Tuesday, December 24, 2024
Homecyber securityWireShark 4.0.0 Released - What's New!!

WireShark 4.0.0 Released – What’s New!!

Published on

SIEM as a Service

There are several open-source packet analyzers available, but Wireshark is among the most popular. Moreover, the application has been upgraded to version 4.0.0 and comes with multiple new features and fixes.

It is not only network administrators who use Wireshark packet analyzers to analyze packets, but also security analysts to analyze packets.

Wireshark network protocol analyzer can be used for the following primary purposes:-

- Advertisement - SIEM as a Service
  • Troubleshooting
  • Analysis
  • Development
  • Education

An array of organizations use the tool to manage their business activities related to their business, and it has been adopted by organizations of all sizes.

What’s New?

The official Windows 32-bit package of Wireshark is no longer being distributed with the release of this version. Here below we have mentioned all the new additions:-

  • With many new extensions available, the display filter syntax has become much more powerful.
  • Redesigns have been made to the Conversation and Endpoint dialogs.
  • Packet Detail and Packet Bytes are now displayed underneath the Packet List pane in the default layout for the main window.
  • A number of improvements have been made to the hex dump import from Wireshark and from text2pcap.
  • A great deal of improvement has been made in the performance of using MaxMind geolocation.

New and Updated Features

In this latest release, Here below we have mentioned all the new and updated features:-

  • The macOS packages now ship with Qt 6.2.4 and require macOS 10.14. They previously shipped with Qt 5.15.3.
  • The Windows installers now ship with Npcap 1.71. They previously shipped with Npcap 1.70.
  • The Windows installers now ship with Npcap 1.70. They previously shipped with Npcap 1.60.
  • The ‘v’ (lower case) and ‘V’ (upper case) switches have been swapped for editcap and mergecap to match the other command line utilities.
  • The ip.flags field is now only the three high bits, not the full byte. Display filters and Coloring rules using the field will need to be adjusted.
  • New address type AT_NUMERIC allows simple numeric addresses for protocols which do not have a more common-style address approach, analog to AT_STRINGZ.
  • The Conversation and Endpoint dialogs have been redesigned.
  • The Windows installers now ship with Qt 6.2.3. They previously shipped with Qt 6.2.4.
  • The Windows installers now ship with Npcap 1.60. They previously shipped with Npcap 1.55.
  • The Windows installers now ship with Qt 6.2.4. They previously shipped with Qt 5.12.2.
  • The display filter syntax has been updated and enhanced.The default main window layout has been changed so that the Packet Detail and Packet Bytes are side by side underneath the Packet List pane.
  • The HTTP2 dissector now supports using fake headers to parse the DATAs of streams captured without first HEADERS frames of a long-lived stream (such as a gRPC streaming call which allows sending many request or response messages in one HTTP2 stream). Users can specify fake headers using an existing stream’s server port, stream id and direction.
  • The IEEE 802.11 dissector supports Mesh Connex (MCX).
  • The “Capture Options” dialog contains the same configuration icon as the Welcome Screen. It is now possible to configure interfaces there.
  • The “Extcap” dialog remembers password items during runtime, which makes it possible to run extcaps multiple times in row without having to reenter the password each time. Passwords are never stored on disk.
  • It is possible to set extcap passwords in tshark and other CLI tools.
  • The extcap configuration dialog now supports and remembers empty strings. There are new buttons to reset values back to their defaults.
  • Support to display JSON mapping for Protobuf message has been added.
  • macOS debugging symbols are now shipped in separate packages, similar to Windows packages.
  • In the ZigBee ZCL Messaging dissector the zbee_zcl_se.msg.msg_ctrl.depreciated field has been renamed to zbee_zcl_se.msg.msg_ctrl.deprecated
  • The interface list on the welcome page sorts active interfaces first and only displays sparklines for active interfaces. Additionally, the interfaces can now be hidden and shown via the context menu in the interface list
  • The Event Tracing for Windows (ETW) file reader now supports displaying IP packets from an event trace logfile or an event trace live session.
  • ciscodump now supports IOS, IOS-XE and ASA remote capturing.
  • The PCRE2 library is now required to build Wireshark.
  • You must now have a compiler with C11 support in order to build Wireshark.

New Protocol Support

Here below we have mentioned all the new supported protocols:-

  • Allied Telesis Loop Detection (AT LDF)
  • AUTOSAR I-PDU Multiplexer (AUTOSAR I-PduM)
  • DTN Bundle Protocol Security (BPSec)
  • DTN Bundle Protocol Version 7 (BPv7)
  • DTN TCP Convergence Layer Protocol (TCPCL)
  • DVB Selection Information Table (DVB SIT)
  • Enhanced Cash Trading Interface 10.0 (XTI)
  • Enhanced Order Book Interface 10.0 (EOBI)
  • Enhanced Trading Interface 10.0 (ETI)
  • FiveCo’s Legacy Register Access Protocol (5co-legacy)
  • Generic Data Transfer Protocol (GDT)
  • gRPC Web (gRPC-Web)
  • Host IP Configuration Protocol (HICP)
  • Huawei GRE bonding (GREbond)
  • Locamation Interface Module (IDENT, CALIBRATION, SAMPLES – IM1, SAMPLES – IM2R0)
  • Mesh Connex (MCX)
  • Microsoft Cluster Remote Control Protocol (RCP)
  • Open Control Protocol for OCA/AES70 (OCP.1)
  • Protected Extensible Authentication Protocol (PEAP)
  • Realtek
  • REdis Serialization Protocol v2 (RESP)
  • Roon Discovery (RoonDisco)
  • Secure File Transfer Protocol (sftp)
  • Secure Host IP Configuration Protocol (SHICP)
  • SSH File Transfer Protocol (SFTP)
  • USB Attached SCSI (UASP)
  • ZBOSS Network Coprocessor product (ZB NCP)

API Changes

Here below we have mentioned all the major API changes:-

  • proto.h: The field display types “STR_ASCII” and “STR_UNICODE” have been removed. Use “BASE_NONE” instead.
  • proto.h: The field display types for floats have been extended and refactored. The type BASE_FLOAT has been removed. Use BASE_NONE instead. New display types for floats are BASE_DEC, BASE_HEX, BASE_EXP and BASE_CUSTOM.
  • The Wireshark Lua API now uses the lrexlib bindings to PCRE2. Code using the Lua GRegex module will have to be updated to use lrexlib-pcre2 instead. In most cases the API should be compatible and the conversion just requires a module name change.
  • The tap registration system has been updated and the list of arguments for tap_packet_cb has changed. All taps registered through register_tap_listener have to be updated.
  • Perl is no longer required to build Wireshark, but may be required to build some source code files and run code analysis checks.

In order to benefit from the improved performance and outputs of Wireshark, it is highly recommended that users update their Wireshark version as soon as possible.

Moreover, if you would like to get the latest version of the application, you can download it from the following link.

Training Course: Complete Wireshark Network Analysis Bundle – Hands-on course provides complete network analysis Training using Wireshark.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Node.js systeminformation Package Vulnerability Exposes Millions of Systems to RCE Attacks

A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing...

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...