Wireshark 3.6.1

A new version of Wireshark has been released recently, Wireshark 3.6.1 with several fixes and new addons, and it’s a free open-source packet analyzer.

Wireshark is used for several purposes since Wireshark is one of the world’s most widely used network protocol analyzers. What about its compatibility? 

With individual downloads for 32-bit and 64-bit versions of the operating systems, the Wireshark network protocol analyzer is compatible with all the major platforms like:-

  • Windows
  • Linux
  • macOS

While Wireshark is primarily used for the following things:-

  • Analysis
  • Troubleshooting
  • Education 
  • Development

Wireshark 3.6.1 – What’s New?

In this latest release, only one new thing has been updated, and it’s:-

  • The ‘console.log.level’ preference was removed in Wireshark 3.6.0.

On the CLI that maps to the new logging subsystem, the -o console.log.level:’ backward-compatibilty option has been added in this new release. In near future, it will be removed by the foundation, since, it’s just a transition mechanism for users.

Vulnerability & Bug Fixes

In this new release several vulnerabilities were fixed, and here’s the list of fixed vulnerabilities:-

  • wnpa-sec-2021-17 RTMPT dissector infinite loop. Issue 17745. CVE-2021-4185.
  • wnpa-sec-2021-18 BitTorrent DHT dissector infinite loop. Issue 17754. CVE-2021-4184.
  • wnpa-sec-2021-19 pcapng file parser crash. Issue 17755. CVE-2021-4183.
  • wnpa-sec-2021-20 RFC 7468 file parser infinite loop. Issue 17801. CVE-2021-4182.
  • wnpa-sec-2021-21 Sysdig Event dissector crash. CVE-2021-4181.
  • wnpa-sec-2021-22 Kafka dissector infinite loop. Issue 17811. 

In this new release several bugs were fixed and here they are:-

  • Allow sub-second timestamps in hexdumps Issue 15562.
  • GRPC: An unnecessary empty Protobuf tree item is displayed if the GRPC message body length is 0 Issue 17675.
  • Can’t install “ChmodBPF.pkg” or “Add Wireshark to the system path.pkg” on M1 MacBook Air Monterey without Rosetta 2 Issue 17757.
  • TECMP: LIN Payload is cut off by 1 byte Issue 17760.
  • Wireshark crashes if a 64 bit field of type BASE_CUSTOM is applied as a column Issue 17762.
  • Command line option “-o console.log.level” causes wireshark and tshark to exit on start Issue 17763.
  • Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue 17764.
  • Unable to build without tshark Issue 17766.
  • IEEE 802.11 action frames are not getting parsed and always seen as malformed Issue 17767.
  • IEC 60870-5-101 link address field is 1 byte, but should have configurable length of 0,1 or 2 bytes Issue 17775.
  • dfilter: ‘tcp.port not in {1}’ crashes Wireshark Issue 17785.

Updated Protocol Support

Here’s the list of updated protocols:-

  • ANSI A I/F
  • AT
  • BitTorrent DHT
  • FF
  • GRPC
  • IEC 101/104
  • IEEE 802.11
  • IEEE 802.11 Radiotap
  • IPsec
  • Kafka
  • QUIC
  • RTMPT
  • RTSP
  • SRVLOC
  • Sysdig Event
  • TECMP

New and Updated Capture File Support

Here’s the list of new and updated capture file support:-

  • BLF
  • RFC 7468

Vendor-supplied Packages

Since Linux and Unix vendors mostly supply their own Wireshark packages, so, one can use the package management system of Wireshark to install or upgrade the to the latest available version.

However, on the download page on the official website of Wireshark, a list of third-party packages is available, from which users can download according to their needs.

But, this new version of Wireshark has many features and it also fixed many bugs that we have mentioned above, so, users must update their Wireshark for better performance as soon as possible.

The new version can be downloaded from here.

Training Course: Complete Wireshark Network Analysis Bundle – Hands-on course provides complete network analysis Training using Wireshark.

Posted by Charlie