Wireshark 4.6 Released with Major Updates and New Features

Image

A new stable version of the popular open-source network analyzer, Wireshark 4.6, is now available. This release continues the legacy of a project whose first stable version, 1.0.0, was launched back in 2008. The source code is distributed under the GPLv2 license.

Image

Key Enhancements in This Version

Version 4.6 addresses numerous bugs and security vulnerabilities, delivering a more stable experience. The update also brings significant enhancements, including improved I/O graphs that are now optimized for low-resolution screens, alongside better graphs for VoIP calls and TCP streams. Additionally, several user interfaces and dialogs have been refined for an improved user experience.

Notably, support for AirPcap, WinPcap, and libnl versions 1 and 2 has been discontinued. Users are encouraged to switch to Npcap for packet capture on Windows.

Expanded Protocol Support

Wireshark 4.6 introduces support for a wide range of new protocols, including:

  • Asymmetric Key Packages (AKP)
  • Binary HTTP
  • BIST TotalView-ITCH and BIST TotalView-OUCH
  • Bluetooth Android HCI and Intel HCI
  • Commsignia Capture Protocol (C2P)
  • DECT NR+ (DECT-2020 New Radio)
  • Identifier-Locator Network Protocol (ILNP)
  • Network Time Security Key Establishment (NTS-KE)
  • SGP.22 & SGP.32 (GSMA Remote SIM Provisioning)
  • Universal Measurement and Calibration Protocol (XCP)
  • USB Picture Transfer Protocol (USB-PTP)

Introducing 'Plots': A New Way to Visualize Data

Image

A new 'Plots' mode has been added to the Statistics menu. Unlike the traditional I/O Graphs, which display averaged data over time as histograms, Plots visualizes the distribution of actual values. This makes it much easier to spot recurring patterns and anomalies in the data.

Image

Other Notable Changes

  • Added support for decrypting NTP packets using the Network Time Security (NTS) protocol.
  • The MKA dissector can now be used for decoding MACsec packets.
  • HTTP and HTTP/2 dissectors now support content compressed with the Zstandard algorithm.
  • The 'Follow Stream' dialog can now track MPEG 2 Transport Stream PIDs to extract audio and video for playback.
  • On Linux, BPF extensions (inbound, outbound, ifindex) can be used for traffic capture via the Compiled Filter dialog.
  • The Lua API has been updated with Libgcrypt functions for symmetric encryption.
  • macOS builds are now universal, supporting both ARM and Intel architectures in a single package.
  • Forced light or dark mode is now available on macOS and Windows, regardless of system settings. The Qt library has also been updated to version 6.9.3.
  • The libxml2 library is now a required dependency.

#news #wireshark