Wireshark 4.4.9 has been released, giving network administrators, developers, and curious tinkerers another reason to update their favorite packet-sniffing tool. While this version doesn’t introduce any new protocols or flashy features, it does fix some pesky bugs and addresses a security issue that could have caused crashes in certain situations. Stability and reliability are the focus here.
One of the most important changes comes in the form of a security fix. The SSH dissector had a flaw that could lead to a crash, logged as wnpa-sec-2025-03. Given how often SSH is used in networking environments, this patch alone makes the update worth grabbing.
Beyond that, a handful of protocol-related bugs have been ironed out. For instance, decoding issues with SCCP LUDT segmentation have been resolved, and BACnet’s WritePropertyMultiple tag display has been corrected. Cisco users will also appreciate that ciscodump no longer fails to start captures on Cisco IOS devices. Another fix addresses a bug in the LZ77 decoder, which was mistakenly reading a 16-bit length instead of a 32-bit length.
While no new protocols are added in this release, several existing ones have been improved. Updated protocol support includes BACapp, LIN, MySQL, RDM, SABP, SCCP, sFlow, and SSH. That means better accuracy when analyzing traffic that runs across these systems.
Even without big new features, Wireshark 4.4.9 is a reminder of why this tool remains essential for anyone serious about network analysis. A single bug fix in a critical protocol dissector can make the difference between a smooth troubleshooting session and hours of confusion.
The update is available now from the official Wireshark site, and considering the security patch included, users should upgrade right away.
