The release of the new stable branch of the network analyzer Wireshark 4.2 has been published. Originally developed under the name Ethereal, the project had to be renamed to Wireshark in 2006 due to a trademark conflict with the owner of Ethereal. Wireshark 4.2 is the first release developed under the Wireshark Foundation, a non-profit organization that will oversee the project’s development. The project code is distributed under the license GPLv2.
Key innovations in Wireshark 4.2.0:
- Improved capabilities for sorting network packages. Packages are now sorted only after applying the filter to speed up the output. Users have the option to interrupt the sorting process.
- Sorting by usage time in drop-down lists, without creating records.
- Established correct output in UTF-8 encoding for Wireshark and Tshark. Applying the Slice operator to UTF-8 lines now produces a UTF-8 line instead of a byte array.
- Added a new filter for detecting arbitrary byte sequences in packages (@some.field ==), which can be used to catch incorrect UTF-8 lines.
- Allowed the use of arithmetic expressions in filter elements.
- Added a new logical operator.
- Improved auto-complete functionality in filters.
- Added the ability to search for MAC addresses in the IEEE OUI register.
- Compiled configuration files for faster loading of manufacturer and service lists.
- Added support for dark theme design on the Windows platform. Also added an installer for ARM64 architecture on Windows. Windows can now be compiled using MSYS2 tools and cross-compiled in Linux. A new external dependency, specialxdsp, has been added to the Windows build (previously built-in).
- Linux installation files are no longer tied to a specific location and use relative paths in RPath. The Extcap plugin catalog has been moved to $Home/.Local/Lib/Wireshark/Extcap (previously $xdg_config_home/wireshark/extcap).
- Default compilation is now provided with QT6, to use QT5 the cmake