Saturday, December 7, 2024
Homecyber securityWireshark 4.4.2 Released: What's New!

Wireshark 4.4.2 Released: What’s New!

Published on

SIEM as a Service

The Wireshark Foundation has officially announced the release of Wireshark 4.4.2, the latest version of the world’s most popular network protocol analyzer.

Wireshark is wide use in troubleshooting, analysis, development, and educational purposes, Wireshark continues to be a vital tool for network professionals and enthusiasts.

The nonprofit Wireshark Foundation, which promotes protocol analysis education, emphasizes the importance of community contributions to sustain its work.

- Advertisement - SIEM as a Service

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Major Bug Fixes and Security Updates

The release focuses on resolving several security vulnerabilities and bugs:

Security Fixes

  • wnpa-sec-2024-14: Fixed an infinite loop issue in the FiveCo RAP dissector (Issue 20176).
  • wnpa-sec-2024-15: Resolved a crash in the ECMP dissector (Issue 20214).

Notable Bug Fixes

  • Resolved an issue where CIP I/O was no longer detected by the “enip” filter (Issue 19517).
  • Fixed crashes related to dumpcap when run from TShark with a capture filter (Issue 20108).
  • Corrected improper parsing of Wi-Fi 256 Block Ack (BA) frames (Issue 20156).
  • Addressed a crash when using the “Follow TCP stream” feature (Issue 20174).
  • Fixed decompression failures for HTTP/2 bodies with padded frames (Issue 20167).
  • Corrected statistics-related crashes in the I/O Graph when using the simple moving average (Issue 20163).
  • Enhanced stability for macOS users by addressing interface disconnections and DMG notarization issues (Issues 20082 and 20129).

Other fixes included improvements to protocol dissectors such as SIP (Session Initiation Protocol), Modbus, and USB CCID, along with addressing various user interface issues, including crashes when dragging fields in the packet details view.

New Features and Updates

While no new protocols were introduced in this version, several existing protocols received updates, including:

  • Updated Protocol Support: ARTNET, BACapp, HTTP/2, IEEE 802.11, SIP, TCP, and more.
  • Improved Capture File Support: Enhanced BLF file decoding.

Additionally, display filters now handle floating-point conversion errors more accurately, and the Lua API has been updated to support comma-separated ranges in various locales.

TShark Syntax Changes

A notable improvement for TShark users is the updated syntax for dumping fields with a specific prefix. The command has been changed from -G fields prefix to -G fields,prefix, allowing more flexibility and compatibility with configuration profiles.

Previous Enhancements in Wireshark 4.4.0

Released earlier, Wireshark 4.4.0 introduced several significant improvements:

  • Automatic profile switching, enabling Wireshark to adapt profiles based on captured file filters.
  • Support for Lua 5.3 and 5.4, enhancing scripting capabilities.
  • Custom column creation using advanced field expressions, arithmetic calculations, and protocol modifiers.

The 4.4.0 version also boasted performance improvements, such as building with zlib-ng for faster compressed file handling.

How to Get Wireshark 4.4.2

Wireshark’s source code and installation packages are available for download at wireshark.org/download. Linux and Unix users can also check their platform-specific package management systems for updates.

With its focus on reliability and security, Wireshark 4.4.2 is a recommended update for all users.

Those interested in supporting the project can do so by visiting wiresharkfoundation.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...