What’s New In Wireshark 4.0?
Categories:
Announcement
Wireshark 4.0 was released today, and as you might have guessed from the version number, quite a few things have changed since 3.6. If you are a regular Wireshark user we recommend that you pay close attention to the release notes this time around, since it includes quite a few changes. I’ll cover some highlights here, but the release notes go into much greater detail.
Display Filter Changes 🔗Display filters are one of Wireshark’s defining features and 4.0 makes them more powerful and more consistent. These improvements give you more control over the way that multiple occurrences of the same field are handled, let you do arithmetic, and many other things.
First, let’s look at the way multiple field occurrences are handled. Suppose you want to filter on an IPv4 source address. Within Wireshark that means using the “ip.src” filter field. You might assume that the packets on your network have one IPv4 header and therefore one source address, but that’s not necessarily the case. You might be in an environment that uses some form of tunneling like GRE or one of the many VPN protocols, and even on simple networks ICMP errors carry the IPv4 header of the offending packet.
We Have A New Sponsor
Categories:
Announcement
I’m excited to announce that Wireshark has a new home. I recently accepted a job with Sysdig, and along with that, they are now Wireshark’s primary sponsor.
I’m excited for a couple of reasons. First, I get to work with Sysdig’s founder, Loris Degioanni. We’ve been friends for a long time, and it’s difficult to summarize the impact he’s had on Wireshark. We first met in the early days of the project, back when it was still called Ethereal. At the time he was busy developing the WinPcap packet capture library, which was a natural fit for Ethereal and let us include Windows users in our community. This was a pivotal milestone for the project and it helped us grow into what it is today.
This isn’t the first time he’s asked me to join a company he founded. In 2006, my family and I moved halfway across the U.S. where I joined him at CACE Technologies and he welcomed us to our new town. We renamed the project to Wireshark and proceeded to build a line of products that complemented it.
Dedication and Disagreements
Categories:
Uncategorized
As I’ve mentioned in many of my talks about the Wireshark project, our primary goal is to help as many people as possible understand their networks as much as possible. We’ve been very fortunate over the years in this regard. Many people are passionate about this goal and have dedicated themselves to help to work toward it.
Although a group of people might agree about a particular goal, they can sometimes disagree about how to get there. When you add in personal dedication and investment, the disagreement can take on a life of its own. This happened to us recently.
Years ago when I worked at CACE Technologies we created the Wireshark Foundation1. A couple of years later, Laura Chappell came up with the idea for Wireshark University and the WCNA certification program. She worked out an agreement with CACE’s CEO to license use of Wireshark’s trademarks which they subsequently signed.
Shortly after that, Riverbed acquired CACE, along with the Wireshark Foundation. Like CACE, Riverbed has been both supportive of the project and hands-off. They pay my salary, fund SharkFest and our infrastructure, and have done so since the acquisition.
Recent Posts
- Those Aren't Packets: How Stratoshark Brings the Power of Wireshark to the Cloud
- What’s New In Wireshark 4.4?
- From Network Packets to Log Data: How Logray built upon Falco’s foundation
- The evolution of system introspection from BPF to Wireshark to Falco
- Wireshark Is 25: The email that started it all and the lessons learned along the way