Recently, Wireshark released a fix with the new version, Wireshark 3.3.0, along with new features, protocol and updated capture file support along with the fixes for the vulnerabilities that occur in the BACapp dissector crash; not only this but the vulnerability also fixes some other bugs.
The Wireshark is mainly used by the network executives, security experts, security analysts to troubleshoot the network errors and issues.
It is a free and open-source packet analyzer and it runs on various operating systems that include Microsoft Windows, Linux, macOS, BSD, Solaris, and some other Unix-like operating systems.
Wireshark is recognized as the world’s most widespread and famous network protocol analyzer, and it is utilized for troubleshooting, investigation, development, and education by the experts.
At first, Wireshark was named as Ethereal, but later it was renamed as Wireshark in 2016. However, Wireshark is cross-platform, and it uses the Qt widget toolkit in all-new recent releases to achieve its user-interface and uses the pcap to gain packets. It also has a terminal-based (non-GUI) version that is the TShark.
The Wireshark 3.3.0 is intended to release to test the new features for Wireshark 3.4.
Wireshark 3.3.0 New and Updated Features
Many new updated features are included in the Wireshark 3.3.0 versions, and here they are mentioned below:-
- In this new version, the Windows executables and installers are now signed using SHA-2 only.
- In this new version, you can save RTP stream to .au supports any codec with an 8000Hz rate supported by Wireshark. In case if the save of audio is not possible, then the silence of the same length is stored, and a notification is shown.
- In this new version, the Asynchronous DNS resolution is always allowed; that’s why in this version, the c-ares library is now a necessary dependency.
- In 3.3.0, the Protobuf fields can be dismembered as Wireshark (header) fields that enable users to input the full names of Protobuf fields or messages in the filter toolbar for exploring.
- The Dissectors that is based on Protobuf in the 3.3.0 can register themselves to the latest ‘protobuf_field’ dissector table, which is typed with the full names of fields, for further parsing fields of BYTES or STRING type.
- The new Wireshark is capable of decoding, playing, and saving iLBC payload on platforms where the iLBC library is accessible.
- “Decode As” records can now be copied from other profiles utilizing a button in the dialog.
- The sshdump can now be copied to multiple instances.
- In this new version, the main window now supports a packet diagram view, which confers each packet as a textbook-style diagram.
New Protocol Support
The new Wireshark 3.3.0 supports many new protocols, and here we have mentioned all of them below:-
- Arinc 615A (A615A)
- Asphodel Protocol,
- AudioCodes Debug Recording (ACDR)
- Bluetooth HCI ISO (BT HCI ISO)
- Cisco MisCabling Protocol (MCP)
- DCE/RPC IRemoteWinspool SubSystem
- Dynamic Link Exchange Protocol (DLEP)
- Fortinet Single Sign-on (FSSO)
- FTDI Multi-Protocol Synchronous Serial Engine (FTDI MPSSE)
- Hypertext Transfer Protocol Version 3 (HTTP3)
- Java Debug Wire Protocol (JDWP)
- LBM Stateful Resolution Service (LBMSRS)
- Lithionics Battery Management
- OBSAI UDP-based Communication Protocol (UDPCP)
- Palo Alto Heartbeat Backup (PA-HB-Bak)
- ScyllaDB RPC
- Technically Enhanced Capture Module Protocol (TECMP)
- Tunnel Extensible Authentication Protocol (TEAP)
- UDP based FTP w/ multicast V5 (UFTP5)
- USB Printer (USB PRINTER)
Wireshark is one of the famous troubleshooting analyzers, and the experts strongly believe it’s one of the most reliable tools with lots of benefits. Apart from this, all the new versions of Wireshark always comes with quite attractive and user-friendly UI and features.
The new version can be downloaded from here.
Training Course: Master in Wireshark Network Analysis – Hands-on course provides a complete network analysis Training using Wireshark.