Wireshark 4.6.4 Release Notes

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which promotes protocol analysis education. Wireshark and the foundation depend on your contributions in order to do their work. If you or your organization would like to contribute or become a sponsor, please visit wiresharkfoundation.org.

If you use Wireshark professionally or you just want to learn more about protocol analysis, you should join us at SharkFest, the Wireshark developer and user conference.

You can also become a Wireshark Certified Analyst! Official Wireshark training and certification are available from the Wireshark Foundation.

What's New

Bug Fixes

The following vulnerabilities have been fixed:

• [wnpa-sec-2026-05] USB HID dissector memory exhaustion. Bug 20972. CVE-2026-3201.
• [wnpa-sec-2026-06] NTS-KE dissector crash. Bug 21000. CVE-2026-3202.
• [wnpa-sec-2026-07] RF4CE Profile dissector crash. Bug 21009. CVE-2026-3203.

The following bugs have been fixed:

• Wireshark doesn't start if Npcap is configured with "Restrict Npcap driver's Access to Administrators only". Bug 20828.
• PQC signature algorithm not reported in signature_algorithms. Bug 20953.
• Unexpected JA4 ALPN values when space characters sent. Bug 20966.
• Expert Info seems to have quadratic performance (gets slower and slower). Bug 20970.
• IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded. Bug 20974.
• TShark and editcap fails with segmentation fault when output format (-F) set to blf. Bug 20976.
• Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct Tunneling Zigbee NWK PDUs NULL hash table]. Bug 20977.
• Wiretap writes pcapng custom options with string values invalidly. Bug 20978.
• RDM status in Output Status (GoodOutputB) field incorrectly decoded in Art-Net PollReply dissector. Bug 20980.
• Wiretap writes invalid pcapng Darwin option blocks. Bug 20991.
• TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen). Bug 21001.
• Only first HTTP POST is parsed inside SOCKS with "Decode As". Bug 21006.
• TShark: Bogus "Dissector bug" messages generated in pipelines where something after tshark exits before reading all its input. Bug 21011.
• New Diameter RAT-Types in TS 29.212 not decoded. Bug 21012.
• Malformed packet error on Trigger HE Basic frames. Bug 21032.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

Art-Net, AT, BGP, GSM DTAP, GSM SIM, IEEE 802.11, IPv6, ISAKMP, MBIM, MySQL, NAS-5GS, NTS-KE, SGP.22, Silabs DCH, Socks, TDS, TECMP, USB HID, ZBD, ZB TLV

New and Updated Capture File Support

BLF, pcapng, TTL

New and Updated File Format Decoding Support

There is no new or updated file format support in this release.

Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use Help › About Wireshark › Folders or tshark -G folders to find the default locations on your system.

Getting Help

The User's Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/.

Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the mailing list site.

Bugs and feature requests can be reported on the issue tracker.

You can learn protocol analysis and meet Wireshark's developers at SharkFest.

How You Can Help

The Wireshark Foundation helps as many people as possible understand their networks as much as possible. You can find out more and donate at wiresharkfoundation.org.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.