What’s New in Wireshark 4.0? A Deep Dive into Updated Protocol Support and Features

Wireshark is the world’s most popular open‑source, cross‑platform network protocol analyzer, and version 4.0 is a major release that adds support for new protocols and many other changes.

Key highlights of Wireshark 4.0 include a more powerful display‑filter syntax, many new extensions, a redesigned conversation and port dialogs, an updated main‑window layout that places packet details and packet bytes side‑by‑side beneath the packet list, improved hex‑dump import, and faster, greatly enhanced MaxMind geolocation.

The release also introduces a new address type AT_NUMERIC for protocols that lack a more common address format, support for pseudo‑headers in the HTTP/2 parser to handle the first header frame of a stream without a long‑lived flow, and support for Mesh Connect (MCX) in the IEEE 802.11 parser.

Wireshark 4.0 adds ciscodump support for ASA, IOS, and IOS‑xe remote captures, the ability to display Protobuf messages as JSON mappings, the capability to set extcap passwords in tshark and other command‑line tools, and extcap configuration dialogs that remember empty strings and passwords for repeated use.

Other notable changes include an updated “Capture Options” dialog that now shows the same configuration icon as the welcome screen, replacement of the lower‑case ‘v’ and upper‑case ‘V’ switches in editcap and mergecap to match other command‑line utilities, sorting of active interfaces first, and flashing lines shown only in the welcome‑page interface list.

Wireshark 4.0 adds support for numerous new network protocols such as AT LDF (Joint Remote Ring Detection), AUTOSAR I‑PDU Multiplexer, DTN Bundle Protocol Security (BPSec) and version 7 (BPv7), DTN TCP Convergence Layer (TCPCL), DVB Service Information Table (SIT), Enhanced Cash Transaction Interface 10.0 (XTI), Enhanced Order Book Interface 10.0 (EOBI), Enhanced Trading Interface 10.0 (ETI), GDT, gRPC‑Web, Host IP Configuration Protocol (HICP), Huawei GRE‑bond, various identification and calibration modules, Mesh Connect (MCX), Microsoft Cluster Remote Control Protocol (RCP), OCA/AES70, PEAP, Realtek, RESP, Roon Discovery, SFTP, SHICP, USB Attached SCSI (UASP), ZBOSS network co‑processor products, and many others.

Under the hood, Wireshark 4.0 is built with CMake 3.10, Qt 5.12, Python 3.6.0, GLib 2.50.0, GnuTLS 3.5.8, libgcrypt 1.8.0, c‑ares 1.13.0, Nghttp2 1.11.0, and requires a C11‑compatible compiler; it now depends on PCRE2 and no longer requires Perl.

For more details, see the full release notes. The binary can be downloaded from the official website, installed as a Flatpak from Flathub, or obtained from your Linux distribution’s stable repositories.