15 years of Wireshark: Towards the Internet of Things

The success of Wireshark still takes Gerald Combs by surprise even today: when he released the first version under the name Ethereal on 14 July 1998, the open source project triggered a wave of development contributions. Originally developed exclusively for Ethernet and TCP/IP, the project started to support protocols such as Token Ring, Novell IPX, DNS, IGMP, OSPF, RIP, DHCP, ISO/OSI, Banyan Vines, FDDI, Apple Talk and NetBIOS within the first year of its existence. This vigorous expansion demonstrated that, at a time when the market was still being dominated by Network General's expensive sniffer software, there was a strong need for a freely available network analysis tool. With the continuous integration of new dissectors (decoders) that were being contributed by hundreds of developers worldwide, Ethereal grew rapidly, wiping out commercial products. The tool now comprises two million lines of program code and registers half a million downloads per month.

At the 6th Sharkfest, Gerald Combs proudly presents his creation, Wireshark. From 2000, the increasing popularity of local wireless networks sparked a demand for the IEEE 802.11 wireless protocol. As many notebook interfaces didn't support promiscuous mode at that time, causing only part of a received Wi-Fi frame to be forwarded to Ethereal, Combs and WinPCap developer Loris Degioanni from Cace Technologies joined forces to create the AirPCap adapter. This cooperation led Cace Technologies to hire Combs and forced a product name change, as the Ethereal name remained with Combs' previous employer. The move added to the product's level of popularity. Sniffer training companies began to take notice, for example Swiss company Leutert NetServices, which was the first to offer Wireshark courses in Europe. "In terms of functionality and operation, Wireshark is better than anything I've ever known", said sniffer guru Rolf Leutert.

Combs enjoys a high level of credibility, and the Wireshark community followed him when the product changed sponsors again in 2010. Since then, Riverbed Technology has financed the Wireshark project. The story of its success continues, say the core developers, because new areas of use continue to appear for the open source tool. "The clever thing about Wireshark is that new features aren't tied to the existence of a business case", explains Panasonic Germany's Martin Kaiser, who developed the Digital Video Broadcasting dissector. Graham Bloice from Trihedral Engineering sees future Wireshark extensions on the "Internet of Things": "The number of devices is growing exponentially, even in industry. Other developers are working on the cross-platform Qt graphical user interface." Jeff Morriss from US company Ulticom says: "This allows Wireshark to adapt to the look & feel of OS-specific GUIs." It also fulfils a wish that Mac enthusiast Combs has had for a long time.

(Doris Gottstein / sno)