Wireshark 4.4.0 Released – What’s New!

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

The Wireshark Foundation has announced the release of Wireshark 4.4.0, bringing a host of new features, improvements, and bug fixes to the popular open-source network protocol analyzer. This latest version introduces significant enhancements to graphing capabilities, display filter functionality, and overall performance.

One of the notable improvements in Wireshark 4.4.0 is the extensive overhaul of the graphing dialogs. The I/O Graphs, Flow Graph / VoIP Calls, and TCP Stream Graphs have all received substantial updates, offering users more precise and flexible visualization options.

The I/O Graphs dialog now supports intervals as small as 1 microsecond and can handle up to 33 million graph items. Memory utilization has been optimized, and the graph is more intelligent about when to retap, recalculate, or replot data. Users can now reorder graphs by drag-and-drop, and the legend can be repositioned to different corners of the graph.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

Advanced Display Filter Capabilities

Wireshark 4.4.0 introduces significant enhancements to display filter functionality:

  • Value String Support: Improved handling of comparisons with value strings, including support for regular expression matching.
  • Date and Time Arithmetic: Users can now perform arithmetic operations on date and time values.
  • New Functions: Additional display filter functions have been added to test IP address properties and convert unsigned integer types.
  • Plugin Support: Display filter functions can now be implemented as libwireshark plugins, allowing for greater extensibility.

A major upgrade in this release is the ability to define custom columns using any valid field expression. This includes display filter functions, arithmetic calculations, packet slices, and logical tests. Similarly, custom output fields for tshark can now be defined using these expressions, providing users with unprecedented flexibility in data presentation and analysis.

Performance Improvements

Wireshark 4.4.0 brings several performance enhancements:

  • Faster Compression: The software can now be built with zlib-ng instead of zlib, offering substantially faster compressed file support.
  • LZ4 Compression: Capture files can now be saved with LZ4 compression, emphasizing speed and supporting fast random access.
  • Interface Management: Adding interfaces at startup is now about twice as fast, with fewer UAC pop-ups on Windows systems.

The new release introduces support for several new protocols, including Allied Telesis Resiliency Link, ATN Security Label, Bit Index Explicit Replication (BIER), and many others. Numerous existing protocol dissectors have also been updated to provide more accurate and comprehensive analysis.

  • Lua 5.4 Support: The Windows and macOS installers now ship with Lua 5.4.6, while support for Lua 5.1 and 5.2 has been removed.
  • Automatic Profile Switching: Wireshark now supports automatic switching between configuration profiles based on display filters.
  • Improved File Handling: The maximum file size for captures has been increased to 2 TB, and new file naming patterns are supported for better chronological sorting.

Security Fixes

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file. The issue is fixed with versions 4.2.7, 4.0.17.

“We are unaware of any exploits for this issue. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.”

Older Wireshark versions 4.2.7 and 4.0.17 have been patched with news release, here you can download the official releases.

Wireshark 4.4.0 represents a significant step forward in network analysis capabilities, offering enhanced visualization, more powerful filtering, and improved performance. Users are encouraged to download the latest version from the official Wireshark website and explore the wealth of new features and improvements.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial