The announcement of Wireshark 4.4.3 by the Wireshark Foundation signifies the arrival of the latest iteration of the most renowned network protocol analyzer worldwide.
This latest version introduces a plethora of fixes for bugs and enhancements in protocol support, enriching the tool’s functionalities for network troubleshooting, analysis, development, and education purposes.
Why Choose Wireshark?
Wireshark stands as a potent open-source tool for network analysis, empowering users to capture and scrutinize network traffic. It serves as a robust utility that enables users to capture, dissect, and resolve network traffic issues.
Wireshark offers a microscopic view of network activities by scrutinizing the data packets traversing the network interface. It features an intuitive Graphical User Interface (GUI) equipped with filters, color identification, graphs, and other functionalities for traffic inspection.
Diverse protocols are supported, encompassing IP, TCP, UDP, HTTP, SSL/TLS, FTP, DNS, DHCP, and many more.
Consequently, users can scrutinize the traffic emanating from various network applications and obtain precise details about packets, including header data, payload content, host communications, top conversationalists, and more.
Wireshark can intercept data from network interfaces like Ethernet, Wi-Fi, and Bluetooth. Users can scrutinize the acquired data at different levels, ranging from high-level protocol summaries to comprehensive packet-level assessments.
Key Resolutions
Wireshark 4.4.3 tackles several pivotal problems:
- Resolved a potential disparity in the GSM MAP dissector concerning the uncertainty radius and the key for its filter.
- Rectified issues in decoding Macro eNodeB ID and Extended Macro eNodeB ID within User Location Information.
- Fixed the mode decoding in the NFSv2 Dissector for Character Special File and Directory.
- Dealt with a complication arising from CMake’s misidentification of Strawberry Perl’s zlib DLL.
- Corrected the erroneous display of hours in VOIP Calls call flow.
- Solved a fuzz job anomaly tied to a specific packet capture file.
- Rectified the incorrect length passed to the header sample dissector in the sFlow dissector.
- Addressed a linkage matter with wsutil related to -lm due to the absence of fabs() during building with -fno-builtin.
While no novel protocols were integrated in this update, Wireshark 4.4.3 introduces significant enhancements to the existing protocol support:
- Enhanced Protocols: The release brings refinements for a diverse range of protocols such as ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF, ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2, ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES, NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC, RPC, RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL.
Wireshark 4.4.3 retains its formidable file format support:
- Capture File Support: The update incorporates backing for CLLog EMS ERF files.
- Decoding File Formats: No modifications were made to file format decoding in this iteration.
Enhancements in Security
The Wireshark team remains dedicated to fortifying security, resolving vulnerabilities detected in previous iterations:
- Rectified an infinite loop vulnerability in the FiveCo RAP dissector (wnpa-sec-2024-14).
- Addressed a crashing glitch in the ECMP dissector (wnpa-sec-2024-15).
Wireshark 4.4.3 builds upon the enhancements introduced in version 4.4.0:
- Automated Profile Switching: Users now have the ability to associate display filters with configuration profiles, thus allowing Wireshark to autonomously shift profiles based on the opened capture file.
- Augmented Display Filters: Enhanced backing for value strings and the opportunity to introduce display filter functions through plugins.
- Customized Columns and Output Fields: Users can formulate custom columns and output fields utilizing any valid field expression, thereby providing a broader scope for data presentation.
As Wireshark evolves further, users can anticipate sustained enhancements in performance, security, and protocol reinforcement.
The Wireshark Foundation calls upon users to contribute to the project, either through code contributions or monetary assistance, to assist in preserving and elevating this indispensable network analysis tool.
For network administrators, cybersecurity experts, and developers engaged in network protocol domains, Wireshark 4.4.3 embodies a significant stride in functionalities and dependability.
Users are urged to update to the most recent iteration to avail themselves of these enhancements and assure they possess the most secure and feature-enriched iteration of the software.
Wireshark 4.4.3 can be downloaded from the official Wireshark website. Users retain the choice to download the source code or installation packages tailored to their specific operating systems.
The post Wireshark 4.4.3 Released – What’s New! appeared first on Cyber Security News.