include::attributes.adoc[]
:stylesheet: ws.css
:linkcss:
:copycss: {css_dir}/{stylesheet}

= Wireshark {wireshark-version} Release Notes
// Asciidoctor Syntax Quick Reference:
// https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/

This is the first release of the 4.6 branch.

== What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer.
It is used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which promotes protocol analysis education.
Wireshark and the foundation depend on your contributions in order to do their work.
If you or your organization would like to contribute or become a sponsor, please visit https://wiresharkfoundation.org[wiresharkfoundation.org].

If you use Wireshark professionally or you just want to learn more about protocol analysis, you should join us at https://sharkfest.wireshark.org/[SharkFest], the Wireshark developer and user conference.

You can also become a Wireshark Certified Analyst! Official Wireshark training and certification are available from
https://www.wireshark.org/certifications[the Wireshark Foundation].

== What’s New

// Uncomment for the last release(s) of this branch.
// This is the last release with official support for Windows 10 and Windows Server 2016.

=== Bug Fixes

// The following vulnerabilities have been fixed:

* wssalink:2025-05[] {notable}
BPv7 dissector crash.
wsbuglink:20770[].
// cveidlink:2025-xxx[].
// Fixed in master: 8d0b2e248a
// Fixed in release-4.6: b3295ac628
// Fixed in release-4.4: N/A
// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
// CWE-824
// * Fuzz job crash: fuzz-2025-10-09-11658662894.pcap. wsbuglink:20770[].

* wssalink:2025-06[] {notable}
Kafka dissector crash.
wsbuglink:20823[].
// cveidlink:2025-xxx[].
// Fixed in master: 49137f8ce9
// Fixed in release-4.6: 158ed1e98b
// Fixed in release-4.4: e180152d3d
// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
// CWE-824
// * Fuzz job crash: fuzz-2025-10-24-11832086494.pcap. wsbuglink:20823[].

// * wssalink:2025-07[] {notable}
// Foo dissector {crash,infinite loop,memory leak}.
// wsbuglink:xxx[].
// cveidlink:2025-xxx[].
// Fixed in master: xxx
// Fixed in release-4.6: xxx
// Fixed in release-4.4: xxx
// CVSS AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
// CWE-824

The following bugs have been fixed:

//* wsbuglink:5000[]
//* wsbuglink:6000[Wireshark bug]
//* cveidlink:2014-2486[]
// Bugs with the {notable} attribute show up in the "What's Changed" box on the download page.
//* Wireshark contains traces of nuts. What kind of nuts? The kind you're allergic to. wsbuglink:5000[] {notable}

* L2CAP dissector doesn't understand retransmission mode. wsbuglink:2241[].
* DNS HIP dissector labels PK algorithm as HIT length. wsbuglink:20768[].
* clang-cl error in "packet-zbee-direct.c" wsbuglink:20776[].
* Writing to an LZ4-compressed output file might fail. wsbuglink:20779[].
* endian.h conflics with libc for building plugins. wsbuglink:20786[].
* TShark crash caused by Lua plugin. wsbuglink:20794[].
* Wireshark stalls for a few seconds when selecting specific messages. wsbuglink:20797[]. {notable}
* TLS Abbreviated Handshake Using New Session Ticket. wsbuglink:20802[].
* Custom websocket dissector does not run. wsbuglink:20803[].
* WINREG QueryValue triggers dissector bug in packet-dcerpc.c. wsbuglink:20813[].
* Lua: FileHandler causing crash when reading packets. wsbuglink:20817[].
* Apply As Filter for field with FT_NONE and BASE_NONE for a single byte does not use the hex value. wsbuglink:20818[].
* Layout preference Pane 3 problem with selecting Packet Diagram or None. wsbuglink:20819[].
* TCP dissector creates invalid packet diagram. wsbuglink:20820[]. {notable}
* Too many nested VLAN tags when opening as File Format. wsbuglink:20831[].
* Omnipeek files not working in 4.6.0. wsbuglink:20842[]. {notable}
* Support UTF-16 strings in the IsoBus dissector for the string operations. wsbuglink:20845[].
* SNMP getBulkRequest request-id does not get filtered for correctly. wsbuglink:20849[].
* Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. wsbuglink:20852[].
* UDP Port 853 (DoQ) should be decoded as QUIC. wsbuglink:20856[].

// == Known Bugs

// === New and Updated Features

// === Removed Features and Support

// === Removed Dissectors

=== New Protocol Support

There are no new protocols in this release.

=== Updated Protocol Support

// Add one protocol per line between the -- delimiters.
// rg -A1 '(define PSNAME|proto_register_protocol[^_])' $(git diff --name-only v4.6.1.. | rg packet- | sort -u)
[commaize]
--
802.11 Radiotap
AC DR
ASN.1 BER
ASN.1 PER
BPv7
BT L2CAP
CFM
Darwin
DNS
DTLS
EAPOL-MKA
HTTP
HTTP3
ISObus VT
KRB5
LTP
NAS-EPS
NETDFS
NMEA 0183
P1
RPC_NETLOGON
RTSE
SGP.22
SGP.32
SMB
SNMP
TCP
TECMP
TFTP
VLAN
WINREG
X509AF
X509SAT
ZBD
--

=== New and Updated Capture File Support

// There is no new or updated capture file support in this release.
// Add one file type per line between the -- delimiters.
[commaize]
--
Peektagged
--

=== New and Updated File Format Decoding Support

There is no new or updated file format support in this release.
// Add one file type per line between the -- delimiters.
// [commaize]
// --
// --

// === New and Updated Capture Interfaces support

// [commaize]
// --
// --

//=== New and Updated Codec support

//_Non-empty section placeholder._

// === Major API Changes

== Prior Versions

Wireshark 4.6.0 included the following changes.
See the
https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html[release notes]
for details:

Wireshark can dissect process information, packet metadata, flow IDs, drop information, and other information provided by `tcpdump` on macOS.

We now ship universal macOS installers instead of separate packages for Arm64 and Intel. wsbuglink:17294[]

WinPcap is no longer supported. On Windows, use Npcap instead, uninstalling WinPcap if necessary.
The final release of WinPcap was version 4.1.3 in 2013.
It only supports up to Windows 8, which is no longer supported by Microsoft or Wireshark.

A new “Plots” dialog has been added, which provides scatter plots in contrast to the “I/O Graphs” dialog, which provides histograms.
The Plots dialog window supports multiple plots, markers, and automatic scrolling.

Live captures can be compressed while writing. (Previously there was
support for compressing when performing multiple file capture, at file
rotation time.) The `--compress` option in TShark works on live captures
as well. wsbuglink:9311[]

Wireshark can now decrypt NTP packets using NTS (Network Time Security). To decrypt packets,
the NTS-KE (Network Time Security Key Establishment Protocol) packets need to be present,
alongside the TLS client and exporter secrets.

Wireshark’s ability to decrypt MACsec packets has been expanded to either
use the SAK unwrapped by the MKA dissector, or the PSK configured in the
MACsec dissector.

The TCP Stream Graph axes now use units with SI prefixes. wsbuglink:20197[]

Display filter functions `float` and `double` are added to allow explicitly
converting field types like integers and times to single and double precision
floats.

A menu:Edit[Copy,as HTML] menu item has been added, along with associated context menu items and a keyboard shortcut.

The Conversations and Endpoints dialogs have an option to display byte counts and bit rates in exact counts instead of human-readable numbers with SI units.

The color scheme can be set to Light or Dark mode independently of the current OS default on Windows and macOS, if Wireshark is built with Qt 6.8 or later as the official installers are. wsbuglink:19328[]

== Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

=== Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package management system specific to that platform.
A list of third-party packages can be found on the
https://www.wireshark.org/download.html[download page]
on the Wireshark web site.

== File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
These locations vary from platform to platform.
You can use menu:Help[About Wireshark,Folders] or `tshark -G folders` to find the default locations on your system.

== Getting Help

The User’s Guide, manual pages and various other documentation can be found at
https://www.wireshark.org/docs/

Community support is available on
https://ask.wireshark.org/[Wireshark’s Q&A site]
and on the wireshark-users mailing list.
Subscription information and archives for all of Wireshark’s mailing lists can be found on https://lists.wireshark.org/lists/[the mailing list site].

Bugs and feature requests can be reported on
https://gitlab.com/wireshark/wireshark/-/issues[the issue tracker].

You can learn protocol analysis and meet Wireshark’s developers at
https://sharkfest.wireshark.org[SharkFest].

== How You Can Help

The Wireshark Foundation helps as many people as possible understand their networks as much as possible.
You can find out more and donate at https://wiresharkfoundation.org[wiresharkfoundation.org].

== Frequently Asked Questions

A complete FAQ is available on the
https://www.wireshark.org/faq.html[Wireshark web site].