Wireshark versions 4.6.1 and 4.4.11 have been released, focusing on bug fixes and improvements to the network protocol analyzer. The updates fix problems with the dissector, including a crash from a security issue in BPv7, and stability issues related to the Kafka dissector and Bluetooth L2CAP frames. Additionally, usability has been enhanced through faster performance when selecting messages and more accurate display filters, particularly for decimal values. Overall, 26 issues have been resolved across both versions, improving the accuracy of dissection results and addressing various other problems.

Wireshark 4.6.1 and 4.4.11 released

Wireshark 4.6.1 has been released, alongside Wireshark 4.4.11. These releases primarily tackle bugs and make various improvements to the world's leading network protocol analyzer. One key issue fixed involves the dissector, which is part of Wireshark that understands different protocols during packet capture and analysis. There was a crash in BPv7 due to a security vulnerability known as wnpa-sec-2025-05.

Other stability fixes include resolving an old crashing problem tied to the Kafka dissector, plus enhancements for dissecting Bluetooth L2CAP frames (specifically improving how retransmission mode is understood) and correctly labeling PK algorithms within DNS HIP dissector outputs. For developers building Wireshark plugins, a couple of nagging compilation errors have also been cleared up, including one related to the clang-cl tool in "packet-zbee-direct.c" and another stemming from conflicts with libc when using 'endian.h.'

In addition to bug fixes, we've also made significant improvements in usability. For example, Wireshark is now more responsive and won't lag for a few seconds when you select specific messages in the packet list.

Then there are refinements to how display filters behave. You might not think about them often, but those floating-point conversion errors that could trip things up when working with decimal values have been ironed out for more accurate filter results.

Also, a bit of support work has gone into the Lua API; specifically, handling comma-separated ranges better across different languages and locales sets it up smoother for users leveraging scripts inside Wireshark.

So, what's the full picture? Version 4.6.1 tackles twenty-six issues in total. Besides the ones we've mentioned (crashes in Kafka, L2CAP, and DNS HIP), fixes also cover problems like TLS abbreviated handshake handling using a new session ticket, and more.

Among these fixes is an adjustment specifically to the TCP dissector; it no longer automatically defaults to client port criteria for payload selection if the server port doesn't pick one. This was previously an exception (helpful for active FTP over port 20), but now that change has been removed because making dissection results consistently accurate matters more than a special case.

The Wireshark source code and installation packages are available from the download page. The documentation is available here.