After emergency patches, the new version of Wireshark 3.2.0 arrives with these changes

wireshark

In the past week we share here on the blog the news of the corrective version of Wireshark 3.0.7, which was an emergency version that was deployed in order to patch critical security bugs in the application. Now shortly after Wireshark developers announced the release of a new version which marks the beginning of a new stable branch of the tool, this being the version Wireshark 3.2.0.

For those unfamiliar with Wireshark, you should know that is a free network protocol analyzer, What is it used for network analysis and solution, this program allows us to see what happens on the network and is the de facto standard in many companies commercial and non-profit organizations, government agencies and educational institutions. This application runs on most Unix operating systems and is compatibles, including Linux, Microsoft Windows, Solaris, FreeBSD, NetBSD, OpenBSD, Android, and Mac OS X.

Wireshark 3.2.0 Key New Features

In this new version of Wireshark 3.2.0, added the ability to design in drag and drop mode dragging and dropping fields in the header to create a column for this field or in the display filter input area to create a new filter.

To create a new filter for a column element, this element can now simply be dragged into the display filter area.

For HTTP / 2, streaming packet reassembly is supported, added the support for unpacking HTTP / HTTP2 sessions using the Brotli compression algorithm.

In the "Enabled Protocols" dialog, you can now enable, disable, and invert protocols based on the selected filter only. The protocol type can also be determined based on the filter value.

The build system implements verification of the installation of the SpeexDSP library on the system (if this library is missing, the built-in implementation of the Speex codec processor is used).

A preview of the corresponding filters is provided in the menu with the list of packages and detailed information presented in the actions “Analyze› Apply as Filter ”and“ Analyze ›Prepare a Filter”.

We can also find that added support for importing profiles from zip files or from existing directories in the FS, In addition, WireGuard tunnels can be decrypted using the keys embedded in the pcapng dump, in addition to the existing key registry settings.

Added action to extract credentials from a file with captured traffic, called through the "-z credentials" option in tshark or through the "Tools> Credentials" menu in Wireshark.

Of the other changes that we can find in this new version:

  • Editcap adds support for breakdowns of files based on fractional interval values;
  • For macOS added support for a dark theme. Dark theme support for other platforms has been improved.
  • Protobuf files (* .proto) can now be configured to parse serialized Protobuf data, such as gRPC.
  • Added the ability to parse messages from the gRPC stream method using the HTTP2 stream reassembly function.

How to install Wireshark 3.2.0 on Linux?

For those interested in installing this new version, If they are Ubuntu users or some derivative of it, They can add the official repository of the application, this can be added by opening a terminal with Ctrl + Alt + T and executing:

sudo add-apt-repository ppa:wireshark-dev/stable

sudo apt-get update

Later to install the application just type the following in a terminal:

sudo apt-get install wireshark

It is important to mention that During the installation process there are a series of steps to follow that implement the Separation of Privileges, allowing the Wireshark GUI to run as a normal user while the dump (which is collecting packets from its interfaces) runs with the required elevated privileges for tracking.

In case you answered negatively and would like to change this. To achieve this, in a terminal we are going to type the following command:

sudo dpkg-reconfigure wireshark-common

Here we must select yes when asked if non-superusers should be able to capture packets.

Now for those who are Arch Linux users or some derivative of it, we can install the application by executing the following command in a terminal:

sudo pacman -S wireshark-qt

While for Fedora and derivatives, just type the following command:

sudo dnf install wireshark-qt

And we establish permissions with the following command, where we substitute "user" the username you have on your system

sudo usermod -a -G wireshark usuario


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.