Wireshark is a leading free and open-source packet analyzer for network troubleshooting, analysis, and software and communications protocol development.
Network professionals and IT specialists widely use it to analyze and troubleshoot network issues, as it can capture and display the data traveling back and forth on a network in a detailed and understandable format. Curious about which are the most commonly used network ports? Check out our article on the subject.
Wireshark 4.2 has just been released, so it’s time to explore and discover its new features and improvements.
Wireshark 4.2 Highlights
Wireshark, the world’s leading network protocol analyzer, has launched its 4.2.0 version, marking its first major release under the Wireshark Foundation.
This nonprofit entity promotes protocol analysis education and hosts Wireshark, relying on community contributions for support. The new version introduces several notable updates and improvements:
- Dark Mode Support on Windows: This feature has been enhanced to cater to modern user interface preferences.
- Windows Arm64 Installer: Expanding the software’s accessibility, an installer for Windows on Arm64 platforms has been added.
- Improved Packet List Sorting: Enhancements in sorting mechanisms provide a more efficient user experience.
- Enhanced UTF-8 Output: Wireshark and TShark have improved their capability to generate valid UTF-8 outputs, ensuring better data representation and compatibility.
- MAC Address Lookup Tool: This tool can now look up MAC addresses in the IEEE OUI registry.
- Installation and Compilation Improvements: Changes include the omission of development headers in the default installation target and the ability for the Wireshark installation to be relocatable on Linux and other ELF platforms. Additionally, Wireshark can now be compiled on Windows using MSYS2 and cross-compiled for Windows using Linux.
Yet, what truly stood out to us was Wireshark 4.2’s integration of support for HTTP/3, the most recent advancement in the Hypertext Transfer Protocol (HTTP). Although HTTP/3 has not yet achieved widespread usage, Wireshark’s decision to include it is a forward-thinking step.
Other significant improvements include adding a new display filter to enable users to filter raw bytes more efficiently. This feature is expected to assist network administrators and cybersecurity professionals in analyzing network traffic more precisely.
Additionally, the new Wireshark 4.2 has made strides in user experience by upgrading its display filter autocomplete feature. This smarter system is now adept at avoiding suggestions that would result in invalid syntax, streamlining the process of creating accurate and effective filters.
Finally, the update extends support for various new file formats and protocols, including RTPDump and several new protocols like Aruba UBT, and ATSC Link-Layer Protocol. There’s also enhanced support for protocols like JSON, IPv6, and HTTP.
You can refer to the release announcement for detailed information on all changes in Wireshark 4.2.
