Wireshark 4.4.0 Released – What’s New!

The Wireshark Foundation has announced the release of Wireshark 4.4.0, marking a significant update to the popular open-source network protocol analyzer.

This latest version introduces a range of new features, improvements, and bug fixes, enhancing the tool’s capabilities in network analysis.

Enhanced Graphing Capabilities

One of the standout features of Wireshark 4.4.0 is the comprehensive overhaul of its graphing dialogs.

The I/O Graphs, Flow Graph/VoIP Calls, and TCP Stream Graphs have all received substantial updates.

Thanks to these enhancements, users can now enjoy more precise and flexible visualization options.

The I/O Graphs dialog, in particular, now supports intervals as small as 1 microsecond and can handle up to 33 million graph items.

Memory utilization has been optimized, and the graph is more intelligent about when to retap, recalculate, or replot data.

Additionally, users can reorder graphs by drag-and-drop, and the legend can be repositioned to different corners of the graph, providing a more customizable experience.

Advanced Display Filter Capabilities

Wireshark 4.4.0 also brings significant enhancements to display filter functionality. These improvements include better handling of comparisons with value strings, support for regular expression matching, and the ability to perform arithmetic operations on date and time values.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

New functions have been added to test IP address properties and convert unsigned integer types. Display filter functions can now be implemented as libwireshark plugins, allowing for greater extensibility.

A significant upgrade in this release is the ability to define custom columns using any valid field expression, including display filter functions, arithmetic calculations, packet slices, and logical tests. This provides users with unprecedented flexibility in data presentation and analysis.

The NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows a denial of service via packet injection or a crafted capture file. The issue is fixed with versions 4.2.7 and 4.0.17.

Performance Improvements and New Protocol Support

Wireshark 4.4.0 introduces several performance enhancements that improve the overall user experience.

The software can now be built with zlib-ng instead of zlib, offering substantially faster compressed file support.

Capture files can also be saved with LZ4 compression, emphasizing speed and supporting fast random access.

Additionally, adding interfaces at startup is now about twice as fast, with fewer UAC pop-ups on Windows systems.

The release also includes support for several new protocols, such as Allied Telesis Resiliency Link, ATN Security Label, and Bit Index Explicit Replication (BIER).

Numerous existing protocol dissectors have been updated for more accurate and comprehensive analysis.

Wireshark 4.4.0 represents a significant step forward in network analysis capabilities, offering enhanced visualization, more powerful filtering, and improved performance.

Users can download the latest version from the official Wireshark website and explore new features and improvements.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial