National Cyber Warfare Foundation (NCWF) Forums


Wireshark 4.2.0 Released: What’s New!


0 user ratings
2023-11-16 14:29:17
milo
Red Team (CNA)

 - archive -- 

Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis. Network administrators and security experts use packet analyzers like Wireshark to examine network packets and find solutions, which makes it a useful […]


The post Wireshark 4.2.0 Released: What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis.





Network administrators and security experts use packet analyzers like Wireshark to examine network packets and find solutions, which makes it a useful tool for businesses in a wide range of sectors.





What’s new in Wireshark 4.2.0?





Wireshark 4.2.0 has several new features and updates, such as:






  • Wireshark supports dark mode on Windows.




  • A Windows installer for Arm64 has been added.




  • Packet list sorting has been improved.




  • Wireshark and TShark are now better at generating valid UTF-8 output.




  • A new display filter feature for filtering raw bytes has been added.




  • Display filter autocomplete is smarter about not suggesting invalid syntax.




  • Tools › MAC Address Blocks can look up a MAC address in the IEEE OUI registry.




  • The enterprises, manuf, and services configuration files have been compiled for improved start-up times.




  • The installation target no longer installs development headers by default.




  • The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).




  • Wireshark can be compiled on Windows using MSYS2. 




  • Wireshark can be cross-compiled for Windows using Linux.




  • Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.




  • Windows installer file names now have the format Wireshark--.exe.




  • Wireshark now supports the Korean language.




  • RTPDump is the new file format decoding.





Bug Fixes





The following issues have been addressed:






  • RTP players do not play audio frequently on Windows builds with Qt6 (Issue 18413)




  • The playback marker does not move after resuming with Qt6 (Issue 18510)





Removed Features and Support






  • The prior support in the TShark -e option for showing column text via the column title has been removed generally with the addition of universal and consistent filtering support for column text.




  • The bundled script “dtd_gen.lua” that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under “Contrib”.




  • The Wi-Fi NAN dissector filter name has been changed from ‘nan’ to ‘wifi_nan’.





New Protocol Support





Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol.





FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2.





IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low-Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol – Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB).





Non-volatile Memory Express – Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS).





SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP).





UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), Zigbee TLV.





Updated Protocol Support





JSON: The dissector now has a preference to enable/disable the “unescaping” of string values.





JSON: The dissector now supports “Display JSON in the raw form.





IPv6: The dissector has a new preference to show some semantic details about addresses (default off).





IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.





XML: The dissector now supports display characters according to the “encoding” attribute of the XML declaration and has a new preference to set the default character encoding for some XML documents without the “encoding” attribute.





SIP: The dissector now has a new preference to set the default charset for displaying the body of SIP messages in raw text view.





HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register themselves in the “streaming_content_type” sub-dissector table to enable streaming reassembly mode while transferring in chunked encoding. 





CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec.





New and Updated Codec support






  • Adaptive Multi-Rate (AMR), if compiled with opencore-amr.





Major API Changes






  • Lua function “package.prepend_path” has been removed.




  • Added reassemble_streaming_data_and_call_subdissector() API for easier reassembly of non-TCP high-level protocol streaming data.




  • Some of the API now uses C99 types instead of GLib types.





Installation packages and the source code for Wireshark can be downloaded from.





Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.


The post Wireshark 4.2.0 Released: What’s New! appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.



Source: gbHackers
Source Link: https://gbhackers.com/wireshark-4-2-0-released-whats-new/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.