Wireshark 4.2.5: opening a window to the world of QUIC and virtualized networks

[Father]

The updated network tool offers new features and improved security.

Wireshark, an advanced and widely used network protocol analyzer, recently received a new version number 4.2.5, offering many new features and improvements.

One of the most significant innovations was the addition of support for the QUIC protocol (Quick UDP Internet Connections), which has established itself as a promising transport protocol for improving the performance of web applications. Wireshark users can now easily capture and analyze QUIET traffic, allowing them to better understand this evolving protocol.

Another notable improvement of Wireshark 4.2.5 is the expanded support for VXLAN (Virtual Extensible LAN), a network virtualization technology that allows you to create scalable and flexible virtual networks on top of existing physical infrastructures.

With the updated VXLAN dissector, users can now gain a deeper understanding of VXLAN traffic, enabling more efficient troubleshooting and analysis of virtualized environments.

Wireshark 4.2.5 developers also paid attention to improving the user interface. New features include the ability to adjust the font size in the main window, which helps adapt the app to different screen resolutions and user preferences.

Increased security was also one of the clear highlights of this update. Version 4.2.5 fixes several vulnerabilities, providing users with better protection when using the network analysis tool. In particular, the following vulnerabilities were fixed:

• CVE-2024-4854 (wnpa-sec-2024-07): MONGO and ZigBee TLV Dissector infinite loops;
• CVE-2024-4853 (wnpa-sec-2024-08): editcap command line utility crashes when bytes are truncated at the beginning of a packet;
• CVE-2024-4855 (wnpa-sec-2024-09): The editcap utility crashed while injecting secrets when writing multiple files.

All of the changes described above make Wireshark 4.2.5 an even more powerful tool for network administrators, security professionals, and anyone else involved in troubleshooting and network analysis.

The update clearly reflects the desire of Wireshark developers to remain at the forefront of network analysis technologies, offering improved protocol support, an improved interface, and enhanced security.

 

[Carding Forum]

The Wireshark network analyzer has been updated to version 4.2.6 . The new version introduces a number of important fixes that ensure more stable and secure operation of the program.

The developers urge users to upgrade to the latest version, especially those who use versions 4.2.0 or 4.2.1 on Windows, since installing Wireshark 4.2.6 or later will require manual download and installation.

One of the key fixes was the elimination of regression in the behavior of the TCP Stream Graph "Time Sequence (tcptrace)"receive window line. The issue was discovered in versions 4.2.5 and 4.0.15 and is designated as issue 19846.

A vulnerability in the SPRT dissector known as wnpa-sec-2024-10 and issue 19559 has also been fixed. In addition, the update includes fixes for the following bugs:

* Incorrect loading of the RADIUS dissector dictionary;

* Incorrect ASCII display on CentOS 7;

* Problems with parent window buttons after closing the child window in Funnel / Lua;

* Lua detection error on Alpine Linux;

* Incorrect decoding of SMS-type payloads in vnd. 3gpp. 5gnas inside HTTP2 5GC;

* Incorrect display of the Wireshark window on low-resolution screens and problems with resizing in Russian;

* Incorrect gui path setting.fileopen_remembered_dir when running Wireshark from the command line in Windows;

* Invalid decoding of the SIP P-Access-Network-Info header.

Despite a large number of bug fixes, no new features or protocols were added in version 4.2.6. However, support for the DHCP, E. 212, MySQL, NAS-5GS, PKT CCC, ProtoBuf, RADIUS, RLC-LTE, RTP, SIP, SPRT, and Thrift protocols has been updated.

Wireshark 4.2.6 is available for download on the project's official website. Linux and Unix users can install or update Wireshark using their platform's package management system.

Wireshark developers also remind you that the program searches for preference files, plugins, SNMP MIBS, and RADIUS dictionaries in various locations, depending on the platform. You can find these locations using the Help "About Wireshark" Folders menu or the tshark-G folders command.

User support is available on the Wireshark Q & A site and via the wireshark-users newsletter. A description of all newsletters and subscription information is available on the website. You can send errors and requests for new features via the issue tracker.

 

[Friend]

A new stable branch of the network analyzer Wireshark 4.4.0 has been released. The program supports more than a thousand network protocols and several dozen traffic capture formats. Provides a flexible interface for creating filters, capturing traffic, analyzing stored dumps, and inspecting packets. Advanced features include packet reassembly, multi-protocol file selection and storage, VoIP and RTP stream playback, IPsec decryption, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. The project code is distributed under the GPLv2 license.

Key features of Wireshark 4.4.0:

• Added support for automatic switching of profiles with settings. The user can bind the display filter to a profile, and if a file with captured traffic that falls under the filter is opened, the profile associated with it will be automatically activated.

• Added support for Lua 5.3 and 5.4. Lua 5.1 and 5.2 are no longer supported.

• Improved support for string values in display filters (the ability to represent numeric fields in strings).

• It is now possible to define the filter function in the form of plugins, similar to file parsers and protocol parsing modules.

• Added the "Edit > Copy > Display filter as pcap filter" operation to convert display filters to pcap filters with equivalent fields.

• Improved many graphical dialogs, modernized graphs of I/O, traffic flows, VoIP calls and TCP flows.

• It is allowed to define your own columns, for the formation of which any operations on fields can be used (filter functions, arithmetic calculations, logical operations, protocol modifiers, etc.).

• Allowed to define native output fields for "tshark -e" using operations on existing fields.

• Added support for building with the zlib-ng library instead of zlib to work with compressed files.

• Added support for protocols and formats:

Allied Telesis Resiliency Link (AT RL),
        ATN Security Label,
        Bit Index Explicit Replication (BIER),
        Bus Mirroring Protocol,
        EGNOS Message Server (EMS),
        Galileo E1-B I/NAV,
        IBM i RDMA Endpoint (iRDMA-EDP),
        IWBEMSERVICES, MAC NR Framed (mac-nr-framed),
        Matter Bluetooth Transport Protocol (MatterBTP),
        MiWi P2P Star,
        Monero,
        NMEA 0183,
        PLDM,
        RDP authentication redirection virtual channel protocol (rdpear),
        RF4CE Network Layer (RF4CE),
        RF4CE Profile (RF4CE Profile),
        RK512, SAP Remote Function Call (SAPRFC),
        SBAS L1 Navigation Message,
        Scanner Access Now Easy (SANE),
        TREL,
        WMIO,
        ZeroMQ Message Transport Protocol (ZMTP).

• Fixed a vulnerability (CVE-2024-8250) that could cause a crash when processing custom packages.