Wireshark, the world’s most popular network protocol analyzer, continues to evolve with the release of version 4.4.9, addressing critical crashes and decoding errors while improving stability for advanced troubleshooting, analysis, development, and education.
Introduction to Wireshark 4.4.9
Wireshark is a feature-rich packet capture and protocol analysis tool available on Windows, macOS, and Linux.
Hosted by the nonprofit Wireshark Foundation, Wireshark relies on community contributions to maintain its extensive dissector library and educational initiatives.
Users can download the latest source and binaries from https://www.wireshark.org/download.html or install via vendor-supplied packages on most Unix-like systems.
Version 4.4.9 focuses on fortifying the core dissection engine—especially the SSH dissector—and rectifying long-standing decoding issues.
Network engineers and security analysts will benefit from enhanced robustness when running live captures or replaying large PCAP archives in GUI and tshark modes.
Key Bug Fixes and Improvements
SSH Dissector Stability
- wnpa-sec-2025-03: Fixed a crash in the SSH protocol dissector that occurred when parsing malformed payload blocks.
- Updated inet_ssh.c to validate packet length fields before buffer reads, preventing out-of-bounds access.
Protocol Decoding Corrections
- RDM Product Detail List: Corrected TLV ID parsing in
ep_dissectors/rdm.c, ensuring accurate split and presentation of nested fields. - SCCP LUDT Segmentation: Improved segmentation decoding in
sccp.c, handling multi-segment UDT messages without data loss. - BACnet WritePropertyMultiple: Restored proper context tag closing checks in
bacapp.c, now displaying tag 1 correctly.
Capture and File Format Enhancements
- CiscoDump Fix: Resolved failure to start capture on Cisco IOS devices by adjusting the interface enumeration logic in
extcap/ciscodump.c. - LZ77 Decoder: Patched the LZ77 compression module to read correct 32-bit lengths instead of 16-bit, eliminating malformed packet errors in compressed captures.
No new protocols or capture file formats were added in this minor release, but support updates were applied for BACapp, LIN, MySQL, RDM, SABP, SCCP, sFlow, and SSH dissectors.
Getting Started and How to Help
To upgrade or install, run:
bash# On Debian/Ubuntu
sudo apt update && sudo apt install wireshark
# Build from source
git clone https://gitlab.com/wireshark/wireshark.git
cd wireshark && git checkout v4.4.9
mkdir build && cd build
cmake .. && make && sudo make install
Once installed, launch the GUI with wireshark, or use:
bashtshark -i eth0 -Y "tcp.port==80" -w capture.pcap
for headless packet capture and filtering.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
%20(1).webp?resize=1600,900&ssl=1&description=Wireshark is a feature-rich packet capture and protocol analysis tool available on Windows, macOS, and Linux.){kind=link}