Wireshark 3.6 comes with support for Apple M1, support for more protocols and much more

Darkcrizt

4 minutes

Recently and after a year of development the launch of the new stable branch has been announced network analyzer Wireshark 3.6 in which a large number of changes and improvements have been made in this utility.

Wireshark (formerly known as Ethereal) is a free network protocol analyzer. Wireshark is used for network analysis and solution, since this program allows us to see what happens on the network and is the de facto standard in many companies commercial and non-profit organizations, government agencies and educational institutions.

Wireshark 3.6.0 Key New Features

In this new version of Wireshark 3.6.0, one of the novelties that stands out is the formation of packages for the Apple M1 ARM chip, in addition to the fact that packages for Apple devices with Intel chips have higher requirements for the macOS version. (10.13+).

On the part of the changes and improvements in the utility, we can find that pFor TCP traffic, the filter tcp.completeness has been added, which allows splitting TCP flows based on state connection activity, that is, you can identify the TCP flows through which packets were exchanged to establish, transfer data, or terminate a connection.

It is also highlighted that the ability to import captured packets was provided from text dumps to libpcap format with the configuration of parsing rules based on regular expressions.

The RTP-streams player (Telephony> RTP> RTP Player), which can be used to play VoIP calls, has been significantly redesigned, as support for playlists was added, improved interface responsiveness, provided the ability to mute and change channels, added an option to save the played sounds as multichannel .au or .wav files.

Dialogs related to VoIP were also redesigned (VoIP Calls, RTP Streams, RTP Analysis, RTP Player and SIP Streams), which are no longer modal and can be opened in the background as well. added the ability to track SIP calls based on the Caller ID value in the "Continue Transmission" dialog. Improved YAML output verbosity.

Added the "add_default_value" setting, by which you can specify default values ​​for Protobuf fields that are not serialized or skipped when capturing traffic and added support for reading files with intercepted traffic in ETW (Event Tracking for Windows) format . Also added a dissector module for DLT_ETW packages.

Also 64-bit portable packages added for Windows (PortableApps) and added initial support for building Wireshark for Windows using GCC and MinGW-w64.

Finally, too Added support for the following protocols is highlighted:

  • Bluetooth Link Manager Protocol (BT LMP),
  • Bundle Protocol version 7 (BPv7),
  • Bundle Protocol version 7 Security (BPSec),
  • CBOR Object Signing and Encryption (COSE),
  • E2 Application Protocol (E2AP)
  • Event Tracing for Windows (ETW),
  • Extreme Extra Eth Header (EXEH),
  • High-Performance Connectivity Tracer (HiPerConTracer),
  • ISO 10681,
  • Kerberos SPAKE
  • linux psample protocol,
  • Local Interconnect Network (LIN)
  • Microsoft Task Scheduler Service,
  • O-RAN E2AP,
  • O-RAN fronthaul UC-plane (O-RAN),
  • Opus Interactive Audio Codec (OPUS),
  • Transport Protocol PDU, R09.x (R09),
  • RDP Dynamic Channel Protocol (DRDYNVC),
  • RDP Graphic Pipeline Channel Protocol (EGFX),
  • RDP Multi-transport (RDPMT),
  • Real-Time Publish-Subscribe Virtual Transport (RTPS-VT),
  • Real-Time Publish-Subscribe Wire Protocol (processed) (RTPS-PROC),
  • Shared Memory Communications (SMC),
  • Signal PDU, Spark plug B,
  • State Synchronization Protocol (SSyncP),
  • Tagged Image File Format (TIFF),
  • TP Link Smart Home Protocol,
  • UAVCAN DSDL
  • UAVCAN / CAN,
  • UDP Remote Desktop Protocol (RDPUDP),
  • Van Jacobson PPP compression (VJC),
  • World of Warcraft World (WOW),
  • X2 xIRI payload (xIRI).

How to install Wireshark on Ubuntu and derivatives?

To install it on our system we must open a terminal and execute the following command. For Ubuntu and derivatives we must add the following repository:

sudo add-apt-repository ppa:wireshark-dev/stable

sudo apt update

sudo apt install wireshark

Finally, we just have to look for the application in our applications menu in the tools section or on the internet and we will see the icon there to be able to run it.

It is important to mention that During the installation process there are a series of steps to follow that implement the Separation of Privileges, allowing the Wireshark GUI to run as a normal user while the dump (which is collecting packets from its interfaces) runs with the required elevated privileges for tracking.

In case you answered negatively and would like to change this. To achieve this, in a terminal we are going to type the following command:

sudo dpkg-reconfigure wireshark-common

Here we must select yes when asked if non-superusers should be able to capture packets.

In case this doesn't work, We can remedy this problem by executing the following:

sudo chgrp YOUR_USER_NAME /usr/bin/dumpcap
sudo chmod +x /usr/bin/dumpcap
sudo setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap

Finally, we just have to look for the application in our applications menu in the tools section or on the Internet and we will see the icon there to be able to run it.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.