Wireshark · Wireshark-dev: [Wireshark-dev] Wireshark 4.6.2 is now available

Wireshark-dev: [Wireshark-dev] Wireshark 4.6.2 is now available

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Wed, 3 Dec 2025 12:06:40 -0800

I'm proud to announce the release of Wireshark 4.6.2.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which
promotes protocol analysis education. Wireshark and the foundation
depend on your contributions in order to do their work. If you or your
organization would like to contribute or become a sponsor, please
visit wiresharkfoundation.org[1].

If you use Wireshark professionally or you just want to learn more
about protocol analysis, you should join us at SharkFest[2], the
Wireshark developer and user conference.

You can also become a Wireshark Certified Analyst! Official Wireshark
training and certification are available from the Wireshark
Foundation[3].

What’s New

Bug Fixes

This release fixes an API/ABI change that was introduced in Wireshark
4.6.1, which caused a compatibility issue with plugins built for
Wireshark 4.6.0. Issue 20881[4].

The following vulnerabilities have been fixed:

• wnpa-sec-2025-07[5] HTTP3 dissector crash. Issue 20860[6].

• wnpa-sec-2025-08[7] MEGACO dissector infinite loop. Issue
20884[8].

The following bugs have been fixed:

• ws_base32_decode should be named *_encode ? Issue 20754[9].

• Omnipeek files not working in 4.6.1. Issue 20876[10].

• Stack buffer overflow in wiretap/ber.c (ber_open) Issue
20878[11].

• Plugins incompatibility between 4.6.0 & 4.6.1. Issue 20881[12].

• Fuzz job crash: fuzz-2025-11-30-12266121180.pcap. Issue
20883[13].

New and Updated Features

• The Windows installers now ship with the Visual C++
Redistributable version 14.44.35112. They previously shipped with
14.40.33807.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

ATM PW, COSEM, COTP, DECT NR+, DMP, Fc00, GTP, HTTP3, IEEE 802.15.4,
ISIS HELLO, ISOBUS, MAC-LTE, MAUSB, MEGACO, MPEG DSM-CC, OsmoTRXD,
PTP, RLC, SAPDIAG, and SMTP

New and Updated Capture File Support

Peektagged

New and Updated File Format Decoding Support

There is no new or updated file format support in this release.

Prior Versions

Wireshark 4.6.1 included the following changes. See the release
notes[14] for details:

• wnpa-sec-2025-05[15] BPv7 dissector crash. Issue 20770[16].

• wnpa-sec-2025-06[17] Kafka dissector crash. Issue 20823[18].

• L2CAP dissector doesn’t understand retransmission mode. Issue
2241[19].

• DNS HIP dissector labels PK algorithm as HIT length. Issue
20768[20].

• clang-cl error in "packet-zbee-direct.c" Issue 20776[21].

• Writing to an LZ4-compressed output file might fail. Issue
20779[22].

• endian.h conflics with libc for building plugins. Issue 20786[23].

• TShark crash caused by Lua plugin. Issue 20794[24].

• Wireshark stalls for a few seconds when selecting specific
messages. Issue 20797[25].

• TLS Abbreviated Handshake Using New Session Ticket. Issue
20802[26].

• Custom websocket dissector does not run. Issue 20803[27].

• WINREG QueryValue triggers dissector bug in packet-dcerpc.c. Issue
20813[28].

• Lua: FileHandler causing crash when reading packets. Issue
20817[29].

• Apply As Filter for field with FT_NONE and BASE_NONE for a single
byte does not use the hex value. Issue 20818[30].

• Layout preference Pane 3 problem with selecting Packet Diagram or
None. Issue 20819[31].

• TCP dissector creates invalid packet diagram. Issue 20820[32].

• Too many nested VLAN tags when opening as File Format. Issue
20831[33].

• Omnipeek files not working in 4.6.0. Issue 20842[34].

• Support UTF-16 strings in the IsoBus dissector for the string
operations. Issue 20845[35].

• SNMP getBulkRequest request-id does not get filtered for
correctly. Issue 20849[36].

• Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue 20852[37].

• UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856[38].

Wireshark 4.6.0 included the following changes. See the release
notes[39] for details:

Wireshark can dissect process information, packet metadata, flow IDs,
drop information, and other information provided by `tcpdump` on
macOS.

We now ship universal macOS installers instead of separate packages
for Arm64 and Intel. Issue 17294[40]

WinPcap is no longer supported. On Windows, use Npcap instead,
uninstalling WinPcap if necessary. The final release of WinPcap was
version 4.1.3 in 2013. It only supports up to Windows 8, which is no
longer supported by Microsoft or Wireshark.

A new “Plots” dialog has been added, which provides scatter plots in
contrast to the “I/O Graphs” dialog, which provides histograms. The
Plots dialog window supports multiple plots, markers, and automatic
scrolling.

Live captures can be compressed while writing. (Previously there was
support for compressing when performing multiple file capture, at file
rotation time.) The `--compress` option in TShark works on live
captures as well. Issue 9311[41]

Wireshark can now decrypt NTP packets using NTS (Network Time
Security). To decrypt packets, the NTS-KE (Network Time Security Key
Establishment Protocol) packets need to be present, alongside the TLS
client and exporter secrets.

Wireshark’s ability to decrypt MACsec packets has been expanded to
either use the SAK unwrapped by the MKA dissector, or the PSK
configured in the MACsec dissector.

The TCP Stream Graph axes now use units with SI prefixes. Issue
20197[42]

Display filter functions `float` and `double` are added to allow
explicitly converting field types like integers and times to single
and double precision floats.

A "Edit › Copy › as HTML" menu item has been added, along with
associated context menu items and a keyboard shortcut.

The Conversations and Endpoints dialogs have an option to display byte
counts and bit rates in exact counts instead of human-readable numbers
with SI units.

The color scheme can be set to Light or Dark mode independently of the
current OS default on Windows and macOS, if Wireshark is built with Qt
6.8 or later as the official installers are. Issue 19328[43]

Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[44] on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use "Help › About
Wireshark › Folders" or `tshark -G folders` to find the default
locations on your system.

Getting Help

The User’s Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/

Community support is available on Wireshark’s Q&A site[45] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark’s mailing lists can be found on the mailing list
site[46].

Bugs and feature requests can be reported on the issue tracker[47].

You can learn protocol analysis and meet Wireshark’s developers at
SharkFest[48].

How You Can Help

The Wireshark Foundation helps as many people as possible understand
their networks as much as possible. You can find out more and donate
at wiresharkfoundation.org[49].

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site[50].

References

1. https://wiresharkfoundation.org
2. https://sharkfest.wireshark.org/
3. https://www.wireshark.org/certifications
4. https://gitlab.com/wireshark/wireshark/-/issues/20881
5. https://www.wireshark.org/security/wnpa-sec-2025-07
6. https://gitlab.com/wireshark/wireshark/-/issues/20860
7. https://www.wireshark.org/security/wnpa-sec-2025-08
8. https://gitlab.com/wireshark/wireshark/-/issues/20884
9. https://gitlab.com/wireshark/wireshark/-/issues/20754
10. https://gitlab.com/wireshark/wireshark/-/issues/20876
11. https://gitlab.com/wireshark/wireshark/-/issues/20878
12. https://gitlab.com/wireshark/wireshark/-/issues/20881
13. https://gitlab.com/wireshark/wireshark/-/issues/20883
14. https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html
15. https://www.wireshark.org/security/wnpa-sec-2025-05
16. https://gitlab.com/wireshark/wireshark/-/issues/20770
17. https://www.wireshark.org/security/wnpa-sec-2025-06
18. https://gitlab.com/wireshark/wireshark/-/issues/20823
19. https://gitlab.com/wireshark/wireshark/-/issues/2241
20. https://gitlab.com/wireshark/wireshark/-/issues/20768
21. https://gitlab.com/wireshark/wireshark/-/issues/20776
22. https://gitlab.com/wireshark/wireshark/-/issues/20779
23. https://gitlab.com/wireshark/wireshark/-/issues/20786
24. https://gitlab.com/wireshark/wireshark/-/issues/20794
25. https://gitlab.com/wireshark/wireshark/-/issues/20797
26. https://gitlab.com/wireshark/wireshark/-/issues/20802
27. https://gitlab.com/wireshark/wireshark/-/issues/20803
28. https://gitlab.com/wireshark/wireshark/-/issues/20813
29. https://gitlab.com/wireshark/wireshark/-/issues/20817
30. https://gitlab.com/wireshark/wireshark/-/issues/20818
31. https://gitlab.com/wireshark/wireshark/-/issues/20819
32. https://gitlab.com/wireshark/wireshark/-/issues/20820
33. https://gitlab.com/wireshark/wireshark/-/issues/20831
34. https://gitlab.com/wireshark/wireshark/-/issues/20842
35. https://gitlab.com/wireshark/wireshark/-/issues/20845
36. https://gitlab.com/wireshark/wireshark/-/issues/20849
37. https://gitlab.com/wireshark/wireshark/-/issues/20852
38. https://gitlab.com/wireshark/wireshark/-/issues/20856
39. https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html
40. https://gitlab.com/wireshark/wireshark/-/issues/17294
41. https://gitlab.com/wireshark/wireshark/-/issues/9311
42. https://gitlab.com/wireshark/wireshark/-/issues/20197
43. https://gitlab.com/wireshark/wireshark/-/issues/19328
44. https://www.wireshark.org/download.html
45. https://ask.wireshark.org/
46. https://lists.wireshark.org/lists/
47. https://gitlab.com/wireshark/wireshark/-/issues
48. https://sharkfest.wireshark.org
49. https://wiresharkfoundation.org
50. https://www.wireshark.org/faq.html

Digests

wireshark-4.6.2.tar.xz: 50581900 bytes
SHA256(wireshark-4.6.2.tar.xz)=e218e3b3899e5d6e35a5fe95eeeabead587ed084cbf5fc330ac827f9a3137de8
SHA1(wireshark-4.6.2.tar.xz)=7b87d40d80552708befbb852bb1414c02010b2dc

Wireshark-4.6.2-arm64.exe: 75342184 bytes
SHA256(Wireshark-4.6.2-arm64.exe)=ed0f03cc3d4a0815731ca3c8531a5ec05e5a0d965a2c868d1d4c995d025f3758
SHA1(Wireshark-4.6.2-arm64.exe)=c93d4d271e01a9400f215ede235b2d86e344a4fa

Wireshark-4.6.2-x64.exe: 96624568 bytes
SHA256(Wireshark-4.6.2-x64.exe)=373a93e9b5ffa3559938424a2aabd3338786cff7bef084641c2c5e5bfb44325e
SHA1(Wireshark-4.6.2-x64.exe)=9680681c8426ed46bbe10533817dd067e73473cf

Wireshark-4.6.2-x64.msi: 73805824 bytes
SHA256(Wireshark-4.6.2-x64.msi)=fa979913b8caceaec071156b50be0b4a999bb0c21d29f05e1a8ee61ed90c1b45
SHA1(Wireshark-4.6.2-x64.msi)=b23a77980cf01f31fcc62b8ed9a7bc602f1d31cd

WiresharkPortable64_4.6.2.paf.exe: 95699608 bytes
SHA256(WiresharkPortable64_4.6.2.paf.exe)=00e42c7c303cda98266dea27cf6e744f1bda882d03384a484a5662ea9f943ffe
SHA1(WiresharkPortable64_4.6.2.paf.exe)=75d3edd27386dc2352ab1056b42297b8214150f7

Wireshark 4.6.2.dmg: 141491581 bytes
SHA256(Wireshark 4.6.2.dmg)=238af1a676f66a465de3edb6dfb7ce8bed5e91e91b26030f4c1a231982f8d206
SHA1(Wireshark 4.6.2.dmg)=c5f1d1bf5680f3b6fcfde75766dc1be5bdc5ea3b

You can validate these hashes using the following commands (among others):

Windows: certutil -hashfile Wireshark-x.y.z-x64.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Index(es):
- Date
- Thread