The Wireshark Foundation has announced the release of Wireshark 4.4.3, the latest version of the world’s most popular network protocol analyzer.
This update brings a host of bug fixes and protocol support improvements, enhancing the tool’s capabilities for network troubleshooting, analysis, development, and education.
Wireshark is a powerful, open-source network analysis tool that allows users to capture and inspect network traffic. It is a powerful tool enabling users to capture, analyze, and troubleshoot network traffic.
Wireshark allows seeing what’s happening on the network at a microscopic level by analyzing the data packets flowing through the network interface. It has a user-friendly GUI with filters, color coding, graphs, and other features for traffic analysis.
Numerous protocols are supported, including IP, TCP, UDP, HTTP, SSL/TLS, FTP, DNS, DHCP, and many more.
As a result, it is possible to analyze the traffic of numerous network applications and obtain specific information about packets, such as header information, payload data, host conversations, top talkers, etc.
Wireshark can capture data from network interfaces, including Ethernet, Wi-Fi, and Bluetooth. Users can view the captured data at various levels, from high-level protocol summaries to detailed packet-level analyses.
Key Bug Fixes
Wireshark 4.4.3 addresses several critical issues:
- Resolved a potential mismatch in the GSM MAP dissector for uncertainty radius and its filter key.
- Fixed decoding problems with Macro eNodeB ID and Extended Macro eNodeB ID in User Location Information.
- Corrected the NFSv2 Dissector’s mode decoding for Character Special File and Directory.
- Addressed an issue with CMake incorrectly discovering Strawberry Perl’s zlib DLL.
- Fixed VOIP Calls call flow displaying hours incorrectly.
- Resolved a fuzz job issue related to a specific packet capture file.
- Corrected the sFlow dissector’s incorrect length passed to the header sample dissector.
- Addressed a linking issue with wsutil against -lm due to missing fabs() when built with -fno-builtin.
While no new protocols were added in this release, Wireshark 4.4.3 brings significant updates to existing protocol support:
- Updated Protocols: The release includes improvements for a wide range of protocols, such as ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF, ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2, ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES, NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC, RPC, RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL.
Wireshark 4.4.3 maintains its robust file format support:
- Capture File Support: The update includes support for CLLog EMS ERF files.
- File Format Decoding: No changes were made to file format decoding in this release.
Security Enhancements
The Wireshark team continues to prioritize security, addressing vulnerabilities found in previous versions:
- Fixed a FiveCo RAP dissector infinite loop vulnerability (wnpa-sec-2024-14).
- Resolved an ECMP dissector crash issue (wnpa-sec-2024-15).
Wireshark 4.4.3 builds upon the improvements introduced in version 4.4.0:
- Automatic Profile Switching: Users can now associate display filters with configuration profiles, allowing Wireshark to automatically switch profiles based on the opened capture file.
- Enhanced Display Filters: Improved support for value strings and the ability to implement display filter functions as plugins.
- Custom Columns and Output Fields: Users can define custom columns and output fields using any valid field expression, offering greater flexibility in data presentation.
As Wireshark continues to evolve, users can expect ongoing improvements in performance, security, and protocol support.
The Wireshark Foundation encourages users to contribute to the project, either through code contributions or financial support, to help maintain and advance this essential network analysis tool.
For network administrators, security professionals, and developers working with network protocols, Wireshark 4.4.3 represents a significant step forward in capabilities and reliability.
Users are encouraged to update to the latest version to take advantage of these improvements and ensure they have the most secure and feature-rich version of the software.
Wireshark 4.4.3 is available for download from the official Wireshark website. As always, users have the option to download the source code or installation packages for their specific operating systems.