Thursday, October 10, 2024
HomeCyber Security NewsWireshark 4.2.0 Released: What's New!

Wireshark 4.2.0 Released: What’s New!

Published on

Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis.

Network administrators and security experts use packet analyzers like Wireshark to examine network packets and find solutions, which makes it a useful tool for businesses in a wide range of sectors.

What’s new in Wireshark 4.2.0?

Wireshark 4.2.0 has several new features and updates, such as:

- Advertisement - EHA
  • Wireshark supports dark mode on Windows.
  • A Windows installer for Arm64 has been added.
  • Packet list sorting has been improved.
  • Wireshark and TShark are now better at generating valid UTF-8 output.
  • A new display filter feature for filtering raw bytes has been added.
  • Display filter autocomplete is smarter about not suggesting invalid syntax.
  • Tools › MAC Address Blocks can look up a MAC address in the IEEE OUI registry.
  • The enterprises, manuf, and services configuration files have been compiled for improved start-up times.
  • The installation target no longer installs development headers by default.
  • The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
  • Wireshark can be compiled on Windows using MSYS2. 
  • Wireshark can be cross-compiled for Windows using Linux.
  • Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
  • Windows installer file names now have the format Wireshark-<version>-<architecture>.exe.
  • Wireshark now supports the Korean language.
  • RTPDump is the new file format decoding.

Bug Fixes

The following issues have been addressed:

  • RTP players do not play audio frequently on Windows builds with Qt6 (Issue 18413)
  • The playback marker does not move after resuming with Qt6 (Issue 18510)

Removed Features and Support

  • The prior support in the TShark -e option for showing column text via the column title has been removed generally with the addition of universal and consistent filtering support for column text.
  • The bundled script “dtd_gen.lua” that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under “Contrib”.
  • The Wi-Fi NAN dissector filter name has been changed from ‘nan’ to ‘wifi_nan’.

New Protocol Support

Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol.

FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2.

IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low-Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol – Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB).

Non-volatile Memory Express – Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS).

SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP).

UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), Zigbee TLV.

Updated Protocol Support

JSON: The dissector now has a preference to enable/disable the “unescaping” of string values.

JSON: The dissector now supports “Display JSON in the raw form.

IPv6: The dissector has a new preference to show some semantic details about addresses (default off).

IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.

XML: The dissector now supports display characters according to the “encoding” attribute of the XML declaration and has a new preference to set the default character encoding for some XML documents without the “encoding” attribute.

SIP: The dissector now has a new preference to set the default charset for displaying the body of SIP messages in raw text view.

HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register themselves in the “streaming_content_type” sub-dissector table to enable streaming reassembly mode while transferring in chunked encoding. 

CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec.

New and Updated Codec support

  • Adaptive Multi-Rate (AMR), if compiled with opencore-amr.

Major API Changes

  • Lua function “package.prepend_path” has been removed.
  • Added reassemble_streaming_data_and_call_subdissector() API for easier reassembly of non-TCP high-level protocol streaming data.
  • Some of the API now uses C99 types instead of GLib types.

Installation packages and the source code for Wireshark can be downloaded from.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...