Wireshark · Wireshark-users: [Wireshark-users] Wireshark 4.6.1 is now available

Wireshark-users: [Wireshark-users] Wireshark 4.6.1 is now available

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Wed, 19 Nov 2025 14:22:47 -0800

I'm proud to announce the release of Wireshark 4.6.1.

This is the first release of the 4.6 branch.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which
promotes protocol analysis education. Wireshark and the foundation
depend on your contributions in order to do their work. If you or your
organization would like to contribute or become a sponsor, please
visit wiresharkfoundation.org[1].

If you use Wireshark professionally or you just want to learn more
about protocol analysis, you should join us at SharkFest[2], the
Wireshark developer and user conference.

You can also become a Wireshark Certified Analyst! Official Wireshark
training and certification are available from the Wireshark
Foundation[3].

What’s New

Bug Fixes

• wnpa-sec-2025-05[4] BPv7 dissector crash. Issue 20770[5].

• wnpa-sec-2025-06[6] Kafka dissector crash. Issue 20823[7].

The following bugs have been fixed:

• L2CAP dissector doesn’t understand retransmission mode. Issue
2241[8].

• DNS HIP dissector labels PK algorithm as HIT length. Issue
20768[9].

• clang-cl error in "packet-zbee-direct.c" Issue 20776[10].

• Writing to an LZ4-compressed output file might fail. Issue
20779[11].

• endian.h conflics with libc for building plugins. Issue
20786[12].

• TShark crash caused by Lua plugin. Issue 20794[13].

• Wireshark stalls for a few seconds when selecting specific
messages. Issue 20797[14].

• TLS Abbreviated Handshake Using New Session Ticket. Issue
20802[15].

• Custom websocket dissector does not run. Issue 20803[16].

• WINREG QueryValue triggers dissector bug in packet-dcerpc.c.
Issue 20813[17].

• Lua: FileHandler causing crash when reading packets. Issue
20817[18].

• Apply As Filter for field with FT_NONE and BASE_NONE for a single
byte does not use the hex value. Issue 20818[19].

• Layout preference Pane 3 problem with selecting Packet Diagram or
None. Issue 20819[20].

• TCP dissector creates invalid packet diagram. Issue 20820[21].

• Too many nested VLAN tags when opening as File Format. Issue
20831[22].

• Omnipeek files not working in 4.6.0. Issue 20842[23].

• Support UTF-16 strings in the IsoBus dissector for the string
operations. Issue 20845[24].

• SNMP getBulkRequest request-id does not get filtered for
correctly. Issue 20849[25].

• Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue
20852[26].

• UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856[27].

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

802.11 Radiotap, AC DR, ASN.1 BER, ASN.1 PER, BPv7, BT L2CAP, CFM,
Darwin, DNS, DTLS, EAPOL-MKA, HTTP, HTTP3, ISObus VT, KRB5, LTP,
NAS-EPS, NETDFS, NMEA 0183, P1, RPC_NETLOGON, RTSE, SGP.22, SGP.32,
SMB, SNMP, TCP, TECMP, TFTP, VLAN, WINREG, X509AF, X509SAT, and ZBD

New and Updated Capture File Support

Peektagged

New and Updated File Format Decoding Support

There is no new or updated file format support in this release.

Prior Versions

Wireshark 4.6.0 included the following changes. See the release
notes[28] for details:

Wireshark can dissect process information, packet metadata, flow IDs,
drop information, and other information provided by `tcpdump` on
macOS.

We now ship universal macOS installers instead of separate packages
for Arm64 and Intel. Issue 17294[29]

WinPcap is no longer supported. On Windows, use Npcap instead,
uninstalling WinPcap if necessary. The final release of WinPcap was
version 4.1.3 in 2013. It only supports up to Windows 8, which is no
longer supported by Microsoft or Wireshark.

A new “Plots” dialog has been added, which provides scatter plots in
contrast to the “I/O Graphs” dialog, which provides histograms. The
Plots dialog window supports multiple plots, markers, and automatic
scrolling.

Live captures can be compressed while writing. (Previously there was
support for compressing when performing multiple file capture, at file
rotation time.) The `--compress` option in TShark works on live
captures as well. Issue 9311[30]

Wireshark can now decrypt NTP packets using NTS (Network Time
Security). To decrypt packets, the NTS-KE (Network Time Security Key
Establishment Protocol) packets need to be present, alongside the TLS
client and exporter secrets.

Wireshark’s ability to decrypt MACsec packets has been expanded to
either use the SAK unwrapped by the MKA dissector, or the PSK
configured in the MACsec dissector.

The TCP Stream Graph axes now use units with SI prefixes. Issue
20197[31]

Display filter functions `float` and `double` are added to allow
explicitly converting field types like integers and times to single
and double precision floats.

A "Edit › Copy › as HTML" menu item has been added, along with
associated context menu items and a keyboard shortcut.

The Conversations and Endpoints dialogs have an option to display byte
counts and bit rates in exact counts instead of human-readable numbers
with SI units.

The color scheme can be set to Light or Dark mode independently of the
current OS default on Windows and macOS, if Wireshark is built with Qt
6.8 or later as the official installers are. Issue 19328[32]

Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[33] on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use "Help › About
Wireshark › Folders" or `tshark -G folders` to find the default
locations on your system.

Getting Help

The User’s Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/

Community support is available on Wireshark’s Q&A site[34] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark’s mailing lists can be found on the mailing list
site[35].

Bugs and feature requests can be reported on the issue tracker[36].

You can learn protocol analysis and meet Wireshark’s developers at
SharkFest[37].

How You Can Help

The Wireshark Foundation helps as many people as possible understand
their networks as much as possible. You can find out more and donate
at wiresharkfoundation.org[38].

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site[39].

References

1. https://wiresharkfoundation.org
2. https://sharkfest.wireshark.org/
3. https://www.wireshark.org/certifications
4. https://www.wireshark.org/security/wnpa-sec-2025-05
5. https://gitlab.com/wireshark/wireshark/-/issues/20770
6. https://www.wireshark.org/security/wnpa-sec-2025-06
7. https://gitlab.com/wireshark/wireshark/-/issues/20823
8. https://gitlab.com/wireshark/wireshark/-/issues/2241
9. https://gitlab.com/wireshark/wireshark/-/issues/20768
10. https://gitlab.com/wireshark/wireshark/-/issues/20776
11. https://gitlab.com/wireshark/wireshark/-/issues/20779
12. https://gitlab.com/wireshark/wireshark/-/issues/20786
13. https://gitlab.com/wireshark/wireshark/-/issues/20794
14. https://gitlab.com/wireshark/wireshark/-/issues/20797
15. https://gitlab.com/wireshark/wireshark/-/issues/20802
16. https://gitlab.com/wireshark/wireshark/-/issues/20803
17. https://gitlab.com/wireshark/wireshark/-/issues/20813
18. https://gitlab.com/wireshark/wireshark/-/issues/20817
19. https://gitlab.com/wireshark/wireshark/-/issues/20818
20. https://gitlab.com/wireshark/wireshark/-/issues/20819
21. https://gitlab.com/wireshark/wireshark/-/issues/20820
22. https://gitlab.com/wireshark/wireshark/-/issues/20831
23. https://gitlab.com/wireshark/wireshark/-/issues/20842
24. https://gitlab.com/wireshark/wireshark/-/issues/20845
25. https://gitlab.com/wireshark/wireshark/-/issues/20849
26. https://gitlab.com/wireshark/wireshark/-/issues/20852
27. https://gitlab.com/wireshark/wireshark/-/issues/20856
28. https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html
29. https://gitlab.com/wireshark/wireshark/-/issues/17294
30. https://gitlab.com/wireshark/wireshark/-/issues/9311
31. https://gitlab.com/wireshark/wireshark/-/issues/20197
32. https://gitlab.com/wireshark/wireshark/-/issues/19328
33. https://www.wireshark.org/download.html
34. https://ask.wireshark.org/
35. https://lists.wireshark.org/lists/
36. https://gitlab.com/wireshark/wireshark/-/issues
37. https://sharkfest.wireshark.org
38. https://wiresharkfoundation.org
39. https://www.wireshark.org/faq.html

Digests

wireshark-4.6.1.tar.xz: 50596888 bytes
SHA256(wireshark-4.6.1.tar.xz)=5f43055db213e16aed6a064a8b4fdb56092106f18c19e8890482c058b0a1dd85
SHA1(wireshark-4.6.1.tar.xz)=6f0be9b7280ef0caef8c6c1508af2ca30cb7660a

Wireshark-4.6.1-x64.exe: 95884672 bytes
SHA256(Wireshark-4.6.1-x64.exe)=5d250c1dfbacc697fa4a219a8e11f6c3050173954a2c8cec7fb223362dfd2e26
SHA1(Wireshark-4.6.1-x64.exe)=2c9779facd5b2a625d4a6173505428f8631a4ffc

Wireshark-4.6.1-arm64.exe: 72443760 bytes
SHA256(Wireshark-4.6.1-arm64.exe)=95152fa140f4ad58fca8c0c728805b9de0015951e4db025276534a04581d52ec
SHA1(Wireshark-4.6.1-arm64.exe)=6fd8fa1c431c5c72e5af1d326101e7dc83db0b07

Wireshark-4.6.1-x64.msi: 73396224 bytes
SHA256(Wireshark-4.6.1-x64.msi)=60ea15809f7138421a7ec1ae4ea7fcbfa5b398bfd2d9a5ed96d0563a591f99e3
SHA1(Wireshark-4.6.1-x64.msi)=1a4844252428bb2e117ed998a0dccce8397fc3ce

WiresharkPortable64_4.6.1.paf.exe: 94959688 bytes
SHA256(WiresharkPortable64_4.6.1.paf.exe)=b01600d2c85f1bc9e103be1dadbca6da617a2076b743b3654086a9b853f0f420
SHA1(WiresharkPortable64_4.6.1.paf.exe)=5069d3606e350d2cb2b8705eab014a2fb8132bd7

Wireshark 4.6.1.dmg: 141188597 bytes
SHA256(Wireshark 4.6.1.dmg)=bd0b7bd7778b7f8cd707c0acaa65ae58605546af44439843ebda1a4e3d595fab
SHA1(Wireshark 4.6.1.dmg)=69182b43e8eec76170c5f86c85ab4c33bbef7e31

You can validate these hashes using the following commands (among others):

Windows: certutil -hashfile Wireshark-x.y.z-x64.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Prev by Date: [Wireshark-users] Re: Gruppo Cedacri | AI Act - Assessment Sistemi AI - Wireshark
Previous by thread: [Wireshark-users] Re: Gruppo Cedacri | AI Act - Assessment Sistemi AI - Wireshark
Index(es):
- Date
- Thread