Recently the launch was announcede the new development version of the network analyzer Wireshark 3.7.2, which registers a large number of important changes, of which the improvements in the dialog boxes, improvements in the presentation of data, increase in requirements and more stand out.
Wireshark (formerly known as Ethereal) is a free network protocol analyzer. Wireshark is used for network analysis and solution, since this program allows us to see what happens on the network and is the de facto standard in many companies commercial and non-profit organizations, government agencies and educational institutions.
Main news of Wireshark 3.7.2 Development
In this development version that is presented the final “Conversation and Period” dialogs have been redesigned whereupon the context menu now includes the option to resize all columns, as well as copy elements, data can be exported as JSON, tabs can be separated and reattached from the dialog, tabs can also be added or removed, columns are now sorted by child properties if an identical entry is found, and more.
Another change that stands out is that the ip.flags field is now just the high three bits, not the full byte. The display filters and coloring rules that use the field will need to be adjusted.
It is also highlighted that speed when using MaxMind geolocation has been greatly improved. The 'v' (lowercase) and 'V' (uppercase) switches have been changed for editcap and mergecap to match the other command line utilities.
Moreover, added syntax to match a specific layer in the protocol stack. For example, in an IP over IP packet, "ip.addr#1 == 1.1.1.1" matches outer layer addresses and "ip.addr#2 == 1.1.1.2" matches outer layer addresses. internal.
The universal quantifiers "any" and "all" have been added to any relational operator. For example, the expression all tcp.port › 1024 is true if and only if all tcp.port fields match the condition. Previously, only the default behavior to return true if any field matches was supported.
Field references, in the format ${some.field} are now part of the filter syntax display. Previously, they were implemented as macros. The new implementation is more efficient and has the same properties as protocol fields, such as matching multiple values using quantifiers and support for layer filtering.
HTTP2 dissector now supports the use of bogus headers to parse DATA of streams captured without the first HEADERS frames of a long-running stream (such as a gRPC streaming call that allows many request or response messages to be sent in an HTTP2 stream). Users can specify bogus headers using the server port, id, and address of the existing stream.
Has been added support for some additional character escape sequences in strings enclosed in double quotes. Along with the octal encoding (\ ) and hexadecimal (\x ), the following C escape sequences with the same meaning are now supported: \a, \b, \f, \n, \r, \t , \v. Previously, they were only supported with character constants.
Of the other changes that stand out from this new version of development
- The new address type AT_NUMERIC allows for simple numeric addresses for protocols that do not have a more common style address approach, analogous to AT_STRINGZ.
- The Wireshark Lua API now uses the lrexlib bindings for PCRE2.
- The tap logging system has been updated and the argument list for tap_packet_cb has changed.
- The PCRE2 library is now a required dependency to build Wireshark.
- You must now have a C11 compatible compiler to compile Wireshark.
- Perl is no longer required to compile Wireshark, but it may be required to compile some source files and run code analysis checks.
- Windows installers now ship with Qt 6.2.3.
- The Conversation and Endpoint dialogs have been extensively redesigned.
- Windows installers now ship with Npcap 1.60.
- Windows installers now ship with Qt 6.2.4.
- text2pcap supports selection of the encapsulation type of the output file format using the short names from the wiretap library.
- text2pcap was updated to use the new log output options and the -d flag was removed.
Finally If you are interested in knowing more about it, you can check the details In the following link.