Wireshark 3.6.0 Network Protocol Analysis Software Released

Wireshark is an application that captures and displays data traveling back and forth on a network.

Originally known as Ethereal, Wireshark has developed a reputation as one of the most reliable network protocol analyzers available out there. It captures packets in real time and display them in human-readable format.

Wireshark is absolutely safe to use. Government agencies, corporations, non-profits, and educational institutions use Wireshark for troubleshooting and teaching purposes. Probably, there isnโ€™t a better way to learn networking than to look at the traffic under the Wireshark microscope.

On the other side, there are questions about the legality of Wireshark since it is a powerful packet sniffer. It captures network traffic on the local network and stores that data for offline analysis. Therefore, you should only use Wireshark on networks where you have permission to inspect network packets.

Now Wireshark 3.6.0 stable version has been released, so let’s take a look at what’s new.

Wireshark 3.6.0 Highlights

Wireshark 3.6.0 Network Protocol Analyzers

In the latest Wireshark version, several changes have been made to the display filter syntax. Now is possible to use the syntax a ~= b or a any_ne b to recover the previous (inconsistent with ==) logic for not equal. In addition to, the expression a != b now always has the same meaning as !(a == b).

In particular this means filter expressions with multi-value fields like ip.addr != 1.1.1.1 will work as expected (the result is the same as typing ip.src != 1.1.1.1 and ip.dst != 1.1.1.1). This avoids the contradiction (a == b and a != b) being true.

In addition to, literal strings can now be specified using raw string syntax, identical to raw strings in the Python programming language. This can be used to avoid the complexity of using two levels of character escapes with regular expressions.

TCP conversations in Wireshark 3.6.0 now support a completeness criteria, which facilitates the identification of TCP streams having any of opening or closing handshakes, a payload, in any combination. It can be accessed with the new tcp.completeness filter.

It’s important to note that Wireshark now supports reading Event Tracing for Windows (ETW). A new extcap named ETW reader is created that now can open an etl file, convert all events in the file to DLT_ETW packets and write to a specified FIFO destination.

Among other noteworthy changes, Wireshark 3.6.0 comes with added support for many new protocols.

For detailed information on all changes in Wireshark 3.6.0 you can refer to the official announcement.

How to Install Wireshark

Wireshark is available on all major Linux distributions. However, Wiresshark developers provide an official PPA that you can use to install the latest stable version of Wireshark on Ubuntu and other Ubuntu-based distributions.

Open a terminal and use the following commands:

sudo add-apt-repository ppa:wireshark-dev/stable
sudo apt update
sudo apt install wireshark

While installing, you will be asked whether to allow non-superusers to capture packets. Select Yes.

Wireshark Configuration

Next you have to add the your own user to wireshark group so that this user can use Wireshark. To do this, execute the following command:

sudo usermod -aG wireshark $(whoami)Code language: JavaScript (javascript)

You can now open Wireshark by opening the activities on the Ubuntu desktop, and in the search bar, type โ€œwireshark,โ€ and click on the application result.

Wireshark 3.6.0 Launcher
Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 69%