Wireshark-users: [Wireshark-users] Re: Wireshark 4.4.3 is now available

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: MEL MITCHELL <quake8791@xxxxxxxxx>
Date: Thu, 9 Jan 2025 02:03:09 +0000 (UTC)
Gerald Dizon what do you want boy? Tell your pops fix my claim instead of tryna play puff daddy


On Wed, Jan 8, 2025 at 8:01 PM, Gerald Combs
<gerald@xxxxxxxxxxxxx> wrote:
I'm proud to announce the release of Wireshark 4.4.3.


  What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

  Wireshark is hosted by the Wireshark Foundation, a nonprofit which
  promotes protocol analysis education. Wireshark and the foundation
  depend on your contributions in order to do their work. If you or your
  organization would like to contribute or become a sponsor, please
  visit wiresharkfoundation.org[1].

  What’s New

  Bug Fixes

    The following bugs have been fixed:

      • Potential mis-match in GSM MAP dissector for uncertainty radius
        and its filter key. Issue 20247[2].

      • Macro eNodeB ID and Extended Macro eNodeB ID not decoded by User
        Location Information. Issue 20276[3].

      • The NFSv2 Dissector appears to be swapping Character Special File
        and Directory in mode decoding. Issue 20290[4].

      • CMake discovers Strawberry Perl’s zlib DLL when it shouldn’t.
        Issue 20304[5].

      • VOIP Calls call flow displaying hours. Issue 20311[6].

      • Fuzz job issue: fuzz-2024-12-26-7898.pcap. Issue 20313[7].

      • sFlow: Incorrect length passed to header sample dissector. Issue
        20320[8].

      • wsutil: Should link against -lm due to missing fabs() when built
        with -fno-builtin. Issue 20326[9].

  New and Updated Features

  New Protocol Support

    There are no new protocols in this release.

  Updated Protocol Support

    ARTNET, ASN.1 PER, BACapp, BBLog, BT BR/EDR RF, CQL, Diameter, DOF,
    ECMP, FiveCo RAP, FTDI FT, GSM COMMON, GTPv2, HCI_MON, HSRP, HTTP2,
    ICMPv6, IEEE 802.11, Kafka, LTE RRC, MBIM, MMS, Modbus/TCP, MPEG PES,
    NAS-EPS, NFS, NGAP, NR RRC, PLDM, PN-DCP, POP, ProtoBuf, PTP, RLC,
    RPC, RTCP, sFlow, SIP, SRT, TCP, UCP, USBCCID, Wi-SUN, and ZigBee ZCL

  New and Updated Capture File Support

    CLLog EMS ERF

  Updated File Format Decoding Support

    There is no updated file format support in this release.

  Prior Versions

  Wireshark 4.4.2 included the following changes. See the release
  notes[10] for details:

    • wnpa-sec-2024-14[11] FiveCo RAP dissector infinite loop. Issue
      20176[12].

    • wnpa-sec-2024-15[13] ECMP dissector crash. Issue 20214[14].

    • CIP I/O is not detected by "enip" filter anymore. Issue 19517[15].

    • Fuzz job issue: fuzz-2024-09-03-7550.pcap. Issue 20041[16].

    • OSS-Fuzz 71476: wireshark:fuzzshark_ip_proto-udp:
      Index-out-of-bounds in DOFObjectID_Create_Unmarshal. Issue
      20065[17].

    • JA4_c hashes an empty field to e3b0c44298fc when it should be
      000000000000. Issue 20066[18].

    • Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone
      Mirroring. Issue 20082[19].

    • PTP analysis loses track of message associations in case of
      sequence number resets. Issue 20099[20].

    • USB CCID: response packet in case SetParameters command is
      unsupported is flagged as malformed. Issue 20107[21].

    • dumpcap crashes when run from TShark with a capture filter. Issue
      20108[22].

    • SRT dissector: The StreamID (SID) in the handshake extension is
      displayed without regarding the control characters and with NUL as
      terminating. Issue 20113[23].

    • Ghost error message on POP3 packets. Issue 20124[24].

    • Building against c-ares 1.34 fails. Issue 20125[25].

    • D-Bus is not optional anymore. Issue 20126[26].

    • macOS Intel DMGs aren’t fully notarized. Issue 20129[27].

    • Incorrect name for MLD Capabilities and Operations Present flag in
      dissection of MLD Capabilities for MLO wifi-7 capture. Issue
      20134[28].

    • CQL Malformed Packet v4 S → C Type RESULT: Prepared[Malformed
      Packet] Issue 20142[29].

    • Wi-Fi: 256 Block Ack (BA) is not parsed properly. Issue 20156[30].

    • BACnet ReadPropertyMultiple request Maximum allowed recursion
      depth reached. Issue 20159[31].

    • Statistics→I/O Graph crashes when using simple moving average.
      Issue 20163[32].

    • HTTP2 body decompression fails on DATA with a single padded frame.
      Issue 20167[33].

    • Compiler warning for ui/tap-rtp-common.c (ignoring return value)
      Issue 20169[34].

    • SIP dissector bug due to "be-route" param in VIA header. Issue
      20173[35].

    • Coredump after trying to open 'Follow TCP stream' Issue 20174[36].

    • Protobuf JSON mapping error. Issue 20182[37].

    • Display filter "!stp.pvst.origvlan in { vlan.id }" causes a crash
      (Version 4.4.1) Issue 20183[38].

    • Extcap plugins shipped with Wireshark Portable are not found in
      version 4.4.1. Issue 20184[39].

    • IEEE 802.11be: Wrong regulatory info in HE Operation IE in Beacon
      frame. Issue 20187[40].

    • Wireshark 4.4.1 does not decode RTCP packets. Issue 20188[41].

    • Qt: Display filter sub-menu can only be opened on the triangle,
      not the full name. Issue 20190[42].

    • Qt: Changing the display filter does not update the Conversations
      or Endpoints dialogs. Issue 20191[43].

    • MODBUS Dissector bug. Issue 20192[44].

    • Modbus dissector bug - Field Occurence and Layer Operator
      modbus.bitval field. Issue 20193[45].

    • Wireshark crashes when a field is dragged from packet details
      towards the find input. Issue 20204[46].

    • Lua DissectorTable("") : set ("10,11") unexpected behavior in
      locales with comma as decimal separator. Issue 20216[47].

  The TCP dissector no longer falls back to using the client port as a
  criterion for selecting a payload dissector when the server port does
  not select a payload dissector (except for port 20, active FTP). This
  behavior can be changed using the "Client port dissectors" preference.

  Display filters now correctly handle floating point conversion errors.

  The Lua API now has better support for comma-separated ranges in
  different locales.

  Wireshark 4.4.1 included the following changes. See the release
  notes[48] for details:

    • wnpa-sec-2024-12[49] ITS dissector crash. Issue 20026[50].

    • wnpa-sec-2024-13[51] AppleTalk and RELOAD Framing dissector
      crashes. Issue 20114[52].

    • Refresh interface during live-capture leads to corrupt interface
      handling. Issue 11176[53].

    • Media type "application/octet-stream" registered for both Thread
      and UASIP. Issue 14729[54].

    • Extcap toolbar stops working when new interface is added. Issue
      19854[55].

    • Decoding error ITS CPM version 2.1.1. Issue 19886[56].

    • Build error in 4.3.0: sync_pipe_run_command_actual error: argument
      2 is null but the corresponding size argument 3 value is 512004
      [-Werror=nonnull] Issue 19930[57].

    • html2text.py doesn’t handle the `<sup>` tag. Issue 20020[58].

    • Incorrect NetFlow v8 TOS AS aggregation dissection. Issue
      20021[59].

    • The Windows packages don’t ship with the IP address plugin. Issue
      20030[60].

    • O_PATH is Linux-and-FreeBSD-specific. Issue 20031[61].

    • Wireshark 4.4.0 doesn’t install USBcap USBcapCMD.exe in the
      correct directory. Issue 20040[62].

    • OER dissector is not considering the preamble if ASN.1 SEQUENCE
      definition includes extension marker but no OPTIONAL items. Issue
      20044[63].

    • Bluetooth classic L2CAP incorrect dissection with connectionless
      reception channel. Issue 20047[64].

    • Profile auto switch filters : Grayed Display Filter _expression_
      dialog box when opened from Configuration Profiles dialog box.
      Issue 20049[65].

    • Wireshark 4.4.0 / macOS 14.6.1 wifi if monitor mode. Issue
      20051[66].

    • TECMP Data Type passes too much data to sub dissectors. Issue
      20052[67].

    • Wireshark and tshark 4.4.0 ignore extcap options specified on the
      command line. Issue 20054[68].

    • Cannot open release notes due to incorrect path with duplicated
      directory components. Issue 20055[69].

    • Unable to open "Release Notes" from the "Help" menu. Issue
      20056[70].

    • No capture interfaces if Wireshark is started from command line
      with certain paths. Issue 20057[71].

    • Wireshark 4.4.0 extcap path change breaks third party extcap
      installers. Issue 20069[72].

    • Fuzz job UTF-8 encoding issue: fuzz-2024-09-10-7618.pcap. Issue
      20071[73].

    • Unable to create larger files than 99 size units. Issue 20079[74].

    • Opening Wireshark 4.4.0 on macOS 15.0 disconnects iPhone
      Mirroring. Issue 20082[75].

    • PRP trailer not shown for L2 IEC 61850 GOOSE packets in 4.4.0 (was
      working in 4.2.7) Issue 20088[76].

    • GUI lags because NetworkManager keeps turning 802.11 monitor mode
      off. Issue 20090[77].

    • Error while getting Bluetooth application process id by <shell:ps
      -A | grep com.*android.bluetooth> Issue 20100[78].

    • Fuzz job assertion: randpkt-2024-10-05-7200.pcap. Issue 20110[79].

  Wireshark 4.4.0 included the following changes. See the release
  notes[80] for details:

  Many improvements and fixes to the graphing dialogs, including I/O
  Graphs, Flow Graph / VoIP Calls, and TCP Stream Graphs.

  Wireshark now supports automatic profile switching. You can associate
  a display filter with a configuration profile, and when you open a
  capture file that matches the filter, Wireshark will automatically
  switch to that profile.

  Support for Lua 5.3 and 5.4 has been added, and support for Lua 5.1
  and 5.2 has been removed. The Windows and macOS installers now ship
  with Lua 5.4.6.

  Improved display filter support for value strings (optional string
  representations for numeric fields).

  Display filter functions can be implemented as plugins, similar to
  protocol dissectors and file parsers.

  Display filters can be translated to pcap filters using "Edit › Copy ›
  Display filter as pcap filter" if each display filter field has a
  corresponding pcap filter equivalent.

  Custom columns can be defined using any valid field _expression_, such
  as display filter functions, packet slices, arithmetic calculations,
  logical tests, raw byte addressing, and protocol layer modifiers.

  Custom output fields for `tshark -e` can also be defined using any
  valid field _expression_.

  Wireshark can be built with the zlib-ng instead of zlib for compressed
  file support. Zlib-ng is substantially faster than zlib. The official
  Windows and macOS packages include this feature.

  Getting Wireshark

  Wireshark source code and installation packages are available from
  https://www.wireshark.org/download.html.

  Vendor-supplied Packages

    Most Linux and Unix vendors supply their own Wireshark packages. You
    can usually install or upgrade Wireshark using the package management
    system specific to that platform. A list of third-party packages can
    be found on the download page[81] on the Wireshark web site.

  File Locations

  Wireshark and TShark look in several different locations for
  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
  locations vary from platform to platform. You can use "Help › About
  Wireshark › Folders" or `tshark -G folders` to find the default
  locations on your system.

  Getting Help

  The User’s Guide, manual pages and various other documentation can be

  Community support is available on Wireshark’s Q&A site[82] and on the
  wireshark-users mailing list. Subscription information and archives
  for all of Wireshark’s mailing lists can be found on the mailing list
  site[83].

  Bugs and feature requests can be reported on the issue tracker[84].

  You can learn protocol analysis and meet Wireshark’s developers at
  SharkFest[85].

  How You Can Help

  The Wireshark Foundation helps as many people as possible understand
  their networks as much as possible. You can find out more and donate
  at wiresharkfoundation.org[86].

  Frequently Asked Questions

  A complete FAQ is available on the Wireshark web site[87].

  References



Digests

Wireshark-4.4.3-arm64.exe: 68770968 bytes
SHA256(Wireshark-4.4.3-arm64.exe)=0726f0fe0acb183eece26927a455b16f367ee20dcb5215991ec30ea3d5a416e6
SHA1(Wireshark-4.4.3-arm64.exe)=2e48a4ddc06f983cabd36c5fa8d667dc017bb3a9

Wireshark-4.4.3-x64.exe: 87290872 bytes
SHA256(Wireshark-4.4.3-x64.exe)=44524f1abd1ac0f550e77516527d70a2ab4a1d88273947608e3200a42f792f2c
SHA1(Wireshark-4.4.3-x64.exe)=e24db65d19c1185345c2a9c88143f2b05df91936

Wireshark-4.4.3-x64.msi: 63926272 bytes
SHA256(Wireshark-4.4.3-x64.msi)=245a27b826b50c5b50f170a5b5a1f3f150ce1e35bce7792f06f3f0ececb34ea7
SHA1(Wireshark-4.4.3-x64.msi)=d56e0213dd63b961f9f96ab62a370362fc8e26e3

WiresharkPortable64_4.4.3.paf.exe: 64430112 bytes
SHA256(WiresharkPortable64_4.4.3.paf.exe)=d37ed10c7e1c86117be52a3b2f9b5500b8ffad335aac85eb1dbe73b4df359ef2
SHA1(WiresharkPortable64_4.4.3.paf.exe)=7e6433f6508b251767aa556c550ce25624d34fd6

Wireshark 4.4.3 Arm 64.dmg: 65435203 bytes
SHA256(Wireshark 4.4.3 Arm 64.dmg)=0e18380fa0dfb8047d6b51c6a91d42eb1940f3814bb1fddbd96784dd669bbf1a
SHA1(Wireshark 4.4.3 Arm 64.dmg)=295acc029f14c4848f6945108d7f64a4bd541046

Wireshark 4.4.3 Intel 64.dmg: 69167654 bytes
SHA256(Wireshark 4.4.3 Intel 64.dmg)=031119f725913fc4dff00350474670666da90d4f506ece1a998770f4cdbca3c2
SHA1(Wireshark 4.4.3 Intel 64.dmg)=ba4ae75295f11d16247e86523f6c0a0ad89fa568

You can validate these hashes using the following commands (among others):

    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
    macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
    Other: openssl sha256 wireshark-x.y.z.tar.xz
_______________________________________________
Wireshark-users mailing list -- wireshark-users@xxxxxxxxxxxxx
To unsubscribe send an email to wireshark-users-leave@xxxxxxxxxxxxx