ProHoster > Blog > internet news > Wireshark 4.2 network analyzer release

Wireshark 4.2 network analyzer release

The release of a new stable branch of the Wireshark 4.2 network analyzer has been published. Let us recall that the project was initially developed under the name Ethereal, but in 2006, due to a conflict with the owner of the Ethereal trademark, the developers were forced to rename the project Wireshark. Wireshark 4.2 was the first release formed under the auspices of the non-profit organization Wireshark Foundation, which will now oversee the development of the project. The project code is distributed under the GPLv2 license.

Key innovations in Wireshark 4.2.0:

  • Improved capabilities related to sorting network packets. For example, to speed up output, only the packets visible after applying the filter are now sorted. The user is given the opportunity to interrupt the sorting process.
  • By default, drop-down lists are sorted by time of use rather than creation of entries.
  • Wireshark and TShark now generate correct output in UTF-8 encoding. Applying the slice operator to UTF-8 strings now produces a UTF-8 string rather than a byte array.
  • Added a new filter to filter out arbitrary byte sequences in packets (@some.field == ), which, for example, can be used to catch invalid UTF-8 strings.
  • The use of arithmetic expressions is allowed in the set filter elements.
  • Added logical operator XOR.
  • Improved tools for autocompletion of input in filters.
  • Added the ability to search for MAC addresses in the IEEE OUI registry.
  • Configuration files defining lists of vendors and services are compiled for faster loading.
  • On the Windows platform, support for a dark theme has been added. For Windows, an installer for Arm64 architecture has been added. Added the ability to compile for Windows using the MSYS2 toolkit, as well as cross-compile on Linux. A new external dependency has been added to builds for Windows - SpeexDSP (previously the code was inline).
  • Installation files for Linux are no longer tied to a location in the file system and use relative paths in RPATH. The extcap plugins directory has been moved to $HOME/.local/lib/wireshark/extcap (was $XDG_CONFIG_HOME/wireshark/extcap).
  • By default, compilation with Qt6 is provided; to build with Qt5, you must specify USE_qt6=OFF in CMake.
  • Cisco IOS XE 17.x support has been added to "ciscodump".
  • The interface update interval when capturing traffic has been reduced from 500ms to 100ms (can be changed in the settings).
  • The Lua console has been redesigned to have one common window for input and output.
  • Settings have been added to the JSON dissector module to control the escaping of values ​​and the display of data in the original (raw) representation.
  • The IPv6 parsing module has added support for displaying semantic details about the address and the ability to parse the APN6 option in the HBH (Hop-by-Hop Options Header) and DOH (Destination Options Header) headers.
  • The XML parsing module now has the ability to display characters taking into account the encoding specified in the document header or selected by default in the settings.
  • The ability to specify the encoding for displaying the contents of SIP messages has been added to the SIP parsing module.
  • For HTTP, parsing of chunked data in streaming reassembly mode has been implemented.
  • The media type parser now supports all MIME types mentioned in RFC 6838 and removes case sensitivity.
  • Added support for protocols:
    • HTTP / 3,
    • MCTP (Management Component Transport Protocol),
    • BT-Tracker (UDP Tracker Protocol for BitTorrent),
    • ID3v2,
    • Zabbix,
    • Aruba UBT
    • ASAM Capture Module Protocol (CMP),
    • ATSC Link-Layer Protocol (ALP),
    • DECT DLC protocol layer (DECT-DLC),
    • DECT NWK protocol layer (DECT-NWK),
    • DECT proprietary Mitel OMM/RFP Protocol (AaMiDe),
    • Digital Object Identifier Resolution Protocol (DO-IRP),
    • Discard Protocol,
    • FiRa UWB Controller Interface (UCI),
    • FiveCo's Register Access Protocol (5CoRAP),
    • Fortinet FortiGate Cluster Protocol (FGCP),
    • GPS L1 C/A LNAV,
    • GSM Radio Link Protocol (RLP),
    • H.224,
    • High Speed ​​Fahrzeugzugang (HSFZ),
    • IEEE 802.1CB (R-TAG),
    • Iperf3,
    • JSON 3GPP
    • Low Level Signaling (ATSC3 LLS),
    • Matter home automation protocol,
    • Microsoft Delivery Optimization, Multi-Drop Bus (MDB),
    • Non-volatile Memory Express - Management Interface (NVMe-MI) over MCTP,
    • RDP audio output virtual channel Protocol (rdpsnd),
    • RDP clipboard redirection channel Protocol (cliprdr),
    • RDP Program virtual channel Protocol (RAIL),
    • SAP Enqueue Server (SAPEnqueue),
    • SAP GUI (SAPDiag),
    • SAP HANA SQL Command Network Protocol (SAPHDB),
    • SAP Internet Graphic Server (SAP IGS),
    • SAP Message Server (SAPMS),
    • SAP Network Interface (SAPNI),
    • SAP Router (SAPROUTER),
    • SAP Secure Network Connection (SNC),
    • SBAS L1 Navigation Messages (SBAS L1),
    • SINEC AP1 Protocol (SINEC AP),
    • SMPTE ST2110-20 (Uncompressed Active Video),
    • Train Real-Time Data Protocol (TRDP),
    • UBX (u-blox GNSS receivers),
    • UWB UCI Protocol, Video Protocol 9 (VP9),
    • VMware HeartBeat
    • Windows Delivery Optimization (MS-DO),
    • Z21 LAN Protocol (Z21),
    • ZigBee Direct (ZBD),
    • Zigbee TLV.

Source: opennet.ru

Add a comment