Wireshark Analyzer v4.2 released: open-source network protocol analyzer
Wireshark Analyzer is a fantastic multi-platform open-source network protocol analyzer. It can be used to check the analysis of data from the network host to survive, but also look to capture files from the disk. You can interactively browse the capture data, just capture details of the package, you need to analyze. Wireshark has some powerful features, including the ability to rich display filter language and view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. It includes a similar tcpdump named tshark the console version. Note that Wireshark emergence of a few dozens of remotely exploitable vulnerabilities, and thus needs to be updated to the latest version, and do not run in an insecure network environment.
Changelog
- Issue 18413 – RTP player do not play audio frequently on Windows builds with Qt6.
- Issue 18510 – Playback marker does not move after resume with Qt6.
New and Updated Features
The following features are new (or have been significantly updated) since version 4.2.0rc3:
- Nothing of note.
The following features are new (or have been significantly updated) since version 4.2.0rc2:
- The Windows installers now ship with Npcap 1.78. They previously shipped with Npcap 1.77.
The following features are new (or have been significantly updated) since version 4.2.0rc1:
- The Windows installers now ship with Npcap 1.77. They previously shipped with Npcap 1.71.
The following features are new (or have been significantly updated) since version 4.1.0:
- Improved dark mode support.
- The Windows installers now ship with Qt 6.5.3. They previously shipped with Qt 6.2.3.
The following features are new (or have been significantly updated) since version 4.0.0:
- The API has been updated to ensure that the dissection engine produces valid UTF-8 strings.
- Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake.
- The “ciscodump” extcap supports Cisco IOS XE 17.x.
- The default interval between GUI updates when capturing has been decreased from 500ms to 100ms, and is now configurable.
- The -n option also now disables IP address geolocation information lookup in configured MaxMind databases (and geolocation lookup can be enabled with -Ng.) This is most relevant for TShark, where geolocation lookups are synchronous.
- The display filter drop-down list is now sorted by “most recently used” instead of “most recently created”.
- More…