Wireshark 4.0 Released as World’s Most Popular Network Protocol Analyzer

Wireshark 4.0

Wireshark, the world’s most popular and widely-used open-source and cross-platform network protocol analyzer, has been updated to version 4.0, a major release that adds support for new protocols and other changes.

Major highlights of the Wireshark 4.0 release include a more powerful display filter syntax with support for many new extensions, redesigned Conversation and Endpoint dialogs, updated main window layout with side by side Packet Detail and Packet Bytes sections underneath the Packet List pane, improved Hex dump imports, as well as faster and greatly improved MaxMind geolocation.

This release also introduces a new address type AT_NUMERIC that allows simple numeric addresses for protocols that don’t have a more common-style address approach, support for fake headers in the HTTP2 dissector to parse the DATAs of streams that are captured without first HEADERS frames of a long-lived stream, and support for Mesh Connex (MCX) in the IEEE 802.11 dissector.

Wireshark 4.0 also brings support for ASA, IOS, and IOS-XE remote capturing to ciscodump, support for displaying JSON mapping for Protobuf messages, the ability to set extcap passwords in tshark and other command-line tools, as well as support for the Extcap configuration dialog to support and remembers empty strings and password items during runtime so you can run extcaps multiple times.

Other noteworthy changes include an updated “Capture Options” dialog that now contains the same configuration icon as the Welcome Screen, replacement of the ‘v’ (lower case) and ‘V’ (upper case) switches with editcap and mergecap to match other command line utilities, and support for sorting active interfaces first and only display sparklines in the interface list on the Welcome page.

Wireshark 4.0 also adds support for new network protocols, including Allied Telesis Loop Detection (AT LDF), AUTOSAR I-PDU Multiplexer (AUTOSAR I-PduM), DTN Bundle Protocol Security (BPSec), DTN Bundle Protocol Version 7 (BPv7), DTN TCP Convergence Layer Protocol (TCPCL), DVB Selection Information Table (DVB SIT), Enhanced Cash Trading Interface 10.0 (XTI), and Enhanced Order Book Interface 10.0 (EOBI).

In addition, the Enhanced Trading Interface 10.0 (ETI), FiveCo’s Legacy Register Access Protocol (5co-legacy), Generic Data Transfer Protocol (GDT), gRPC Web (gRPC-Web), Host IP Configuration Protocol (HICP), Huawei GRE bonding (GREbond), Locamation Interface Module (IDENT, CALIBRATION, SAMPLES – IM1, SAMPLES – IM2R0), Mesh Connex (MCX), and Microsoft Cluster Remote Control Protocol (RCP) protocol are also supported.

Open Control Protocol for OCA/AES70 (OCP.1), Protected Extensible Authentication Protocol (PEAP), Realtek, REdis Serialization Protocol v2 (RESP), Roon Discovery (RoonDisco), Secure File Transfer Protocol (sftp), Secure Host IP Configuration Protocol (SHICP), SSH File Transfer Protocol (SFTP), USB Attached SCSI (UASP), and ZBOSS Network Coprocessor product (ZB NCP) protocols are supported as well in Wireshark 4.0.

Under the hood, Wireshark 4.0 makes use of CMake 3.10, Qt 5.12, Python 3.6.0, GLib 2.50.0, GnuTLS 3.5.8, libgcrypt 1.8.0, c-ares 1.13.0, Nghttp2 1.11.0, as well as a system compiler with C11 support. In addition, Wireshark now requires the PCRE2 library, and Perl is no longer required.

For more details about the changes implemented in this major release, check out the full release notes. Meanwhile, you can download Wireshark 4.0 from the official website if you fancy compiling it on your GNU/Linux distribution, install it as a Flatpak app from Flathub, or wait for it to arrive in the stable software repositories of your distro.

Last updated 1 year ago

Buy Me a Coffee at ko-fi.com