCK 00:00:57 Scitex # SCITEX CORPORATION LTD. @@ -146,7 +146,7 @@ 00:00:5B EltecEle # ELTEC ELEKTRONIK AG 00:00:5C Telemati # TELEMATICS INTERNATIONAL INC. 00:00:5D CsTeleco # CS TELECOM -00:00:5E UscInfor # USC INFORMATION SCIENCES INST +00:00:5E IcannIan # ICANN, IANA Department 00:00:5F Sumitomo # SUMITOMO ELECTRIC IND., LTD. 00:00:60 KontronE # KONTRON ELEKTRONIK GMBH 00:00:61 GatewayC # GATEWAY COMMUNICATIONS @@ -1570,7 +1570,7 @@ 00:05:EB BlueRidg # Blue Ridge Networks, Inc. 00:05:EC Mosaic # Mosaic Systems Inc. 00:05:ED Techniku # Technikum Joanneum GmbH -00:05:EE BewatorG # BEWATOR Group +00:05:EE SiemensI # Siemens AB, Infrastructure & Cities, Building Technologies Division, IC BT SSP SP BA PR 00:05:EF AdoirDig # ADOIR Digital Technology 00:05:F0 Satec 00:05:F1 Vrcom # Vrcom, Inc. @@ -2055,7 +2055,7 @@ 00:07:D0 AutomatE # Automat Engenharia de Automação Ltda. 00:07:D1 Spectrum # Spectrum Signal Processing Inc. 00:07:D2 LogopakS # Logopak Systeme GmbH & Co. KG -00:07:D3 StorkPri # Stork Prints B.V. +00:07:D3 Spgprint # SPGPrints B.V. 00:07:D4 Zhejiang # Zhejiang Yutong Network Communication Co Ltd. 00:07:D5 3eTechno # 3e Technologies Int;., Inc. 00:07:D6 Commil # Commil Ltd. @@ -5536,7 +5536,7 @@ 00:15:85 Aonvisio # Aonvision Technolopy Corp. 00:15:86 XiamenOv # Xiamen Overseas Chinese Electronic Co., Ltd. 00:15:87 Takenaka # Takenaka Seisakusho Co.,Ltd -00:15:88 BaldaSol # Balda Solution Malaysia Sdn Bhd +00:15:88 Salutica # Salutica Allied Solutions Sdn Bhd 00:15:89 D-MaxTec # D-MAX Technology Co.,Ltd 00:15:8A SurecomT # SURECOM Technology Corp. 00:15:8B ParkAir # Park Air Systems Ltd @@ -6912,7 +6912,7 @@ 00:1A:E5 MvoxTech # Mvox Technologies Inc. 00:1A:E6 AtlantaA # Atlanta Advanced Communications Holdings Limited 00:1A:E7 AztekNet # Aztek Networks, Inc. -00:1A:E8 SiemensE # Siemens Enterprise Communications GmbH & Co. KG +00:1A:E8 UnifyAnd # Unify GmbH and Co KG 00:1A:E9 Nintendo # Nintendo Co., Ltd. 00:1A:EA RadioTer # Radio Terminal Systems Pty Ltd 00:1A:EB AlliedTe # Allied Telesis K.K. @@ -7909,7 +7909,7 @@ 00:1E:CA 2wire # 2Wire, Inc. 00:1E:CB 2wire # 2Wire, Inc. 00:1E:CC 2wire # 2Wire, Inc. -00:1E:CD 2wire # 2Wire, Inc. +00:1E:CD KylandTe # KYLAND Technology Co. LTD 00:1E:CE 2wire # 2Wire, Inc. 00:1E:CF 2wire # 2Wire, Inc. 00:1E:D0 2wire # 2Wire, Inc. @@ -9049,7 +9049,7 @@ 00:23:3E Alcatel- # Alcatel-Lucent-IPD 00:23:3F Purechoi # Purechoice Inc 00:23:40 MixTelem # MiX Telematics -00:23:41 SiemensI # Siemens AG, Infrastructure & Cities Sector, Building Technologies Division +00:23:41 SiemensI # Siemens AB, Infrastructure & Cities, Building Technologies Division, IC BT SSP SP BA PR 00:23:42 CoffeeEq # Coffee Equipment Company 00:23:43 Tem # TEM AG 00:23:44 Objectiv # Objective Interface Systems, Inc. @@ -9676,7 +9676,7 @@ 00:25:B6 TelecomF # Telecom FM 00:25:B7 CostarEl # Costar electronics, inc., 00:25:B8 AgileCom # Agile Communications, Inc. -00:25:B9 Agilink # Agilink Systems Corp. +00:25:B9 CypressS # Cypress Solutions Inc 00:25:BA Alcatel- # Alcatel-Lucent IPD 00:25:BB Innerint # INNERINT Co., Ltd. 00:25:BC Apple @@ -10413,7 +10413,7 @@ 00:40:63 ViaTechn # VIA TECHNOLOGIES, INC. 00:40:64 KlaInstr # KLA INSTRUMENTS CORPORATION 00:40:65 GteSpace # GTE SPACENET -00:40:66 HitachiC # HITACHI CABLE, LTD. +00:40:66 HitachiM # Hitachi Metals, Ltd 00:40:67 Omnibyte # OMNIBYTE CORPORATION 00:40:68 Extended # EXTENDED SYSTEMS 00:40:69 Lemcom # LEMCOM SYSTEMS, INC. @@ -15048,7 +15048,7 @@ 00:60:A1 Vpnet # VPNet, Inc. 00:60:A2 NihonUni # NIHON UNISYS LIMITED CO. 00:60:A3 Continuu # CONTINUUM TECHNOLOGY CORP. -00:60:A4 Grinaker # GRINAKER SYSTEM TECHNOLOGIES +00:60:A4 GewTechn # GEW Technologies (PTY)Ltd 00:60:A5 Performa # PERFORMANCE TELECOM CORP. 00:60:A6 Particle # PARTICLE MEASURING SYSTEMS 00:60:A7 Microsen # MICROSENS GmbH & CO. KG @@ -15412,6 +15412,7 @@ 00:80:FF SocDeTel # SOC. DE TELEINFORMATIQUE RTC 00:86:A0 Private 00:88:65 Apple +00:8B:43 Rftech 00:8C:10 BlackBox # Black Box Corp. 00:8C:54 AdbBroad # ADB Broadband Italia 00:8C:FA Inventec # Inventec Corporation @@ -16799,6 +16800,7 @@ 00:E6:D3 NixdorfC # NIXDORF COMPUTER CORP. 00:E8:AB MeggittT # Meggitt Training Systems, Inc. 00:EB:2D SonyMobi # Sony Mobile Communications AB +00:EE:BD Htc # HTC Corporation 00:F0:51 Kwb # KWB Gmbh 00:F4:03 OrbisOy # Orbis Systems Oy 00:F4:B9 Apple @@ -16905,6 +16907,7 @@ 04:D7:83 Y&HE&C # Y&H E&C Co.,LTD. 04:DA:D2 Cisco 04:DB:56 Apple # Apple, Inc. +04:DB:8A SuntechI # Suntech International Ltd. 04:DD:4C Velocyte # Velocytech 04:DF:69 CarConne # Car Connectivity Consortium 04:E0:C4 Triumph- # TRIUMPH-ADLER AG @@ -16917,6 +16920,7 @@ 04:E9:E5 PjrcComL # PJRC.COM, LLC 04:EE:91 X-Fabric # x-fabric GmbH 04:F0:21 CompexPt # Compex Systems Pte Ltd +04:F1:3E Apple 04:F1:7D TaranaWi # Tarana Wireless 04:F4:BC XenaNetw # Xena Networks 04:F7:E4 Apple @@ -17097,19 +17101,23 @@ 08:3A:B8 ShinodaP # Shinoda Plasma Co., Ltd. 08:3E:0C ArrisGro # ARRIS Group, Inc. 08:3E:8E HonHaiPr # Hon Hai Precision Ind.Co.Ltd +08:3F:3E Wsh # WSH GmbH 08:3F:76 Intellia # Intellian Technologies, Inc. 08:40:27 Gridstor # Gridstore Inc. 08:48:2C RaycoreT # Raycore Taiwan Co., LTD. +08:49:29 Cybati 08:4E:1C H2aLlc # H2A Systems, LLC 08:4E:BF BroadNet # Broad Net Mux Corporation 08:51:2E OrionDia # Orion Diagnostica Oy 08:52:40 EbvElekt # EbV Elektronikbau- und Vertriebs GmbH +08:57:00 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. 08:5A:E0 Recovisi # Recovision Technology Co., Ltd. 08:5B:0E Fortinet # Fortinet, Inc. 08:60:6E AsustekC # ASUSTek COMPUTER INC. 08:63:61 HuaweiTe # Huawei Technologies Co., Ltd 08:68:D0 JapanSys # Japan System Design 08:68:EA EitoElec # EITO ELECTRONICS CO., LTD. +08:6D:F2 Shenzhen # Shenzhen MIMOWAVE Technology Co.,Ltd 08:70:45 Apple 08:75:72 ObeluxOy # Obelux Oy 08:76:18 VieTechn # ViE Technologies Sdn. Bhd. @@ -17186,6 +17194,7 @@ 0C:47:3D HitronTe # Hitron Technologies. Inc 0C:4C:39 Mitrasta # Mitrastar Technology 0C:4D:E9 Apple +0C:4F:5A Asa-RtSR # ASA-RT s.r.l. 0C:51:F7 ChauvinA # CHAUVIN ARNOUX 0C:54:A5 Pegatron # PEGATRON CORPORATION 0C:55:21 Axiros # Axiros GmbH @@ -17253,6 +17262,7 @@ 0C:DC:CC InalaTec # Inala Technologies 0C:DD:EF Nokia # Nokia Corporation 0C:DF:A4 SamsungE # Samsung Electronics Co.,Ltd +0C:E0:E4 Plantron # Plantronics, Inc 0C:E5:D3 DhElectr # DH electronics GmbH 0C:E7:09 FoxCrypt # Fox Crypto B.V. 0C:E8:2F Bonfigli # Bonfiglioli Vectron GmbH @@ -17359,6 +17369,7 @@ 10:D5:42 SamsungE # Samsung Electronics Co.,Ltd 10:DD:B1 Apple 10:DD:F4 MaxwayEl # Maxway Electronics CO.,LTD +10:DE:E4 Automati # automationNEXT GmbH 10:E2:D5 QiHardwa # Qi Hardware Inc. 10:E3:C7 SeohwaTe # Seohwa Telecom 10:E4:AF AprLlc # APR, LLC @@ -17429,6 +17440,8 @@ 14:B1:26 Industri # Industrial Software Co 14:B1:C8 Infiniwi # InfiniWing, Inc. 14:B7:3D ArcheanT # ARCHEAN Technologies +14:B9:68 HuaweiTe # Huawei Technologies Co., Ltd +14:C0:89 DuneHd # DUNE HD LTD 14:C2:1D SabtechI # Sabtech Industries 14:CC:20 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD 14:CF:8D OhsungEl # OHSUNG ELECTRONICS CO., LTD. @@ -17469,6 +17482,7 @@ 18:1E:B0 SamsungE # Samsung Electronics Co.,Ltd 18:20:12 AztechAs # Aztech Associates Inc. 18:20:32 Apple +18:20:A6 Sage # Sage Co., Ltd. 18:26:66 SamsungE # Samsung Electronics Co.,Ltd 18:28:61 AirtiesW # AirTies Wireless Networks 18:2A:7B Nintendo # Nintendo Co., Ltd. @@ -17562,6 +17576,7 @@ 1C:17:D3 Cisco # CISCO SYSTEMS, INC. 1C:18:4A Shenzhen # ShenZhen RicherLink Technologies Co.,LTD 1C:19:DE Eyevis # eyevis GmbH +1C:1B:68 ArrisGro # ARRIS Group, Inc. 1C:1D:67 Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 1C:1D:86 Cisco 1C:33:4D ItsTelec # ITS Telecom @@ -17635,17 +17650,21 @@ 1C:E2:CC TexasIns # Texas Instruments 1C:E6:2B Apple 1C:E6:C7 Cisco +1C:EE:E8 IlshinEl # Ilshin Elecom 1C:F0:61 Scaps # SCAPS GmbH 1C:F4:CA Private 1C:F5:E7 TurtleIn # Turtle Industry Co., Ltd. 1C:FA:68 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. +1C:FC:BB Realfict # Realfiction ApS 1C:FE:A7 Identyte # IDentytech Solutins Ltd. 20:01:4F LineaRes # Linea Research Ltd 20:02:AF MurataMa # Murata Manufactuaring Co.,Ltd. 20:05:05 RadmaxCo # RADMAX COMMUNICATION PRIVATE LIMITED 20:05:E8 OooInpro # OOO InProMedia +20:08:ED HuaweiTe # Huawei Technologies Co., Ltd 20:0A:5E Xiangsha # Xiangshan Giant Eagle Technology Developing co.,LTD 20:0B:C7 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD +20:0C:C8 Netgear # NETGEAR INC., 20:0E:95 Iec–Tc9W # IEC – TC9 WG43 20:10:7A GemtekTe # Gemtek Technology Co., Ltd. 20:12:57 MostLuck # Most Lucky Trading Ltd @@ -17722,6 +17741,7 @@ 20:E5:2A Netgear # NETGEAR INC., 20:E5:64 ArrisGro # ARRIS Group, Inc. 20:E7:91 SiemensH # Siemens Healthcare Diagnostics, Inc +20:EA:C7 Shenzhen # SHENZHEN RIOPINE ELECTRONICS CO., LTD 20:EE:C6 Elefirst # Elefirst Science & Tech Co ., ltd 20:F0:02 MtdataDe # MTData Developments Pty. Ltd. 20:F3:A3 HuaweiTe # Huawei Technologies Co., Ltd @@ -17738,11 +17758,13 @@ 24:0B:B1 KostalIn # KOSTAL Industrie Elektrik GmbH 24:10:64 Shenzhen # Shenzhen Ecsino Tecnical Co. Ltd 24:11:25 Hutek # Hutek Co., Ltd. +24:11:48 Entropix # Entropix, LLC 24:11:D0 Chongqin # Chongqing Ehs Science and Technology Development Co.,Ltd. 24:1A:8C Squarehe # Squarehead Technology AS 24:1B:13 Shanghai # Shanghai Nutshell Electronic Co., Ltd. 24:1F:2C Calsys # Calsys, Inc. 24:21:AB SonyEric # Sony Ericsson Mobile Communications +24:26:42 Sharp # SHARP Corporation. 24:2F:FA ToshibaG # Toshiba Global Commerce Solutions 24:37:4C CiscoSpv # Cisco SPVTG 24:37:EF EmcElect # EMC Electronic Media Communication SA @@ -17825,6 +17847,7 @@ 28:17:CE Omnisens # Omnisense Ltd 28:18:78 Microsof # Microsoft Corporation 28:18:FD AdityaIn # Aditya Infotech Ltd. +28:22:46 BeijingS # Beijing Sinoix Communication Co., LTD 28:26:A6 PbrElect # PBR electronics GmbH 28:28:5D ZyxelCom # ZyXEL Communications Corporation 28:29:D9 Globalbe # GlobalBeiMing technology (Beijing)Co. Ltd @@ -17848,6 +17871,8 @@ 28:5F:DB Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 28:60:46 LantechC # Lantech Communications Global, Inc. 28:60:94 Capelec +28:63:36 Siemens- # Siemens AG - Industrial Automation - EWA +28:65:6B Keystone # Keystone Microtech Corporation 28:6A:B8 Apple 28:6A:BA Apple 28:6D:97 Samjin # SAMJIN Co., Ltd. @@ -17866,6 +17891,7 @@ 28:94:AF SamhwaTe # Samhwa Telecom 28:98:7B SamsungE # Samsung Electronics Co.,Ltd 28:9A:4B Steelser # SteelSeries ApS +28:9A:FA TctMobil # TCT Mobile Limited 28:9E:DF DanfossT # Danfoss Turbocor Compressors, Inc 28:A1:86 Enblink 28:A1:92 GerpSolu # GERP Solution @@ -17878,11 +17904,13 @@ 28:B3:AB GenmarkA # Genmark Automation 28:BA:18 NextnavL # NextNav, LLC 28:BA:B5 SamsungE # Samsung Electronics Co.,Ltd +28:BB:59 RnetTech # RNET Technologies, Inc. 28:BE:9B Technico # Technicolor USA Inc. 28:C0:DA JuniperN # Juniper Networks 28:C6:71 YotaDevi # Yota Devices OY 28:C6:8E Netgear # NETGEAR INC., 28:C7:18 Altierre +28:C8:25 Dellking # DellKing Industrial Co., Ltd 28:C9:14 Taimag # Taimag Corporation 28:CB:EB One 28:CC:01 SamsungE # Samsung Electronics Co.,Ltd @@ -17898,6 +17926,7 @@ 28:D9:3E Telecor # Telecor Inc. 28:D9:97 YuduanMo # Yuduan Mobile Co., Ltd. 28:DB:81 Shanghai # Shanghai Guao Electronic Technology Co., Ltd +28:DE:F6 Biomerie # bioMerieux Inc. 28:E0:2C Apple 28:E1:4C Apple # Apple, Inc. 28:E2:97 Shanghai # Shanghai InfoTM Microelectronics Co.,Ltd. @@ -17916,6 +17945,7 @@ 2C:00:33 Econtrol # EControls, LLC 2C:00:F7 Xos 2C:06:23 WinLeade # Win Leader Inc. +2C:07:3C Devline # DEVLINE LIMITED 2C:10:C1 Nintendo # Nintendo Co., Ltd. 2C:18:AE TrendEle # Trend Electronics Co., Ltd. 2C:19:84 IdnTelec # IDN Telecom, Inc. @@ -17941,6 +17971,7 @@ 2C:44:01 SamsungE # Samsung Electronics Co.,Ltd 2C:44:1B Spectrum # Spectrum Medical Limited 2C:44:FD HewlettP # Hewlett Packard +2C:53:4A Shenzhen # Shenzhen Winyao Electronic Limited 2C:54:2D Cisco # CISCO SYSTEMS, INC. 2C:55:3C Gainspee # Gainspeed, Inc. 2C:59:E5 HewlettP # Hewlett Packard @@ -17966,6 +17997,7 @@ 2C:91:27 Eintechn # Eintechno Corporation 2C:92:2C KishuGik # Kishu Giken Kogyou Company Ltd,. 2C:94:64 Cincoze # Cincoze Co., Ltd. +2C:95:7F Zte # zte corporation 2C:97:17 ICYBV # I.C.Y. B.V. 2C:9E:5F ArrisGro # ARRIS Group, Inc. 2C:9E:FC Canon # CANON INC. @@ -18054,11 +18086,13 @@ 30:90:AB Apple 30:92:F6 Shanghai # SHANGHAI SUNMON COMMUNICATION TECHNOGY CO.,LTD 30:9B:AD BbkElect # BBK Electronics Corp., Ltd., +30:A8:DB SonyMobi # Sony Mobile Communications AB 30:AA:BD Shanghai # Shanghai Reallytek Information Technology Co.,Ltd 30:AE:7B DeqingDu # Deqing Dusun Electron CO., LTD 30:AE:F6 RadioMob # Radio Mobile Access 30:B2:16 HytecGer # Hytec Geraetebau GmbH 30:B3:A2 Shenzhen # Shenzhen Heguang Measurement & Control Technology Co.,Ltd +30:B5:C2 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. 30:C8:2A Wi-NextS # Wi-Next s.r.l. 30:CD:A7 SamsungE # Samsung Electronics ITS, Printer division 30:D3:57 Logosol # Logosol, Inc. @@ -18071,6 +18105,7 @@ 30:EF:D1 AlstomSt # Alstom Strongwish (Shenzhen) Co., Ltd. 30:F3:1D Zte # zte corporation 30:F3:3A +PluggSr # +plugg srl +30:F4:2F Esp 30:F7:0D Cisco # Cisco Systems 30:F7:C5 Apple 30:F9:ED Sony # Sony Corporation @@ -18080,6 +18115,7 @@ 34:13:A8 Mediplan # Mediplan Limited 34:13:E8 IntelCor # Intel Corporate 34:15:9E Apple +34:17:EB DellPcba # Dell Inc PCBA Test 34:1A:4C Shenzhen # SHENZHEN WEIBU ELECTRONICS CO.,LTD. 34:1B:22 Grandbei # Grandbeing Technology Co., Ltd 34:21:09 JensenSc # Jensen Scandinavia AS @@ -18090,9 +18126,11 @@ 34:2F:6E Anywire # Anywire corporation 34:31:11 SamsungE # Samsung Electronics Co.,Ltd 34:40:B5 Ibm +34:46:6F HitemEng # HiTEM Engineering 34:4B:3D Fiberhom # Fiberhome Telecommunication Tech.Co.,Ltd. 34:4B:50 Zte # ZTE Corporation 34:4F:3F Io-Power # IO-Power Technology Co., Ltd. +34:4F:5C R&Amp;M # R&M AG 34:4F:69 EkinopsS # EKINOPS SAS 34:51:C9 Apple 34:5B:11 EviHeat # EVI HEAT AB @@ -18157,6 +18195,8 @@ 34:D2:C4 RenaPrin # RENA GmbH Print Systeme 34:D7:B4 Tributar # Tributary Systems, Inc. 34:DB:FD Cisco +34:DE:1A IntelCor # Intel Corporate +34:DE:34 Zte # zte corporation 34:DF:2A FujikonI # Fujikon Industrial Co.,Limited 34:E0:CF Zte # zte corporation 34:E0:D7 Dongguan # DONGGUAN QISHENG ELECTRONICS INDUSTRIAL CO., LTD @@ -18203,6 +18243,7 @@ 38:66:45 OosicTec # OOSIC Technology CO.,Ltd 38:67:93 AsiaOpti # Asia Optical Co., Inc. 38:6B:BB ArrisGro # ARRIS Group, Inc. +38:6C:9B IvyBiome # Ivy Biomedical 38:6E:21 WasionGr # Wasion Group Ltd. 38:72:C0 Comtrend 38:7B:47 Akela # AKELA, Inc. @@ -18243,7 +18284,9 @@ 38:EC:11 NovatekM # Novatek Microelectronics Corp. 38:EC:E4 SamsungE # Samsung Electronics 38:EE:9D Anedo # Anedo Ltd. +38:F0:98 VaporSto # Vapor Stone Rail Systems 38:F5:97 Home2net # home2net GmbH +38:F7:08 National # National Resource Management, Inc. 38:F8:B7 V2comPar # V2COM PARTICIPACOES S.A. 38:FE:C5 EllipsBV # Ellips B.V. 3C:00:00 3Com @@ -18253,7 +18296,9 @@ 3C:07:54 Apple 3C:07:71 Sony # Sony Corporation 3C:08:1E BeijingY # Beijing Yupont Electric Power Technology Co.,Ltd +3C:08:F6 Cisco 3C:09:6D Powerhou # Powerhouse Dynamics +3C:0C:48 Servergy # Servergy, Inc. 3C:0E:23 Cisco 3C:0F:C1 KbcNetwo # KBC Networks 3C:10:40 DaesungN # daesung network @@ -18300,6 +18345,7 @@ 3C:81:D8 Sagemcom # SAGEMCOM SAS 3C:83:B5 AdvanceV # Advance Vision Electronics Co. Ltd. 3C:86:A8 Sangshin # Sangshin elecom .co,, LTD +3C:89:A6 Kapelse 3C:8A:B0 JuniperN # Juniper Networks 3C:8A:E5 TensunIn # Tensun Information Technology(Hangzhou) Co.,LTD 3C:8B:FE SamsungE # Samsung Electronics @@ -18332,6 +18378,7 @@ 3C:D7:DA SkMtekMi # SK Mtek microelectronics(shenzhen)limited 3C:D9:2B Hewlett- # Hewlett-Packard Company 3C:DF:1E Cisco # CISCO SYSTEMS, INC. +3C:DF:BD HuaweiTe # Huawei Technologies Co., Ltd 3C:E0:72 Apple 3C:E5:A6 Hangzhou # Hangzhou H3C Technologies Co., Ltd. 3C:E5:B4 KidasenI # KIDASEN INDUSTRIA E COMERCIO DE ANTENAS LTDA @@ -18392,6 +18439,7 @@ 40:70:4A PowerIde # Power Idea Technology Limited 40:70:74 LifeTech # Life Technology (China) Co., Ltd 40:74:96 AfunTech # aFUN TECHNOLOGY INC. +40:78:75 Imbel-In # IMBEL - Industria de Material Belico do Brasil 40:7A:80 Nokia # Nokia Corporation 40:7B:1B MettleNe # Mettle Networks Inc. 40:83:DE Motorola @@ -18408,6 +18456,7 @@ 40:9F:C7 Baekchun # BAEKCHUN I&C Co., Ltd. 40:A6:A4 Passivsy # PassivSystems Ltd 40:A6:D9 Apple +40:A8:F0 HewlettP # Hewlett Packard 40:AC:8D DataMana # Data Management, Inc. 40:B0:FA LgElectr # LG Electronics 40:B2:C8 NortelNe # Nortel Networks @@ -18841,6 +18890,62 @@ 40:D8:55:19:C0:00/36 ParrisSe # Parris Service Corporation 40:D8:55:19:D0:00/36 Emac # EMAC, Inc. 40:D8:55:19:E0:00/36 Thirdway # Thirdwayv Inc. +40:D8:55:19:F0:00/36 PatriaAv # Patria Aviation Oy +40:D8:55:1A:00:00/36 Futaba # Futaba Corporation +40:D8:55:1A:10:00/36 Kronotec # KRONOTECH SRL +40:D8:55:1A:20:00/36 Hipodrom # HIPODROMO DE AGUA CALIENTE, S.A. DE C.V. +40:D8:55:1A:30:00/36 Noritake # Noritake Itron Corporation +40:D8:55:1A:40:00/36 Cibite # cibite AG +40:D8:55:1A:50:00/36 Demopad +40:D8:55:1A:60:00/36 Rb-LinkW # RB-LINK Wireless +40:D8:55:1A:70:00/36 EntecEle # ENTEC Electric & Electronic CO., LTD +40:D8:55:1A:80:00/36 Multiobr # Multiobrabotka +40:D8:55:1A:90:00/36 LubinoSR # Lubino s.r.o. +40:D8:55:1A:A0:00/36 Broachli # Broachlink Technology Co.,Limited +40:D8:55:1A:B0:00/36 Rosslare # Rosslare Enterprises Limited +40:D8:55:1A:C0:00/36 Elan # ELAN SYSTEMS +40:D8:55:1A:D0:00/36 WicherDi # WICHER DIGITAL TECHNIK +40:D8:55:1A:E0:00/36 Autonomo # Autonomous Solutions, Inc +40:D8:55:1A:F0:00/36 Vigitron # Vigitron Inc. +40:D8:55:1B:00:00/36 Shin-EiE # Shin-ei Electronic Measuring Co.,Ltd. +40:D8:55:1B:10:00/36 Logos01S # Logos 01 S.r.l. +40:D8:55:1B:20:00/36 AgeAGilg # AGE A. Gilg Elektronik +40:D8:55:1B:30:00/36 BettiniS # BETTINI SRL +40:D8:55:1B:40:00/36 InforceC # Inforce Computing Inc. +40:D8:55:1B:50:00/36 A+EcKlei # A+EC Klein Ingenieurbuero +40:D8:55:1B:60:00/36 Magic # Magic Systems +40:D8:55:1B:70:00/36 TewsElek # TEWS Elektronik GmbH & Co. KG +40:D8:55:1B:80:00/36 Orion # Orion Systems, Inc +40:D8:55:1B:90:00/36 BekingIn # Beking Industrieele automatisering +40:D8:55:1B:A0:00/36 Creative # Creative Lighting And Sound Systems Pty Ltd +40:D8:55:1B:B0:00/36 Micromeg # Micromega Dynamics SA +40:D8:55:1B:C0:00/36 Kbdevice # KbDevice,Inc. +40:D8:55:1B:D0:00/36 HoribaAb # HORIBA ABX +40:D8:55:1B:E0:00/36 PeekTraf # PEEK TRAFFIC +40:D8:55:1B:F0:00/36 Shanghai # shanghai mingding information tech co.Ltd +40:D8:55:1C:00:00/36 NpbAutom # NPB Automation AB +40:D8:55:1C:10:00/36 TriamecM # Triamec Motion AG +40:D8:55:1C:20:00/36 DigitalD # Digital Display Systems +40:D8:55:1C:30:00/36 CornfedL # Cornfed Systems LLC +40:D8:55:1C:40:00/36 QedAdvan # QED Advanced Systems Limited +40:D8:55:1C:60:00/36 DeviceSo # Device Solutions Ltd +40:D8:55:1C:70:00/36 Wexiödis # Wexiödisk AB +40:D8:55:1C:80:00/36 SensataT # Sensata Technologies +40:D8:55:1C:90:00/36 Andy-L # Andy-L Ltd. +40:D8:55:1C:A0:00/36 RigelEng # Rigel Engineering +40:D8:55:1C:B0:00/36 MgSRL # MG S.r.l. +40:D8:55:1C:D0:00/36 YxlonInt # YXLON International A/S +40:D8:55:1C:E0:00/36 PeterHub # Peter Huber +40:D8:55:1C:F0:00/36 OmnikNew # Omnik New Energy Co., Ltd +40:D8:55:1D:00:00/36 WebeasyB # Webeasy BV +40:D8:55:1D:10:00/36 FounderB # Founder Broadband Network Service Co.,Ltd. +40:D8:55:1D:20:00/36 Inventla # InventLab s.c. +40:D8:55:1D:30:00/36 KalugaTe # Kaluga Teletypes Manufacturing Plant +40:D8:55:1D:40:00/36 PrismaEn # Prisma Engineering srl +40:D8:55:1D:50:00/36 Fst21 # FST21 Ltd. +40:D8:55:1D:60:00/36 EmsCompu # EMS Computers Pty Ltd +40:D8:55:1D:70:00/36 Wheatsto # Wheatstone Corporation +40:D8:55:1D:80:00/36 OwlCompu # Owl Computing Technologies, Inc. 40:E7:30 DeyStora # DEY Storage Systems, Inc. 40:E7:93 Shenzhen # Shenzhen Siviton Technology Co.,Ltd 40:EC:F8 Siemens # Siemens AG @@ -18879,6 +18984,7 @@ 44:3E:B2 Deotron # DEOTRON Co., LTD. 44:45:53 Microsoft 44:46:49 DfiDiamo # DFI (Diamond Flower Industries) +44:48:91 HdmiLice # HDMI Licensing, LLC 44:4A:65 Silverfl # Silverflare Ltd. 44:4C:0C Apple 44:4E:1A SamsungE # Samsung Electronics Co.,Ltd @@ -18901,6 +19007,7 @@ 44:7B:C4 Dualshin # DualShine Technology(SZ)Co.,Ltd 44:7C:7F Innoligh # Innolight Technology Corporation 44:7D:A5 VtionInf # VTION INFORMATION TECHNOLOGY (FUJIAN) CO.,LTD +44:7E:76 TrekTech # Trek Technology (S) Pte Ltd 44:7E:95 AlphaAnd # Alpha and Omega, Inc 44:83:12 Star-Net 44:85:00 IntelCor # Intel Corporate @@ -18924,6 +19031,7 @@ 44:B3:82 Kuang-Ch # Kuang-chi Institute of Advanced Technology 44:C1:5C TexasIns # Texas Instruments 44:C2:33 Guangzho # Guangzhou Comet Technology Development Co.Ltd +44:C3:06 Sifrom # SIFROM Inc. 44:C3:9B OooRubez # OOO RUBEZH NPO 44:C4:A9 OpticomC # Opticom Communication, LLC 44:C5:6F NgnEasyS # NGN Easy Satfinder (Tianjin) Electronic Co., Ltd @@ -18951,6 +19059,7 @@ 48:12:49 LuxcomTe # Luxcom Technologies Inc. 48:13:F3 BbkElect # BBK Electronics Corp., Ltd. 48:17:4C Micropow # MicroPower technologies +48:18:42 Shanghai # Shanghai Winaas Co. Equipment Co. Ltd. 48:1B:D2 IntronSc # Intron Scientific co., ltd. 48:28:2F Zte # ZTE Corporation 48:2C:EA Motorola # Motorola Inc Business Light Radios @@ -18966,6 +19075,7 @@ 48:52:61 Soreel 48:54:E8 Winbond? 48:5A:3F Wisol +48:5A:B6 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 48:5B:39 AsustekC # ASUSTek COMPUTER INC. 48:5D:60 Azurewav # Azurewave Technologies, Inc. 48:60:BC Apple @@ -18974,6 +19084,8 @@ 48:6E:73 Pica8 # Pica8, Inc. 48:6F:D2 Storsimp # StorSimple Inc 48:71:19 SgbGroup # SGB GROUP LTD. +48:74:6E Apple +48:76:04 Private 48:8E:42 Digalog # DIGALOG GmbH 48:91:53 Weinmann # Weinmann Geräte für Medizin GmbH + Co. KG 48:91:F6 Shenzhen # Shenzhen Reach software technology CO.,LTD @@ -18984,6 +19096,7 @@ 48:A6:D2 GjsunOpt # GJsun Optical Science and Tech Co.,Ltd. 48:AA:5D StoreEle # Store Electronic Systems 48:B2:53 Marketax # Marketaxess Corporation +48:B5:A7 GloryHor # Glory Horse Industries Ltd. 48:B8:DE Homewins # HOMEWINS TECHNOLOGY CO.,LTD. 48:B9:77 PulseonO # PulseOn Oy 48:B9:C2 Teletics # Teletics Inc. @@ -18992,6 +19105,7 @@ 48:C8:62 SimoWire # Simo Wireless,Inc. 48:C8:B6 Systec # SysTec GmbH 48:CB:6E CelloEle # Cello Electronics (UK) Ltd +48:D0:CF Universa # Universal Electronics, Inc. 48:D2:24 LiteonTe # Liteon Technology Corporation 48:D5:4C JedaNetw # Jeda Networks 48:D7:FF BlankomA # BLANKOM Antennentechnik GmbH @@ -19002,6 +19116,7 @@ 48:EA:63 Zhejiang # Zhejiang Uniview Technologies Co., Ltd. 48:EB:30 EternaTe # ETERNA TECHNOLOGY, INC. 48:ED:80 DaesungE # daesung eltec +48:EE:86 Utstarco # UTStarcom (China) Co.,Ltd 48:F2:30 Ubizcore # Ubizcore Co.,LTD 48:F3:17 Private 48:F4:7D Techvisi # TechVision Holding Internation Limited @@ -19107,6 +19222,7 @@ 50:11:EB Silverne # SilverNet Ltd 50:17:FF Cisco 50:1A:C5 Microsof # Microsoft +50:1C:BF Cisco 50:20:6B EmersonC # Emerson Climate Technologies Transportation Solutions 50:22:67 Pixelink 50:25:2B NethraIm # Nethra Imaging Incorporated @@ -19129,9 +19245,11 @@ 50:4A:5E Masimo # Masimo Corporation 50:4F:94 LoxoneEl # Loxone Electronics GmbH 50:56:63 TexasIns # Texas Instruments +50:56:A8 Jolla # Jolla Ltd 50:57:A8 Cisco # CISCO SYSTEMS, INC. 50:5A:C6 Guangdon # GUANGDONG SUPER TELECOM CO.,LTD. 50:60:28 Xirrus # Xirrus Inc. +50:61:84 Avaya # Avaya, Inc 50:61:D6 Indu-Sol # Indu-Sol GmbH 50:63:13 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 50:64:41 Greenlee @@ -19154,6 +19272,7 @@ 50:97:72 Westingh # Westinghouse Digital 50:98:71 Inventum # Inventum Technologies Private Limited 50:9F:27 HuaweiTe # Huawei Technologies Co., Ltd +50:A0:54 Actineon 50:A0:BF AlbaFibe # Alba Fiber Systems Inc. 50:A4:C8 SamsungE # Samsung Electronics Co.,Ltd 50:A6:E3 DavidCla # David Clark Company @@ -19161,6 +19280,7 @@ 50:A7:33 RuckusWi # Ruckus Wireless 50:AB:BF HoseoTel # Hoseo Telecom 50:AF:73 Shenzhen # Shenzhen Bitland Information Technology Co., Ltd. +50:B6:95 Micropoi # Micropoint Biotechnologies,Inc. 50:B7:C3 SamsungE # Samsung Electronics CO., LTD 50:B8:88 Wi2beTec # wi2be Tecnologia S/A 50:B8:A2 ImtechTe # ImTech Technologies LLC, @@ -19204,10 +19324,12 @@ 54:21:60 Resoluti # Resolution Products 54:22:F8 Zte # zte corporation 54:26:96 Apple +54:27:1E Azurewav # AzureWave Technonloies, Inc. 54:2A:9C LsyDefen # LSY Defense, LLC. 54:2C:EA Protectr # PROTECTRON 54:2F:89 EuclidLa # Euclid Laboratories, Inc. 54:31:31 RasterVi # Raster Vision Ltd +54:35:30 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 54:35:DF Symeo # Symeo GmbH 54:39:68 Edgewate # Edgewater Networks Inc 54:39:DF HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD @@ -19221,6 +19343,7 @@ 54:5E:BD NlTechno # NL Technologies 54:5F:A9 Teracom # Teracom Limited 54:61:EA Zaplox # Zaplox AB +54:72:4F Apple 54:73:98 ToyoElec # Toyo Electronics Corporation 54:74:E6 WebtechW # Webtech Wireless 54:75:D0 Cisco # CISCO SYSTEMS, INC. @@ -19241,14 +19364,18 @@ 54:9B:12 SamsungE # Samsung Electronics 54:9D:85 Eneracce # EnerAccess inc 54:A0:4F T-MacTec # t-mac Technologies Ltd +54:A3:1B Shenzhen # Shenzhen Linkworld Technology Co,.LTD 54:A5:1B Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd 54:A5:4B NscCommu # NSC Communications Siberia Ltd 54:A6:19 Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd 54:A9:D4 Minibar # Minibar Systems +54:AE:27 Apple 54:B6:20 SuhdolE& # SUHDOL E&C Co.Ltd. 54:BE:F7 Pegatron # PEGATRON CORPORATION 54:CD:A7 FujianSh # Fujian Shenzhou Electronic Co.,Ltd +54:CD:EE Shenzhen # ShenZhen Apexis Electronic Co.,Ltd 54:D0:ED AximComm # AXIM Communications +54:D1:63 Max-Tech # MAX-TECH,INC 54:D1:B0 Universa # Universal Laser Systems, Inc 54:D4:6F CiscoSpv # Cisco SPVTG 54:DF:63 Intrakey # Intrakey technologies GmbH @@ -19263,10 +19390,12 @@ 54:FB:58 Wiseware # WISEWARE, Lda 54:FD:BF ScheidtB # Scheidt & Bachmann GmbH 56:58:57 AculabPl # Aculab plc audio bridges +58:05:28 LabrisNe # LABRIS NETWORKS 58:05:56 Elettron # Elettronica GF S.r.L. 58:08:FA FiberOpt # Fiber Optic & telecommunication INC. 58:09:43 Private 58:09:E5 Kivic # Kivic Inc. +58:0A:20 Cisco 58:12:43 AcsipTec # AcSiP Technology Corp. 58:16:26 Avaya # Avaya, Inc 58:17:0C SonyEric # Sony Ericsson Mobile Communications AB @@ -19283,10 +19412,12 @@ 58:46:8F KoncarEl # Koncar Electronics and Informatics 58:46:E1 BaxterHe # Baxter Healthcare 58:48:C0 Coflec +58:49:3B PaloAlto # Palo Alto Networks 58:49:BA ChitaiEl # Chitai Electronic Corp. 58:4C:19 Chongqin # Chongqing Guohong Technology Development Company Limited 58:4C:EE DigitalO # Digital One Technologies, Limited 58:50:76 LinearEq # Linear Equipamentos Eletronicos SA +58:50:AB Tls # TLS Corporation 58:50:E6 BestBuy # Best Buy Corporation 58:55:CA Apple 58:56:E8 ArrisGro # ARRIS Group, Inc. @@ -19317,6 +19448,7 @@ 58:97:1E Cisco 58:98:35 Technico # Technicolor 58:98:6F Revoluti # Revolution Display +58:9C:FC FreebsdF # FreeBSD Foundation 58:A2:B5 LgElectr # LG Electronics 58:A7:6F Id # iD corporation 58:B0:35 Apple @@ -19362,6 +19494,7 @@ 5C:20:D0 AsoniCom # Asoni Communication Co., Ltd. 5C:22:C4 DaeEunEl # DAE EUN ELETRONICS CO., LTD 5C:24:79 Baltech # Baltech AG +5C:25:4C AvireGlo # Avire Global Pte Ltd 5C:26:0A Dell # Dell Inc. 5C:2A:EF OpenAcce # Open Access Pty Ltd 5C:33:27 SpazioIt # Spazio Italia srl @@ -19405,6 +19538,7 @@ 5C:B5:24 SonyEric # Sony Ericsson Mobile Communications AB 5C:BD:9E Hongkong # HONGKONG MIRACLE EAGLE TECHNOLOGY(GROUP) LIMITED 5C:C2:13 FrSauter # Fr. Sauter AG +5C:C5:D4 IntelCor # Intel Corporate 5C:C6:D0 Skyworth # Skyworth Digital technology(shenzhen)co.ltd. 5C:C9:D3 Palladiu # PALLADIUM ENERGY ELETRONICA DA AMAZONIA LTDA 5C:CA:32 Theben # Theben AG @@ -19422,12 +19556,14 @@ 5C:E2:23 DelphinT # Delphin Technology AG 5C:E2:86 NortelNe # Nortel Networks 5C:E2:F4 AcsipTec # AcSiP Technology Corp. +5C:E7:BF NewSingu # New Singularity International Technical Development Co.,Ltd 5C:E8:EB SamsungE # Samsung Electronics 5C:EB:4E RStahlHm # R. STAHL HMI Systems GmbH 5C:EE:79 GlobalDi # Global Digitech Co LTD 5C:F2:07 SpecoTec # Speco Technologies 5C:F3:70 Cc&CTech # CC&C Technologies, Inc 5C:F3:FC Ibm # IBM Corp +5C:F5:0D Institut # Institute of microelectronic applications 5C:F6:DC SamsungE # Samsung Electronics Co.,LTD 5C:F8:A1 MurataMa # Murata Manufactuaring Co.,Ltd. 5C:F9:38 Apple # Apple, Inc @@ -19445,6 +19581,7 @@ 60:19:29 Voltroni # VOLTRONIC POWER TECHNOLOGY(SHENZHEN) CORP. 60:1D:0F MidniteS # Midnite Solar 60:1E:02 Eltexala # EltexAlatau +60:21:03 Stcube # STCUBE.INC 60:21:C0 MurataMa # Murata Manufactuaring Co.,Ltd. 60:24:C1 JiangsuZ # Jiangsu Zhongxun Electronic Technology Co., Ltd 60:2A:54 Cardiote # CardioTek B.V. @@ -19527,8 +19664,10 @@ 60:FA:CD Apple 60:FB:42 Apple 60:FE:1E ChinaPal # China Palms Telecom.Ltd +60:FE:20 2Wire # 2 Wire 60:FE:C5 Apple 60:FE:F9 ThomasBe # Thomas & Betts +60:FF:DD CEElectr # C.E. ELECTRONICS, INC 64:00:F1 Cisco # CISCO SYSTEMS, INC. 64:05:BE NewLight # NEW LIGHT LED 64:09:4C BeijingS # Beijing Superbee Wireless Technology Co.,Ltd @@ -19564,6 +19703,7 @@ 64:54:22 EquinoxP # Equinox Payments 64:55:63 Inteligh # Intelight Inc. 64:55:7F NsfocusI # NSFOCUS Information Technology Co., Ltd. +64:55:B1 ArrisGro # ARRIS Group, Inc. 64:56:01 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD 64:5A:04 ChiconyE # Chicony Electronics Co., Ltd. 64:5D:D7 Shenzhen # Shenzhen Lifesense Medical Electronics Co., Ltd. @@ -19609,6 +19749,7 @@ 64:AE:0C Cisco # CISCO SYSTEMS, INC. 64:AE:88 Polytec # Polytec GmbH 64:B3:10 SamsungE # Samsung Electronics Co.,Ltd +64:B3:70 Powercom # PowerComm Solutons LLC 64:B6:4A Vivotech # ViVOtech, Inc. 64:B9:E8 Apple 64:BA:BD SdjTechn # SDJ Technologies, Inc. @@ -19633,8 +19774,10 @@ 64:E6:25 WoxuWire # Woxu Wireless Co., Ltd 64:E6:82 Apple 64:E8:4F Serialwa # Serialway Communication Technology Co. Ltd +64:E8:92 MorioDen # Morio Denki Co., Ltd. 64:E8:E6 GlobalMo # global moisture management system 64:E9:50 Cisco +64:EB:8C SeikoEps # Seiko Epson Corporation 64:ED:57 ArrisGro # ARRIS Group, Inc. 64:ED:62 Woori # WOORI SYSTEMS Co., Ltd 64:F2:42 GerdesAk # Gerdes Aktiengesellschaft @@ -19678,6 +19821,7 @@ 68:6E:23 Wi3 # Wi3 Inc. 68:72:51 Ubiquiti # Ubiquiti Networks 68:76:4F SonyMobi # Sony Mobile Communications AB +68:78:48 Westunit # Westunitis Co., Ltd. 68:78:4C NortelNe # Nortel Networks 68:79:24 Els-Gmbh # ELS-GmbH & Co. KG 68:79:ED Sharp # SHARP Corporation @@ -19686,6 +19830,7 @@ 68:83:1A PandoraM # Pandora Mobility Corporation 68:84:70 Essys # eSSys Co.,Ltd 68:85:40 IgiMobil # IGI Mobile, Inc. +68:85:6A Outerlin # OuterLink Corporation 68:86:A7 Cisco 68:86:E7 Orbotix # Orbotix, Inc. 68:87:6B InqMobil # INQ Mobile Limited @@ -19716,6 +19861,7 @@ 68:CD:0F UTek # U Tek Company Limited 68:CE:4E L-3Commu # L-3 Communications Infrared Products 68:D1:FD Shenzhen # Shenzhen Trimax Technology Co.,Ltd +68:D2:47 Portalis # Portalis LC 68:D9:25 ProsysDe # ProSys Development Services 68:DB:67 NantongC # Nantong Coship Electronics Co., Ltd 68:DB:96 OpwillTe # OPWILL Technologies CO .,LTD @@ -19733,6 +19879,7 @@ 68:FB:95 Generalp # Generalplus Technology Inc. 68:FC:B3 NextLeve # Next Level Security Systems, Inc. 6C:04:60 RbhAcces # RBH Access Technologies Inc. +6C:09:D6 Digiques # Digiquest Electronics LTD 6C:0E:0D SonyEric # Sony Ericsson Mobile Communications AB 6C:0F:6A JdcTech # JDC Tech Co., Ltd. 6C:15:F9 Nautroni # Nautronix Limited @@ -19761,8 +19908,10 @@ 6C:5C:DE Sunrepor # SunReports, Inc. 6C:5D:63 Shenzhen # ShenZhen Rapoo Technology Co., Ltd. 6C:5E:7A Ubiquito # Ubiquitous Internet Telecom Co., Ltd +6C:5F:1C LenovoMo # Lenovo Mobile Communication Technology Ltd. 6C:61:26 RinicomH # Rinicom Holdings 6C:62:6D Micro-St # Micro-Star INT'L CO., LTD +6C:64:1A PenguinC # Penguin Computing 6C:6F:18 Stereota # Stereotaxis, Inc. 6C:70:39 Novar # Novar GmbH 6C:71:D9 Azurewav # AzureWave Technologies, Inc @@ -19777,6 +19926,7 @@ 6C:90:B1 Sanlogic # SanLogic Inc 6C:92:BF InspurEl # Inspur Electronic Information Industry Co.,Ltd. 6C:98:EB Xyne # Xyne GmbH +6C:99:89 Cisco 6C:9A:C9 Valentin # Valentine Research, Inc. 6C:9B:02 Nokia # Nokia Corporation 6C:9C:E9 NimbleSt # Nimble Storage @@ -19830,6 +19980,7 @@ 70:25:26 Alcatel- # Alcatel-Lucent 70:25:59 Cybertan # CyberTAN Technology, Inc. 70:2B:1D E-DomusI # E-Domus International Limited +70:2C:1F Wisol 70:2F:4B Polyvisi # PolyVision Inc. 70:2F:97 AavaMobi # Aava Mobile Oy 70:30:18 Avaya # Avaya, Inc @@ -19846,6 +19997,7 @@ 70:4A:AE XstreamF # Xstream Flow (Pty) Ltd 70:4A:E4 Rinstrum # Rinstrum Pty Ltd 70:4C:ED Tmrg # TMRG, Inc. +70:4E:01 Kwangwon # KWANGWON TECH CO., LTD. 70:52:C5 Avaya # Avaya, Inc. 70:53:3F AlfaInst # Alfa Instrumentos Eletronicos Ltda. 70:54:D2 Pegatron # PEGATRON CORPORATION @@ -19953,6 +20105,7 @@ 74:65:D1 Atlinks 74:66:30 T:MiYtti # T:mi Ytti 74:6A:89 Rezolt # Rezolt Corporation +74:6A:8F VsVision # VS Vision Systems GmbH 74:6B:82 Movek 74:6F:3D Contec # Contec GmbH 74:72:F2 ChipsipT # Chipsip Technology Co., Ltd. @@ -19962,6 +20115,7 @@ 74:7E:1A RedEmbed # Red Embedded Design Limited 74:7E:2D BeijingT # Beijing Thomson CITIC Digital Technology Co. LTD. 74:86:7A DellPcba # Dell Inc PCBA Test +74:88:2A HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD 74:88:8B AdbBroad # ADB Broadband Italia 74:8E:08 Bestek # Bestek Corp. 74:8E:F8 BrocadeC # Brocade Communications Systems, Inc. @@ -19971,6 +20125,7 @@ 74:93:A4 ZebraTec # Zebra Technologies Corp. 74:94:3D Agjuncti # AgJunction 74:99:75 Ibm # IBM Corporation +74:9C:52 HuizhouD # Huizhou Desay SV Automotive Co., Ltd. 74:9D:DC 2wire 74:A4:A7 QrsMusic # QRS Music Technologies, Inc. 74:A4:B5 Powerlea # Powerleader Science and Technology Co. Ltd. @@ -19981,6 +20136,7 @@ 74:B9:EB FujianJi # Fujian JinQianMao Electronic Technology Co.,Ltd 74:BE:08 AtekProd # ATEK Products, LLC 74:BF:A1 Hyunteck +74:C6:21 Zhejiang # Zhejiang Hite Renewable Energy Co.,LTD 74:C9:9A Ericsson # Ericsson AB 74:CA:25 Calxeda # Calxeda, Inc. 74:CD:0C SmithMye # Smith Myers Communications Ltd. @@ -20027,9 +20183,11 @@ 78:2E:EF Nokia # Nokia Corporation 78:30:3B StephenT # Stephen Technologies Co.,Limited 78:30:E1 Ultracle # UltraClenz, LLC +78:31:C1 Apple 78:32:4F Millenni # Millennium Group, Inc. 78:3C:E3 Kai-Ee 78:3D:5B TelnetRe # TELNET Redes Inteligentes S.A. +78:3E:53 Bskyb # BSkyB Ltd 78:3F:15 Easysync # EasySYNC Ltd. 78:44:05 FujituHo # FUJITU(HONG KONG) ELECTRONIC Co.,LTD. 78:44:76 ZioncomT # Zioncom technology co.,ltd @@ -20038,6 +20196,7 @@ 78:47:1D SamsungE # Samsung Electronics Co.,Ltd 78:49:1D Will-Bur # The Will-Burt Company 78:4B:08 FRobotic # f.robotics acquisitions ltd +78:4B:87 MurataMa # Murata Manufacturing Co.,Ltd. 78:51:0C Liveu # LiveU Ltd. 78:52:1A SamsungE # Samsung Electronics Co.,Ltd 78:52:62 Shenzhen # Shenzhen Hojy Software Co., Ltd. @@ -20050,6 +20209,7 @@ 78:5C:72 HiosoTec # Hioso Technology Co., Ltd. 78:61:7C MitsumiE # MITSUMI ELECTRIC CO.,LTD 78:66:AE ZtecInst # ZTEC Instruments, Inc. +78:6A:89 HuaweiTe # Huawei Technologies Co., Ltd 78:6C:1C Apple 78:7F:62 GikMbh # GiK mbH 78:81:8F ServerRa # Server Racks Australia Pty Ltd @@ -20071,6 +20231,7 @@ 78:A1:83 Advidia 78:A2:A0 Nintendo # Nintendo Co., Ltd. 78:A3:E4 Apple +78:A5:04 TexasIns # Texas Instruments 78:A5:DD Shenzhen # Shenzhen Smarteye Digital Electronics Co., Ltd 78:A6:83 Precidat # Precidata 78:A6:BD DaeyeonC # DAEYEON Control&Instrument Co,.Ltd @@ -20102,6 +20263,7 @@ 78:D3:8D Hongkong # HONGKONG YUNLINK TECHNOLOGY LIMITED 78:D5:B5 Navielek # NAVIELEKTRO KY 78:D6:F0 SamsungE # Samsung Electro Mechanics +78:D7:52 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD 78:D9:9F NucomHk # NuCom HK Ltd. 78:DA:6E Cisco 78:DA:B3 GboTechn # GBO Technology @@ -20121,6 +20283,7 @@ 78:F7:D0 Silverbr # Silverbrook Research 78:FE:3D JuniperN # Juniper Networks 78:FE:41 SocusNet # Socus networks +78:FE:E2 Shanghai # Shanghai Diveo Technology Co., Ltd 78:FF:57 IntelCor # Intel Corporate 7C:01:87 CurtisIn # Curtis Instruments, Inc. 7C:02:BC HansungE # Hansung Electronics Co. LTD @@ -20135,6 +20298,7 @@ 7C:11:BE Apple 7C:14:76 DamallTe # Damall Technologies SAS 7C:16:0D Saia-Bur # Saia-Burgess Controls AG +7C:1A:03 8locatio # 8Locations Co., Ltd. 7C:1A:FC DalianCo # Dalian Co-Edifice Video Technology Co., Ltd 7C:1E:52 Microsof # Microsoft 7C:1E:B3 2nTeleko # 2N TELEKOMUNIKACE a.s. @@ -20178,6 +20342,7 @@ 7C:7D:41 JinmuyuE # Jinmuyu Electronics Co., Ltd. 7C:82:2D Nortec 7C:83:06 GlenDimp # Glen Dimplex Nordic as +7C:8D:91 Shanghai # Shanghai Hongzhuo Information Technology co.,LTD 7C:8E:E4 TexasIns # Texas Instruments 7C:94:B2 PhilipsH # Philips Healthcare PCCI 7C:95:F3 Cisco @@ -20216,6 +20381,8 @@ 7C:DD:20 IoxosTec # IOXOS Technologies S.A. 7C:DD:90 Shenzhen # Shenzhen Ogemray Technology Co., Ltd. 7C:E0:44 Neon # NEON Inc +7C:E1:FF Computer # Computer Performance, Inc. DBA Digital Loggers, Inc. +7C:E4:AA Private 7C:E5:6B EsenOpto # ESEN Optoelectronics Technology Co.,Ltd. 7C:E9:D3 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 7C:EB:EA Asct @@ -20230,6 +20397,7 @@ 7C:FE:28 Salutron # Salutron Inc. 80:00:0B IntelCor # Intel Corporate 80:00:10 AttBellL # ATT BELL LABORATORIES +80:00:6E Apple 80:05:DF MontageT # Montage Technology Group Limited 80:07:A2 EssonTec # Esson Technology Inc. 80:0A:06 Comtec # COMTEC co.,ltd @@ -20262,6 +20430,7 @@ 80:57:19 SamsungE # Samsung Electronics Co.,Ltd 80:58:C5 NovatecK # NovaTec Kommunikationstechnik GmbH 80:60:07 Rim +80:61:8F Shenzhen # Shenzhen sangfei consumer communications co.,ltd 80:64:59 Nimbus # Nimbus Inc. 80:65:E9 Benq # BenQ Corporation 80:66:29 Prescope # Prescope Technologies CO.,LTD. @@ -20365,8 +20534,10 @@ 84:82:F4 BeijingH # Beijing Huasun Unicreate Technology Co., Ltd 84:83:36 Newrun 84:83:71 Avaya # Avaya, Inc +84:84:33 ParadoxE # Paradox Engineering SA 84:85:06 Apple 84:8D:84 Rajant # Rajant Corporation +84:8E:0C Apple 84:8E:96 Embertec # Embertec Pty Ltd 84:8F:69 Dell # Dell Inc. 84:90:00 ArnoldRi # Arnold & Richter Cine Technik @@ -20441,11 +20612,13 @@ 88:86:A0 SimtonTe # Simton Technologies, Ltd. 88:87:17 Canon # CANON INC. 88:87:DD Darbeevi # DarbeeVision Inc. +88:89:14 AllCompo # All Components Incorporated 88:89:64 GsiElect # GSI Electronics Inc. 88:8B:5D StorageA # Storage Appliance Corporation 88:8C:19 BradyAsi # Brady Corp Asia Pacific Ltd 88:91:66 Viewcoop # Viewcooper Corp. 88:91:DD Racktivi # Racktivity +88:94:71 BrocadeC # Brocade Communications Systems, Inc. 88:94:F9 GemicomT # Gemicom Technology, Inc. 88:95:B9 UnifiedP # Unified Packet Systems Crop 88:96:76 TtcMarco # TTC MARCONI s.r.o. @@ -20456,6 +20629,7 @@ 88:9F:FA HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 88:A3:CC AmatisCo # Amatis Controls 88:A5:BD Qpcom # QPCOM INC. +88:A7:3C Ragentek # Ragentek Technology Group 88:AC:C1 Generito # Generiton Co., Ltd. 88:AE:1D CompalIn # COMPAL INFORMATION(KUNSHAN)CO.,LTD 88:B1:68 DeltaCon # Delta Control GmbH @@ -20467,17 +20641,21 @@ 88:C6:63 Apple 88:CB:87 Apple 88:D7:BC Dep # DEP Company +88:D9:62 CanopusU # Canopus Systems US LLC 88:DC:96 SenaoNet # SENAO Networks, Inc. 88:DD:79 Voltaire 88:E0:A0 Shenzhen # Shenzhen VisionSTOR Technologies Co., Ltd 88:E0:F3 JuniperN # Juniper Networks +88:E3:AB HuaweiTe # Huawei Technologies Co., Ltd 88:E7:12 Whirlpoo # Whirlpool Corporation 88:E7:A6 Iknowled # iKnowledge Integration Corp. +88:E8:F8 YongTaiE # YONG TAI ELECTRONIC (DONGGUAN) LTD. 88:E9:17 Tamaggo 88:ED:1C CudoComm # Cudo Communication Co., Ltd. 88:F0:77 Cisco # CISCO SYSTEMS, INC. 88:F4:88 CellonCo # cellon communications technology(shenzhen)Co.,Ltd. 88:F4:90 Jetmobil # Jetmobile Pte Ltd +88:F7:C7 Technico # Technicolor USA Inc. 88:FD:15 Lineeye # LINEEYE CO., LTD 88:FE:D6 Shanghai # ShangHai WangYong Software Co., Ltd. 8C:00:6D Apple @@ -20493,12 +20671,14 @@ 8C:21:0A Tp-LinkT # TP-LINK TECHNOLOGIES CO., LTD. 8C:27:1D Quanthou # QuantHouse 8C:27:8A Vocollec # Vocollect Inc +8C:29:37 Apple 8C:2D:AA Apple 8C:2F:39 IbaDosim # IBA Dosimetry GmbH 8C:33:30 Emfirst # EmFirst Co., Ltd. 8C:3A:E3 LgElectr # LG Electronics 8C:3C:07 SkivaTec # Skiva Technologies, Inc. 8C:3C:4A NakayoTe # NAKAYO TELECOMMUNICATIONS,INC. +8C:41:F2 RdaTechn # RDA Technologies Ltd. 8C:44:35 Shanghai # Shanghai BroadMobi Communication Technology Co., Ltd. 8C:4A:EE GigaTms # GIGA TMS INC 8C:4B:59 3dImagin # 3D Imaging & Simulations Corp @@ -20528,6 +20708,7 @@ 8C:77:12 SamsungE # Samsung Electronics Co.,Ltd 8C:77:16 Longchee # LONGCHEER TELECOMMUNICATION LIMITED 8C:7B:9D Apple +8C:7C:92 Apple 8C:7C:B5 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. 8C:7C:FF BrocadeC # Brocade Communications Systems, Inc. 8C:7E:B3 Lytro # Lytro, Inc. @@ -20547,6 +20728,7 @@ 8C:B7:F7 Shenzhen # Shenzhen UniStrong Science & Technology Co., Ltd 8C:B8:2C IpitomyC # IPitomy Communications 8C:B8:64 AcsipTec # AcSiP Technology Corp. +8C:BE:BE XiaomiTe # Xiaomi Technology Co.,Ltd 8C:C1:21 Panasoni # Panasonic Corporation AVC Networks Company 8C:C5:E1 Shenzhen # ShenZhen Konka Telecommunication Technology Co.,Ltd 8C:C7:AA RadinetC # Radinet Communications Inc. @@ -20606,6 +20788,7 @@ 90:47:16 Rorze # RORZE CORPORATION 90:49:FA Intel # Intel Corporation 90:4C:E5 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. +90:4E:2B HuaweiTe # Huawei Technologies Co., Ltd 90:50:7B Advanced # Advanced PANMOBIL Systems GmbH & Co. KG 90:51:3F Elettron # Elettronica Santerno 90:54:46 TesElect # TES ELECTRONIC SOLUTIONS @@ -20640,6 +20823,7 @@ 90:90:60 RsiVideo # RSI VIDEO TECHNOLOGIES 90:92:B4 DiehlBgt # Diehl BGT Defence GmbH & Co. KG 90:94:E4 D-LinkIn # D-Link International +90:98:64 Impex-Sa # Impex-Sat GmbH&Co KG 90:99:16 ElveesNe # ELVEES NeoTek OJSC 90:9D:E0 NewlandD # Newland Design + Assoc. Inc. 90:9F:43 Accutron # Accutron Instruments Inc. @@ -20665,10 +20849,14 @@ 90:D8:52 Comtec # Comtec Co., Ltd. 90:D9:2C Hug-Wits # HUG-WITSCHI AG 90:DA:4E Avanu +90:DB:46 E-LeadEl # E-LEAD ELECTRONIC CO., LTD +90:DF:B7 SMSSmart # s.m.s smart microwave sensors GmbH 90:E0:F0 HarmanIn # Harman International 90:E2:BA IntelCor # Intel Corporate 90:E6:BA AsustekC # ASUSTek COMPUTER INC. 90:EA:60 SpiLaser # SPI Lasers Ltd +90:F1:AA SamsungE # Samsung Electronics Co.,LTD +90:F1:B0 Hangzhou # Hangzhou Anheng Info&Tech CO.,LTD 90:F2:78 RadiusGa # Radius Gateway 90:F3:B7 KirisunC # Kirisun Communications Co., Ltd. 90:F4:C1 RandMcna # Rand McNally @@ -20725,6 +20913,7 @@ 94:98:A2 Shanghai # Shanghai LISTEN TECH.LTD 94:9B:FD TransNew # Trans New Technology, Inc. 94:9C:55 AltaData # Alta Data Technologies +94:9F:3F OptekDig # Optek Digital Technology company limited 94:9F:B4 ChengduJ # ChengDu JiaFaAnTai Technology Co.,Ltd 94:A7:BC Bodymedi # BodyMedia, Inc. 94:AA:B8 JoviewBe # Joview(Beijing) Technology Co. Ltd. @@ -20812,6 +21001,7 @@ 98:6D:C8 ToshibaM # TOSHIBA MITSUBISHI-ELECTRIC INDUSTRIAL SYSTEMS CORPORATION 98:73:C4 SageElec # Sage Electronic Engineering LLC 98:76:B6 Adafruit +98:77:70 PepDigit # Pep Digital Technology (Guangzhou) Co., Ltd 98:82:17 Disrupti # Disruptive Ltd 98:86:B1 Flyaudio # Flyaudio corporation (China) 98:89:ED AnademIn # Anadem Information Inc. @@ -20829,6 +21019,7 @@ 98:B8:E3 Apple 98:BC:57 SvaTechn # SVA TECHNOLOGIES CO.LTD 98:BC:99 Edeltech # Edeltech Co.,Ltd. +98:C0:EB GlobalRe # Global Regency Ltd 98:C8:45 Packetac # PacketAccess 98:CD:B4 Virident # Virident Systems, Inc. 98:D3:31 Shenzhen # Shenzhen Bolutek Technology Co.,Ltd. @@ -20841,6 +21032,7 @@ 98:E1:65 Accutome 98:E7:9A FoxconnN # Foxconn(NanJing) Communication Co.,Ltd. 98:EC:65 CosesyAp # Cosesy ApS +98:F0:AB Apple 98:F5:37 Zte # zte corporation 98:F8:C1 IdtTechn # IDT Technology Limited 98:F8:DB MariniIm # Marini Impianti Industriali s.r.l. @@ -20870,6 +21062,7 @@ 9C:31:78 FoshanHu # Foshan Huadian Intelligent Communications Teachnologies Co.,Ltd 9C:31:B6 KuliteSe # Kulite Semiconductor Products Inc 9C:3A:AF SamsungE # Samsung Electronics Co.,Ltd +9C:3E:AA Envylogi # EnvyLogic Co.,Ltd. 9C:41:7C HameTech # Hame Technology Co., Limited 9C:44:3D ChengduX # CHENGDU XUGUANG TECHNOLOGY CO, LTD 9C:44:A6 Swifttes # SwiftTest, Inc. @@ -20892,6 +21085,7 @@ 9C:5E:73 CalibreU # Calibre UK Ltd 9C:61:1D Omni-IdU # Omni-ID USA, Inc. 9C:64:5E HarmanCo # Harman Consumer Group +9C:65:F9 AcsipTec # AcSiP Technology Corp. 9C:66:50 GlodioTe # Glodio Technolies Co.,Ltd Tianjin Branch 9C:6A:BE QeesAps # QEES ApS. 9C:75:14 WildixSr # Wildix srl @@ -20900,6 +21094,7 @@ 9C:7B:D2 NeolabCo # NEOLAB Convergence 9C:80:7D Syscable # SYSCABLE Korea Inc. 9C:80:DF Arcadyan # Arcadyan Technology Corporation +9C:86:DA PhoenixG # Phoenix Geophysics Ltd. 9C:88:88 SimacTec # Simac Techniek NV 9C:8B:F1 Warehous # The Warehouse Limited 9C:8D:1A IntegPro # INTEG process group inc @@ -20923,6 +21118,7 @@ 9C:B7:0D LiteonTe # Liteon Technology Corporation 9C:B7:93 Creatcom # Creatcomm Technology Inc. 9C:BB:98 ShenZhen # Shen Zhen RND Electronic Co.,LTD +9C:BD:9D Skydisk # SkyDisk, Inc. 9C:C0:77 Printcou # PrintCounts, LLC 9C:C0:D2 Conducti # Conductix-Wampfler AG 9C:C7:A6 Avm # AVM GmbH @@ -20982,6 +21178,7 @@ A0:5D:C1 Tmct # TMCT Co., LTD. A0:5D:E7 Directv # DIRECTV, Inc. A0:5E:6B Melper # MELPER Co., Ltd. +A0:65:18 VnptTech # VNPT TECHNOLOGY A0:67:BE SiconSRL # Sicon s.r.l. A0:69:86 WellavTe # Wellav Technologies Ltd A0:6A:00 Verilink # Verilink Corporation @@ -21000,6 +21197,7 @@ A0:86:EC SaehanHi # SAEHAN HITEC Co., Ltd A0:88:69 IntelCor # Intel Corporate A0:88:B4 IntelCor # Intel Corporate +A0:89:E4 Skyworth # Skyworth Digital Technology(Shenzhen) Co.,Ltd A0:8A:87 HuizhouK # HuiZhou KaiYue Electronic Co.,Ltd A0:8C:15 GerhardD # Gerhard D. Wempe KG A0:8C:9B XtremeTe # Xtreme Technologies Corp @@ -21046,6 +21244,7 @@ A0:F3:E4 AlcatelL # Alcatel Lucent IPD A0:F4:19 Nokia # Nokia Corporation A0:F4:50 Htc # HTC Corporation +A0:F4:59 Fn-LinkT # FN-LINK TECHNOLOGY LIMITED A0:FE:91 AvatAuto # AVAT Automation GmbH A4:01:30 Abisyste # ABIsystems Co., LTD A4:05:9E StaInfin # STA Infinity LLP @@ -21081,6 +21280,7 @@ A4:5C:27 Nintendo # Nintendo Co., Ltd. A4:5D:36 HewlettP # Hewlett Packard A4:67:06 Apple +A4:6C:C1 LtiReene # LTi REEnergy GmbH A4:6E:79 DftSyste # DFT System Co.Ltd A4:77:33 Google A4:77:60 Nokia # Nokia Corporation @@ -21113,6 +21313,7 @@ A4:B8:18 PentaGes # PENTA Gesellschaft für elektronische Industriedatenverarbeitung mbH A4:B9:80 ParkingB # Parking BOXX Inc. A4:BA:DB Dell # Dell Inc. +A4:BB:AF LimeInst # Lime Instruments A4:BE:61 Eutrovis # EutroVision System, Inc. A4:C0:C7 Shenzhen # ShenZhen Hitom Communication Technology Co..LTD A4:C0:E1 Nintendo # Nintendo Co., Ltd. @@ -21155,6 +21356,7 @@ A8:1B:18 Xts # XTS CORP A8:1F:AF KryptonP # KRYPTON POLSKA A8:20:66 Apple +A8:24:EB ZaoNpoIn # ZAO NPO Introtest A8:26:D9 Htc # HTC Corporation A8:29:4C Precisio # Precision Optical Transceivers, Inc. A8:2B:D6 ShinaSys # Shina System Co., Ltd @@ -21166,6 +21368,7 @@ A8:49:A5 Lisantec # Lisantech Co., Ltd. A8:54:B2 WistronN # Wistron Neweb Corp. A8:55:6A Pocketne # Pocketnet Technology Inc. +A8:57:4E Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. A8:5B:B0 Shenzhen # Shenzhen Dehoo Technology Co.,Ltd A8:5B:F3 Audivo # Audivo GmbH A8:61:AA Cloudvie # Cloudview Limited @@ -21180,6 +21383,7 @@ A8:77:6F Zonoff A8:7B:39 Nokia # Nokia Corporation A8:7E:33 NokiaDan # Nokia Danmark A/S +A8:81:F1 BmeyeBV # BMEYE B.V. A8:86:DD Apple # Apple, Inc. A8:87:92 Broadban # Broadband Antenna Tracking Systems A8:87:ED ArcWirel # ARC Wireless LLC @@ -21197,8 +21401,10 @@ A8:AD:3D Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd A8:B0:AE Leoni A8:B1:D4 Cisco # CISCO SYSTEMS, INC. +A8:B9:B3 Essys A8:BB:CF Apple A8:BD:1A HoneyBee # Honey Bee (Hong Kong) Limited +A8:BD:3A Unionman # UNIONMAN TECHNOLOGY CO.,LTD A8:C2:22 Tm-Resea # TM-Research Inc. A8:CB:95 EastBest # EAST BEST CO., LTD. A8:CC:C5 SaabPubl # Saab AB (publ) @@ -21221,6 +21427,7 @@ AA:00:03 DigitalE # DIGITAL EQUIPMENT CORPORATION AA:00:04 DigitalE # DIGITAL EQUIPMENT CORPORATION AC:01:42 UrielTec # Uriel Technologies SIA +AC:02:CA HiSoluti # HI Solutions, Inc. AC:02:CF RwTecnol # RW Tecnologia Industria e Comercio Ltda AC:02:EF Comsis AC:06:13 Senselog # Senselogix Ltd @@ -21238,6 +21445,7 @@ AC:2F:A8 Humannix # Humannix Co.,Ltd. AC:31:9D Shenzhen # Shenzhen TG-NET Botone Technology Co.,Ltd. AC:34:CB ShanhaiG # Shanhai GBCOM Communication Technology Co. Ltd +AC:36:13 SamsungE # Samsung Electronics Co.,Ltd AC:3C:0B Apple AC:3C:B4 Nilan # Nilan A/S AC:3D:05 Instores # Instorescreen Aisa @@ -21304,12 +21512,14 @@ AC:CC:8E AxisComm # Axis Communications AB AC:CE:8F HwaYaoTe # HWA YAO TECHNOLOGIES CO., LTD AC:CF:23 Hi-Flyin # Hi-flying electronics technology Co.,Ltd +AC:CF:5C Apple AC:D1:80 Crexendo # Crexendo Business Solutions, Inc. AC:D3:64 AbbAbbSa # ABB SPA, ABB SACE DIV. AC:D6:57 ShaanxiG # Shaanxi Guolian Digital TV Technology Co., Ltd. AC:D9:D6 Tci # tci GmbH AC:DB:DA Shenzhen # Shenzhen Geniatech Inc, Ltd AC:DE:48 Private +AC:E0:69 IsaacIns # ISAAC Instruments AC:E2:15 HuaweiTe # Huawei Technologies Co., Ltd AC:E3:48 Madgetec # MadgeTech, Inc AC:E4:2E SkHynix # SK hynix @@ -21334,6 +21544,7 @@ B0:1B:7C OntrolAS # Ontrol A.S. B0:1C:91 Elim # Elim Co B0:24:F3 Progeny # Progeny Systems +B0:34:95 Apple B0:35:8D Nokia # Nokia Corporation B0:38:29 Siliconw # Siliconware Precision Industries Co., Ltd. B0:38:50 NanjingC # Nanjing CAS-ZDC IOT SYSTEM CO.,LTD @@ -21349,6 +21560,7 @@ B0:5C:E5 Nokia # Nokia Corporation B0:65:63 Shanghai # Shanghai Railway Communication Factory B0:65:BD Apple +B0:68:B6 Hangzhou # Hangzhou OYE Technology Co. Ltd B0:6C:BF 3alityDi # 3ality Digital Systems GmbH B0:75:0C QaCafe # QA Cafe B0:75:D5 Zte # ZTE Corporation @@ -21359,6 +21571,7 @@ B0:7D:62 Dipl-Ing # Dipl.-Ing. H. Horstmann GmbH B0:80:8C LaserLig # Laser Light Engines B0:81:D8 I-Sys # I-sys Corp +B0:86:9E Chloride # Chloride S.r.L B0:88:07 StrataWo # Strata Worldwide B0:89:91 Lge B0:8E:1A Uradio # URadio Systems Co., Ltd @@ -21384,6 +21597,7 @@ B0:BD:A1 ZakladEl # ZAKLAD ELEKTRONICZNY SIMS B0:BF:99 Wizitdon # WIZITDONGDO B0:C4:E7 SamsungE # Samsung Electronics +B0:C5:54 D-LinkIn # D-Link International B0:C6:9A JuniperN # Juniper Networks B0:C7:45 Buffalo # Buffalo Inc. B0:C8:3F JiangsuC # Jiangsu Cynray IOT Co., Ltd. @@ -21401,6 +21615,7 @@ B0:E8:92 SeikoEps # SEIKO EPSON CORPORATION B0:E9:7E Advanced # Advanced Micro Peripherals B0:EC:71 SamsungE # Samsung Electronics Co.,Ltd +B0:EC:8F GmxSas # GMX SAS B0:EE:45 Azurewav # AzureWave Technologies, Inc. B0:F1:BC DhemaxIn # Dhemax Ingenieros Ltda B0:FA:EB Cisco @@ -21416,12 +21631,14 @@ B4:0E:DC Lg-Erics # LG-Ericsson Co.,Ltd. B4:14:89 Cisco # CISCO SYSTEMS, INC. B4:15:13 HuaweiTe # HUAWEI TECHNOLOGIES CO.,LTD +B4:18:D1 Apple B4:1D:EF Internet # Internet Laboratories, Inc. B4:21:1D BeijingG # Beijing GuangXin Technology Co., Ltd B4:21:8A DogHunte # Dog Hunter LLC B4:24:E7 CodetekT # Codetek Technology Co.,Ltd B4:28:F1 E-Prime # E-Prime Co., Ltd. B4:2A:39 OrbitMer # ORBIT MERRET, spol. s r. o. +B4:2C:92 Zhejiang # Zhejiang Weirong Electronic Co., Ltd B4:2C:BE DirectPa # Direct Payment Solutions Limited B4:31:B8 Aviwest B4:34:6C Matsunic # MATSUNICHI DIGITAL TECHNOLOGY (HONG KONG) LIMITED @@ -21433,6 +21650,7 @@ B4:3D:B2 Degreane # Degreane Horizon B4:3E:3B Viablewa # Viableware, Inc B4:41:7A Shenzhen # ShenZhen Gongjin Electronics Co.,Ltd +B4:43:0D Broadlin # Broadlink Pty Ltd B4:4C:C2 NrElectr # NR ELECTRIC CO., LTD B4:51:F9 NbSoftwa # NB Software B4:52:53 SeagateT # Seagate Technology @@ -21453,22 +21671,25 @@ B4:82:7B AkgAcous # AKG Acoustics GmbH B4:82:C5 Relay2 # Relay2, Inc. B4:82:FE AskeyCom # Askey Computer Corp +B4:85:47 AmptownS # Amptown System Company GmbH B4:89:10 CosterTE # Coster T.E. S.P.A. B4:94:4E Weteleco # WeTelecom Co., Ltd. B4:98:42 Zte # zte corporation +B4:99:4C TexasIns # Texas Instruments B4:99:BA Hewlett- # Hewlett-Packard Company B4:9D:B4 AxionTec # Axion Technologies Inc. B4:9E:E6 Shenzhen # SHENZHEN TECHNOLOGY CO LTD B4:A4:B5 ZenEye # Zen Eye Co.,Ltd B4:A4:E3 Cisco # CISCO SYSTEMS, INC. B4:A5:A9 Modi # MODI GmbH -B4:A8:2B Histar +B4:A8:2B HistarDi # Histar Digital Electronics Co., Ltd. B4:A9:5A Avaya # Avaya, Inc B4:AA:4D Ensequen # Ensequence, Inc. B4:AB:2C MtmTechn # MtM Technology Corporation B4:B0:17 Avaya # Avaya, Inc B4:B3:62 Zte # ZTE Corporation B4:B5:2F HewlettP # Hewlett Packard +B4:B5:42 HubbellP # Hubbell Power Systems, Inc. B4:B5:AF MinsungE # Minsung Electronics B4:B6:76 IntelCor # Intel Corporate B4:B8:8D Thuh # Thuh Company @@ -21512,6 +21733,7 @@ B8:2C:A0 Honeywel # Honeywell HomMed B8:30:A8 Road-Tra # Road-Track Telematics Development B8:36:D8 Videoswi # Videoswitch +B8:38:61 Cisco B8:38:CA KyokkoTs # Kyokko Tsushin System CO.,LTD B8:3A:7B Worldpla # Worldplay (Canada) Inc. B8:3D:4E Shenzhen # Shenzhen Cultraview Digital Technology Co.,Ltd Shanghai Branch @@ -21687,6 +21909,7 @@ BC:EE:7B AsustekC # ASUSTek COMPUTER INC. BC:F2:AF Devolo # devolo AG BC:F5:AC LgElectr # LG Electronics +BC:F6:1C Geomodel # Geomodeling Wuxi Technology Co. Ltd. BC:F6:85 D-LinkIn # D-Link International BC:FE:8C Altronic # Altronic, LLC BC:FF:AC Topcon # TOPCON CORPORATION @@ -21775,16 +21998,20 @@ C0:E5:4E DenxComp # DENX Computer Systems GmbH C0:EA:E4 Sonicwal # Sonicwall C0:F1:C4 Pacidal # Pacidal Corporation Ltd. +C0:F7:9D Powercod # Powercode C0:F8:DA HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. C0:F9:91 GmeStand # GME Standard Communications P/L C4:01:42 Maxmedia # MaxMedia Technology Limited C4:01:7C RuckusWi # Ruckus Wireless C4:01:B1 Seektech # SeekTech INC C4:04:15 Netgear # NETGEAR INC., +C4:05:28 HuaweiTe # Huawei Technologies Co., Ltd C4:09:38 FujianSt # Fujian Star-net Communication Co., Ltd C4:0A:CB Cisco # CISCO SYSTEMS, INC. +C4:0E:45 AckNetwo # ACK Networks,Inc. C4:0F:09 HermesEl # Hermes electronic GmbH C4:10:8A RuckusWi # Ruckus Wireless +C4:14:3C Cisco C4:16:FA Prysm # Prysm Inc C4:17:FE HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. C4:19:8B Dominion # Dominion Voting Systems Corporation @@ -21795,6 +22022,7 @@ C4:24:2E Galvanic # Galvanic Applied Sciences Inc C4:26:28 AiroWire # Airo Wireless C4:27:95 Technico # Technicolor USA Inc. +C4:29:1D KlemsanE # KLEMSAN ELEKTRIK ELEKTRONIK SAN.VE TIC.AS. C4:2C:03 Apple C4:36:DA Rustelet # Rusteletech Ltd. C4:38:D3 Tagatec # TAGATEC CO.,LTD @@ -21809,7 +22037,9 @@ C4:48:38 SatcomDi # Satcom Direct, Inc. C4:4A:D0 Fireflie # FIREFLIES SYSTEMS C4:4B:44 Omniprin # Omniprint Inc. +C4:4E:1F Bluen C4:4E:AC Shenzhen # Shenzhen Shiningworth Technology Co., Ltd. +C4:50:06 SamsungE # Samsung Electronics Co.,Ltd C4:54:44 QuantaCo # QUANTA COMPUTER INC. C4:55:A6 CadacHol # Cadac Holdings Ltd C4:55:C2 Bach-Sim # Bach-Simpson @@ -21843,6 +22073,7 @@ C4:93:80 Speedyte # Speedytel technology C4:95:A2 Shenzhen # SHENZHEN WEIJIU INDUSTRY AND TRADE DEVELOPMENT CO., LTD C4:98:05 MinieumN # Minieum Networks, Inc +C4:A8:1D D-LinkIn # D-Link International C4:AA:A1 SummitDe # SUMMIT DEVELOPMENT, spol.s r.o. C4:AD:21 Mediaedg # MEDIAEDGE Corporation C4:B5:12 GeneralE # General Electric Digital Energy @@ -21850,6 +22081,7 @@ C4:C0:AE MidoriEl # MIDORI ELECTRONIC CO., LTD. C4:C1:9F National # National Oilwell Varco Instrumentation, Monitoring, and Optimization (NOV IMO) C4:C7:55 BeijingH # Beijing HuaqinWorld Technology Co.,Ltd +C4:C9:19 EnergyIm # Energy Imports Ltd C4:CA:D9 Hangzhou # Hangzhou H3C Technologies Co., Limited C4:CD:45 BeijingB # Beijing Boomsense Technology CO.,LTD. C4:D4:89 JiangsuJ # JiangSu Joyque Information Industry Co.,Ltd @@ -21860,6 +22092,7 @@ C4:E1:7C U2s # U2S co. C4:E7:BE Scspro # SCSpro Co.,Ltd C4:E9:2F Sciex # AB Sciex +C4:E9:84 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. C4:EB:E3 RrcnSas # RRCN SAS C4:ED:BA TexasIns # Texas Instruments C4:EE:AE VssMonit # VSS Monitoring @@ -21874,6 +22107,7 @@ C8:0E:77 LeShiZhi # Le Shi Zhi Xin Electronic Technology (Tianjin) Co.,Ltd C8:0E:95 Omnilync # OmniLync Inc. C8:14:79 SamsungE # Samsung Electronics Co.,Ltd +C8:16:BD HisenseE # HISENSE ELECTRIC CO.,LTD. C8:19:F7 SamsungE # Samsung Electronics Co.,Ltd C8:1A:FE Dlogic # DLOGIC GmbH C8:1E:8E AdvSecur # ADV Security (S) Pte Ltd @@ -21945,6 +22179,7 @@ C8:D1:D1 AgaitTec # AGAiT Technology Corporation C8:D2:C1 JetlunSh # Jetlun (Shenzhen) Corporation C8:D3:A3 D-LinkIn # D-Link International +C8:D4:29 Muehlbau # Muehlbauer AG C8:D5:FE Shenzhen # Shenzhen Zowee Technology Co., Ltd C8:D7:19 CiscoCon # Cisco Consumer Products, LLC C8:DD:C9 LenovoMo # Lenovo Mobile Communication Technology Ltd. @@ -21987,6 +22222,7 @@ CC:34:29 Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. CC:34:D7 GewissSP # GEWISS S.P.A. CC:35:40 Technico # Technicolor USA Inc. +CC:39:8C Shiningt # Shiningtek CC:3A:61 SamsungE # SAMSUNG ELECTRO MECHANICS CO., LTD. CC:3C:3F SaSSDate # SA.S.S. Datentechnik AG CC:3E:5F HewlettP # Hewlett Packard @@ -22020,14 +22256,19 @@ CC:7B:35 Zte # zte corporation CC:7D:37 ArrisGro # ARRIS Group, Inc. CC:7E:E7 Panasoni # Panasonic AVC Networks Company +CC:85:6C Shenzhen # SHENZHEN MDK DIGITAL TECHNOLOGY CO.,LTD +CC:89:FD Nokia # Nokia Corporation CC:8C:E3 TexasIns # Texas Instruments CC:90:93 HansongT # Hansong Tehnologies CC:91:2B TeConnec # TE Connectivity Touch Solutions CC:94:4A Pfeiffer # Pfeiffer Vacuum GmbH +CC:95:D7 Vizio # VIZIO, Inc CC:96:A0 Shenzhen # Shenzhen Huawei Communication Technologies Co., Ltd CC:9E:00 Nintendo # Nintendo Co., Ltd. +CC:9F:35 Transbit # Transbit Sp. z o.o. CC:A3:74 Guangdon # Guangdong Guanglian Electronic Technology Co.Ltd CC:A4:62 ArrisGro # ARRIS Group, Inc. +CC:A6:14 AifaTech # AIFA TECHNOLOGY CORP. CC:AF:78 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. CC:B2:55 D-LinkIn # D-Link International CC:B3:F8 FujitsuI # FUJITSU ISOTEC LIMITED @@ -22061,6 +22302,7 @@ CC:F8:F0 XiAnHisu # Xi'an HISU Multimedia Technology Co.,Ltd. CC:F9:54 Avaya # Avaya, Inc CC:F9:E8 SamsungE # Samsung Electronics Co.,Ltd +CC:FA:00 LgElectr # LG Electronics CC:FB:65 Nintendo # Nintendo Co., Ltd. CC:FC:6D RizTrans # RIZ TRANSMITTERS CC:FC:B1 Wireless # Wireless Technology, Inc. @@ -22088,6 +22330,7 @@ D0:54:2D Cambridg # Cambridge Industries(Group) Co.,Ltd. D0:57:4C Cisco # CISCO SYSTEMS, INC. D0:57:85 Pantech # Pantech Co., Ltd. +D0:57:A1 WermaSig # Werma Signaltechnik GmbH & Co. KG D0:58:75 ActiveCo # Active Control Technology Inc. D0:59:C3 Ceramicr # CeraMicro Technology Corporation D0:5A:0F I-BtDigi # I-BT DIGITAL CO.,LTD @@ -22097,12 +22340,15 @@ D0:66:7B SamsungE # Samsung Electronics Co., LTD D0:67:E5 Dell # Dell Inc D0:69:9E LuminexL # LUMINEX Lighting Control Equipment +D0:69:D0 VertoMed # Verto Medical Solutions, LLC D0:73:7F Mini-Cir # Mini-Circuits D0:73:8E DongOhPr # DONG OH PRECISION CO., LTD. D0:73:D5 LifiLabs # LIFI LABS MANAGEMENT PTY LTD D0:75:BE RenoA&E # Reno A&E +D0:7A:B5 HuaweiTe # Huawei Technologies Co., Ltd D0:7D:E5 ForwardP # Forward Pay Systems, Inc. D0:7E:28 HewlettP # Hewlett Packard +D0:7E:35 IntelCor # Intel Corporate D0:89:99 Apcon # APCON, Inc. D0:8A:55 Skullcan # Skullcandy D0:8B:7E PassifSe # Passif Semiconductor @@ -22111,6 +22357,7 @@ D0:93:F8 Stonestr # Stonestreet One LLC D0:95:C7 Pantech # Pantech Co., Ltd. D0:9B:05 Emtronix +D0:9C:30 FosterEl # Foster Electric Company, Limited D0:9D:0A Linkcom D0:A3:11 Neuberge # Neuberger Gebäudeautomation GmbH D0:AE:EC AlphaNet # Alpha Networks Inc. @@ -22168,10 +22415,13 @@ D4:1F:0C TviVisio # TVI Vision Oy D4:20:6D Htc # HTC Corporation D4:22:3F LenovoMo # Lenovo Mobile Communication Technology Ltd. +D4:22:4E AlcatelL # Alcatel Lucent D4:27:51 Infopia # Infopia Co., Ltd D4:28:B2 Iobridge # ioBridge, Inc. D4:29:EA Zimory # Zimory GmbH D4:2C:3D SkyLight # Sky Light Digital Limited +D4:2F:23 AkenoriP # Akenori PTE Ltd +D4:31:9D Sinwatec D4:3A:65 IgrsEngi # IGRS Engineering Lab Ltd. D4:3A:E9 Dongguan # DONGGUAN ipt INDUSTRIAL CO., LTD D4:3D:67 CarmaInd # Carma Industries Inc. @@ -22260,6 +22510,7 @@ D8:08:F5 ArcadiaN # Arcadia Networks Co. Ltd. D8:09:C3 Cercacor # Cercacor Labs D8:0D:E3 FxiTechn # FXI TECHNOLOGIES AS +D8:15:0D Tp-LinkT # TP-LINK TECHNOLOGIES CO.,LTD. D8:16:0A NipponEl # Nippon Electro-Sensory Devices D8:18:2B ContiTem # Conti Temic Microelectronic GmbH D8:19:CE Telesqua # Telesquare @@ -22272,6 +22523,7 @@ D8:28:C9 GeneralE # General Electric Consumer and Industrial D8:29:16 AscentCo # Ascent Communication Technology D8:29:86 BestWish # Best Wish Technology LTD +D8:2A:15 Leitner # Leitner SpA D8:2A:7E Nokia # Nokia Corporation D8:2D:9B Shenzhen # Shenzhen G.Credit Communication Technology Co., Ltd D8:2D:E1 Tricasca # Tricascade Inc. @@ -22288,7 +22540,9 @@ D8:58:D7 CzNicZSP # CZ.NIC, z.s.p.o. D8:5D:4C Tp-LinkT # TP-LINK Technologies Co.,Ltd. D8:5D:84 CaxSoft # CAx soft GmbH +D8:61:94 Objetivo # Objetivos y Sevicios de Valor Añadido D8:62:DB Eno # Eno Inc. +D8:65:95 ToySMyth # Toy's Myth Inc. D8:66:C6 Shenzhen # Shenzhen Daystar Technology Co.,ltd D8:67:D9 Cisco # CISCO SYSTEMS, INC. D8:69:60 Steinsvi # Steinsvik @@ -22300,6 +22554,7 @@ D8:78:E5 KuhnSa # KUHN SA D8:79:88 HonHaiPr # Hon Hai Precision Ind. Co., Ltd. D8:7C:DD Sanix # SANIX INCORPORATED +D8:81:CE Ahn # AHN INC. D8:8A:3B Unit-Em D8:90:E8 SamsungE # Samsung Electronics Co.,Ltd D8:95:2F TexasIns # Texas Instruments @@ -22335,17 +22590,22 @@ D8:D6:7E GskCncEq # GSK CNC EQUIPMENT CO.,LTD D8:DA:52 ApatorSA # APATOR S.A. D8:DC:E9 KunshanE # Kunshan Erlab ductless filtration system Co.,Ltd +D8:DD:5F Balmuda # BALMUDA Inc. +D8:DD:FD TexasIns # Texas Instruments D8:DF:0D Beronet # beroNet GmbH D8:E3:AE CirtecMe # CIRTEC MEDICAL SYSTEMS D8:E7:2B OnpathTe # OnPATH Technologies D8:E7:43 Wush # Wush, Inc D8:E9:52 Keopsys D8:EB:97 Trendnet # TRENDnet, Inc. +D8:EE:78 MoogProt # Moog Protokraft D8:F0:F2 Zeebo # Zeebo Inc +D8:FC:93 IntelCor # Intel Corporate D8:FE:8F Idfone # IDFone Co., Ltd. D8:FE:E3 D-LinkIn # D-Link International DC:02:65 Meditech # Meditech Kft DC:02:8E Zte # zte corporation +DC:05:2F National # National Products Inc. DC:05:75 SiemensE # SIEMENS ENERGY AUTOMATION DC:05:ED Nabtesco # Nabtesco Corporation DC:07:C1 Hangzhou # HangZhou QiYang Technology Co.,Ltd. @@ -22387,6 +22647,7 @@ DC:85:DE Azurewav # Azurewave Technologies., inc. DC:86:D8 Apple # Apple, Inc DC:9B:1E Intercom # Intercom, Inc. +DC:9B:9C Apple DC:9C:52 Sapphire # Sapphire Technology Limited. DC:9F:A4 Nokia # Nokia Corporation DC:9F:DB Ubiquiti # Ubiquiti Networks, Inc. @@ -22404,6 +22665,7 @@ DC:C0:DB Shenzhen # Shenzhen Kaiboer Technology Co., Ltd. DC:C1:01 SolidTec # SOLiD Technologies, Inc. DC:C4:22 Systemba # Systembase Limited +DC:C7:93 Nokia # Nokia Corporation DC:CB:A8 ExploraT # Explora Technologies Inc DC:CE:41 FeGlobal # FE GLOBAL HONG KONG LIMITED DC:CE:BC Shenzhen # Shenzhen JSR Technology Co.,Ltd. @@ -22415,6 +22677,7 @@ DC:D8:7F Shenzhen # Shenzhen JoinCyber Telecom Equipment Ltd DC:DE:CA Akyllor DC:E2:AC LumensDi # Lumens Digital Optics Inc. +DC:E5:78 Experime # Experimental Factory of Scientific Engineering and Special Design Department DC:E7:1C AugElekt # AUG Elektronik GmbH DC:F0:5D LettaTek # Letta Teknoloji DC:F7:55 Sitronik @@ -22441,10 +22704,12 @@ E0:2F:6D Cisco E0:30:05 Alcatel- # Alcatel-Lucent Shanghai Bell Co., Ltd E0:31:D0 SzTelsta # SZ Telstar CO., LTD +E0:36:E3 StageOne # Stage One International Co., Ltd. E0:39:D7 Plexxi # Plexxi, Inc. E0:3C:5B Shenzhen # SHENZHEN JIAXINJIE ELECTRON CO.,LTD E0:3E:4A Cavanagh # Cavanagh Group International E0:3E:7D Data-Com # data-complex GmbH +E0:3F:49 AsustekC # ASUSTek COMPUTER INC. E0:46:9A Netgear E0:55:97 Emergent # Emergent Vision Technologies Inc. E0:56:F4 Axesnetw # AxesNetwork Solutions inc. @@ -22505,10 +22770,12 @@ E0:CF:2D Gemintek # Gemintek Corporation E0:D1:0A Katouden # Katoudenkikougyousyo co ltd E0:D1:E6 AliphDba # Aliph dba Jawbone +E0:D3:1A EquesTec # EQUES Technology Co., Limited E0:D7:BA TexasIns # Texas Instruments E0:D9:A2 HippihAp # Hippih aps E0:DA:DC JvcKenwo # JVC KENWOOD Corporation E0:DB:55 Dell # Dell Inc +E0:DB:88 OpenStan # Open Standard Digital-IF Interface for SATCOM Systems E0:DC:A0 SiemensE # Siemens Electrical Apparatus Ltd., Suzhou Chengdu Branch E0:E6:31 SnbTechn # SNB TECHNOLOGIES LIMITED E0:E7:51 Nintendo # Nintendo Co., Ltd. @@ -22527,6 +22794,7 @@ E2:0C:0F Kingston # Kingston Technologies E4:04:39 TomtomSo # TomTom Software Ltd E4:11:5B HewlettP # Hewlett Packard +E4:12:1D SamsungE # Samsung Electronics Co.,Ltd E4:12:89 Topsyste # topsystem Systemhaus GmbH E4:1C:4B V2Techno # V2 TECHNOLOGY, INC. E4:1F:13 Ibm # IBM Corp @@ -22548,6 +22816,7 @@ E4:41:E6 OttecTec # Ottec Technology GmbH E4:46:BD C&CTechn # C&C TECHNIC TAIWAN CO., LTD. E4:48:C7 CiscoSpv # Cisco SPVTG +E4:4C:6C Shenzhen # Shenzhen Guo Wei Electronic Co,. Ltd. E4:4E:18 Gardasof # Gardasoft VisionLimited E4:4F:29 MaLighti # MA Lighting Technology GmbH E4:4F:5F EdsElekt # EDS Elektronik Destek San.Tic.Ltd.Sti @@ -22608,12 +22877,14 @@ E8:04:F3 Throught # Throughtek Co., Ltd. E8:05:6D NortelNe # Nortel Networks E8:06:88 Apple +E8:08:8B HuaweiTe # Huawei Technologies Co., Ltd E8:0B:13 AkibTaiw # Akib Systems Taiwan, INC E8:0C:38 Daeyoung # DAEYOUNG INFORMATION SYSTEM CO., LTD E8:0C:75 Syncbak # Syncbak, Inc. E8:10:2E ReallySi # Really Simple Software, Inc E8:11:32 SamsungE # Samsung Electronics CO., LTD E8:13:24 Guangzho # GuangZhou Bonsoninfo System CO.,LTD +E8:17:FC Nifty # NIFTY Corporation E8:28:77 Tmy # TMY Co., Ltd. E8:28:D5 CotsTech # Cots Technology E8:2A:EA IntelCor # Intel Corporate @@ -22640,6 +22911,7 @@ E8:5B:F0 ImagingD # Imaging Diagnostics E8:5E:53 Infratec # Infratec Datentechnik GmbH E8:61:1F DawningI # Dawning Information Industry Co.,Ltd +E8:61:7E LiteonTe # Liteon Technology Corporation E8:61:83 BlackDia # Black Diamond Advanced Technology, LLC E8:6C:DA Supercom # Supercomputers and Neurocomputers Research Center E8:6D:52 ArrisGro # ARRIS Group, Inc. @@ -22665,6 +22937,7 @@ E8:A3:64 SignalPa # Signal Path International / Peachtree Audio E8:A4:C1 DeepSeaE # Deep Sea Electronics PLC E8:AB:FA Shenzhen # Shenzhen Reecam Tech.Ltd. +E8:B1:FC IntelCor # Intel Corporate E8:B4:AE Shenzhen # Shenzhen C&D Electronics Co.,Ltd E8:B7:48 Cisco # CISCO SYSTEMS, INC. E8:BA:70 Cisco # CISCO SYSTEMS, INC. @@ -22692,11 +22965,13 @@ E8:E7:70 Warp9Tec # Warp9 Tech Design, Inc. E8:E7:76 Shenzhen # Shenzhen Kootion Technology Co., Ltd E8:E8:75 Is5Commu # iS5 Communications Inc. +E8:EA:6A Startech # StarTech.com E8:EA:DA DenkoviA # Denkovi Assembly Electroncs LTD E8:ED:F3 Cisco E8:F1:B0 Sagemcom # SAGEMCOM SAS E8:F2:26 MillsonC # MILLSON CUSTOM SOLUTIONS INC. E8:F9:28 RftechSr # RFTECH SRL +E8:FC:60 ElcomInn # ELCOM Innovations Private Limited EC:0E:D6 ItechIns # ITECH INSTRUMENTS SAS EC:10:00 EnanceSo # Enance Source Co., Ltd. PC clones(?) EC:11:20 Flodesig # FloDesign Wind Turbine Corporation @@ -22772,6 +23047,7 @@ EC:F0:0E Abocom EC:F2:36 Neomonta # NEOMONTANA ELECTRONICS EC:F3:5B Nokia # Nokia Corporation +EC:F4:BB DellPcba # Dell Inc PCBA Test EC:FA:AA Ims # The IMS Company EC:FC:55 AEberle # A. Eberle GmbH & Co. KG EC:FE:7E Blueradi # BlueRadios, Inc. @@ -22796,7 +23072,9 @@ F0:2F:D8 Bi2-Visi # Bi2-Vision F0:32:1A Mita-Tek # Mita-Teknik A/S F0:37:A1 HuikeEle # Huike Electronics (SHENZHEN) CO., LTD. +F0:3A:4B Bloombas # Bloombase, Inc. F0:3A:55 OmegaEle # Omega Elektronik AS +F0:3F:F8 RLDrake # R L Drake F0:43:35 DvnShang # DVN(Shanghai)Ltd. F0:4A:2B PyramidC # PYRAMID Computer GmbH F0:4B:6A Scientif # Scientific Production Association Siberian Arsenal, Ltd. @@ -22822,8 +23100,10 @@ F0:7D:68 D-Link # D-Link Corporation F0:7F:0C LeopoldK # Leopold Kostal GmbH &Co. KG F0:81:AF IrzAutom # IRZ AUTOMATION TECHNOLOGIES LTD +F0:82:61 Sagemcom F0:84:2F AdbBroad # ADB Broadband Italia F0:84:C9 Zte # zte corporation +F0:8A:28 JiangsuH # JIANGSU HENGSION ELECTRONIC S and T CO.,LTD F0:8B:FE Costel # COSTEL.,CO.LTD F0:8E:DB Veloclou # VeloCloud Networks F0:92:1C HewlettP # Hewlett Packard @@ -22853,6 +23133,7 @@ F0:D7:67 AxemaPas # Axema Passagekontroll AB F0:DA:7C RlhIndus # RLH INDUSTRIES,INC. F0:DB:30 Yottabyt # Yottabyte +F0:DB:F8 Apple F0:DC:E2 Apple F0:DE:71 Shanghai # Shanghai EDO Technologies Co.,Ltd. F0:DE:B9 Shanghai # ShangHai Y&Y Electronics Co., Ltd @@ -22887,6 +23168,7 @@ F4:20:12 Cucinial # Cuciniale GmbH F4:28:96 SpectoPa # SPECTO PAINEIS ELETRONICOS LTDA F4:36:E1 AbilisSa # Abilis Systems SARL +F4:37:B7 Apple F4:38:14 Shanghai # Shanghai Howell Electronic Co.,Ltd F4:3D:80 FagIndus # FAG Industrial Services GmbH F4:3E:61 Shenzhen # Shenzhen Gongjin Electronics Co., Ltd @@ -22921,6 +23203,7 @@ F4:81:39 Canon # CANON INC. F4:87:71 Infoblox F4:8E:09 Nokia # Nokia Corporation +F4:90:CA Tensorco # Tensorcom F4:90:EA DecisoBV # Deciso B.V. F4:94:61 NexgenSt # NexGen Storage F4:94:66 Countmax # CountMax, ltd @@ -22931,7 +23214,9 @@ F4:AC:C1 Cisco # CISCO SYSTEMS, INC. F4:B1:64 Lightnin # Lightning Telecommunications Technology Co. Ltd F4:B3:81 Windowma # WindowMaster A/S +F4:B5:2F JuniperN # Juniper networks F4:B5:49 YeastarT # Yeastar Technology Co., Ltd. +F4:B6:E5 Terrasem # TerraSem Co.,Ltd F4:B7:2A TimeInte # TIME INTERCONNECT LTD F4:B7:E2 HonHaiPr # Hon Hai Precision Ind. Co.,Ltd. F4:BD:7C ChengduJ # Chengdu jinshi communication Co., LTD @@ -22945,6 +23230,7 @@ F4:D9:FB SamsungE # Samsung Electronics CO., LTD F4:DC:4D BeijingC # Beijing CCD Digital Technology Co., Ltd F4:DC:DA ZhuhaiJi # Zhuhai Jiahe Communication Technology Co., limited +F4:DC:F9 HuaweiTe # Huawei Technologies Co., Ltd F4:E1:42 DeltaEle # Delta Elektronika BV F4:E6:D7 SolarPow # Solar Power Technologies, Inc. F4:EA:67 Cisco # CISCO SYSTEMS, INC. @@ -22996,6 +23282,7 @@ F8:54:AF EciTelec # ECI Telecom Ltd. F8:57:2E CoreBran # Core Brands, LLC F8:5B:C9 M-Cube # M-Cube Spa +F8:5C:45 IcNexus # IC Nexus Co. Ltd. F8:5F:2A Nokia # Nokia Corporation F8:62:AA Xn # xn systems F8:66:F2 Cisco # CISCO SYSTEMS, INC. @@ -23023,6 +23310,7 @@ F8:A2:B4 Rhewa-Wa # RHEWA-WAAGENFABRIK August Freudewald GmbH &Co. KG F8:A4:5F BeijingX # Beijing Xiaomi communications co.,ltd F8:A9:63 CompalIn # COMPAL INFORMATION (KUNSHAN) CO., LTD. +F8:A9:D0 LgElectr # LG Electronics F8:A9:DE Puissanc # PUISSANCE PLUS F8:AA:8A AxviewTe # Axview Technology (Shenzhen) Co.,Ltd F8:AC:6D Deltenna # Deltenna Ltd @@ -23047,11 +23335,13 @@ F8:DB:88 DellPcba # Dell Inc PCBA Test F8:DC:7A Variscit # Variscite LTD F8:DF:A8 Zte # ZTE Corporation +F8:E0:79 Motorola # Motorola Mobility LLC F8:E4:FB Actionte # Actiontec Electronics, Inc F8:E7:B5 ΜtechTec # µTech Tecnologia LTDA F8:E9:68 EgkerKft # Egker Kft. F8:EA:0A Dipl-Mat # Dipl.-Math. Michael Rauch F8:ED:A5 ArrisGro # ARRIS Group, Inc. +F8:F0:05 NewportM # Newport Media Inc. F8:F0:14 Rackware # RackWare Inc. F8:F0:82 OrionNet # Orion Networks International, Inc F8:F1:B6 Motorola # Motorola Mobility LLC @@ -23066,12 +23356,17 @@ FC:01:9E Vievu FC:01:CD Fundacio # FUNDACION TEKNIKER FC:06:47 Cortland # Cortland Research, LLC +FC:07:A0 LreMedic # LRE Medical GmbH FC:08:77 PrentkeR # Prentke Romich Company FC:09:D8 ActeonGr # ACTEON Group +FC:09:F6 Guangdon # GUANGDONG TONZE ELECTRIC CO.,LTD FC:0A:81 Motorola # Motorola Solutions Inc. FC:0F:E6 SonyComp # Sony Computer Entertainment Inc. FC:10:BD ControlS # Control Sistematizado S.A. FC:11:86 Logic3 # Logic3 plc +FC:13:49 GlobalAp # Global Apps Corp. +FC:15:B4 HewlettP # Hewlett Packard +FC:16:07 TaianTec # Taian Technology(Wuxi) Co.,Ltd. FC:17:94 Intercre # InterCreative Co., Ltd FC:19:D0 CloudVis # Cloud Vision Networks Technology Co.,Ltd. FC:1B:FF V-Zug # V-ZUG AG @@ -23081,6 +23376,7 @@ FC:1F:C0 Eurecam FC:22:9C HanKyung # Han Kyung I Net Co.,Ltd. FC:25:3F Apple +FC:27:A2 TransEle # TRANS ELECTRIC CO., LTD. FC:2A:54 Connecte # Connected Data, Inc. FC:2E:2D LoromInd # Lorom Industrial Co.LTD. FC:2F:40 Calxeda # Calxeda, Inc. @@ -23112,6 +23408,7 @@ FC:8B:97 Shenzhen # Shenzhen Gongjin Electronics Co.,Ltd FC:8E:7E Pace # Pace plc FC:8F:C4 Intellig # Intelligent Technology Inc. +FC:92:3B Nokia # Nokia Corporation FC:94:6C Ubivelox FC:94:E3 Technico # Technicolor USA Inc. FC:99:47 Cisco @@ -23122,6 +23419,7 @@ FC:AD:0F QtsNetwo # QTS NETWORKS FC:AF:6A Conemtec # Conemtech AB FC:B0:C4 Shanghai # Shanghai DareGlobal Technologies Co., Ltd +FC:BB:A1 Shenzhen # Shenzhen Minicreate Technology Co.,Ltd FC:C2:3D Atmel # Atmel Corporation FC:C7:34 SamsungE # Samsung Electronics Co.,Ltd FC:C8:97 Zte # ZTE Corporation @@ -23142,6 +23440,7 @@ FC:F1:CD Optex-Fa # OPTEX-FA CO.,LTD. FC:F5:28 ZyxelCom # ZyXEL Communications Corporation FC:F8:AE IntelCor # Intel Corporate +FC:F8:B7 TronteqE # TRONTEQ Electronic FC:FA:F7 Shanghai # Shanghai Baud Data Communication Co.,Ltd. FC:FB:FB Cisco # CISCO SYSTEMS, INC. FC:FE:77 HitachiR # Hitachi Reftechno, Inc. @@ -23149,7 +23448,7 @@ # # Well-known addresses. # -# $Id: manuf 52892 2013-10-27 14:35:00Z gerald $ +# $Id: manuf 54119 2013-12-15 15:34:53Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald [AT] wireshark.org>
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/packaging/macosx/Info.plist ^
@@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>Wireshark</string> <key>CFBundleGetInfoString</key> - <string>1.8.11, Copyright 1998-2012 Wireshark Development Team</string> + <string>1.8.12, Copyright 1998-2012 Wireshark Development Team</string> <key>CFBundleIconFile</key> <string>Wireshark.icns</string> <key>CFBundleIdentifier</key> @@ -56,11 +56,11 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>1.8.11</string> + <string>1.8.12</string> <key>CFBundleSignature</key> <string>Wshk</string> <key>CFBundleVersion</key> - <string>1.8.11</string> + <string>1.8.12</string> <key>NSHumanReadableCopyright</key> <string>Copyright 1998-2012 Wireshark Developers, GNU General Public License.</string> <key>LSMinimumSystemVersion</key>
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/services ^
@@ -1,6 +1,6 @@ # This is a local copy of the IANA port-numbers file. # -# $Id: services 52892 2013-10-27 14:35:00Z gerald $ +# $Id: services 54119 2013-12-15 15:34:53Z gerald $ # # Wireshark uses it to resolve port numbers into human readable # service names, e.g. TCP port 80 -> http. @@ -1606,6 +1606,7 @@ icp 1112/udp # Intelligent Communication Protocol [Mark_H_David] [Mark_H_David] ltp-deepspace 1113/tcp # Licklider Transmission Protocol [RFC5326] ltp-deepspace 1113/udp # Licklider Transmission Protocol [RFC5326] +ltp-deepspace 1113/dccp # Licklider Transmission Protocol [Hans_Kruse] [Hans_Kruse] 2013-11-12 [RFC-irtf-dtnrg-dgram-clayer-05] 7107696 mini-sql 1114/tcp # Mini SQL [David_Hughes] [David_Hughes] mini-sql 1114/udp # Mini SQL [David_Hughes] [David_Hughes] ardus-trns 1115/tcp # ARDUS Transfer @@ -8010,6 +8011,7 @@ rsip 4555/udp # RSIP Port [RFC3103] dtn-bundle-tcp 4556/tcp # DTN Bundle TCP CL Protocol dtn-bundle-udp 4556/udp # DTN Bundle UDP CL Protocol [Michael_Demmer] [Michael_Demmer] 2006-11 +dtn-bundle-dccp 4556/dccp # DTN Bundle DCCP CL Protocol [Hans_Kruse] [Hans_Kruse] 2013-11-12 [RFC-irtf-dtnrg-dgram-clayer-05] 1685351985 mtcevrunqss 4557/udp # Marathon everRun Quorum Service Server [David_Schwartz_2] [David_Schwartz_2] 2009-06-18 mtcevrunqman 4558/udp # Marathon everRun Quorum Service Manager [David_Schwartz_2] [David_Schwartz_2] 2009-06-18 hylafax 4559/tcp # HylaFAX [Lee_Howard] [Lee_Howard] 2002-03 @@ -9169,6 +9171,7 @@ pmcs 6355/udp # PMCS applications [Pavel_Mendl] [Pavel_Mendl] 2007-03 metaedit-mu 6360/tcp # MetaEdit+ Multi-User [Steven_Kelly] [Steven_Kelly] 2007-11-12 metaedit-mu 6360/udp # MetaEdit+ Multi-User [Steven_Kelly] [Steven_Kelly] 2007-11-12 +ndn 6363/udp # Named Data Networking [Regents_of_the_University_of_California] [Jeff_Burke] 2013-10-30 metaedit-se 6370/tcp # MetaEdit+ Server Administration [Steven_Kelly] [Steven_Kelly] 2007-11-12 metaedit-se 6370/udp # MetaEdit+ Server Administration [Steven_Kelly] [Steven_Kelly] 2007-11-12 metatude-mds 6382/tcp # Metatude Dialogue Server [Menno_Zweistra] [Menno_Zweistra] @@ -9319,7 +9322,7 @@ afesc-mc 6628/udp # AFE Stock Channel M/C [K_K_Ho] [K_K_Ho] 2004-04 mxodbc-connect 6632/tcp # eGenix mxODBC Connect [Marc_Andre_Lemburg] [Marc_Andre_Lemburg] 2009-11-13 Unauthorized Use Known on port 6632 cisco-vpath-tun 6633/udp # Cisco vPath Services Overlay [Cisco2] [Surendra_Kumar] 2012-06-11 -ovsdb 6640/tcp # Open vSwitch Database protocol [Bruce_Davie_2] [Bruce_Davie_2] 2013-07-31 [draft-pfaff-ovsdb-proto-02] +ovsdb 6640/tcp # Open vSwitch Database protocol [Bruce_Davie_2] [Bruce_Davie_2] 2013-07-31 [RFC-pfaff-ovsdb-proto-04] openflow 6653/tcp # OpenFlow [Open_Networking_Foundation] [Puneet_Agarwal] 2013-07-18 openflow 6653/udp # OpenFlow [Open_Networking_Foundation] [Puneet_Agarwal] 2013-07-18 pcs-sf-ui-man 6655/tcp # PC SOFT - Software factory UI/manager [Jerome_AERTS] [Jerome_AERTS] 2010-11-30 @@ -10753,6 +10756,7 @@ amt-redir-tls 16995/udp # Intel(R) AMT Redirection/TLS [Nimrod_Diamant] [Nimrod_Diamant] 2005-02 isode-dua 17007/tcp # isode-dua 17007/udp # +vestasdlp 17184/tcp # Vestas Data Layer Protocol [Vestas_Wind_Systems] [Teunis_de_Wit] 2013-10-30 soundsvirtual 17185/tcp # Sounds Virtual [Richard_Snider] [Richard_Snider] soundsvirtual 17185/udp # Sounds Virtual [Richard_Snider] [Richard_Snider] chipper 17219/tcp # Chipper [Ronald_Jimmink] [Ronald_Jimmink] @@ -11214,6 +11218,7 @@ turbonote-1 39681/udp # TurboNote Default Port [Peter_Hyde] [Peter_Hyde] safetynetp 40000/tcp # SafetyNET p [Roland_Rupp] [Roland_Rupp] 2006-11 safetynetp 40000/udp # SafetyNET p [Roland_Rupp] [Roland_Rupp] 2006-11 +sptx 40404/tcp # Simplify Printing TX [Tricerat] [Eric_Musgrave] 2013-12-09 cscp 40841/tcp # CSCP [Michael_Dodge] [Michael_Dodge] cscp 40841/udp # CSCP [Michael_Dodge] [Michael_Dodge] csccredir 40842/tcp # CSCCREDIR [Sudhir_Menon] [Sudhir_Menon]
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/svnversion.h ^
@@ -1,2 +1,2 @@ -#define SVNVERSION "SVN Rev 53023" +#define SVNVERSION "SVN Rev 54185" #define SVNPATH "/trunk-1.8"
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/wiretap/Makefile.am ^
@@ -1,7 +1,7 @@ # Makefile.am # Automake file for Wiretap # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -30,7 +30,7 @@ noinst_LTLIBRARIES = libwiretap_generated.la lib_LTLIBRARIES = libwiretap.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwiretap_la_LDFLAGS = -version-info 3:11:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ +libwiretap_la_LDFLAGS = -version-info 3:12:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ if HAVE_WARNINGS_AS_ERRORS AM_NON_GENERATED_CFLAGS = -Werror
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/wiretap/Makefile.in ^
@@ -18,7 +18,7 @@ # Makefile.am # Automake file for Wiretap # -# $Id: Makefile.am 53008 2013-10-31 19:24:22Z gerald $ +# $Id: Makefile.am 53032 2013-11-01 20:53:05Z gerald $ # # Wireshark - Network traffic analyzer # By Gerald Combs <gerald@wireshark.org> @@ -611,7 +611,7 @@ noinst_LTLIBRARIES = libwiretap_generated.la lib_LTLIBRARIES = libwiretap.la # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -libwiretap_la_LDFLAGS = -version-info 3:11:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ +libwiretap_la_LDFLAGS = -version-info 3:12:1 -export-symbols wtap.sym @LDFLAGS_SHAREDLIB@ @HAVE_WARNINGS_AS_ERRORS_TRUE@AM_NON_GENERATED_CFLAGS = -Werror AM_CPPFLAGS = -I$(srcdir)/.. CLEANFILES = \
[-] [+]	Changed	wireshark-1.8.12.tar.bz2/wiretap/libpcap.c ^
@@ -1,6 +1,6 @@ /* libpcap.c * - * $Id: libpcap.c 42872 2012-05-28 00:43:13Z guy $ + * $Id: libpcap.c 53124 2013-11-07 02:02:22Z guy $ * * Wiretap Library * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu> @@ -783,21 +783,8 @@ return -1; } - if (hdr->hdr.orig_len > WTAP_MAX_PACKET_SIZE) { - /* - * Probably a corrupt capture file; return an error, - * so that our caller doesn't blow up trying to - * cope with a huge "real" packet length, and so that - * the code to try to guess what type of libpcap file - * this is can tell when it's not the type we're guessing - * it is. - / - err = WTAP_ERR_BAD_FILE; - if (err_info != NULL) { - err_info = g_strdup_printf("pcap: File has %u-byte packet, bigger than maximum of %u", - hdr->hdr.orig_len, WTAP_MAX_PACKET_SIZE); - } - return -1; + if (hdr->hdr.incl_len > wth->snapshot_length) { + g_warning("pcap: File has packet larger than file's snapshot length."); } return bytes_read; @@ -965,7 +952,7 @@ rec_hdr.hdr.incl_len = phdr->caplen + phdrsize; rec_hdr.hdr.orig_len = phdr->len + phdrsize; - if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE \|\| rec_hdr.hdr.orig_len > WTAP_MAX_PACKET_SIZE) { + if (rec_hdr.hdr.incl_len > WTAP_MAX_PACKET_SIZE) { err = WTAP_ERR_BAD_FILE; return FALSE; }

Changes of Revision 16