The open source Wireshark network protocol analyzer is among the most widely used technologies by networking professionals. Version 4.4, which became generally available on Aug. 28, has a number of new features aimed at making it even easier to use and better understand what’s running on a network. The improvements include:
- Enhanced graphing dialogs (I/O graphs, flow graph, TCP stream graphs)
- Automatic profile switching based on display filters
- Improved display filter functionality
- New protocol support for several protocols, including ATN Security Label, Bit Index Explicit Replication (BIER), ZeroMQ Message Transport Protocol (ZMTP) and Matter Bluetooth Transport Protocol (MatterBTP).
Originally known as Ethereal, with a name change in 2006, Wireshark was created in 1997 by Gerald Combs, who remains the lead developer.
The improvements in Wireshark 4.4.0 to the graph dialogs, display filters and custom columns are likely to be particularly useful to networking professionals, Combs told Network World.
“The various graph dialogs have quite a few bug fixes, performance enhancements, and usability improvements that will help users analyze data more quickly and effectively,” Combs said. “The display filter syntax, too, has a bunch of small improvements that amount to a noticeable upgrade for users of all backgrounds.”
Combs noted that many of those display filter improvements are also reflected in the custom columns feature, which gives users more control over the contents of the packet list.
“For people who use Wireshark daily, all of these improvements, in my opinion, will improve their workflow considerably,” Combs said.
Incremental changes yield big improvements in Wireshark 4.4.0
Many of the changes in Wireshark 4.4.0 are of a type that Combs considers to be incremental. But that doesn’t mean that they aren’t impactful.
“Continually making incremental improvements over time can be very powerful,” Combs said.
One such incremental improvement in the new Wireshark update is automatic profile switching. Combs commented that Wireshark has had support for configuration profiles for many years. They let you change things like the screen layout, coloring rules, display filter buttons, and more. This feature lets you create customized configurations for different types of traffic and environments and to quickly switch between them.
“The 4.4.0 release also adds automatic profile switching, which allows you to associate a display filter with a configuration profile,” Combs explained. “When you load a new capture file, and a profile’s filter matches the contents of the file, Wireshark will automatically switch to that profile.”
Wireshark Foundation pushes open-source network protocol analyzer forward
Wireshark has benefitted from various corporate sponsors over the years, including Riverbed and more recently Sysdig.
Under Sysdig’s leadership, the Wireshark Foundation was officially formed in March 2023 in an effort to provide governance and an open home for the continued evolution of the open-source technology.
“The Wireshark Foundation’s primary focus for the past year has been to ensure continuity for our community,” Combs said.
Combs noted that prior to forming the foundation, the organizational parts of the Wireshark project were handled by Sysdig – things like the project’s infrastructure and logistics for SharkFest, Wireshark’s developer and user conference. Thanks to help from Sysdig, Combs said that the Wireshark project has been able to ensure that the transition happened smoothly, and that the foundation could stand on its own, a benefit for both the project and its community.
“Since the transition, our executive director, Sheri Najafi, has done a great job of growing the foundation and furthering its mission through initiatives like the Women in Technology sponsorship, which helps women breaking into the cybersecurity field to attend SharkFest free of charge,” Combs said. “We plan to add other, similar initiatives in the future.”
Looking forward to the future of the Wireshark technology itself, Combs is very excited about the development in progress for 2024 and the outlook for 2025.
“I’ve been working on expanding Wireshark beyond packets and adding system call and log analysis, and I’ll have lots to say about that in the coming months,” he said.
Source:: Network World