Download Wireshark 4.2.0

Version 4.2.0 of the open source protocol analyzer and packet sniffer Wireshark has been released. This program can be used to analyze various data packets and network protocols on the network. The program can also use previously saved data traffic as input. Wireshark can be downloaded for 64bit versions of Windows and macOS. The source code is available for use on Linux, Solaris and *BSD. In version 4.2.0 we find, among other things, a dark mode under Windows, there is a download for the Arm version of Windows and many protocols have been added or updated. The complete changelog can be found below.

What's New

• Wireshark supports dark mode on Windows.
• A Windows installer for Arm64 has been added.
• Packet list sorting has been improved.
• Wireshark and TShark are now better about generating valid UTF-8 output.
• A new display filter feature for filtering raw bytes has been added.
• Display filter autocomplete is smarter about not suggesting invalid syntax.
• Tools › MAC Address Blocks can lookup a MAC address in the IEEE OUI registry.
• The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file from our automated build directory.
• The installation target no longer installs development headers by default.
• The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs).
• Wireshark can be compiled on Windows using MSYS2. Check the Developer's guide for instructions.
• Wireshark can be cross-compiled for Windows using Linux. Check the Developer's guide for instructions.
• Tools › Browser (SSL Keylog) can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value.
• Windows installer file names now have the format Wireshark-–.exe.
• Wireshark now supports the Korean language.

The following bugs have been fixed:

• Issue 18413 – RTP player do not play audio frequently on Windows builds with Qt6.
• Issue 18510 – Playback marker does not move after resume with Qt6.

New and Updated Features

• The Windows installers now ship with Npcap 1.78. They previously shipped with Npcap 1.77.
• Improved dark mode support.
• The Windows installers now ship with Qt 6.5.3. They previously shipped with Qt 6.2.3.

Removed Features and Support

• With the addition of the universal and consistent filtering support for column text, the previous support in the -e option to TShark for displaying column text via the column title has been removed in general. Those field names cannot be used elsewhere (as they may not be legal filter names) and create confusion if more than one column has the same title or if a column is renamed. Prefer the column format instead, eg “_ws.col.info” for “_ws.col.Info”. However, for backwards compatibility with existing tools and scripts, the titles of the default columns can continue to be used with tshark -e (but not elsewhere.)
• The bundled script “dtd_gen.lua” that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under “Contrib”.
• The Wi-Fi NAN dissector filter name has been changed from 'nan' to 'wifi_nan'.

New File Format Decoding Support

• RTPDump

New Protocol Support

• Aruba UBT
• ASAM Capture Module Protocol (CMP)
• ATSC Link Layer Protocol (ALP)
• DECT DLC protocol layer (DECT-DLC)
• DECT NWK protocol layer (DECT-NWK)
• DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe)
• Digital Object Identifier Resolution Protocol (DO-IRP)
• Discard Protocol
• FiRa UWB Controller Interface (UCI)
• FiveCo's Register Access Protocol (5CoRAP)
• Fortinet FortiGate Cluster Protocol (FGCP)
• GPS L1 C/A LNAV navigation messages
• GSM Radio Link Protocol (RLP)
• H.224
• High Speed ​​Travel (HSFZ)
• Hypertext Transfer Protocol version 3 (HTTP/3)
• ID3v2
• IEEE 802.1CB (R-TAG)
• Iperf3
• JSON 3GPP
• Low Level Signaling (ATSC3 LLS)
• Management Component Transport Protocol (MCTP)
• Management Component Transport Protocol – Control Protocol (MCTP CP)
• Matter home automation protocol
• Microsoft Delivery Optimization
• Multi Drop Bus (MDB)
• Non-volatile Memory Express – Management Interface (NVMe-MI) over MCTP
• RDP audio output virtual channel Protocol (rdpsnd)
• RDP clipboard redirection channel Protocol (cliprdr)
• RDP Program virtual channel Protocol (RAIL)
• SAP Enqueue Server (SAPEnqueue)
• SAP GUI (SAPDiag)
• SAP HANA SQL Command Network Protocol (SAPHDB)
• SAP Internet Graphic Server (SAP IGS)
• SAP Message Server (SAPMS)
• SAP Network Interface (SAPNI)
• SAP Router (SAPROUTER)
• SAP Secure Network Connection (SNC)
• SBAS L1 Navigation Messages (SBAS L1)
• SINEC AP1 Protocol (SINEC AP)
• SMPTE ST2110-20 (Uncompressed Active Video)
• Train Real-Time Data Protocol (TRDP)
• UBX protocol or u-blox GNSS receivers (UBX)
• UDP Tracker Protocol for BitTorrent (BT-Tracker)
• UWB UCI Protocol
• Video Protocol 9 (VP9)
• VMware Heart Beat
• Windows Delivery Optimization (MS-DO)
• Z21 LAN Protocol (Z21)
• Zabbix
• ZigBee Direct (ZBD)
• Zigbee TLV

Updated Protocol Support

• JSON: The dissector now has a preference to enable/disable “unescaping” of string values. By default it is off. Previously it was always on.
• JSON: The dissector now supports “Display JSON in raw form”.
• IPv6: The dissector has a new preference to show some semantic details about addresses (default off).
• IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length.
• XML: The dissector now supports display character according to the “encoding” attribute of the XML declaration, and has a new preference to set default character encoding for some XML document without “encoding” attribute.
• SIP: The dissector now has a new preference to set default charset for displaying the body of SIP messages in raw text view.
• HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register itself in “streaming_content_type” subdissector table for enabling streaming reassembly mode while transferring in chunked encoding. This feature ensures the server stream messages of GRPC-Web over HTTP/1.1 can be dissected even if the last chunk is absent.
• The media type dissector table now properly treats media types and subtypes as case-insensitive automatically, per RFC 6838. Media types no longer need to be lower cased before registering or looking up in the table.
• CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection of additional PDU types and TLVs as well as deeper dissection of existing PDUs and TLVs.

Too many other protocol updates have been made to list them all here.

New and Updated Codec support

• Adaptive Multi-Rate (AMR)
• if compiled with opencore-amr.

Major API Changes

• Lua function “package.prepend_path” has been removed. If you need it please consider adding your own package.path customization code or installing your dependencies in Wireshark's default paths.
• The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to reassemble the streaming data of a high level protocol that is not on top of TCP.
• Some of the API now uses C99 types instead of GLib types. Issue 19116

The following downloads are available:
Wireshark 4.2.0 for Windows (64bit)
Wireshark 4.2.0 for Windows (Arm)
Wireshark 4.2.0 for PortableApps
Wireshark 4.2.0 for macOS (Arm, 64bit)
Wireshark 4.2.0 for macOS (Intel, 64bit)
Wireshark 4.2.0 source code for Linux, Solaris and *BSD, among others