Wireshark 4.4.8 Released With Bug Fixes and Updated Protocol Support

Wireshark Foundation has announced the availability of Wireshark 4.4.8, the latest maintenance release of the world’s most widely used network-protocol analyzer.

Although the update does not introduce brand-new protocols, it delivers a focused package of stability improvements, expanded dissector capabilities, and quality-of-life fixes that will be immediately valuable to network engineers, security analysts, and developers.

Wireshark 4.4.8 is as a “bug-fix” release, but the changelog is far from trivial. Ten distinct issues have been closed, ranging from crashes to protocol-specific decoding errors.

High on the list is a fix for an annoyance that left Wireshark “completely stuck” during start-up when the androiddump extcap interface failed to receive packets, forcing users to kill the application and restart their capture sessions.

Another critical patch corrects a decryption regression that prevented renegotiated DTLS sessions from being decoded, restoring visibility into many IoT and VoIP traffic flows.

Several crashes uncovered by fuzz-testing have also been squashed, including a UTF-8 handling fault in fuzz-generated PCAP files and a Lua-triggered crash that could occur when opening a packet in a new window after reloading plugins.

Protocol specialists will welcome fixes in domain-specific dissectors as well: the UDS automotive diagnostic dissector now handles ReadDataByPeriodicIdentifier responses correctly, and DNP3 time-stamp handling has been extended beyond the Year 2038 epoch boundary, an early Y2038 compliance win.

Updated protocol Support

Wireshark’s strength has always been its breadth of protocol coverage, and 4.4.8 refines that portfolio. Existing dissectors for ASTERIX, DLT, DNP 3.0, DOF, DTLS, ETSI CAT, Gryphon, IPsec, ISObus VT, Kerberos 5, MBIM, RTCP, SLL, STCSIG, TETRA, UDS and URL-encoded form data have been enhanced for greater accuracy and resilience.

As usual, each improvement filters downstream to command-line sibling TShark and to scripts that rely on the same dissection engine.

Capture-file handling has inched forward as well: the pcapng reader now tolerates corner cases that previously yielded malformed-file errors, ensuring analysts can load traces produced by an even wider variety of capture tools without manual cleaning.

The 4.4.x branch has been unusually busy since its debut in late 2024. Earlier point releases patched security vulnerabilities (such as CVE-2025-5601), introduced automatic profile switching, and overhauled graphing dialogs.

By contrast, 4.4.8 plays the steadying hand, consolidating months of feedback from enterprise users, packet-analysis instructors and OSS-Fuzz automation to deliver a smoother daily-driver build while the development team advances the forthcoming 4.6 feature release.

Source code and installers for Windows, macOS, and multiple Linux distributions can be downloaded immediately from the Download Page.

Most mainstream Unix and Linux vendors are expected to push 4.4.8 packages to their repositories within days; users impatient for the fixes can build from source or use the official community PPA and Homebrew taps.

Wireshark is maintained by a small non-profit foundation that relies heavily on corporate sponsorships and individual contributions. The team encourages users who benefit from this release to give back, whether through code, protocol sample captures, documentation edits, or financial donations.

The release may not carry headline-grabbing features, but by eliminating crashes, removing decoding blind spots, and future-proofing critical timestamps, it sharpens the tool many practitioners open first when a packet-level mystery needs solving.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now