Wireshark, the leading network protocol analyzer in the world, has recently released version 4.0.8. This widely used tool is essential for network analysis, troubleshooting, software and communications protocol development, and education.
Version 4.0.8 of Wireshark includes several bug fixes, improved protocol support, and other enhancements. The release notes have mentioned the fixed security issues for this version. Let’s take a look at some of them:
– TShark cannot capture to pipe on Windows correctly. This issue, labeled as Issue 17900, has been resolved in the new version.
– Wireshark previously wrongly blamed group membership when Pcap capabilities were removed. Issue 18279 has been addressed in the latest release.
– The packet bytes window had a broken layout. This issue, labeled as Issue 18326, has been fixed.
– The RTP Player was only showing the waveform until a sequence rollover occurred. Issue 18829 has now been resolved.
– Valid Ethernet CFM DMM packets were being shown as malformed. This issue, labeled as Issue 19198, has been fixed.
– There was a crash on DICOM Export Objects window close. This issue, labeled as Issue 19207, has been resolved.
– The QUIC dissector was reporting the quic_transport_parameters max_ack_delay with the title “GREASE”. Issue 19209 has been addressed.
– The Preferences folder name editing had some abnormal behavior, with the cursor jumping. This issue, labeled as Issue 19213, has been fixed.
– The DHCP Failover (DHCPFO) expert info list was not showing all expert infos. Issue 19216 has been resolved.
– Websocket packets were not being decoded and displayed for Field type=Custom and Field name websocket.payload.text. This issue, labeled as Issue 19220, has been fixed.
– Some pcapng files captured on OpenBSD couldn’t be read on FreeBSD. Issue 19230 has been addressed.
– While capturing, the Wireshark icon changed from green to blue when a new file was created. This issue, labeled as Issue 19252, has been resolved.
– There was a heap-use-after-free issue after wmem_leave_file_scope in Conversations. This issue, labeled as Issue 19265, has been fixed.
– IP Packets with DSCP 44 now indicate “Voice-Admit”. Issue 19270 has been addressed.
– There were decoding issues with NAS 5GS Malformed Packet Decoding SOR transparent container PLMN ID and access technology list. Issue 19273 has been resolved.
– The auto scroll button in the toolbar turned on when manually scrolling to the end of the packet list. Issue 19274 has been fixed.
Apart from the bug fixes, Wireshark 4.0.8 also brings updates to protocol support. The following protocols have received updates in this version: BT SDP, CBOR, CFM, CP2179, CQL, DHCPFO, DICOM, F1AP, GSM DTAP, IEEE 802.11, IPv4, NAS-5GS, PFCP, PKT CCC, QUIC, RTP, TFTP, WebSocket, and XnAP.
It is worth mentioning that Wireshark does not provide official 32-bit Windows packages for versions 4.0 and later. Users who require Wireshark on this platform are advised to use the latest 3.6 release (Issue 17779).
For macOS users who have updated to macOS 13 from an older version, there is a specific instruction to follow. They need to open and execute the “Uninstall ChmodBPF” package, followed by the “Install ChmodBPF” package to reset the ChmodBPF Launch Daemon (Issue 18734).
The Wireshark source code and installation packages can be downloaded from the official Wireshark website.
Overall, Wireshark 4.0.8 brings significant bug fixes, improved protocol support, and other enhancements to ensure a more reliable and efficient network analysis experience for its users. It is recommended for both professionals and students who rely on Wireshark for their network analysis needs.