By Marcus Nestor
Wireshark 4.6.4 has been released today as a minor update in the Wireshark 4.6 series of this popular open-source, free, and cross-platform network protocol analyzer.
Wireshark 4.6.4 is here to update support for the Art-Net, AT, BGP, GSM DTAP, GSM SIM, IEEE 802.11, IPv6, ISAKMP, MBIM, MySQL, NAS-5GS, NTS-KE, SGP.22, Silabs DCH, Socks, TDS, TECMP, USB HID, ZB TLV, and ZBD protocols, as well as to update support for the BLF, pcapng, and TTL capture files.
Several issues were fixed, including a bug where Wireshark didn’t start if Npcap is configured with “Restrict Npcap driver’s Access to Administrators only”, a bug preventing the IKEv2 EMERGENCY_CALL_NUMBERS Notify payload from being decoded, and an issue causing unexpected JA4 ALPN values when space characters are sent.
Also fixed is an issue causing the PQC signature algorithm to not be reported in signature_algorithms, an issue causing TShark and editcap to fail with a segmentation fault when the output format (-F) is set to blf, as well as an issue where Wiretap incorrectly wrote pcapng custom options with string values.
On top of that, Wireshark 4.6.4 fixes the RDM status in the Output Status (GoodOutputB) field being incorrectly decoded in the Art-Net PollReply dissector, a malformed packet error on Trigger HE Basic frames, and a bug that degraded the performance of Expert Info.
Lastly, this release fixes an issue where only the first HTTP POST is parsed inside SOCKS with “Decode As”, an issue causing the new Diameter RAT-Types in TS 29.212 to not be decoded, and bogus “Dissector bug” messages generated in pipelines where something after TShark exits before reading all its input.
Crashes with the RF4CE Profile and NTS-KE dissectors were addressed as well in Wireshark 4.6.4, which also addresses a memory exhaustion issue with the USB HID dissector and an issue with the TDS dissector desynchronizing on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen).
Check out the release notes for more details about the changes included in this release. Meanwhile, you can download Wireshark 4.6.4 as a source tarball from the official website if you fancy compiling it from sources, or you can install it from your distro’s repositories or from Flathub as a Flatpak app.
Source: https://9to5linux.com/wireshark-4-6-4-updates-protocol-and-capture-file-support-fixes-more-bugs