[SANS ISC] Wireshark 3.6.0 Released, (Mon, Nov 29th)

Wireshark version 3.6.0 was released.

It has many updates and bug fixes.

There is one change I want to highlight: the behavior of operator != (not equal) in display filters. Starting with version 3.6.0, expression “a != b” is the same as “!(a == b)”.

This was not the case prior to version 3.6.0, and it’s something you might have noticed (I’m sure you are aware of this if you ever took my Wireshark trainings 😉 ).

When the syntax of a display filter is correct, the background color of the display filter field is green:

If the syntax is wrong, the background color is red (<> is not a valid operator here):

And if you would use the != operator, then the background color would be yellow:

Yellow means that the syntax is correct, but that the semantics might not be what you expect. That’s because fields can have multiple values. For example, field ip.addr has 2 values (ip.src and ip.dst). But ip.src can also have multiple values, for example when an IP packet is embedded inside another IP packet (an ICMP packet for example).

The yellow color is a warning: check if the semantics are what you expect, and if not, rewrite your expression: “a != b” -> “!(a == b)”. This would give you a green color:

Starting with version 3.6.0, the semantics of operator != have changed. “a != b” is semantically the same as “!(a == b)” now, and the yellow color no longer appears:

FYI: if you need the “old” semantics, use operator ~= (any_ne).


Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ThreatPost] REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

All posts, ThreatPost

After news of REvil’s rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in “Hackers Court.” Source: Read More (Threatpost)

Read More

[ZDNet] Microsoft warns over uptick in password spraying attacks

All posts, ZDNet

State-sponsored hackers and cyber criminals are going after identities with password spraying, a low-effort and high-value method for the attacker, says Microsoft’s Detection and Response Team (DART). Source: Read More (Latest topics for ZDNet in Security)

Read More

[ZDNet] Apache’s new security update for HTTP Server fixes two flaws

All posts, ZDNet

There’s a fix for a critical flaw in Apache HTTP Server, the world’s second most widely used web server. Source: Read More (Latest topics for ZDNet in Security)

Read More