Wireshark popularny sniffer

Wireshark 4.6.0​

Wireshark 4.6.1​

• Bug Fixes:
• wnpa-sec-2025-05 BPv7 dissector crash. Issue 20770.
• wnpa-sec-2025-06 Kafka dissector crash. Issue 20823.
• The following bugs have been fixed:
• L2CAP dissector doesn’t understand retransmission mode. Issue 2241.
• DNS HIP dissector labels PK algorithm as HIT length. Issue 20768.
• clang-cl error in "packet-zbee-direct.c" Issue 20776.
• Writing to an LZ4-compressed output file might fail. Issue 20779.
• endian.h conflics with libc for building plugins. Issue 20786.
• TShark crash caused by Lua plugin. Issue 20794.
• Wireshark stalls for a few seconds when selecting specific messages. Issue 20797.
• TLS Abbreviated Handshake Using New Session Ticket. Issue 20802.
• Custom websocket dissector does not run. Issue 20803.
• WINREG QueryValue triggers dissector bug in packet-dcerpc.c. Issue 20813.
• Lua: FileHandler causing crash when reading packets. Issue 20817.
• Apply As Filter for field with FT_NONE and BASE_NONE for a single byte does not use the hex value. Issue 20818.
• Layout preference Pane 3 problem with selecting Packet Diagram or None. Issue 20819.
• TCP dissector creates invalid packet diagram. Issue 20820.
• Too many nested VLAN tags when opening as File Format. Issue 20831.
• Omnipeek files not working in 4.6.0. Issue 20842.
• Support UTF-16 strings in the IsoBus dissector for the string operations. Issue 20845.
• SNMP getBulkRequest request-id does not get filtered for correctly. Issue 20849.
• Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue 20852.
• UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856.
• Updated Protocol Support:
• 802.11 Radiotap, AC DR, ASN.1 BER, ASN.1 PER, BPv7, BT L2CAP, CFM, Darwin, DNS, DTLS, EAPOL-MKA, HTTP, HTTP3, ISObus VT, KRB5, LTP, NAS-EPS, NETDFS, NMEA 0183, P1, RPC_NETLOGON, RTSE, SGP.22, SGP.32, SMB, SNMP, TCP, TECMP, TFTP, VLAN, WINREG, X509AF, X509SAT, and ZBD

Kliknij aby rozwinąć...

Wireshark 4.6.3​

Bug Fixes​

The following vulnerabilities have been fixed:

• Zaloguj lub Zarejestruj się aby zobaczyć!
  BLF file parser crash.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Zaloguj lub Zarejestruj się aby zobaczyć!
  IEEE 802.11 dissector crash.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Zaloguj lub Zarejestruj się aby zobaczyć!
  SOME/IP-SD dissector crash.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Zaloguj lub Zarejestruj się aby zobaczyć!
  HTTP3 dissector infinite loop.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .

The following bugs have been fixed:

• Wireshark 4.6.0 build fails on Solaris: pcapio.c:441:21: error: request for member '_flag' in something not a structure or union.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• RTP Player streams cannot be stopped.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Additional ABI/API compatibility fixes.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Missing data in pinfo→cinfo in HomePlug message CM_ATTEN_CHAR.IND.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• maxmind_db: crash when switching from a profile where it’s disabled to one where it’s enabled.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Compilation warning or error if CFLAGS defines _FORTIFY_SOURCE to other than 3 without first undefining it.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• IEEE 802.11: Incorrect parsing of QoS and Mesh Control Field when the frame body contains an A-MSDU.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• OSS-Fuzz 473164101: Heap-buffer-overflow in dissect_idn_laser_data.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .
• Bug in decoding 5G NAS message - Extended CAG information list IE.
  Zaloguj lub Zarejestruj się aby zobaczyć!
  .

New Protocol Support​

There are no new protocols in this release.

Updated Protocol Support​

DCT2000, DHCP, H.248, H.265, HomePlug AV, HTTP3, IDN, IEEE 802.11, LTE RRC, NAS-5GS, PKCS12, QUIC, RTPS, SOME/IP-SD, SSH, and Thrift

New and Updated Capture File Support​

3GPP TS 32.423 Trace, BLF, NetScreen, and Viavi Observer

New and Updated File Format Decoding Support​

Kliknij aby rozwinąć...

Wireshark 4.6.4​

• Bug Fixes:
• wnpa-sec-2026-05 USB HID dissector memory exhaustion. Issue 20972. CVE-2026-3201.
• wnpa-sec-2026-06 NTS-KE dissector crash. Issue 21000. CVE-2026-3202.
• wnpa-sec-2026-07 RF4CE Profile dissector crash. Issue 21009. CVE-2026-3203.
• The following bugs have been fixed:
• Wireshark doesn’t start if Npcap is configured with "Restrict Npcap driver’s Access to Administrators only" Issue 20828.
• PQC signature algorithm not reported in signature_algorithms. Issue 20953.
• Unexpected JA4 ALPN values when space characters sent. Issue 20966.
• Expert Info seems to have quadratic performance (gets slower and slower) Issue 20970.
• IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded. Issue 20974.
• TShark and editcap fails with segmentation fault when output format (-F) set to blf. Issue 20976.
• Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct Tunneling Zigbee NWK PDUs NULL hash table] Issue 20977.
• Wiretap writes pcapng custom options with string values invalidly. Issue 20978.
• RDM status in Output Status (GoodOutputB) field incorrectly decoded in Art-Net PollReply dissector. Issue 20980.
• Wiretap writes invalid pcapng Darwin option blocks. Issue 20991.
• TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen) Issue 21001.
• Only first HTTP POST is parsed inside SOCKS with "Decode As". Issue 21006.
• TShark: Bogus "Dissector bug" messages generated in pipelines where something after tshark exits before reading all its input. Issue 21011.
• New Diameter RAT-Types in TS 29.212 not decoded. Issue 21012.
• Malformed packet error on Trigger HE Basic frames. Issue 21032.
• Updated Protocol Support:
• Art-Net, AT, BGP, GSM DTAP, GSM SIM, IEEE 802.11, IPv6, ISAKMP, MBIM, MySQL, NAS-5GS, NTS-KE, SGP.22, Silabs DCH, Socks, TDS, TECMP, USB HID, ZB TLV, and ZBD
• New and Updated Capture File Support:
• BLF, pcapng, and TTL

Kliknij aby rozwinąć...

Wireshark 4.6.5​

• Bug Fixes:
• This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.
• wnpa-sec-2026-08 Monero dissector crash. Issue 21066. CVE-2026-5409.
• wnpa-sec-2026-09 BT-DHT dissector crash. Issue 21067. CVE-2026-5408.
• wnpa-sec-2026-10 FC-SWILS dissector crash. Issue 21070. CVE-2026-5406.
• wnpa-sec-2026-11 SMB2 dissector infinite loop. Issue 21073. CVE-2026-5407.
• wnpa-sec-2026-12 ICMPv6 dissector crash. Issue 21077. CVE-2026-5299.
• wnpa-sec-2026-13 AFP dissector crash. Issue 21088. CVE-2026-5401.
• wnpa-sec-2026-14 TLS dissector crash and possible code execution. Issue 21090. CVE-2026-5402.
• wnpa-sec-2026-15 K12 RF5 file parser crash. Issue 21094. CVE-2026-5404.
• wnpa-sec-2026-16 SBC codec crash and possible code execution. Issue 21103. CVE-2026-5403.
• wnpa-sec-2026-17 RDP dissector crash and possible code execution. Issue 21105. CVE-2026-5405.
• wnpa-sec-2026-18 AMR-NB codec crash. Issue 21111. CVE-2026-5654.
• wnpa-sec-2026-19 SDP dissector crash. Issue 2111. CVE-2026-5655.
• wnpa-sec-2026-20 iLBC audio codec crash. Issue 21113. CVE-2026-5657.
• wnpa-sec-2026-21 Profile import crash and possible code execution. Issue 21115. CVE-2026-5656.
• wnpa-sec-2026-22 DCP-ETSI protocol dissector crash. Issue 21122. CVE-2026-5653.
• wnpa-sec-2026-23 BEEP protocol dissector crash. Issue 21120. CVE-2026-6538.
• wnpa-sec-2026-24 ZigBee protocol dissector crash. Issue 21125. CVE-2026-6537.
• wnpa-sec-2026-25 DLMS/COSEM protcol dissector infinite loop. Issue 21065. CVE-2026-6536.
• wnpa-sec-2026-26 Dissection engine zlib decompression crash. Issue 21097, Issue 21098. CVE-2026-6535.
• wnpa-sec-2026-27 USB HID protocol dissector infinite loop. Issue 21121. CVE-2026-6534.
• wnpa-sec-2026-28 Dissection engine LZ77 decompression crash. Issue 21127. CVE-2026-6533.
• wnpa-sec-2026-29 Kismet protocol dissector crash. Issue 21129, Issue 21128. CVE-2026-6532.
• wnpa-sec-2026-30 SANE protocol dissector infinite loop. Issue 21139. CVE-2026-6531.
• wnpa-sec-2026-31 DCP-ETSI protocol dissector crash. Issue 21144. CVE-2026-6530.
• wnpa-sec-2026-32 iLBC audio codec crash. Issue 21145. CVE-2026-6529.
• wnpa-sec-2026-33 TLS dissector infinite loop. Issue 21151. CVE-2026-6528.
• wnpa-sec-2026-34 ASN.1 PER protocol dissector crash. Issue 21149. CVE-2026-6527.
• wnpa-sec-2026-35 RTSP protocol dissector crash. Issue 21173. CVE-2026-6526.
• wnpa-sec-2026-36 IEEE 802.11 protocol dissector crash. Issue 21008. CVE-2026-6525.
• wnpa-sec-2026-37 MySQL protocol dissector crash. Issue 21172. CVE-2026-6524.
• wnpa-sec-2026-38 GNW protocol dissector infinite loop. Issue 21177. CVE-2026-6523.
• wnpa-sec-2026-39 OpenFlow v5 protocol dissector infinite loops. Issue 21182, Issue 21188. CVE-2026-6521.
• wnpa-sec-2026-40 OpenFlow v6 protocol dissector infinite loop. Issue 21181. CVE-2026-6520.
• wnpa-sec-2026-41 MBIM dissector infinite loop. Issue 21184. CVE-2026-6519.
• wnpa-sec-2026-42 RPKI-Router protocol dissector infinite loop. Issue 21186. CVE-2026-6522.
• wnpa-sec-2026-43 GSM RP protocol dissector crash. Issue 21189. CVE-2026-6870.
• wnpa-sec-2026-44 WebSocket protocol dissector crash. Issue 21190. CVE-2026-6869.
• wnpa-sec-2026-45 SMB2 protocol dissector crash. Issue 21191.
• wnpa-sec-2026-46 HTTP protocol dissector crash. Issue 21185. CVE-2026-6868.
• wnpa-sec-2026-47 Sharkd utility memory leak. Issue 21214.
• wnpa-sec-2026-48 Sharkd utility crash. Issue 21206.
• wnpa-sec-2026-49 Sharkd utility crash. Issue 21207.
• wnpa-sec-2026-50 UDS protocol dissector infinite loop. Issue 21225.
• The following bugs have been fixed:
• WSUG: Enabled Protocols dialog needs an update. Issue 20871.
• Build failure with Qt 6.11 beta. Issue 20965.
• BLF: Missing 4 byte alignment makes BLF files incompatible with Vector’s tools. Issue 21017.
• SMB2 decryption keys in smb2_seskey_list are not loaded on restart. Issue 21036.
• Fuzz job issue: fuzz-2026-03-01-13307044520.pcap. Issue 21049.
• Window with a message for ssh_strict_fopen. Issue 21051.
• IEEE 1722.1 Dissector for Stream Input Counters displays FRAMES_RX as "Stream Packets TX" Issue 21055.
• Wireshark 4.6.4 crashes. Issue 21058.
• Compilation error with Lua-5.5. Issue 21060.
• BSOD issue affecting Npcap 1.86. Issue 21062.
• Adding descriptions to BLF interfaces broke the Capture File Properties view. Issue 21069.
• Assertion Failure in ws_buffer_remove_start via Malformed Packet Manipulation. Issue 21078.
• Modbus/RTU fails to decode broadcast frames. Issue 21091.
• Lua not included unless CMake version >= 3.25. Issue 21093.
• sshdump: Regression in v4.6.4 – Failed to resolve hostname aliases from .ssh/config on Windows. Issue 21114.
• Fuzz job crash: fuzz-2026-03-25-13637733472.pcap. Issue 21117.
• dumpcap TCP@ section-header parsing remote heap corruption. Issue 21132.
• Netflix BBLog EVENT parsing crash. Issue 21133.
• On Windows, the Follow Stream feature output is shown in proportional font after zooming. Issue 21137.
• RTP Streams dialog Time of Day inconsistent behavior. Issue 21138.
• Sysdig Event Block Integer Underflow. Issue 21140.
• RF4CE NWK Dissector Heap Buffer Overflow (crash/OOB) Issue 21150.
• NetXray/Sniffer Padding Integer Underflow. Issue 21152.
• HTTP/2 ALTSVC/PRIORITY_UPDATE Frame Length Truncation (24-bit to 16-bit) Issue 21155.
• Snort config parser 2 buffer overflows. Issue 21165.
• ESP NULL Encryption Integer Underflow triggers Heap Overflow. Issue 21166.
• Heap buffer overflow in ISO 8583 dissector bin2hex() Issue 21171.
• wslua: NULL pointer dereference in get_dissector when passing an invalid GUID string to an FT_GUID table. Issue 21194.
• Fuzz job UTF-8 encoding issue: fuzz-2026-04-16-13947406035.pcap. Issue 21199.
• Qt: Waterfall bars misisng in conversation overview when "limit to display filter" is active. Issue 21204.
• text2pcap: heap-buffer-overflow in memmove when -P"dissector" payload exceeds reserved space. Issue 21208.
• text2pcap : Stack overflow via unbounded "g_alloca" in regex "seqno" Issue 21209.
• editcap: --novlan integer underflow in sll_remove_vlan_info causes denial of service on short SLL captures. Issue 21210.
• NAS-5GS - Mapping issue between IEI 0x7B and "S-NSSAI location validity information" IE. Issue 21218.
• RTP-MIDI dissector reports incorrect value for MTC Quarter Frame data. Issue 21231.
• New and Updated Features:
• The Windows installers now ship with Npcap 1.87. They previously shipped with Npcap 1.86.
• The Windows installers now ship with Qt 6.10.3. They previously shipped with Qt 6.9.3.
• Updated Protocol Support:
• AFP, AIN, ANSI_TCAP, ASAM CMP, ATN-ULCS, BEEP, BGP, BT HCI, BT HCI ISO, BT-DHT, CAMEL, ChargingASE, CMIP, COSEM, DAP, Darwin, DCP ETSI, DECT NR+, DISP, DMX, DNS, E1AP, E2AP, F1AP, FC-SWILS, Frame, FTAM, GLOW, GNW, GOOSE, GPRSCDR, GSM MAP, GSM RP, H.225.0, H.245, H.248, H.450, H.450.ROS, HNBAP, HTTP, HTTP2, ICMPv6, IDMP, IEEE 1609.2, IEEE 1722.1, IEEE 802.11, INAP, IPsec, IPv4, IPv6, ISAKMP, ISO 8583, ITS, JSON 3GPP, Kismet, LCSAP, LDAP, LPPa, M2AP, M3AP, MAS-5GS, MBIM, MMS, Modbus, Monero, MySQL, NBAP, NGAP, NRPPa, OpenFlow 1.4, OpenFlow 1.5, OpenVPN, P1, P22, P7, PCAP, Q932.ROS, QSIG, QUIC, RANAP, RCv3, RF4CE, RF4CE Profile, RNSAP, RPKI-Router, RRLP, RTPS, RUA, S1AP, SABP, SANE, SBcAP, SDP, SGP.22, Signal PDU, SMB2, SSH, T.38, TDSUDP, UDS, WebSocket, X2AP, X509CE, X509IF, X509SAT, XnAP, Z39.50, and ZBD
• New and Updated Capture File Support:
• 3gpp phone log, Android Logcat Binary, Android Logcat Text, Ascend, BLF, CAM Inspector, Catapult DCT2000, Cinco NetXray/Sniffer, CoSine IPSX L2, DBS Etherwatch, EyeSDN, HP-UX nettl, IBM iSeries, Ixia IxVeriWave, K12, Micropross mplog, MPEG2 transport stream, NetScaler, NetScreen, pcapng, pppd log, Sniffer, Systemd Journal, TCPIPtrace, Toshiba Compact ISDN Router, and Visual Networks
• Plugin Development Changes:
• On UN*X systems (excluding macOS when running from an app bundle, as with the official installer) extcap binaries are now searched for under the libexec directory by default, e.g., /usr/libexec/wireshark/extcap instead of /usr/lib64/wireshark/extcap or similar. This is the customary place for helper binaries, which as opposed to libraries do not need multiarch support. The location can be overridden via the environment variable WIRESHARK_EXTCAP_DIR. The extcap binaries shipped with Wireshark are installed in the new location, but third party extcaps may need packaging changes. This change was effective in version 4.6.0, but was not explicitly noted in the release notes previously. Note that some distributions do not use a libexec directory, such as Alpine Linux, which does not have multilib support. On such systems extcap binaries should be in the same location as before.

Kliknij aby rozwinąć...