Wireshark is a protocol analyzer used to analyze and troubleshoot networks
The Wireshark Foundation recently announced, through a blog post, the release of the new version of Wireshark 4.2, a version in which a large number of changes, improvements and bug fixes have been implemented.
For those unaware of Wireshark (formerly known as Ethereal), they should know that is a free network protocol analyzer. Wireshark is used for network analysis and solution, since this program allows us to see what happens on the network and is the de facto standard in many companies commercial and non-profit organizations, government agencies and educational institutions.
Wireshark 4.2 Key New Features
In this new version of Wireshark 4.2 that is presented, it stands out that capabilities related to network packet classification have been expanded, because now, to speed up the output, only the visible packets are sorted after applying the filter. The user has the possibility to interrupt the classification process.
Another change that stands out is that Wireshark and TShark now generate correct results in UTF-8 encoding, since applying the division operator to UTF-8 strings now produces a UTF-8 string instead of a byte array.
In addition to that, As of this release the installation by Wireshark can be relocated to Linux (and other ELF platforms with support for relative RPATHs), since the installation files are not linked to a location on the file system and use relative paths.
We can also find in Wireshark 4.2 that the data analysis module IPv6, has added support to show Semantic details about the address and ability to parse the APN6 option in the headings HBH and DOH.
In the Windows edition of Wireshark, It is noted that it was added support for a dark theme, In addition to adding a installer for Arm64 architecture, added the ability to build for Windows using the MSYS2 toolkit, as well as cross-compile on Linux, added a new external dependency to builds for Windows: SpeexDSP and Windows installer file names now have the Wireshark format - .exe.
On the other hand, it is highlighted that the XML parsing module now has the ability to display characters taking into account the encoding specified in the document header or selected by default in the configuration.
Of the other changes that stand out from this new version:
- By default, drop-down lists are sorted by usage time rather than by entry creation.
- The -n option now also disables searching for IP address geolocation information in configured MaxMind databases (and geolocation searching can be enabled with -Ng ).
- The use of arithmetic expressions is allowed in set filter elements.
- Added XOR logical operator.
- The API has been updated to ensure that the dissection engine produces valid UTF-8 strings.
- Improved tools for autocompletion of entries in filters.
- Added the ability to look up MAC addresses in the IEEE OUI registry.
- Configuration files that define lists of providers and services are compiled for faster loading.
- By default, compilation with Qt6 is provided
- The interface refresh interval when capturing traffic has been reduced from 500 ms to 100 ms (can be changed in the configuration).
- The Lua console has been redesigned to have a common window for input and output.
- Settings have been added to the JSON dissector module to control escaping values and displaying data in the original (raw) representation.
- The ability to specify the encoding for displaying the content of SIP messages has been added to the SIP parsing module.
- For HTTP, chunked data parsing was implemented in streaming reassembly mode.
- The media type parser now supports all MIME types mentioned in RFC 6838 and removes case sensitivity.
Finally If you are interested in knowing more about it, you can check the details in the following link.
As for those interested in being able to obtain this new version, they can do so by downloading the Linux package from the official website in its download section. The link is this.