Wireshark-announce: [Wireshark-announce] Wireshark 4.6.3 is now available

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Wireshark announcements <wireshark-announce@xxxxxxxxxxxxx>
Date: Wed, 14 Jan 2026 11:59:36 -0800
I'm proud to announce the release of Wireshark 4.6.3.


 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis education. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  organization would like to contribute or become a sponsor, please
  visit wiresharkfoundation.org[1].

  If you use Wireshark professionally or you just want to learn more
  about protocol analysis, you should join us at SharkFest[2], the
  Wireshark developer and user conference.

  You can also become a Wireshark Certified Analyst! Official Wireshark
  training and certification are available from the Wireshark
  Foundation[3].

 What’s New

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2026-01[4] BLF file parser crash. Issue 20880[5].

     • wnpa-sec-2026-02[6] IEEE 802.11 dissector crash. Issue 20939[7].

     • wnpa-sec-2026-03[8] SOME/IP-SD dissector crash. Issue 20945[9].

     • wnpa-sec-2026-04[10] HTTP3 dissector infinite loop. Issue
       20944[11].

   The following bugs have been fixed:

     • Wireshark 4.6.0 build fails on Solaris: pcapio.c:441:21: error:
       request for member '_flag' in something not a structure or union.
       Issue 20773[12].

     • RTP Player streams cannot be stopped. Issue 20879[13].

     • Additional ABI/API compatibility fixes. Issue 20881[14].

     • Missing data in pinfo→cinfo in HomePlug message
       CM_ATTEN_CHAR.IND. Issue 20893[15].

     • maxmind_db: crash when switching from a profile where it’s
       disabled to one where it’s enabled. Issue 20903[16].

     • Compilation warning or error if CFLAGS defines _FORTIFY_SOURCE to
       other than 3 without first undefining it. Issue 20904[17].

     • IEEE 802.11: Incorrect parsing of QoS and Mesh Control Field when
       the frame body contains an A-MSDU. Issue 20905[18].

     • OSS-Fuzz 473164101: Heap-buffer-overflow in
       dissect_idn_laser_data. Issue 20936[19].

     • Bug in decoding 5G NAS message - Extended CAG information list
       IE. Issue 20946[20].

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   DCT2000, DHCP, H.248, H.265, HomePlug AV, HTTP3, IDN, IEEE 802.11,
   LTE RRC, NAS-5GS, PKCS12, QUIC, RTPS, SOME/IP-SD, SSH, and Thrift

  New and Updated Capture File Support

   3GPP TS 32.423 Trace, BLF, NetScreen, and Viavi Observer

  New and Updated File Format Decoding Support

   There is no new or updated file format support in this release.

 Prior Versions

  Wireshark 4.6.2 included the following changes. See the release
  notes[21] for details:

  This release fixes an API/ABI change that was introduced in Wireshark
  4.6.1, which caused a compatibility issue with plugins built for
  Wireshark 4.6.0. Issue 20881[22].

    • wnpa-sec-2025-07[23] HTTP3 dissector crash. Issue 20860[24].

    • wnpa-sec-2025-08[25] MEGACO dissector infinite loop. Issue
      20884[26].

    • ws_base32_decode should be named *_encode ? Issue 20754[27].

    • Omnipeek files not working in 4.6.1. Issue 20876[28].

    • Stack buffer overflow in wiretap/ber.c (ber_open) Issue 20878[29].

    • Plugins incompatibility between 4.6.0 & 4.6.1. Issue 20881[30].

    • Fuzz job crash: fuzz-2025-11-30-12266121180.pcap. Issue 20883[31].

    • The Windows installers now ship with the Visual C++
      Redistributable version 14.44.35112. They previously shipped with
      14.40.33807.

  Wireshark 4.6.1 included the following changes. See the release
  notes[32] for details:

    • wnpa-sec-2025-05[33] BPv7 dissector crash. Issue 20770[34].

    • wnpa-sec-2025-06[35] Kafka dissector crash. Issue 20823[36].

    • L2CAP dissector doesn’t understand retransmission mode. Issue
      2241[37].

    • DNS HIP dissector labels PK algorithm as HIT length. Issue
      20768[38].

    • clang-cl error in "packet-zbee-direct.c" Issue 20776[39].

    • Writing to an LZ4-compressed output file might fail. Issue
      20779[40].

    • endian.h conflics with libc for building plugins. Issue 20786[41].

    • TShark crash caused by Lua plugin. Issue 20794[42].

    • Wireshark stalls for a few seconds when selecting specific
      messages. Issue 20797[43].

    • TLS Abbreviated Handshake Using New Session Ticket. Issue
      20802[44].

    • Custom websocket dissector does not run. Issue 20803[45].

    • WINREG QueryValue triggers dissector bug in packet-dcerpc.c. Issue
      20813[46].

    • Lua: FileHandler causing crash when reading packets. Issue
      20817[47].

    • Apply As Filter for field with FT_NONE and BASE_NONE for a single
      byte does not use the hex value. Issue 20818[48].

    • Layout preference Pane 3 problem with selecting Packet Diagram or
      None. Issue 20819[49].

    • TCP dissector creates invalid packet diagram. Issue 20820[50].

    • Too many nested VLAN tags when opening as File Format. Issue
      20831[51].

    • Omnipeek files not working in 4.6.0. Issue 20842[52].

    • Support UTF-16 strings in the IsoBus dissector for the string
      operations. Issue 20845[53].

    • SNMP getBulkRequest request-id does not get filtered for
      correctly. Issue 20849[54].

    • Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue 20852[55].

    • UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856[56].

  Wireshark 4.6.0 included the following changes. See the release
  notes[57] for details:

  Wireshark can dissect process information, packet metadata, flow IDs,
  drop information, and other information provided by `tcpdump` on
  macOS.

  We now ship universal macOS installers instead of separate packages
  for Arm64 and Intel. Issue 17294[58]

  WinPcap is no longer supported. On Windows, use Npcap instead,
  uninstalling WinPcap if necessary. The final release of WinPcap was
  version 4.1.3 in 2013. It only supports up to Windows 8, which is no
  longer supported by Microsoft or Wireshark.

  A new “Plots” dialog has been added, which provides scatter plots in
  contrast to the “I/O Graphs” dialog, which provides histograms. The
  Plots dialog window supports multiple plots, markers, and automatic
  scrolling.

  Live captures can be compressed while writing. (Previously there was
  support for compressing when performing multiple file capture, at file
  rotation time.) The `--compress` option in TShark works on live
  captures as well. Issue 9311[59]

  Wireshark can now decrypt NTP packets using NTS (Network Time
  Security). To decrypt packets, the NTS-KE (Network Time Security Key
  Establishment Protocol) packets need to be present, alongside the TLS
  client and exporter secrets.

  Wireshark’s ability to decrypt MACsec packets has been expanded to
  either use the SAK unwrapped by the MKA dissector, or the PSK
  configured in the MACsec dissector.

  The TCP Stream Graph axes now use units with SI prefixes. Issue
  20197[60]

  Display filter functions `float` and `double` are added to allow
  explicitly converting field types like integers and times to single
  and double precision floats.

  A "Edit › Copy › as HTML" menu item has been added, along with
  associated context menu items and a keyboard shortcut.

  The Conversations and Endpoints dialogs have an option to display byte
  counts and bit rates in exact counts instead of human-readable numbers
  with SI units.

  The color scheme can be set to Light or Dark mode independently of the
  current OS default on Windows and macOS, if Wireshark is built with Qt
  6.8 or later as the official installers are. Issue 19328[61]

 Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

   Most Linux and Unix vendors supply their own Wireshark packages. You
   can usually install or upgrade Wireshark using the package management
   system specific to that platform. A list of third-party packages can
   be found on the download page[62] on the Wireshark web site.

 File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

 Getting Help

  The User’s Guide, manual pages and various other documentation can be
  found at https://www.wireshark.org/docs/

  Community support is available on Wireshark’s Q&A site[63] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the mailing list
  site[64].

  Bugs and feature requests can be reported on the issue tracker[65].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[66].

 How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[67].

 Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[68].

 References

   1. https://wiresharkfoundation.org
   2. https://sharkfest.wireshark.org/
   3. https://www.wireshark.org/certifications
   4. https://www.wireshark.org/security/wnpa-sec-2026-01
   5. https://gitlab.com/wireshark/wireshark/-/issues/20880
   6. https://www.wireshark.org/security/wnpa-sec-2026-02
   7. https://gitlab.com/wireshark/wireshark/-/issues/20939
   8. https://www.wireshark.org/security/wnpa-sec-2026-03
   9. https://gitlab.com/wireshark/wireshark/-/issues/20945
  10. https://www.wireshark.org/security/wnpa-sec-2026-04
  11. https://gitlab.com/wireshark/wireshark/-/issues/20944
  12. https://gitlab.com/wireshark/wireshark/-/issues/20773
  13. https://gitlab.com/wireshark/wireshark/-/issues/20879
  14. https://gitlab.com/wireshark/wireshark/-/issues/20881
  15. https://gitlab.com/wireshark/wireshark/-/issues/20893
  16. https://gitlab.com/wireshark/wireshark/-/issues/20903
  17. https://gitlab.com/wireshark/wireshark/-/issues/20904
  18. https://gitlab.com/wireshark/wireshark/-/issues/20905
  19. https://gitlab.com/wireshark/wireshark/-/issues/20936
  20. https://gitlab.com/wireshark/wireshark/-/issues/20946
  21. https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html
  22. https://gitlab.com/wireshark/wireshark/-/issues/20881
  23. https://www.wireshark.org/security/wnpa-sec-2025-07
  24. https://gitlab.com/wireshark/wireshark/-/issues/20860
  25. https://www.wireshark.org/security/wnpa-sec-2025-08
  26. https://gitlab.com/wireshark/wireshark/-/issues/20884
  27. https://gitlab.com/wireshark/wireshark/-/issues/20754
  28. https://gitlab.com/wireshark/wireshark/-/issues/20876
  29. https://gitlab.com/wireshark/wireshark/-/issues/20878
  30. https://gitlab.com/wireshark/wireshark/-/issues/20881
  31. https://gitlab.com/wireshark/wireshark/-/issues/20883
  32. https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html
  33. https://www.wireshark.org/security/wnpa-sec-2025-05
  34. https://gitlab.com/wireshark/wireshark/-/issues/20770
  35. https://www.wireshark.org/security/wnpa-sec-2025-06
  36. https://gitlab.com/wireshark/wireshark/-/issues/20823
  37. https://gitlab.com/wireshark/wireshark/-/issues/2241
  38. https://gitlab.com/wireshark/wireshark/-/issues/20768
  39. https://gitlab.com/wireshark/wireshark/-/issues/20776
  40. https://gitlab.com/wireshark/wireshark/-/issues/20779
  41. https://gitlab.com/wireshark/wireshark/-/issues/20786
  42. https://gitlab.com/wireshark/wireshark/-/issues/20794
  43. https://gitlab.com/wireshark/wireshark/-/issues/20797
  44. https://gitlab.com/wireshark/wireshark/-/issues/20802
  45. https://gitlab.com/wireshark/wireshark/-/issues/20803
  46. https://gitlab.com/wireshark/wireshark/-/issues/20813
  47. https://gitlab.com/wireshark/wireshark/-/issues/20817
  48. https://gitlab.com/wireshark/wireshark/-/issues/20818
  49. https://gitlab.com/wireshark/wireshark/-/issues/20819
  50. https://gitlab.com/wireshark/wireshark/-/issues/20820
  51. https://gitlab.com/wireshark/wireshark/-/issues/20831
  52. https://gitlab.com/wireshark/wireshark/-/issues/20842
  53. https://gitlab.com/wireshark/wireshark/-/issues/20845
  54. https://gitlab.com/wireshark/wireshark/-/issues/20849
  55. https://gitlab.com/wireshark/wireshark/-/issues/20852
  56. https://gitlab.com/wireshark/wireshark/-/issues/20856
  57. https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html
  58. https://gitlab.com/wireshark/wireshark/-/issues/17294
  59. https://gitlab.com/wireshark/wireshark/-/issues/9311
  60. https://gitlab.com/wireshark/wireshark/-/issues/20197
  61. https://gitlab.com/wireshark/wireshark/-/issues/19328
  62. https://www.wireshark.org/download.html
  63. https://ask.wireshark.org/
  64. https://lists.wireshark.org/lists/
  65. https://gitlab.com/wireshark/wireshark/-/issues
  66. https://sharkfest.wireshark.org
  67. https://wiresharkfoundation.org
  68. https://www.wireshark.org/faq.html


Digests

wireshark-4.6.3.tar.xz: 50636640 bytes
SHA256(wireshark-4.6.3.tar.xz)=9fa6a745df8540899dc9d433e4634d6755371ff87bd722ce04c7d7b0132d9af3
SHA1(wireshark-4.6.3.tar.xz)=48946917e956315938af4f21d0813b8a19512f6b

Wireshark-4.6.3-x64.exe: 96653880 bytes
SHA256(Wireshark-4.6.3-x64.exe)=09db2e7365b8dc56bc293b5e2849d9d06ebd8411f5a5e72e528964fbb051f283
SHA1(Wireshark-4.6.3-x64.exe)=cec27b460433761367e22b6695ecbde736adc9d9

Wireshark-4.6.3-arm64.exe: 75367848 bytes
SHA256(Wireshark-4.6.3-arm64.exe)=c9578cef62c7614824679c6025c10a033ddb2e56347ef4f6c1a7fce6f4e28563
SHA1(Wireshark-4.6.3-arm64.exe)=abbac496d128a2313cfe54ba4f30a971383cd0d2

Wireshark-4.6.3-x64.msi: 73793536 bytes
SHA256(Wireshark-4.6.3-x64.msi)=59b5ac08efc1bd595064b942d33c0ae63e4343db063fd388ce69bdd42285f542
SHA1(Wireshark-4.6.3-x64.msi)=eca843571ca6ca3570798a659f42ceb0dac3847b

WiresharkPortable64_4.6.3.paf.exe: 95753504 bytes
SHA256(WiresharkPortable64_4.6.3.paf.exe)=ee62f97a0f91ae998fa8a34bef640ee0a5bd8582324d59a33c1bdf3b5d833e07
SHA1(WiresharkPortable64_4.6.3.paf.exe)=e76bfe3ead03e8597532db2e6be9a2fb858d18b4

Wireshark 4.6.3.dmg: 141516002 bytes
SHA256(Wireshark 4.6.3.dmg)=788fef0f62fc58d2523270256694efc30e79f3584d4895eb066ca333daa88fe9
SHA1(Wireshark 4.6.3.dmg)=233ca01482e9fbe6770b173c83e67d825c72e195

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-x.y.z-x64.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_0x82244A78E6FEAEEA.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature