Wireshark 2.4.0 is a major new version of the popular network protocol analyzer for Microsoft Windows and Mac OS X devices.
The application is available as a 32-bit and 64-bit installer for Windows, and as a portable version for Windows as well. One of the new features is experimental support for 32-bit and 64-bit Windows installer packages (msi).
The developers of Wireshark suggested that these new installer packages are used independently of the old. Users who have installed either one of the available installer formats should uninstall it before installing the other format.
Note that the portable version of Wireshark is available as a 32-bit application only.
Existing users can select Help > Check for updates to run a check for updates from within the application.
The Wireshark 2.4.0 changelog highlights new and improved features. These can be divided into the groups into general features and protocl-specific features.
It needs to be noted that the changelog describes changes since the release of Wireshark 2.2.0 and not the most recent version before 2.4.0, version 2.2.8.
The new version of Wireshark 2.4.0 supports a whole range of new protocols including NetScaler RPC Protocol, Citrix NetScaler Metric Exchange Protocol or HomePNA. A few dozen new protocols are supported in the new version. If you are interested in all of them, check the changelog linked above.
Protocols that were supported already have been updated -- the developers don't list them stating that too many have been updated to list them efficiently in the changelog.
As far as other changes are concerned, here is a list of the ones that stick out:
- The legacy UI is disabled by default in Windows installers and in the development environment.
- Wireshark supports fullscreen mode now to display more information on the screen at the same time. To use the feature, simply tap on F11 to toggle fullscreen mode, or select it with a click on View > Fullscreen.
- The default profile can be reset to its default values in Wireshark 2.4.
- Experimental timeline view for 802.11 wireless packet data. You can enable this with a click on Edit > Preferences > Protocols > 802.11 radio information > Enable Wireless Timeline (experimental).
- TLS 1.3 dissection and decryption support.
- RSA keys dialog does not require an IP address anymore, and ships with improved feedback on invalid settings.
The full changelog is available on the official website. You may want to check the list of known problems before you start the upgrade to Wireshark 2.4.0. It lists some crashes, for instance when changing real-time options.