Download Wireshark 4.4.1 – New Features and Updates

Wireshark serves as a powerful network packet analyzer, designed to capture and present packet data in the most detailed manner possible. You can view this tool as an advanced measurement device that allows users to investigate the inner workings of a network cable, similar to how an electrician utilizes a voltmeter to explore an electrical cable (albeit at a more sophisticated level). Historically, such analysis tools were often costly or proprietary, but Wireshark has revolutionized this landscape as a premier open-source packet analyzer currently available.

Comprehensive inspection capabilities across hundreds of protocols, with continual expansions
Options for live data capture as well as offline assessments
Standardized three-pane packet browsing interface
Cross-platform compatibility: Operates on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, among others
Network data can be explored using a graphical interface or through the command-line tool TShark
Unparalleled display filter functionality in the industry
Advanced analysis tools for VoIP
Ability to read and write various capture file formats
Support for on-the-fly decompression of gzip-compressed capture files
Live data can be sourced from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other protocols depending on the operating system
Decryption capabilities for numerous protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to enhance packet list analysis quickly and intuitively
Export options available in XML, PostScript®, CSV, or plain text formats

Changelog for Wireshark 4.4.1:

Resolved vulnerabilities:

wnpa-sec-2024-12 – Crash in the ITS dissector. (Issue 20026)
wnpa-sec-2024-13 – Crashes in AppleTalk and RELOAD Framing dissectors. (Issue 20114)

Bug fixes implemented:

Issue with interface refresh during live capture resulting in corrupted handling. (Issue 11176)
Media type “application/octet-stream”incorrectly registered for both Thread and UASIP. (Issue 14729)
Extcap toolbar failure when adding a new interface. (Issue 19854)
Decoding problems with ITS CPM version 2.1.1. (Issue 19886)
Build error in version 4.3.0 relating to the sync_pipe_run_command_actual. (Issue 19930)
html2text.py unable to manage the ^{tag. (Issue 20020)}
Incorrect dissection of NetFlow v8 TOS AS aggregation. (Issue 20021)
Windows packages missing the IP address plugin. (Issue 20030)
O_PATH issue specific to Linux and FreeBSD. (Issue 20031)
Incorrect installation path for USBcap USBcapCMD.exe in 4.4.0. (Issue 20040)
OER dissector ignoring preamble under specific ASN.1 SEQUENCE conditions. (Issue 20044)
Bluetooth classic L2CAP dissection errors concerning connectionless reception channels. (Issue 20047)
Display filter expression dialog box appears grayed out in profile auto switch filters. (Issue 20049)
Wireshark 4.4.0 experiencing wifi monitor mode issues on macOS 14.6.1. (Issue 20051)
TECMP Data Type passing excessive data to sub-dissectors. (Issue 20052)
Wireshark and tshark 4.4.0 ignoring extcap options provided via the command line. (Issue 20054)
Releasing notes unopenable due to incorrect path with duplicated directory components. (Issue 20055)
“Release Notes”option inaccessible from the “Help”menu. (Issue 20056)
No available capture interfaces when Wireshark is launched from command line under certain conditions. (Issue 20057)
Wireshark 4.4.0 extcap path modification affecting third-party extcap installations. (Issue 20069)
Fuzz job encountered UTF-8 encoding errors: fuzz-2024-09-10-7618.pcap. (Issue 20071)
Capped at a maximum of 99 size units for file creation. (Issue 20079)
Connecting an iPhone mirroring the Wireshark 4.4.0 application on macOS 15.0 disconnects upon opening. (Issue 20082)
PRP trailer absent for L2 IEC 61850 GOOSE packets in 4.4.0 (worked correctly in 4.2.7). (Issue 20088)
NetworkManager interfering with GUI performance by turning off 802.11 monitor mode. (Issue 20090)
Error in retrieving Bluetooth application process id via . (Issue 20100)
Fuzz job assertion issues: randpkt-2024-10-05-7200.pcap. (Issue 20110)

Added and Improved Features:

The syntax for TShark to dump only fields with a specific prefix has been modified to -G fields,prefix instead of the previous -G fields prefix.

Updated Protocol Support:

Support has been enhanced for protocols including AppleTalk, ARTNET, BGP, BT L2CAP, CIGI, CIP Motion, CoAP, COSE, DISTCC, DMP, Ethernet OAM PDU, F5 FILEINFO, GIOP, GOOSE, GSM Management, GSM SIM, GTP, HTTP, HTTP2, ID3v2, IDN, IEEE 1609.2, IEEE 802.11, IPPUSB, iRDMA, ISystemActivator, ITS, Kerberos, LwM2M-TLV, MMS, MQ, MySQL, NCP SSS, NetFlow, OER, OWAMP, QNET, RELOAD Framing, RTCP, RTLS, SANE, SMB2, SSyncP, Sysdig Event, T.124, TECMP, Thread, Thrift, and TWAMP.

New and Updated Capture File Formats: