Wireshark is a protocol analyzer used to analyze and troubleshoot networks
After several months of development, the release of the new version of Wireshark 4.0 was announcedIn which the layout of the elements in the main window has been changed, as it now shows "Additional Packet Information" and "Packet Bytes" panels are placed next to each other below the "Package List" panel.
Another change that we can find in this new version is that changed layout of dialogs, added options to context menus to resize all columns and copy items as well as support for JSON export and the ability to detach and attach tabs is provided.
Wireshark 4.0 added support for scanning input files using regular expressions, as well as provided parity between the functionality of the text2pcap utility and the "Import from hex dump" interface, in addition to text2pcap provides the ability to capture dumps in all formats supported by the wiretapping library and it also has pcapng set as the default format, similar to the editcap, mergecap, and tshark utilities.
Also that changes have been made to the syntax of the traffic filtering rules, as the ability to select a specific layer of the protocol stack was added, for example, when encapsulating IP over IP to extract addresses from outer and nested packets.
When filters are applied, columns are displayed showing the differences between filtered and unfiltered packets, as well as changing the sorting of various data types.
In addition to that, also location performance improvements using MaxMind databases are highlighted, new options to log in and HTTP2 dissector support to use dummy headers to parse data that was intercepted without previous packets with headers (for example, when parsing messages over already established gRPC connections).
It is provided temporary storage (without saving to disk) of the password in the Extcap dialog to not enter it during repeated boots and also added the ability to set an extcap password via command line utilities like tshark.
Has been added a new syntax to separate literals from identifiers: A value beginning with a period is treated as a protocol or protocol field, while a value enclosed in angle brackets is treated as a literal.
Of the other changes that stand out from this new version:
- Identifiers are attached to TCP and UDP streams and the ability to filter by them is provided.
- Allowed to hide dialogs from context menu.
- Provided the ability to dump dummy IP, TCP, UDP, and SCTP headers when using Raw IP, Raw IPv4, and Raw IPv6 encapsulation.
- Built-in syntax for specifying field references: ${some.field}, implemented without using macros.
- Added max(), min(), and abs() functions.
- It is allowed to specify expressions and call other functions as function arguments.
- The precedence of the AND logical operator is now greater than that of the OR operator.
- Added support for specifying constants in binary form using the "0b" prefix. The regular expression engine in the display filter engine has been moved to the PCRE2 library instead of GRegex.
- Null bytes are handled correctly in strings and regular expression patterns ('\0' in a string is treated as a null byte).
- In addition to 1 and 0, Boolean values can now also be written as True/TRUE and False/FALSE
- Added support for Mesh Connex (MCX) to the IEEE 802.11 analyzer.
- The ciscodump utility implements the ability to capture remotely from IOS, IOS-XE, and ASA-based devices.
- Added support for a large number of new protocols.
Finally If you are interested in knowing more about it, You can check the details in the following link.
As for those interested in being able to obtain this new version, they can do so by downloading the Linux package from the official website in its download section. The link is this.