Mar 28 2024

Wireshark 4.2.4 Released: What’s New!

Category: Network securitydisc7 @ 8:54 am

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education.

The latest update, Wireshark 4.2.4, includes a host of fixes and updates to further cement its position as the go-to tool for network professionals and enthusiasts alike.

This release underscores the Wireshark Foundation’s commitment to advancing protocol analysis education, a mission supported by contributions from the global community.

Addressing Vulnerabilities And Enhancements

Fixed Vulnerabilities

The Wireshark team has diligently addressed several vulnerabilities in this release, notably:

  • wnpa-sec-2024-06 T.38 Dissector Crash (CVE-2024-2955): A critical fix that prevents crashes related to the T.38 protocol dissection, enhancing the stability and security of the application.

Contested CVEs

Wireshark has also been the subject of CVEs assigned without coordination with the project, specifically CVE-2024-24478CVE-2024-24479, and CVE-2024-24476.

The Wireshark team has contested these, stating they are based on invalid assumptions, and has requested their rejection, showcasing the team’s proactive stance on security matters.

Bug Fixes

The 4.2.4 update addresses a variety of bugs, improving user experience and software reliability:

  • Issues with Extcap configuration not starting and TLS secrets injection causing crashes on Windows have been resolved.
  • To ensure smoother operation and analysis, fixes have been made for packet dissection CSV export, HTTP dissector port addition, and various fuzz job issues.
  • An error related to adding new rows to tables has been corrected alongside the ‘–export-objects’ functionality in shark versions later than 3.2.10.

Protocol And Feature Updates

While this release does not introduce new features or protocols, it significantly updates support for many existing protocols, including but not limited to 5GLI, BGP, DHCPv6, and ZigBee ZCL.

This comprehensive update ensures that Wireshark remains at the forefront of protocol analysis, capable of handling the latest network communication standards.

Installation And Support

Wireshark 4.2.4 can be downloaded from the official Wireshark website, and detailed instructions for installation across various platforms are available.

Manual installation of this update is required for users upgrading from versions 4.2.0 or 4.2.1 on Windows.

Most Linux and Unix distributions provide Wireshark packages through their native package management systems, making installation or upgrade seamless.

For specific file locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries, users can refer to the Help section within Wireshark or use the tshark -G folders command.

Wireshark 4.2.4 exemplifies the ongoing dedication of the Wireshark Foundation and its global community to enhance the utility and security of the world’s premier network protocol analyzer.

This release ensures that Wireshark remains an indispensable tool for network professionals and enthusiasts by addressing critical vulnerabilities, fixing bugs, and updating protocol support.

As the project continues to evolve, the support and contributions from the community remain vital to its success.

Learn Wireshark – Second Edition: A definitive guide to expertly analyzing protocols and troubleshooting networks using Wireshark

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: wireshark

Jan 31 2024

Wireshark Pen Tester Guide

Category: Information Security,Pen Testdisc7 @ 7:51 am

WireShark Cheat Sheet

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: wireshark

Jan 26 2023

Wireshark 4.0.3 Released – What’s New!

Category: Network securityDISC @ 9:16 am

The Wireshark Team has recently unveiled the latest iteration of their widely-utilized packet analyzer, Wireshark 4.0.3. 

This version boasts a multitude of improvements, including new features and updates, as well as the resolution of various bugs to ensure a smooth and efficient user experience.

The Wireshark packet analyzer is a free and open-source application that is available for all major platforms. In addition to troubleshooting networks, Wireshark can be used to analyze network traffic, develop software or communications protocols, and can even be used for educational purposes in the cybersecurity field.

Wireshark supports a wide range of network protocols, and with Wireshark, a security professional can see the details of network packets in real-time, including the:- 

Wireshark 4.0.3
  • Source IP addresses
  • Destination IP addresses
  • Port numbers
  • Packet sizes

Many organizations utilize this tool on a regular basis as part of their daily business operations so that they can monitor the day-to-day tasks of their businesses.

Wireshark 4.0.3 Platform Support

Wireshark 4.0.3 packet analyzer is available for all major platforms and operating systems, and below we have given you a list of them in case you need them:-

  • Windows
  • Linux
  • macOS
  • BSD

What’s New?

The 32-bit Windows packages for Wireshark 4.0 and later can’t be downloaded from the official Wireshark website, and cannot be installed on your computer. Currently, Qt 5.12.2 is the version shipped with Windows installers as the standard version.

There are several new fixes for the multitude of vulnerabilities and bugs that have been added to this new version. However, here below we have mentioned new things added to this version:-

  • Vulnerability Fixes
  • Bug Fixes
  • Updated Protocol Support

Vulnerabilities Fixed

Here below we have mentioned the vulnerabilities that have been fixed in this new version:-

Bugs fixed

Here below we have mentioned the bugs that have been fixed in this new version:-

  • Qt: After modifying the coloring rules, the coloring rule applied to the first packet reflects the coloring rules previously in effect.
  • The help file doesn’t display for extcap interfaces.
  • For USB traffic on XHC20 interface destination is always given as Host.
  • Wireshark Expert Info – cannot deselect the limit to display the filter tick box.
  • Wrong pointer conversion in get_data_source_tvb_by_name()
  • A wrong number of bits skipped while decoding an empty UTF8String on UPER packet.
  • Crash when analyzing protobuf packets.
  • Uninitialized values in various dissectors.
  • String (GeoIP country/city) ordering doesn’t work in Endpoints.
  • Wireshark crashes with an assertion failure on stray minus in filter.
  • IO Graph: Add new graph only works until the 10th graph.
  • Fuzz job crash output: fuzz-2022-12-30-11007.pcap.
  • Q.850 – error in label for cause 0x7F.
  • Uninitialized values in CoAP and RTPS dissectors.
  • Screenshots in AppStream metainfo.xml file not available.

Updated Protocol Support

Listed below are all the updated protocol support that is supported by the current version:-

  • BEEP
  • BGP
  • BPv6
  • CoAP
  • EAP
  • GNW
  • GSM A-bis P-GSL
  • iSCSI
  • ISUP
  • LwM2M-TLV
  • MBIM
  • NBAP
  • NFS
  • OBD-II
  • OPUS
  • ProtoBuf
  • RLC
  • ROHC
  • RTPS
  • Telnet
  • TIPC
  • USB

It is absolutely crucial that users upgrade their current version of Wireshark to the newly released 4.0.3 version as soon as possible. 

The Wireshark team has put a great effort into adding new features and fixing bugs to improve the overall user experience. Failure to update will result in missing out on the many enhancements and refinements this version has to offer.

In addition, if you are interested in getting the latest version of the application, you may click this link.

Wireshark Cheat Sheet

Explore latest WireShark Titles

InfoSec books | InfoSec tools | InfoSec services

Tags: wireshark

Oct 05 2022

WireShark 4.0.0 Released – What’s New?

Category: Network securityDISC @ 9:18 am

There are several open-source packet analyzers available, but Wireshark is among the most popular. Moreover, the application has been upgraded to version 4.0.0 and comes with multiple new features and fixes.

It is not only network administrators who use Wireshark packet analyzers to analyze packets, but also security analysts to analyze packets.

Wireshark network protocol analyzer can be used for the following primary purposes:-

  • Troubleshooting
  • Analysis
  • Development
  • Education

An array of organizations use the tool to manage their business activities related to their business, and it has been adopted by organizations of all sizes.

What’s New?

The official Windows 32-bit package of Wireshark is no longer being distributed with the release of this version. Here below we have mentioned all the new additions:-

  • With many new extensions available, the display filter syntax has become much more powerful.
  • Redesigns have been made to the Conversation and Endpoint dialogs.
  • Packet Detail and Packet Bytes are now displayed underneath the Packet List pane in the default layout for the main window.
  • A number of improvements have been made to the hex dump import from Wireshark and from text2pcap.
  • A great deal of improvement has been made in the performance of using MaxMind geolocation.

New and Updated Features

In this latest release, Here below we have mentioned all the new and updated features:-

  • The macOS packages now ship with Qt 6.2.4 and require macOS 10.14. They previously shipped with Qt 5.15.3.
  • The Windows installers now ship with Npcap 1.71. They previously shipped with Npcap 1.70.
  • The Windows installers now ship with Npcap 1.70. They previously shipped with Npcap 1.60.
  • The ‘v’ (lower case) and ‘V’ (upper case) switches have been swapped for editcap and mergecap to match the other command line utilities.
  • The ip.flags field is now only the three high bits, not the full byte. Display filters and Coloring rules using the field will need to be adjusted.
  • New address type AT_NUMERIC allows simple numeric addresses for protocols which do not have a more common-style address approach, analog to AT_STRINGZ.
  • The Conversation and Endpoint dialogs have been redesigned.
  • The Windows installers now ship with Qt 6.2.3. They previously shipped with Qt 6.2.4.
  • The Windows installers now ship with Npcap 1.60. They previously shipped with Npcap 1.55.
  • The Windows installers now ship with Qt 6.2.4. They previously shipped with Qt 5.12.2.
  • The display filter syntax has been updated and enhanced.The default main window layout has been changed so that the Packet Detail and Packet Bytes are side by side underneath the Packet List pane.
  • The HTTP2 dissector now supports using fake headers to parse the DATAs of streams captured without first HEADERS frames of a long-lived stream (such as a gRPC streaming call which allows sending many request or response messages in one HTTP2 stream). Users can specify fake headers using an existing stream’s server port, stream id and direction.
  • The IEEE 802.11 dissector supports Mesh Connex (MCX).
  • The “Capture Options” dialog contains the same configuration icon as the Welcome Screen. It is now possible to configure interfaces there.
  • The “Extcap” dialog remembers password items during runtime, which makes it possible to run extcaps multiple times in row without having to reenter the password each time. Passwords are never stored on disk.
  • It is possible to set extcap passwords in tshark and other CLI tools.
  • The extcap configuration dialog now supports and remembers empty strings. There are new buttons to reset values back to their defaults.
  • Support to display JSON mapping for Protobuf message has been added.
  • macOS debugging symbols are now shipped in separate packages, similar to Windows packages.
  • In the ZigBee ZCL Messaging dissector the zbee_zcl_se.msg.msg_ctrl.depreciated field has been renamed to zbee_zcl_se.msg.msg_ctrl.deprecated
  • The interface list on the welcome page sorts active interfaces first and only displays sparklines for active interfaces. Additionally, the interfaces can now be hidden and shown via the context menu in the interface list
  • The Event Tracing for Windows (ETW) file reader now supports displaying IP packets from an event trace logfile or an event trace live session.
  • ciscodump now supports IOS, IOS-XE and ASA remote capturing.
  • The PCRE2 library is now required to build Wireshark.
  • You must now have a compiler with C11 support in order to build Wireshark.

WireShark 4.0.0 Released – What’s New!!

Wireshark for Security Professionals

Wireshark cheat sheet

Tags: wireshark, WireShark Cheat Sheet

Dec 23 2021

WireShark Cheat sheet

Category: Cheat Sheet,Network securityDISC @ 11:13 am

Tags: wireshark