Wireshark is a network protocol analyzer. It captures the packets flowing across a computer network and displays them in a human-readable form. It supports nearly every protocol in common use and can capture on a wide variety of interface types including Ethernet and 802.11. You can filter packets as they are being captured and you apply display filters during analysis. Captures can be saved in a variety of formats so that you can send them to someone else or review them at a later date.
Wireshark helps you understand what’s happening on your network at a fundamental level. As Laura Chappell says, “The packets never lie.”
It is used just about everywhere. Most major network and software vendors point to Wireshark in their documentation.
Wireshark’s original name was Ethereal. We changed the name in 2006 due to trademark issues.
Why and how did you get started?
I was working for an ISP and needed an interactive analyzer for Linux and Solaris. I started making notes in the winter of 1997 and started writing code several months later. The first official release was 0.2.0 on July 14, 1998. Immediately after the release several incredibly talented developers started contributing to the project and that has continued ever since.
Who is the software’s intended audience?
Anyone who needs to see what’s going on on their network. Wireshark is primarily used by system and network administrators but it is also used by developers, educators, and researchers around the world.
What are a couple of notable examples of how people are using your software?
At Sharkfest (Wireshark’s developer and user conference), in June speakers from Google and Citigroup talked about how they use Wireshark for troubleshooting. Wireshark is also being used in the development of the Interplanetary Internet. According to the New York Times, Wireshark was used to track down the GhostNet surveillance network last year.
What are the system requirements for your software, and what do people need to know about getting it set up and running?
Nearly any desktop or server OS will do, including Windows, OS X, Linux, Solaris, and FreeBSD. Wireshark requires a graphical user interface but you can run TShark from the command line. Don’t run Wireshark or TShark as root. Set up capture permissions instead.
Knowing how networking and protocols work is essential. Fortunately people like Laura Chappell have created excellent training materials.
What gave you an indication that your project was becoming successful?
More email than I could cope with, and having to trade consulting gigs for hosting and bandwidth.
What has been your biggest surprise?
Vint Cerf telling me he runs Wireshark.
What has been your biggest challenge?
Making sure our infrastructure can handle the needs of our users and developers. Changing the project’s name in 2006 is a close second.
Why do you think your project has been so well received?
Wireshark is the result of a lot of work by a lot of very talented people. I think that enthusiasm carries over into the user community.
What advice would you give to a project that’s just starting out?
Communication is important. Be responsive and level-headed. Everyone focuses on copyrights and licensing but trademarks are also important.
Where do you see your project going?
I have my own ideas but it’s hard to say. People are always contributing surprising new functionality.
What’s on your project wish list?
World peace. Also a pony.
I’d like to make better use of multiple CPU cores. There is a lot of room for improvement in the user interface.
What are you most proud of?
Sharkfest, or more accurately what it represents. Each year my company sponsors a conference for Wireshark users and developers. The presenters and attendees are amazing — they have a lot of experience with, knowledge of, and enthusiasm for Wireshark. I’m proud to be part of such a community.
If you could change something about the project, what would it be?
A cleaner user experience.
How do you coordinate the project?
We leverage a great deal of open source software. Bugs are tracked using Bugzilla. Testing and packaging is done using Buildbot. Project coordination and support is done using Mailman.
How many hours a month do you and/or your team devote to the project?
Lots. My official responsibility at CACE Technologies is to work on Wireshark full time. Many of the other developers work on Wireshark either full or part time.
What is your development environment like?
GCC on OS X, Ubuntu 8.04, and Ubuntu 10.04. Visual Studio on Windows 7. Others as the need arises. Komodo Edit and Vim for editing. Valgrind for tracking down bugs.
The Buildbot environment uses Windows, Ubuntu, OS X, and Solaris along with a bunch of supporting software including NSIS, rsync, and ClamAV.
|July, 1998||First Ethereal release (0.2.0)|
|September, 1998||Display filter support added|
|August, 1999||Coloring rules added|
|March, 2000||First Windows package|
|June, 2006||Changed name from Ethereal to Wireshark|
|July, 2006||First release as Wireshark (0.99.2)|
|May, 2007||eWEEK says Wireshark is one of the most important open source apps of all time|
|September, 2007||Wireshark wins first InfoWorld BOSSIE award|
|March, 2008||Wireshark 1.0.0 released|
|March/April, 2008||First Sharkfest|
|June, 2008||Wireshark 1.2.0 released|
|Ausgust, 2008||Wireshark wins second InfoWorld BOSSIE award|
|March, 2009||The Conficker worm targets Wireshark|
|February, 2010||Wireshark wins PC Magazine Editor’s Choice Award|
How can others contribute?
We have a wish list on the wiki. Development discussions happen on the wireshark-dev mailing list.
This month and for the rest of 2010, we’re highlighting some of our most venerable projects. This month’s Project of the Month is one of about 1,000 that began hosting on SourceForge.net in the site’s first year of existence, beginning in November 1999.
More projects of the month
Project name: Wireshark
Date founded: July, 1998
Project page: https://sourceforge.net/projects/wireshark/
Occupation:Director of Open Source Projects at CACE Technologies
Location: Davis, CA
Occupation:Network and Protocol Analyst at SYN-bit
Location: Amstelveen, The Netherlands
Location: New Jersey, USA
Occupation:Senior Software Engineer
Location: Trondheim, Norway
Occupation:Embedded software engineer
Why did you place the project on SourceForge.net?
It was a no-brainer. SourceForge offered services we needed when we needed them.
How has SourceForge.net helped your project succeed?
Over the years SourceForge has provided necessary parts of our infrastructure. Our growth would have surely been stunted without the services you guys provide.
What is the number one benefit of using SourceForge.net?
SourceForge lets you focus on developing software instead of worrying about administration.