Wireshark 1.0 Released 123
katterjohn writes "After almost 10 years of work, Wireshark 1.0 has been released. Wireshark is the award-winning protocol analyzer, formerly known as Ethereal. The release features several security fixes and an experimental package for Max OS X Intel."
Say ... (Score:5, Interesting)
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1, Insightful)
Re:Say ... (Score:5, Informative)
Also I think what they prohibited wasn't the practice of Scientology per se, but the Church of Scientology as an organization. That the CoS believes you can't practice the 'religion' without them is kind of a separate issue. But if you want to sit in your house and think Scientology thoughts in Germany, I think you'd be protected. They just take a dim view of the whole converting-others-and-fleecing-them bit. Historically, even religiously tolerant societies have had different reactions to aggressive proselyting.
It is a bit arbitrary, since I could think of a few other religions that aren't a ton better, but you have to admit the CoS is particularly bald-faced.
Re: (Score:1)
IANAL and IANAGL
Re: (Score:1)
that it is not clearly defined if such a tool would be illegal or not, because you can actually use it to gain passwords etc.,
but since this is not the intention of the program it is not clear as I already said.
After all if you just use it for your own network I think there should be no problem
If you want to use it at work, I would recommend asking at the appropriate institution (law depa
Comment removed (Score:3, Informative)
Re:More useful than you would think (Score:5, Funny)
Re: (Score:1)
This is interesting? (Score:5, Insightful)
I fail to see anything at all "interesting in this". Taking advantage of other people because you are more knowledgeable than them, breaking the law, and then boasting about it on Slashdot is -5 Lame, especially when the level of expertise involved is what is usually ascribed to "script kiddies".
And no, you don't get a pass because it was the "only black hat thing I've ever done", like we believe that, and it sure sounds like the entire objective of your weak excuse for "black hat" action was to sniff their traffic, since changing their router setup was hardly necessary if you just wanted to steal access.
Maybe I'm just having an old man moment, but I kept expecting some kind of punch line in there, and it ended up just being "my neighbor left his garage door open, and I stole a six-pack out of his fridge". WTF is that about?
Re: (Score:1, Flamebait)
What I took away was more like "My neighbors left their curtains open, so I video taped them fucking".
My neighbor knows what the hell he's doing, if not I'd be jacking his internet right now.
LK
Re: (Score:2, Funny)
Re: (Score:2)
I KNEW it was YOU!
Re: (Score:2)
Needless to say, don't dick around with other peoples APs some are wide open just to bait script kiddies like yourself.
Award-winning? (Score:5, Interesting)
Re:Award-winning? (Score:4, Funny)
How could you wonder? It's "world famous"!
obligatory Mel Brooks (Score:2)
Re: (Score:2, Funny)
Maybe an award for the number of security issues the code has historically had?
Re: (Score:3, Funny)
Re: (Score:2)
Re:Award-winning? (Score:5, Insightful)
Award, hmmm, award
It really doesn't matter what awards WS has won.
It is a classic example of FOSS at its best. In the dim and distant past you paid serious money for packet capture software. Now you get the absolute dog's nadgers on a plate for nowt. It shows me everything from what a NetWare cluster is up to to a well, what more do you want? Also you can follow streams etc etc etc etc
I personally put it up there with Apache and Samba (oh and that Linux kernel thing) as important software. OK there are quite a few others but I trust you get my point.
Whenever someone says something like "Whenever some product claims to be "award-winning", I always wonder what that award is." I trust they know what they are on about.
By gum it's a good world when it comes to software.
AWARD - PAH - use the bloody thing and give out your own awards!
Re: (Score:1)
Wait, Wireshark will give you real-time quotes of the dog-testicles-to-newts exchange ratio? I've been waiting for that feature for years!
Re: (Score:1, Funny)
http://successfulsoftware.net/2007/08/16/the-software-awards-scam/ [successfulsoftware.net]
Re: (Score:2)
Re: (Score:2)
Infoworld 2007 BOSSIE award [wireshark.org]
Yes, Yes, and it does... (Buried Lede?) (Score:5, Insightful)
Re: (Score:1, Funny)
Re: (Score:1, Informative)
A quick read: "Network protocol analyzer for Windows and Unix that allows examination of data from a live network, or from a capture file on disk." Basically it is tcpdump with a GUI.
Re: (Score:2, Insightful)
Re: (Score:1)
Re:Yes, Yes, and it does... (Buried Lede?) (Score:5, Funny)
Re: (Score:1, Informative)
Re: (Score:2)
Ah I thought you wanted a general outline. To see what changed check out the release notes:
http://www.wireshark.org/docs/relnotes/wireshark-1.0.0.html [wireshark.org]
Re:Yes, Yes, and it does... (Buried Lede?) (Score:5, Funny)
Re: (Score:3, Informative)
Re: (Score:1)
Thanks! (Score:5, Informative)
Re: (Score:2, Insightful)
Amen to that. "Assemble TCP Stream" alone is a glorious thing, and there's so much more.
Still, I'm a little sad that it's now v1.0. It seemed much more advanced when it was 0.9.99.9921 or whatever the last prerelease version was.
Re: (Score:3, Interesting)
Ditto. It was the first thing I noticed, and seemed to work well with the {admittedly few} tests that I threw at it... Anyone else notice any discrepancies?
Re: (Score:2)
Re: (Score:2, Informative)
follow implies that it'll show you anything new that comes in (i can't recall ottomh if it does this but i'd be surprised if it doesn't). think of following a trail. or a conversation.
english is such a magical^Wgay^Winfuriating language! (said by a native speaker)
Congratulations (Score:2, Interesting)
This excellent and valuable tool has been a vital part of my toolkit for many years.
Downloads (Score:5, Informative)
Re: (Score:2)
Re:Downloads (Score:5, Funny)
Re: (Score:1)
Latest File Releases:
wireshark wireshark-0.99.8 February 27, 2008 Release notes
Re: (Score:1)
Re: (Score:1)
and yet... (Score:3, Interesting)
Or exclude specific interfaces from the pseudo-device available in some versions (like my linux copy)
Or filter out duplicate packets (not retransmissions, but the literal same packet: I bridged two interfaces, and the pseudo-device captures both the bridge and the bridge member)
Or just add localhost to a bridge.. why I can't do this is outside my understanding (until someone gives a crafty answer)
Or even just route all traffic destined for localhost through a physical interface first (I just want to capture all my packets, including localhost and a bridge with several ethernet members, but only once!)
Ah, it's on the wishlist. For another day, perhaps...
Re:and yet... (Score:5, Funny)
Re: (Score:2, Informative)
Re: (Score:1)
Re:and yet... (Score:5, Informative)
It's a simple reason. Bridging is a layer 2 technology, as IP is layer 3. As I expected, a "localhost" on Linux does not have a MAC address (required for layer 2).
Re: (Score:2)
Still it is one of the most useful tools around and free to boot!
Re: (Score:1)
oof - have mercy on poor wireshark.org please... (Score:1, Funny)
Finally. (Score:1)
The difference between F/OSS and commercial (Score:5, Insightful)
The 1.0 release of most commercial software comes after extremely limited public testing, and the developers scramble to make a 2.0 release within a year. Commercial 1.0 releases are frequently buggy and have obvious gaps in functionality, which are often not completely addressed in 2.0.
Re: (Score:3, Insightful)
Re:The difference between F/OSS and commercial (Score:4, Interesting)
Re: (Score:2)
I think you mean proprietary (or perhaps non-free) instead of commercial [gnu.org] software. Perhaps you are right although your claim would be more convincing if it came with evidence.
FOSS can be distributed or developed for a fee, as part of a business. Hence FOSS can be commercial software too. If you're only referring to the price someone pays to get a copy of the program, no significant distinction is made—proprietary and FOSS are available at every price, including free. The critical distinction bet
Re: (Score:2)
You never know for sure when it will be stable, but you do know when you are really done with a thing. I always think of Doom's verison 1.666. If they can plan on 666, I can plan on 1.0.
Re: (Score:2)
That's because with FOSS, versioning actually means something.
1.0 means that the first version of an application is both feature-complete and stable. It's possible, of course, to have software that is not feature
Re: (Score:2)
W
Download link (Score:5, Informative)
And an OSX Link (Score:2, Informative)
Useful in Biztalk (Score:3, Interesting)
Re:Useful in Biztalk (Score:5, Interesting)
Over the years, I've found protocol analyzers to be indispensable for developing and debugging modern MS-based network apps. They hide so damned much from the developers these days, often times it's the only way to see what's really going on.
Re: (Score:2)
No hope now (Score:2)
Well, there's no hope of beating Wine now as the longest actively developed project without a 1.0 release.
Re: (Score:2)
Re: (Score:2)
Hm (Score:1, Interesting)
Re: (Score:2)
Helped me at work (Score:5, Interesting)
Re: (Score:2)
Re:Helped me at work (Score:4, Funny)
I was picking up my wireless from my neighbor and my roommate was using my computer for internet access via crossover cable.
I needed to know the contents of his AIM messages so I fired up Wireshark.
Re: (Score:1)
So I ran wireshark, connected to each of the FTP sites I wanted and recorded the passwords.
It was a much safer option than running some dodgy cracking tool that would probably malware my machine just to get back the passwords already on it.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
You can lecture them for hours and they will still use horribly insecure things. You fire up Wireshark with default settings and tell their ISP or that Coffee house (with wireless) admin "can run it". It is like shock theraphy. When they figure the amount of data their ISP can trace about them, they may find a better and trusted one too.
Max OS X Intel? (Score:1, Offtopic)
Can Duke Nukem Forever be far behind? (Score:2)
What does the /. effect look like (Score:2)
Re: (Score:3, Funny)
I would make sure that it's not a very important remote system though.
Is Wireshark the right tool for me? (Score:2, Interesting)
I have a 'black box' on my home network. It's a voip phone, provided by our local telecom, and I'd really like to see what traffic it's sending to and receiving from the outside.
I've scanned it with nmap and not found any open ports from the outside. It's sitting behind a nat router, and the company won't tell me which ports it would need to forwarded (though somehow it's still able to receive calls and messages from the outside).
Actually, the company says I should forward ports 20000-60000 (seriously),
Re: (Score:2)
I am a bit confused by your reference to the NAT router in combination with 'same LAN'. If it is really beyond a router from the point of view of your LAN, it's no longer on the LAN. Unless it is sitting on the same LAN as your PC(s) and that router.
If the box is on a an actual shared segment of Ethernet, go into a computer store and buy a hub (a real hub, mind you, not a cheap switch). Now hang your sniffer box and the phone on the hub instead of the switch. Since Ethernet is a broadcast protocol, wiresha
If other companies made Wireshark (Score:4, Funny)
Microsoft: v1.0 is released; no one buys it. v2.0 is released; it's still not really usable. v3.0 comes out, and people suddenly line up for it around the block. v3.0SP1 is released and fixes most of the really bad bugs while introducing a few others, some random security vulnerabilities, invalidating half the licenses of all previous versions, and causes DrDOS to crash.
Apple: v1.0 is released, but it has a bug so Apple pulls it from the download server for a few hours, after which a patched version replaces it, with the same exact version number, and no mention of any bugfix in the release notes. Any mention of any alleged switcheroo or the problem that existed in the first 1.0 release is ruthlessly and systematically quashed in the support forums on Apple's website; unfortunately, their lawyers can't censor the entire net.
How is wireshark better than tcpdump? (Score:3, Informative)
However, probably the best use I've found for Wireshark was troubleshooting VoIP with SIP and RTP. Wireshark has great plugins for visually laying out each step of the SIP conversation, including showing you where the RTP stream initidated at. If you've ever tried to troubleshoot SIP via a NAT setup with various proxies like SER throughout, it's an invaluable tool. It'll even graph jitter for you. Just tcpdump to an output file and load it up in Wireshark.
Re: (Score:2)
My understanding is that the lead developer started working on Ethereal while working at one company (as an F/OSS project), and then left for a competitor but continued working on it. Although the codebase was undisturbed, since it was GPL, the first company retained the rights to the 'Ethereal' name.
There was a Slashdot FPP on it [slashdot.org] not that long ago.
Re: (Score:2)
Yes.
No - Network Integration Services [netisinc.com] is a company providing various networking services, while CACE Technologies [cacetech.com] provides various products and services for network traffic capture and analysis. They're not competitors.