Wireshark has released version 4.6, marking a significant update to its open-source, cross-platform network protocol analyzer available for Linux, macOS, and Windows. This release introduces several new features and enhancements aimed at improving user experience and functionality.
One of the key advancements includes the ability to decrypt NTP packets utilizing Network Time Security (NTS). Additionally, the software has introduced support for compressing live captures during the writing process and a new “Plots” dialog that allows the creation of scatter plots with multiple markers and automatic scrolling support. Users can now write absolute time fields in ISO 8601 format in UTC with the -T json option.
On Linux systems, capture filters leveraging BPF extensions such as "inbound," "outbound," and "ifindex" have been introduced, providing users with more flexibility. The UTC frame time column formats have also been updated to include a "Z" suffix in alignment with ISO 8601 standards.
Other notable enhancements feature improvements to custom columns, allowing for value displays consistent with packet details, and the inclusion of Distributed Network Protocol 3 (DNP3) in the Conversations and Endpoints table dialogs. The “Import from Hex Dump” function has been upgraded, and the GUI Export Dissections Dialog can now render raw hex bytes of frame data either including or excluding field values.
Wireshark 4.6 also expands its support for various protocols. Newly included protocols range from Asymmetric Key Packages to Bluetooth Android HCI, with many others in between—covering protocols like DECT NR+ and RC V3.
Furthermore, Wireshark has ceased to support older technologies such as AirPcap and WinPcap as well as certain versions of the Netlink Protocol Library Suite. This release also allows frame timestamps to be included in hex dumps, enhances the “Follow Stream” function specifically for MPEG 2 Transport Stream PIDs, and offers new options in the edit menu for simplified data management.
For those interested, the detailed release notes can be found on the official Wireshark website, where the update and source tarball are available for download. Users can also install Wireshark through Flathub as a Flatpak application.
For further information, you can check the release notes and download the latest version from the official website.