The Wireshark Foundation has announced the release of Wireshark 4.4.4, the latest iteration of the world’s most widely used network protocol analyzer.
This update focuses on enhancing stability, refining protocol dissectors, and addressing critical security vulnerabilities, cementing Wireshark’s position as an indispensable tool for network professionals and researchers.
Security and Stability Enhancements
The release addresses a critical vulnerability (wnpa-sec-2025-01) affecting the Bundle Protocol and CBOR dissector, which previously risked crashes, infinite loops, and memory leaks during packet analysis.
This patch reinforces Wireshark’s security posture, ensuring safer handling of specialized network protocols.
Several persistent crashes have been resolved, including an interface toolbar regression that disrupted extcap plugin functionality and a sorting-related crash during live captures with active display filters.
The update also fixes a Windows-specific Android packet capture issue where the extcap plugin prematurely terminated connections during lulls in network activity, improving reliability for mobile traffic analysis.
Protocol Dissector Improvements
While no new protocols were added, Wireshark 4.4.4 significantly upgrades dissection accuracy for 13 key protocols.
The DNS dissector now avoids crashes when processing malformed queries with zero question records, while the JA4 TLS fingerprinting system correctly handles empty cipher suites—a crucial fix for security analysts tracking threat actors.
MQTT v5.0 property length calculations and TECMP lifecycle timestamps have also been corrected, ensuring precise industrial protocol analysis.
The TCP dissector received targeted optimizations to prevent invalid boolean value errors flagged by OSS-Fuzz, highlighting Wireshark’s commitment to protocol parsing robustness.
These updates complement broader refinements to WebSocket, RTP, and ITS protocol support, enabling more accurate reconstruction of modern communication workflows.
File Format and Platform-Specific Fixes
Capture file compatibility expands with updated support for CLLog, EMS, and ERF formats, benefiting automotive and telecommunications sectors.
Platform-specific adjustments include resolving a DNS resolution bug affecting custom “hosts” file configurations in TShark and fixing build failures on Ubuntu’s upcoming 25.04 release.
This release follows Wireshark’s recent interface improvements, including automatic profile switching based on display filters and enhanced Lua 5.4.6 integration.
The Wireshark Foundation emphasizes community-driven development, inviting organizations to contribute through sponsorships or code commitments at wiresharkfoundation.org.
Network administrators and security teams are advised to upgrade immediately to leverage these stability improvements, particularly when analyzing complex protocol interactions or processing extended capture sessions.
The update underscores Wireshark’s dual focus on cutting-edge protocol support and enterprise-grade reliability, maintaining its 25-year legacy as the gold standard for network analysis.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here
