The Wireshark Foundation has released version 4.6.0 of the world’s most popular network protocol analyzer, introducing powerful new visualization tools and officially ending support for the long-obsolete WinPcap driver.
This first release of the 4.6 branch significantly enhances analysis capabilities with a new “Plots” dialog for generating scatter plots, a feature distinct from the existing I/O Graphs histogram tool. Furthermore, the update brings the ability to compress capture files during live packet captures, a major improvement for long-term monitoring sessions.
This version solidifies its modern foundation by mandating Npcap on Windows systems. The installers reflect this shift, bundling Npcap 1.83 and upgrading the UI framework to Qt 6.9.3. For Apple users, Wireshark now ships a universal macOS installer for both Arm64 and Intel hardware, simplifying deployment.
Recommended Post: 25 Best Open Source Security Tools To Protect Your System
Linux users also receive key updates, gaining the ability to use BPF extensions like “inbound” and “ifindex” in capture filters. On the dependency front, support for older libnl versions has been removed, while libxml2 now becomes a required dependency for all builds.
Analysts gain several key enhancements to data handling and decryption. The release adds the ability to decrypt NTP packets using Network Time Security (NTS) and expands MACsec decryption capabilities. In a move toward standardization, absolute timestamps in text-based exports now default to the ISO 8601 UTC format.
Usability improvements are also prominent, including a manual “Redissect Packets” option, an independent light/dark mode, and better integration with tcpdump metadata on macOS.
Recommended Post: 95 Best Linux Monitoring Tools for SysAdmin: An All-in-One List
The update expands its reach with support for new protocols like Binary HTTP and DECT NR+, and new file formats such as RIFF and TTL. The command-line interface, TShark, receives a more flexible -G option for generating glossaries. For developers, the Lua API has been extended with a new Conversation object and support for Libgcrypt symmetric cipher functions.
Wireshark 4.6.0 is available for download from the official website, while most Linux and Unix distributions will provide it through their native package managers.
