Wireshark Releases

Discussion in 'other software & services' started by ronjor, Dec 23, 2015.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    173,530
    Location:
    Texas
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Announcement / News versions 4.0.7 and 3.6.15 (12-July-2023)

    Autoupdate or Download

     
  3. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Announcement / News versions 4.0.8 and 3.6.16 (23-August-2023)

    Autoupdate or Download

    What's New

    Wireshark 4.0.8 and 3.6.16 Released

    August 23, 2023

    Wireshark 4.0.8 and 3.6.16 have been released. Installers for Windows, Mac OS X 10.14 and later, and source code are now available.

    In 4.0.8

    Several vulnerabilities have been fixed. See the release notes for details.

    For a complete list of changes, please refer to the 4.0.8 release notes.

    In 3.6.16

    Several vulnerabilities have been fixed. See the release notes for details.

    For a complete list of changes, please refer to the 3.6.16 release notes.

    Official releases are available right now from the download page.
     
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Announcement / News stable versions 4.0.9 and 3.6.17 have been released. (04-October-2023)

    Autoupdate or Download

    Bug Fixes
    The following vulnerabilities have been fixed:

    The following bugs have been fixed:

    • Updating from within Wireshark if a file is open fails because it can’t close Wireshark. Issue 17658.

    • ESL timestamp provided by ET2000 not displayed. Issue 18308.

    • Kafka: dissect_kafka_sync_group_request missing version check for instance_id. Issue 19290.

    • Start Capture via context menu crashes on macOS with an older Qt version. Issue 19299.

    • Delta time displayed is incorrect after unsetting time reference. Issue 19324.

    • Fuzz job crash output: randpkt-2023-09-09-7060.pcap. Issue 19332.

    • Missing one bit in SCCP::sequencing/segmenting. Issue 19336.

    • Protobuf field malformed packet for last byte of 'repeated fixed32' Issue 19342.

    • RTP/RFC 4571: Wrong desegmentation/reassembly in RTP over TCP packets. Issue 19345.

    • Sparklines not working on macOS Sonoma with both native OS and Homebrew pcap. Issue 19349.

    • Incorrect bit values and namings in BSS Configuration Report TLV. Issue 19352.
     
  5. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Announcement / News stable versions 4.0.10 and 3.6.118 have been released. (05-October-2023)

    Autoupdate or Download

     
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.0 has been released. (15-November-2023)

    Autoupdate or Download | Release Notes |

    Wireshark 4.2.0 Release Notes
    What is Wireshark?
    Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

    What’s New
    This is the first major Wireshark release under the Wireshark Foundation, a nonprofit which hosts Wireshark and promotes protocol analysis education. The foundation depends on your contributions in order to do its work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org.

    Wireshark supports dark mode on Windows.

    A Windows installer for Arm64 has been added.

    Packet list sorting has been improved.

    Wireshark and TShark are now better about generating valid UTF-8 output.

    A new display filter feature for filtering raw bytes has been added.

    Display filter autocomplete is smarter about not suggesting invalid syntax.

    Tools MAC Address Blocks can lookup a MAC address in the IEEE OUI registry.

    The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.

    The installation target no longer installs development headers by default.

    The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).

    Wireshark can be compiled on Windows using MSYS2. Check the Developer’s guide for instructions.

    Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions.

    Tools Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.

    Windows installer file names now have the format Wireshark-<version>-<architecture>.exe.

    Wireshark now supports the Korean language.

    Many other improvements have been made. See the “New and Updated Features” section below for more details.

    Bug Fixes
    The following bugs have been fixed:

    • Issue 18413 - RTP player do not play audio frequently on Windows builds with Qt6.

    • Issue 18510 - Playback marker does not move after resume with Qt6.
    New and Updated Features
    The following features are new (or have been significantly updated) since version 4.2.0rc3:

    • Nothing of note.
    The following features are new (or have been significantly updated) since version 4.2.0rc2:

    • The Windows installers now ship with Npcap 1.78. They previously shipped with Npcap 1.77.
    The following features are new (or have been significantly updated) since version 4.2.0rc1:

    • The Windows installers now ship with Npcap 1.77. They previously shipped with Npcap 1.71.
    The following features are new (or have been significantly updated) since version 4.1.0:

    • Improved dark mode support.

    • The Windows installers now ship with Qt 6.5.3. They previously shipped with Qt 6.2.3.
    The following features are new (or have been significantly updated) since version 4.0.0:

    • The API has been updated to ensure that the dissection engine produces valid UTF-8 strings.

    • Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake.

    • The "ciscodump" extcap supports Cisco IOS XE 17.x.

    • The default interval between GUI updates when capturing has been decreased from 500ms to 100ms, and is now configurable.

    • The -n option also now disables IP address geolocation information lookup in configured MaxMind databases (and geolocation lookup can be enabled with -Ng.) This is most relevant for TShark, where geolocation lookups are synchronous.

    • The display filter drop-down list is now sorted by "most recently used" instead of "most recently created".

    • Display filter syntax-related changes:
      • It is now possible to filter on raw packet data for any field by using the syntax @some.field == <bytes…>. This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to look at the field’s raw data.

      • Negation (unary minus) now works with any display filter arithmetic expression.

      • Using the slice operator with strings produces a string. Previously it would produce a byte array. This is useful to index/slice UTF-8 multibyte strings. String byte slices can still be obtained using the "@" (raw operator) prefix.

      • Arithmetic expressions are allowed as set elements.

      • Absolute date and time values can be written as Unix time.

      • The limitation where a minus sign needed to be preceded by a space character has been removed.

      • Added XOR logical operator.

      • Fixed the implementation of all … in membership operator (#19188).

      • When parsing absolute time values the display filter engine has learned to understand timezones as specified in strptime(3), including some common North American designations. Arbitrary timezone names are not supported however. Previously only ISO8601 offsets and the "UTC" designation was understood.

      • Writing value strings without double quotes is deprecated and will generate a warning. Value strings are integer or boolean values that can be represented using a user-friendly textual format, such as "Set"/"Unset" instead of numerical values like 1 and 0. It is now a requirement that value strings need to be written enclosed in double-quotes.

      • The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0.
    • Running the test suite requires the pytest Python module. The emulation layer that allowed running tests without pytest installed has been removed.

    • When saving files or exporting packets after changing their time with the "Time Shift" dialog, the shifted time is written to the new file.

    • TLS secrets used in decrypting packets can be embedded (or discarded) from the capture file via the GUI, similar to the options --inject-secrets and --discard-all-secrets in editcap.

    • The text of any configured column (displayed or hidden) can be filtered anywhere that filters are used - in display filters, filters in taps, coloring rules, Wireshark read filters, and the -Y, -R, and -e options to TShark, the "Apply as Filter" GUI option, etc.
      • The filter field names are prefixed by "_ws.col", followed by a lowercase version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info" or "_ws.col.protocol"

      • Using the column names as a filter is slower than other filter types because the columns must be constructed, so when the same filtering can be achieved via other fields, prefer that.
    • The external name resolution text files "manuf", "enterprises" and "services" have been removed and replaced with static binary data. You can dump the respective internal data using tshark -G manuf|enterprises|services.

    • The "manuf" file is now also read from the personal configuration folder, and is profile-based.

    • The Lua console dialogs under the Tools menu were refactored and redesigned. It now consists of a single dialog window for input and output.

    • Wireshark now shows byte units in the statistics in the user-selected language (uses the system default language by default).

    • Packet list sorting has been improved:
      • When sorting packet list with a filter applied, only the visible packets are sorted, which greatly increases sorting speed.

      • The cache size for column text is limited to a default of 10000 rows, which limits the maximum memory usage. The maximum value can be changed in Preferences→Appearance→Layout

      • Due to the above, columns that require packet dissection can only be sorted if the number of visible rows is less than the cache size. If there are more rows visible, a warning will appear. Columns that do not require packet dissection (those that calculated directly from the capture file frame headers, such as packet number, time, and frame length) can be sorted with any number of visible rows.

      • Sorting can be interrupted.
    • When changing the dissector via the "Decode As" table for values that have default dissectors registered, selecting "(none)" will select no dissection (while still allowing heuristic dissectors to attempt to dissect.) The previous behavior was to reset the dissector to the default. To facilitate resetting the dissector, the default dissector is now sorted at the top of the list of possible dissector options.

    • The personal extcap plugin folder location on Unix has been changed to follow existing conventions for architecture-dependent files. The extcap personal folder is now $HOME/.local/lib/wireshark/extcap. Previously it was $XDG_CONFIG_HOME/wireshark/extcap.

    • The "init.lua" file is now loaded from any of the Lua plugin directories. Previously it was loaded from the personal configuration directory. (For backward-compatibility this is still allowed; note that deprecated features may be removed in a future release).

    • Installation of development headers must be done explicitly using the CMake command cmake --install <builddir> --component Development.

    • The Windows build has a new SpeexDSP external dependency (https://www.speex.org). The speex code that was previously bundled has been removed.

    • New --print-timers option added to TShark.
    Removed Features and Support
    • With the addition of the universal and consistent filtering support for column text, the previous support in the -e option to TShark for displaying column text via the column title has been removed in general. Those field names cannot be used elsewhere (as they may not be legal filter names) and create confusion if more than one column has the same title or if a column is renamed. Prefer the column format instead, e.g. "_ws.col.info" for "_ws.col.Info". However, for backwards compatibility with existing tools and scripts, the titles of the default columns can continue to be used with tshark -e (but not elsewhere.)

    • The bundled script "dtd_gen.lua" that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under "Contrib".

    • The Wi-Fi NAN dissector filter name has been changed from 'nan' to 'wifi_nan'.
    New File Format Decoding Support
    RTPDump

    New Protocol Support
    Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol, FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2, IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol - Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB), Non-volatile Memory Express - Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS), SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP), UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), and Zigbee TLV

    Updated Protocol Support
    • JSON: The dissector now has a preference to enable/disable "unescaping" of string values. By default it is off. Previously it was always on.

    • JSON: The dissector now supports "Display JSON in raw form".

    • IPv6: The dissector has a new preference to show some semantic details about addresses (default off).

    • IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.

    • XML: The dissector now supports display character according to the "encoding" attribute of the XML declaration, and has a new preference to set default character encoding for some XML document without "encoding" attribute.

    • SIP: The dissector now has a new preference to set default charset for displaying the body of SIP messages in raw text view.

    • HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register itself in "streaming_content_type" subdissector table for enabling streaming reassembly mode while transferring in chunked encoding. This feature ensures the server stream messages of GRPC-Web over HTTP/1.1 can be dissected even if the last chunk is absent.

    • The media type dissector table now properly treats media types and subtypes as case-insensitive automatically, per RFC 6838. Media types no longer need to be lower cased before registering or looking up in the table.

    • CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection of additional PDU types and TLVs as well as deeper dissection of existing PDUs and TLVs.
    Too many other protocol updates have been made to list them all here.

    New and Updated Codec support
    Adaptive Multi-Rate (AMR), if compiled with opencore-amr.

    Major API Changes
    • Lua function "package.prepend_path" has been removed. If you need it please consider adding your own package.path customization code or installing your dependencies in Wireshark’s default paths.

    • The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to reassemble the streaming data of a high level protocol that is not on top of TCP.

    • Some of the API now uses C99 types instead of GLib types. Issue 19116
     
    Last edited: Nov 16, 2023
  7. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.1 has been released. (03-January-2024)

    Autoupdate or Download | Release Notes |

    What’s New

    Bug Fixes
    The following vulnerabilities have been fixed:

    The following bugs have been fixed:

    • Capture filters not saved to recently used list. Issue 12918.

    • CFM dissector does not handle Sender ID TLV correctly when Chassis ID Length is zero. Issue 13720.

    • OSS-Fuzz 64290: wireshark:fuzzshark_ip: Global-buffer-overflow in dissect_zcl_read_attr_struct. Issue 19490.

    • Overriding capture options set by preference by command line arguments (like -S) doesn’t work. Issue 14549.

    • Segfault when enabling monitor mode on wireless card that falsely claims to support it. Issue 16693.

    • Documented format of temporary file name is out of date in the Wireshark User’s Guide. Issue 18464.

    • Selection highlight lost when interface list is sorted. Issue 19133.

    • HTTP3 malformed packets. Issue 19475.

    • Capture filter compilation fails with obscure error message. Issue 19480.

    • XML: Parsing encoding attribute failed when standalone attribute exists. Issue 19485.

    • Display filter expressions where the protocol name starts with digit and contains a hyphen are rejected. Issue 19489.

    • diameter.3GPP-* display filters not working after upgrade to version 4.2.0. Issue 19493.

    • GigE-vision: Control Protocol shows \"unknown\" as value for ASCII character set. Issue 19494.

    • The HTTP/3 Request Header URI is not correct. Issue 19497.

    • QUIC/TLS not extracting \"h3\" from ALPN in a capture. Issue 19503.

    • Documentation on system requirements should be updated. Issue 19512.

    • 4.2.0: init.lua in subdirectories not loaded anymore. Issue 19516.

    • Malformed SIP/SDP messages: components are not decoded properly. Issue 19518.

    • heuristic_protos do not reset on profile swap. Issue 19520.

    • Wireshark 4.2 crashes on Apply As Column. Issue 19521.

    • NFLOG timestamp is incorrect. Issue 19525.

    • Qt6 Crash (Double Free) When Attempting to Save TCP Stream Graph. Issue 19529.

    • Fixed parsing display filter expressions containing literal OID values, e.g. snmp.name == 1.3.6.1.2.1.1.3.0.
    New and Updated Features
    There are no new or updated features in this release.

    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support


    New and Updated Capture File Support
    There is no new or updated capture file support in this release.

    pcapng: the if_tsoffset option is now supported.
     
  8. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.2 has been released. (04-January-2024)

    Autoupdate or Download | Release Notes |

    What’s New

    Bug Fixes

    This release fixes a software update issue on Windows which causes Wireshark to hang if you are upgrading from version 4.2.0 or 4.2.1. If you are experiencing this issue, you will need to download and install Wireshark 4.2.2 or later.

    The following bugs have been fixed:

    • sharkd is not installed by the Windows installer. Issue 19556.

    • Fuzz job crash output: fuzz-2024-01-01-7740.pcap. Issue 19558.

    • Can’t open a snoop file from the Open dialog box unless I select \"All files\" as the file type. Issue 19565.

    • Add s4607 dissector to \"decode as\" Issue 19566.

    • Updater for 4.2.1 hangs. Issue 19568.
    New and Updated Features
    There are no new or updated features in this release.

    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    RSVP, RTPS, and STANAG 4607

    New and Updated Capture File Support
    There is no new or updated capture file support in this release.
     
  9. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.3 has been released. (14-February-2024)

    Download | Release Notes |

    What’s New
    Bug Fixes
    If you are upgrading to Wireshark 4.2.0 or 4.2.1 on Windows, you will need to download and install Wireshark 4.2.3 or later manually.

    The following bugs have been fixed:

    • Capture start fails when file set enabled and file extension not supplied if directory contains a period. Issue 14614.

    • Cannot drag and move custom filter buttons in toolbar. Issue 19447.

    • Not equal won’t work when used with wlan.addr. Issue 19449.

    • sshdump fails to connect with private key (ssh-rsa) Issue 19510.

    • ChmodBPF installation fails on macOS Sonoma 14.1.2. Issue 19527.

    • Windows installers should check for Windows 8.1. Issue 19569.

    • Fuzz job crash output: fuzz-2024-01-05-7725.pcap. Issue 19570.

    • Fuzz job crash output: fuzz-2024-01-06-7734.pcap. Issue 19578.

    • Incorrect recursion depth assert failure when dissecting a legitimate GOOSE message. Issue 19580.

    • OPC UA - large read request is reported as malformed in 4.2.1 but not in 4.0.12. Issue 19581.

    • TFTP dissector bug type listed as netscii instead of netascii doesn’t show all TFTP packets including TFTP blocks. Issue 19589.

    • SMB1 replies from LAN Drive app only show up as NBSS Continuation Message. Issue 19593.

    • ciscodump - older SSH key exchange algorithms not supported. Issue 19594.

    • Problem decoding LAPB/X.25/FTAM after adding X.75 decoding. Issue 19595.

    • Wireshark Filter not working. Issue 19604.

    • CFLOW: failure to decode 0 length data fields of IPFIX variable length data types. Issue 19605.

    • Copy …as Printable Text Feature Missing in 4.1/4.2. Issue 19607.

    • Export Objects - HTTP is missing some HTTP/2 files in a two-pass analysis. Issue 19609.

    • ASAM-CMP Plugin: Malformed message, length mismatch if vendor defined data of status messages has odd length. Issue 19626.

    • OSS-Fuzz 66561: wireshark:fuzzshark_ip_proto-udp: Null-dereference READ in wmem_map_lookup. Issue 19642.
    New and Updated Features
    There are no new or updated features in this release.

    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    ASAM CMP, CAN, CFLOW, CMIP, CMP, DAP, DICOM, DISP, E2AP, GLOW, GOOSE, GTP, GTPv2, H.225, H.245, H.248, HTTP2, IEEE 1609.2, IEEE 1722, IPv4, IPv6, ISO 15765, ISUP, ITS, Kerberos, LDAP, MMS, NBT, NRUP, openSAFETY, P22, P7, PARLAY, RTMPT, RTP, SCSI, SOME/IP, T.38, TCP, TECMP, TFTP, WOW, X.509if, X.509sat, X.75, X11, Z39.50, and ZigBee Green Power

    New and Updated Capture File Support
    pcap and pcapng
     
  10. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.4 has been released. (27-March-2024)

    Autoupdate or Download | Release Notes |

    What’s New

    Bug Fixes
    If you are upgrading to Wireshark 4.2.0 or 4.2.1 on Windows, you will need to download and install Wireshark 4.2.4 or later by hand.

    The following vulnerabilities have been fixed:

    Additionally, CVE-2024-24478, CVE-2024-24479, and CVE-2024-24476 were recently assigned to Wireshark without any coordination with the Wireshark project. As far as we can determine, each one is based on invalid assumptions and we have requested that they be rejected.

    The following bugs have been fixed:

    • Extcap with configuration never starts; “Configure all extcaps before start of capture.” is shown instead. Issue 18487.

    • Packet Dissection CSV Export includes last column, even if hidden. Issue 19666.

    • Inject TLS secrets closes Wireshark on Windows. Issue 19667.

    • Fuzz job issue: fuzz-2024-02-27-7196.pcap. Issue 19674.

    • Wireshark crashes when adding another port to the HTTP dissector. Issue 19677.

    • Fuzz job issue: fuzz-2024-03-03-7204.pcap. Issue 19685.

    • Fuzz job issue: randpkt-2024-03-05-8004.pcap. Issue 19688.

    • When adding a new row to a table, an error report may be inserted. Issue 19705.

    • '--export-objects' does not work as expected on tshark version later than 3.2.10. Issue 19715.

    • Fuzz job issue: fuzz-2024-03-21-7215.pcap. Issue 19717.
    New and Updated Features
    There are no new or updated features in this release.

    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    5GLI, 6LoWPAN, AFP, AllJoyn, AMQP, ASAP, Babel, BACnet, Banana, BEEP, Bencode, BFCP, BGP, BT BNEP, BT SDP, BT-DHT, BVLC, CFLOW, CIP, CMIP, CMP, COROSYNC/TOTEMSRP, COSE, CQL, CSN.1, DAP, DCCP, DCOM, DHCPv6, DICOM, DISP, DOCSIS MAC MGMT, DOF, DVB-S2, E2AP, EDONKEY, ENRP, ErlDP, Etch, EXTREME MESH, FC-SWILS, GIOP, GLOW, GNW, GOOSE, GQUIC, Gryphon, GSM A-bis OML, GSUP, GTPv2, H.223, H.225.0, H.245, H.248, H.264, H.265, HSMS, ICMPv6, ICQ, IEEE1609dot2, IPP, IPPUSB, ISAKMP, iSCSI, ISIS LSP, ISO 7816, ISUP, ITS, JSON 3GPP, JXTA, Kafka, KINK, KNX/IP, LDAP, LDP, LISP, LISP TCP, LLRP, LwM2M-TLV, M2UA, M3UA, MAC-LTE, MBIM, MMS, MONGO, MPEG PES, MPLS Echo, MQ PCF, MQTT-SN, MS-WSP, MSDP, MsgPack, NAS-5GS, NETLINK, NHRP, OpenFlow, OpenWire, OPSI, OSC, P22, P7, PANA, PIM, PNIO, ProtoBuf, PROXY, Q.2931, QNET, RDP, RESP, RPL, RSL, RSVP, RTLS, RTMPT, RTPS, S7COMM, SCTP, SIMULCRYPT, SMB2, SML, SNA, SNMP, Socks, SolarEdge, SOME/IP, SoulSeek, SUA, T.38, TCAP, TEAP, TFTP, Thread, Thrift, TN5250, USBHID, USBVIDEO, VP9, WASSP, WiMAX ASN CP, WLCCP, WTP, X.509IF, X.509SAT, XML, XMPP, YAMI, Z39.50, and ZigBee ZCL

    New and Updated Capture File Support
    There is no new or updated capture file support in this release.

    Updated File Format Decoding Support
    BLF, JPEG, and RBM
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.5 has been released. (15-May-2024)

    Autoupdate or Download | Release Notes |

    What’s New

    Bug Fixes

    If you are upgrading Wireshark 4.2.0 or 4.2.1 on Windows, you will need to download and install Wireshark 4.2.5 or later by hand.

    The following vulnerabilities have been fixed:

    The following bugs have been fixed:

    • Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. Issue 12932.

    • TCP Stream Window Scaling not working in version 2.6.1 and later. Issue 15016.

    • TCP stream graphs (Window scaling) axis display is confusing. Issue 17425.

    • LUA get_dissector does not give the correct dissector under 32-bit version. Issue 18367.

    • Lua: Segfault when registering a field or expert info twice. Issue 19194.

    • SSH cannot decrypt when KEX is curve25519-sha256@libssh.org. Issue 19240.

    • Wireshark crash related to Lua DissectorTable.heuristic_new() Issue 19603.

    • MATE fails to extract HTTP2 User-Agent header. Issue 19619.

    • Fuzz job issue: fuzz-2024-02-29-7169.pcap. Issue 19679.

    • Fuzz job issue: fuzz-2024-03-02-7158.pcap. Issue 19684.

    • Problem to Decode 5GC-N7 HTTP for payload Application/JSON. Issue 19723.

    • Copying data as C String produces incorrect string. Issue 19735.

    • Incorrect decoding of supported Tx HE-MCS. Issue 19737.

    • reordercap: Fix packet reordering with multiple IDB’s not at the beginning of a pcapng file. Issue 19740.

    • Wrong EPB lengths written if existing pcapng file has epb_hash options. Issue 19766.

    • On Windows, Export Displayed Packets dialog does not have "include depended upon packets" checkbox. Issue 19772.

    • vnd.3gpp.sms binary payload NOT decoded inside HTTP2 5GC. Issue 19773.

    • NAS 5G message container dissection. Issue 19793.

    • Incorrect interpretation of algorithm name in packet-tls-utils.c. Issue 19801.
    New and Updated Features
    There are no new or updated features in this release.

    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    5co_legacy, 5co_rap, BT Mesh, CQL, DOCSIS MAC MGMT, E.212, EPL, FC FZS, GQUIC, GRPC, GSM RP, HTTP2, ICMPv6, IEEE 1905, IEEE 802.11, IPARS, JSON-3GPP, LAPD, LLDP, MATE, MONGO, NAS 5GS, NR-RRC, PER, PFCP, PTP, QUIC, SSH, TIPC, and ZBD

    New and Updated Capture File Support
    BLF and pcapng

    Updated File Format Decoding Support
    There is no updated file format support in this release.
     
  12. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.2.6 has been released. (10-July-2024)

    Autoupdate or Download | Release Notes |


     
  13. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    104,120
    Location:
    U.S.A.
  14. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,709
    Location:
    Philippines
    Code:
    Support for Lua 5.3 and 5.4 has been added, and support for Lua 5.1 and 5.2 has been removed.
    Glad to see this. Wireshark was the only reason I had Lua 5.2.4 installed.
     
  15. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark Announcement / News stable version 4.4.1 has been released. (09-October-2024)

    Autoupdate or Download | Release Notes |

    What’s New
    Bug Fixes
    The following vulnerabilities have been fixed:

    The following bugs have been fixed:

    • Refresh interface during live-capture leads to corrupt interface handling. Issue 11176.

    • Media type “application/octet-stream” registered for both Thread and UASIP. Issue 14729.

    • Extcap toolbar stops working when new interface is added. Issue 19854.

    • Decoding error ITS CPM version 2.1.1. Issue 19886.

    • Build error in 4.3.0: sync_pipe_run_command_actual error: argument 2 is null but the corresponding size argument 3 value is 512004 [-Werror=nonnull] Issue 19930.

    • html2text.py doesn’t handle the <sup> tag. Issue 20020.

    • Incorrect NetFlow v8 TOS AS aggregation dissection. Issue 20021.

    • The Windows packages don’t ship with the IP address plugin. Issue 20030.

    • O_PATH is Linux-and-FreeBSD-specific. Issue 20031.

    • Wireshark 4.4.0 doesn’t install USBcap USBcapCMD.exe in the correct directory. Issue 20040.

    • OER dissector is not considering the preamble if ASN.1 SEQUENCE definition includes extension marker but no OPTIONAL items. Issue 20044.

    • Bluetooth classic L2CAP incorrect dissection with connectionless reception channel. Issue 20047.

    • Profile auto switch filters : Grayed Display Filter Expression dialog box when opened from Configuration Profiles dialog box. Issue 20049.

    • Wireshark 4.4.0 / macOS 14.6.1 wifi if monitor mode. Issue 20051.

    • TECMP Data Type passes too much data to sub dissectors. Issue 20052.

    • Wireshark and tshark 4.4.0 ignore extcap options specified on the command line. Issue 20054.

    • Cannot open release notes due to incorrect path with duplicated directory components. Issue 20055.

    • Unable to open “Release Notes” from the “Help” menu. Issue 20056.

    • No capture interfaces if Wireshark is started from command line with certain paths. Issue 20057.

    • Wireshark 4.4.0 extcap path change breaks third party extcap installers. Issue 20069.

    • Fuzz job UTF-8 encoding issue: fuzz-2024-09-10-7618.pcap. Issue 20071.

    • Unable to create larger files than 99 size units. Issue 20079.

    • Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring. Issue 20082.

    • PRP trailer not shown for L2 IEC 61850 GOOSE packets in 4.4.0 (was working in 4.2.7) Issue 20088.

    • GUI lags because NetworkManager keeps turning 802.11 monitor mode off. Issue 20090.

    • Error while getting Bluetooth application process id by <shell:ps -A | grep com.*android.bluetooth> Issue 20100.

    • Fuzz job assertion: randpkt-2024-10-05-7200.pcap. Issue 20110.
    New and Updated Features
    • The TShark syntax for dumping only fields with a certain prefix has changed from -G fields prefix to -G fields,prefix. This allows tshark -G fields to again support also specifying the configuration profile to use.
    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    AppleTalk, ARTNET, BGP, BT L2CAP, CIGI, CIP Motion, CoAP, COSE, DISTCC, DMP, Ethernet OAM PDU, F5 FILEINFO, GIOP, GOOSE, GSM Management, GSM SIM, GTP, HTTP, HTTP2, ID3v2, IDN, IEEE 1609.2, IEEE 802.11, IPPUSB, iRDMA, ISystemActivator, ITS, Kerberos, LwM2M-TLV, MMS, MQ, MySQL, NCP SSS, NetFlow, OER, OWAMP, QNET, RELOAD Framing, RTCP, RTLS, SANE, SMB2, SSyncP, Sysdig Event, T.124, TECMP, Thread, Thrift, and TWAMP

    New and Updated Capture File Support
    BLF, CLLOG, CommView, ERF, and pcap

    Updated File Format Decoding Support
    There is no updated file format support in this release.
     
  16. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    2,188
    Location:
    .
    Wireshark stable version 4.4.2 has been released. (20-November-2024)

    | Home | Announcement / News | Autoupdate or Download | Release Notes | Blog | FAQ | User's Guide | Repository |


    What’s New
    Bug Fixes


    The following vulnerabilities have been fixed:

    The following bugs have been fixed:

    • CIP I/O is not detected by the “enip” filter anymore. Issue 19517.

    • Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041.

    • OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp: Index-out-of-bounds in DOFObjectID_Create_Unmarshal. Issue 20065.

    • JA4_c hashes an empty field to e3b0c44298fc when it should be 000000000000. Issue 20066.

    • Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone Mirroring. Issue 20082.

    • PTP analysis loses track of message associations in case of sequence number resets. Issue 20099.

    • USB CCID: response packet in case SetParameters command is unsupported is flagged as malformed. Issue 20107.

    • dumpcap crashes when run from TShark with a capture filter. Issue 20108.

    • SRT dissector: The StreamID (SID) in the handshake extension is displayed without regarding the control characters and with NUL as terminating. Issue 20113.

    • Ghost error message on POP3 packets. Issue 20124.

    • Building against c-ares 1.34 fails. Issue 20125.

    • D-Bus is not optional anymore. Issue 20126.

    • macOS Intel DMGs aren’t fully notarized. Issue 20129.

    • Incorrect name for MLD Capabilities and Operations Present flag in dissection of MLD Capabilities for MLO wifi-7 capture. Issue 20134.

    • CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed Packet] Issue 20142.

    • Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156.

    • BACnet ReadPropertyMultiple request Maximum allowed recursion depth reached. Issue 20159.

    • Statistics→I/O Graph crashes when using simple moving average. Issue 20163.

    • HTTP2 body decompression fails on DATA with a single padded frame. Issue 20167.

    • Compiler warning for ui/tap-rtp-common.c (ignoring return value) Issue 20169.

    • SIP dissector bug due to “be-route” param in VIA header. Issue 20173.

    • Coredump after trying to open 'Follow TCP stream' Issue 20174.

    • Protobuf JSON mapping error. Issue 20182.

    • Display filter “!stp.pvst.origvlan in { vlan.id }" causes a crash (Version 4.4.1) Issue 20183.

    • Extcap plugins shipped with Wireshark Portable are not found in version 4.4.1. Issue 20184.

    • IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon frame. Issue 20187.

    • Wireshark 4.4.1 does not decode RTCP packets. Issue 20188.

    • Qt: Display filter sub-menu can only be opened on the triangle, not the full name. Issue 20190.

    • Qt: Changing the display filter does not update the Conversations or Endpoints dialogs. Issue 20191.

    • MODBUS Dissector bug. Issue 20192.

    • Modbus dissector bug - Field Occurrence and Layer Operator modbus.bitval field. Issue 20193.

    • Wireshark crashes when a field is dragged from packet details towards the find input. Issue 20204.

    • Lua DissectorTable(“") : set (“10,11”) unexpected behavior in locales with a comma as decimal separator. Issue 20216.
    The TCP dissector no longer falls back to using the client port as a criterion for selecting a payload dissector when the server port does not select a payload dissector (except for port 20, active FTP). This behavior can be changed using the “Client port dissectors” preference.

    Display filters now correctly handle floating-point conversion errors.

    The Lua API now has better support for comma-separated ranges in different locales.

    New and Updated Features
    • The TShark syntax for dumping only fields with a certain prefix has changed from -G fields prefix to -G fields,prefix. This allows tshark -G fields to again support also specifying the configuration profile to use.
    New Protocol Support
    There are no new protocols in this release.

    Updated Protocol Support
    ARTNET, ASN.1 PER, BACapp, BT BR/EDR, CQL, DOF, ECMP, ENIP, FiveCo RAP, Frame, FTDI FT, HSRP, HTTP/2, ICMPv6, IEEE 802.11, MBTCP, MMS, MPEG PES, PN-DCP, POP, ProtoBuf, PTP, RPC, RTCP, SIP, SRT, Syslog, TCP, UMTS RLC, USB CCID, Wi-SUN, and ZigBee ZCL

    New and Updated Capture File Support
    BLF

    Updated File Format Decoding Support
    There is no updated file format support in this release.
     
    Last edited: Nov 21, 2024
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.