Project of the Month, August 2010

Wireshark

Wireshark is a network protocol analyzer. It captures the packets flowing across a computer network and displays them in a human-readable form. It supports nearly every protocol in common use and can capture on a wide variety of interface types including Ethernet and 802.11. You can filter packets as they are being captured and you apply display filters during analysis. Captures can be saved in a variety of formats so that you can send them to someone else or review them at a later date.

Wireshark helps you understand what’s happening on your network at a fundamental level. As Laura Chappell says, “The packets never lie.”

It is used just about everywhere. Most major network and software vendors point to Wireshark in their documentation.

Wireshark’s original name was Ethereal. We changed the name in 2006 due to trademark issues.

Why and how did you get started?

I was working for an ISP and needed an interactive analyzer for Linux and Solaris. I started making notes in the winter of 1997 and started writing code several months later. The first official release was 0.2.0 on July 14, 1998. Immediately after the release several incredibly talented developers started contributing to the project and that has continued ever since.

Who is the software’s intended audience?

Anyone who needs to see what’s going on on their network. Wireshark is primarily used by system and network administrators but it is also used by developers, educators, and researchers around the world.

What are a couple of notable examples of how people are using your software?

At Sharkfest (Wireshark’s developer and user conference), in June speakers from Google and Citigroup talked about how they use Wireshark for troubleshooting. Wireshark is also being used in the development of the Interplanetary Internet. According to the New York Times, Wireshark was used to track down the GhostNet surveillance network last year.

What are the system requirements for your software, and what do people need to know about getting it set up and running?

Nearly any desktop or server OS will do, including Windows, OS X, Linux, Solaris, and FreeBSD. Wireshark requires a graphical user interface but you can run TShark from the command line. Don’t run Wireshark or TShark as root. Set up capture permissions instead.

Knowing how networking and protocols work is essential. Fortunately people like Laura Chappell have created excellent training materials.

What gave you an indication that your project was becoming successful?

More email than I could cope with, and having to trade consulting gigs for hosting and bandwidth.

What has been your biggest surprise?

Vint Cerf telling me he runs Wireshark.

What has been your biggest challenge?

Making sure our infrastructure can handle the needs of our users and developers. Changing the project’s name in 2006 is a close second.

Why do you think your project has been so well received?

Wireshark is the result of a lot of work by a lot of very talented people. I think that enthusiasm carries over into the user community.

What advice would you give to a project that’s just starting out?

Communication is important. Be responsive and level-headed. Everyone focuses on copyrights and licensing but trademarks are also important.

Where do you see your project going?

I have my own ideas but it’s hard to say. People are always contributing surprising new functionality.

What’s on your project wish list?

World peace. Also a pony.

I’d like to make better use of multiple CPU cores. There is a lot of room for improvement in the user interface.

What are you most proud of?

Sharkfest, or more accurately what it represents. Each year my company sponsors a conference for Wireshark users and developers. The presenters and attendees are amazing — they have a lot of experience with, knowledge of, and enthusiasm for Wireshark. I’m proud to be part of such a community.

If you could change something about the project, what would it be?

A cleaner user experience.

How do you coordinate the project?

We leverage a great deal of open source software. Bugs are tracked using Bugzilla. Testing and packaging is done using Buildbot. Project coordination and support is done using Mailman.

How many hours a month do you and/or your team devote to the project?

Lots. My official responsibility at CACE Technologies is to work on Wireshark full time. Many of the other developers work on Wireshark either full or part time.

What is your development environment like?

GCC on OS X, Ubuntu 8.04, and Ubuntu 10.04. Visual Studio on Windows 7. Others as the need arises. Komodo Edit and Vim for editing. Valgrind for tracking down bugs.

The Buildbot environment uses Windows, Ubuntu, OS X, and Solaris along with a bunch of supporting software including NSIS, rsync, and ClamAV.

Milestones:

Date Milestone
July, 1998 First Ethereal release (0.2.0)
September, 1998 Display filter support added
August, 1999 Coloring rules added
March, 2000 First Windows package
June, 2006 Changed name from Ethereal to Wireshark
July, 2006 First release as Wireshark (0.99.2)
May, 2007 eWEEK says Wireshark is one of the most important open source apps of all time
September, 2007 Wireshark wins first InfoWorld BOSSIE award
March, 2008 Wireshark 1.0.0 released
March/April, 2008 First Sharkfest
June, 2008 Wireshark 1.2.0 released
Ausgust, 2008 Wireshark wins second InfoWorld BOSSIE award
March, 2009 The Conficker worm targets Wireshark
February, 2010 Wireshark wins PC Magazine Editor’s Choice Award

How can others contribute?

We have a wish list on the wiki. Development discussions happen on the wireshark-dev mailing list.


Ten-year badge

This month and for the rest of 2010, we’re highlighting some of our most venerable projects. This month’s Project of the Month is one of about 1,000 that began hosting on SourceForge.net in the site’s first year of existence, beginning in November 1999.


More projects of the month

Project name: Wireshark

Date founded: July, 1998

Project page: https://sourceforge.net/projects/wireshark/

Project Leader


Gerald Combs

Gerald Combs

Occupation:Director of Open Source Projects at CACE Technologies

Location: Davis, CA

Key Developers


Sake Blok

Sake Blok

Occupation:Network and Protocol Analyst at SYN-bit
Location: Amstelveen, The Netherlands


Bill Meier

Bill Meier

Occupation:Software Developer

Location: New Jersey, USA



Stig Bjørlykke

Stig Bjørlykke

Occupation:Senior Software Engineer
Location: Trondheim, Norway




Jaap Keuter

Jaap Keuter

Occupation:Embedded software engineer
Location: Netherlands




Why did you place the project on SourceForge.net?

It was a no-brainer. SourceForge offered services we needed when we needed them.

How has SourceForge.net helped your project succeed?

Over the years SourceForge has provided necessary parts of our infrastructure. Our growth would have surely been stunted without the services you guys provide.

What is the number one benefit of using SourceForge.net?

SourceForge lets you focus on developing software instead of worrying about administration.