If you use Wireshark to analyze packets, troubleshoot networks, or just satisfy your inner snoop, there’s a new update you should probably grab. Version 4.4.8 is now available, and while it doesn’t add any flashy new features, it does fix some frustrating bugs that could mess with your session.
One of the biggies? DTLS decryption was broken during renegotiated sessions. That’s been fixed. Another fix targets a nasty hang during startup involving androiddump and a blocked recv() call. That one could completely freeze the app during launch, which is exactly what you don’t want when you’re in the middle of network debugging.
There was also a strange crash that could happen when showing a packet in a new window after reloading Lua plugins. It was tied to how certain column preferences were handled. That’s been squashed too.
Beyond those, the update includes protocol parsing improvements across the board. The UDS dissector now correctly handles ReadDataByPeriodicIdentifier responses, and Wireshark has cleaned up how it displays field values in the packet diagram. One issue caused non-standard fields to show up twice or not at all. It also fixed a weird parsing bug with application/x-www-form-urlencoded data, along with a Y2K-like issue where DNP3 timestamps failed after 2038.
Wireshark 4.4.8 doesn’t introduce any new protocols, but support has been updated for quite a few: ASTERIX, DLT, DNP 3.0, DOF, DTLS, ETSI CAT, Gryphon, IPsec, ISObus VT, KRB5, MBIM, RTCP, SLL, STCSIG, TETRA, UDS, and URL Encoded Form Data. Capture file support for pcapng also got a refresh.
Now, if you’re using Linux, don’t waste time hunting for a .deb or .rpm file on the Wireshark site. There isn’t one. Unlike Windows and macOS, Wireshark doesn’t offer native Linux downloads from its homepage. That’s because on Linux, you’re expected to install it through your package manager (as it really should be).
For example:
- On Ubuntu or Debian: sudo apt install wireshark
- On Fedora: sudo dnf install wireshark
- On Arch: sudo pacman -S wireshark-qt
If your distro hasn’t packaged the latest version yet, you’ll either have to wait or compile from source. Some distros move slower than others when it comes to pushing updates.
Wireshark is developed and maintained by the nonprofit Wireshark Foundation, which also promotes protocol analysis education. If you use the tool in a professional setting, consider donating or sponsoring development. It’s open source, but it doesn’t run on good vibes alone.
Wireshark 4.4.8 is available now from wireshark.org, at least for those on Windows or macOS. If you’re on Linux, go through your distro’s repo. Either way, it’s a worthwhile update.
