Wireshark's New Features and Security Updates

Wireshark, the renowned network protocol analyzer, has recently unveiled version 4.6.0, bringing several notable enhancements. One significant update is the ability to dissect process information, packet metadata, flow IDs, and drop information provided by `tcpdump` on macOS. This feature streamlines the analysis process, offering deeper insights into network traffic. Additionally, the Windows installers now include Npcap 1.83, an upgrade from the previous Npcap 1.79, enhancing packet capture capabilities. The macOS installers have also been updated to Qt 6.9.3, improving the graphical user interface's performance and responsiveness. Furthermore, Wireshark has transitioned to universal macOS installers, eliminating the need for separate packages for Arm64 and Intel architectures, simplifying the installation process. Notably, WinPcap is no longer supported; users are encouraged to switch to Npcap, as WinPcap's final release was in 2013 and only supports up to Windows 8, which is no longer supported by Microsoft or Wireshark. wireshark.org

Alongside these enhancements, Wireshark has addressed critical security vulnerabilities to bolster its reliability. A significant issue, identified as CVE-2025-5601, was discovered in June 2025. This vulnerability allowed attackers to trigger denial-of-service (DoS) attacks through packet injection or the use of malformed capture files. The flaw originated from a bug in Wireshark’s column utility module, causing certain dissectors to crash when processing malformed network traffic. Versions affected included Wireshark 4.4.0 through 4.4.6 and 4.2.0 through 4.2.12. The Wireshark Foundation released patches to address this vulnerability, urging users to upgrade to Wireshark version 4.4.7 or 4.2.12. This proactive approach underscores Wireshark's commitment to maintaining a secure and efficient network analysis tool. wireshark.org