Wireshark is a free network protocol analyzer, What is it used for network analysis and solution, this program allows us to see what happens on the network and is the de facto standard in many companies commercial and non-profit organizations, government agencies and educational institutions. This application runs on most Unix operating systems and is compatibles, including Linux, Microsoft Windows, Solaris, FreeBSD, NetBSD, OpenBSD, Android, and Mac OS X.
Wireshark has an easy-to-use interface and what can help us interpret data from hundreds of protocols on all the different types of major networks. These data packets can be viewed in real time or analyzed offline, with dozens of capture / trace file formats including CAP and ERF.
What's new in Wireshark 3.0.7?
A few days ago the corrective version of Wireshark 3.0.7 was released, Ya que the tool was vulnerable to attackers who could block it using a DoS attack. The issues were fixed in Wireshark versions 2.6.13 and 3.0.7.
As you can see from a warning message from the developers, the risk of attack is considered "high". The gap (CVE-2019-19553) can be found in versions 2.6.0 to 2.6.12 and 3.0.0 to 3.0.6. The warning message does not indicate which operating systems are affected.
17
Regarding news, this version does not include any, since the release was made in order to mitigate security errors. In addition to vulnerabilities, the developers have also fixed various bugs, of which the following stand out:
- Support for 11ax in PEEKREMOTE.
- Temporary file… could not be opened: invalid argument.
- Reassembly of the two TLS records does not work correctly.
- Display filter area: dropdown menu Missing pkt_comment and tcp.options.sack_perm (probably others).
- The screen filter auto-complete feature must be disabled.
- The BGP Linkstate IP accessibility information is incorrect.
- NGAP: Activity Activity Behavior Decoding Expected Failure.
- HomePlug AV dissector: MMTYPE and FMI fields are dissected incorrectly.
- JPEG files cannot be saved in French-language Windows.
- X11 –display interpreted as –display-filter that is assigned to the -Y option.
- "Automatically create new file later" does not work with extcap.
- Encrypted TLS alerts are sometimes listed as decrypted.
- The "Remove Wireshark from system path" package is titled "Add Wireshark to system PATH".
- tshark -T ek -x causes get_field_data: code must not be reached.
- Crash on Go → Next / Previous package in conversation when no package is selected.
How to install Wireshark 3.0.7 on Linux?
For those interested in installing this new version, If they are Ubuntu users or some derivative of it, They can add the official repository of the application, this can be added by opening a terminal with Ctrl + Alt + T and executing:
sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt-get update
Later to install the application just type the following in a terminal:
sudo apt-get install wireshark
It is important to mention that During the installation process there are a series of steps to follow that implement the Separation of Privileges, allowing the Wireshark GUI to run as a normal user while the dump (which is collecting packets from its interfaces) runs with the required elevated privileges for tracking.
In case you answered negatively and would like to change this. To achieve this, in a terminal we are going to type the following command:
sudo dpkg-reconfigure wireshark-common
Here we must select yes when asked if non-superusers should be able to capture packets.
Now for those who are Arch Linux users or some derivative of it, we can install the application by executing the following command in a terminal:
sudo pacman -S wireshark-qt
While for Fedora and derivatives, just type the following command:
sudo dnf install wireshark-qt
And we establish permissions with the following command, where we substitute "user" the username you have on your system
sudo usermod -a -G wireshark usuario