Wireshark, the go-to network protocol analyzer, has just rolled out its latest version 4.2.0, and it’s packed with features that will help you with network troubleshooting, analysis, and development experience.
This release marks a significant milestone as the inaugural major update under the Wireshark Foundation, a nonprofit organization dedicated to hosting Wireshark and advancing protocol analysis education.
Let’s briefly take a look at what’s new.
Firstly, Wireshark now supports dark mode on Windows. A sleek and stylish interface awaits those who prefer a darker colour palette. Wireshark 4.2 also introduces a Windows installer tailored for Arm64, catering to the evolving landscape of hardware architectures.
Improvements are also seen in packet list sorting, ensuring a smoother and more efficient analysis workflow. Wireshark and TShark are now more proficient in generating valid UTF-8 output, refining the readability and usability of your network data.
A handy new display filter feature allows you to filter raw bytes, providing granular control over the information you want to focus on. The display filter autocomplete feature now exhibits heightened intelligence, steering clear of suggesting invalid syntax and making your analysis process more intuitive.
Using this version, you can navigate effortlessly with the new “Tools › MAC Address Blocks” feature, enabling MAC address lookup in the IEEE OUI registry. The startup time also improved with the inclusion of pre-compiled enterprises, manuf, and services configuration files.
For Linux users, Wireshark installation is now relocatable, offering greater flexibility. Additionally, development headers are no longer installed by default, streamlining your installation process.
Wireshark also enables compilation on Windows using MSYS2 and cross-compilation for Windows using Linux. Check out the Developer’s guide for comprehensive instructions if you want to learn more on this.
The “Tools › Browser (SSL Keylog)” feature can now launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value, simplifying SSL/TLS debugging.
Moreover, the new file format RTPDump is now supported, expanding Wireshark’s decoding capabilities.
For a comprehensive rundown of all the tweaks, enhancements, and additions, refer to the detailed release notes available on the official news (link below).