Brad Hards interviews Gerald Combs of the Wireshark project.
Gerald, many system administrators and network software developers
would be familiar with the Ethereal
network sniffer and packet dissector.
You were the original author, and release coordinator for
Ethereal, but you recently
the project's name was changing to Wireshark and was moving to a
new website. Can you
provide a bit of background on the reason for the name change?
Several years ago, my former employer registered trademarks for Ethereal
and the Ethereal logo. Along with hosting the main web site, this
provided a valuable service to the community.
Recently I took a job with
CACE Technologies, the people behind
(the Windows Packet Capture Library).
The Ethereal trademarks ended up staying with my former employer, which
meant that someone with no direct involvement with the project had
custody of the name. Also, no one involved with the project had
administrative access to any machines in the ethereal.com domain. This
put the project in a weird position, which forced the name change.
When we were discussing names, my wife came up with the motto "Sniffing
problems a mile away," which I really like.
By the way, the fin pointing left symbolizes the move west that my
family and I are about to make (from Kansas City, MO to Davis, CA).
Who will own the Wireshark trademark?
I will, at least initially. We're looking at the benefits of this
versus setting up an organization around Wireshark. Either way, the
trademarks will be owned by an entity with a vested interest in the
success of the project.
What sort of work will you be doing for CACE? How will it relate to
My top assignment is to continue working on Wireshark, and to make sure
the project stays strong and healthy.
CACE Technologies are supporters of WinPcap and Snort, right? Do you see
the future of Wireshark being affected by closer association with those
CACE is deeply involved with WinPcap. Its two main developers work
there, and CACE provides services and hosting for WinPcap. There is no
connection with Snort
Ah, OK - my mistake on the Snort connection. Of those developer that had
commit rights for Ethereal, how many have moved over to work on Wireshark?
All of them. They've accepted the name change a lot better than I have.
The Wireshark community is very fortunate to have a team like this
working on the project.
There appeared to be some concerns from some members of the wider
Ethereal development community over the approach you took for the
renaming and rehosting. Can you explain why you took the approach that
While we were throwing around ideas for the new name, we were vulnerable
to poaching. I would (have) loved to have discussed the name with the user
community, but what would have stopped someone from preemptively
registering a domain name or trademark?
At the same time, my focus was on bringing up the new infrastructure for
the project -- the web site, mailing lists, code repository, build
servers, etc. We ended up postponing the announcement a couple of weeks
while all of that was put into place.
How do you see the development approach for Wireshark differing from
what happened on Ethereal?
In the immediate sense, very little has changed. The same exact
developers are working on the same exact code. Our development process
has evolved over time in order to keep our developers productive and
happy, and to improve the quality of the product. I don't see that
changing in the future.
What do you see as the future for Wireshark?
We're going to continue our role as the world's most popular network
protocol analyzer. Hopefully this means releasing version 1.0 at some
The developers are constantly adding great new features to the product,
as well as improving protocol support. I don't see that changing.
We're also making great strides where we haven't done so well in the
past (most notably with security).
There will be a huge benefit from working alongside Loris Degioanni and
Gianluca Varenni, the developers of WinPcap. The advantage that CACE
has to offer greatly outstrips any losses from changing the name.
When do you expect the first Wireshark release?
We already have a pre-release of version 0.99.1 available for
If you're adventurous, we also have automated builds of the latest
development code. The first "real" release (0.99.1 or 0.99.2) should be
out in the next couple of weeks.
Several months ago we established roadmap to define the features that
will be in version 1.0. We've been making steady progress on the
roadmap, and 1.0 will hopefully be released in the next few months.
Any thoughts on what is likely to happen to Ethereal?
Not a clue. No one on the development team has administrative access on
any of the Ethereal servers; their upkeep is now the responsibility of
my former employer. As far as I know they haven't indicated what's
going to happen.
So, do you expect to see the mailing list support / discussion move over to
the new Wireshark mailing lists in the near future?
That's happening right now. Activity on the Wireshark lists is starting
to pick up. I'm not sure if there will ever be an explicit move, e.g.
by pointing mail aliases from the old lists to the new ones, but who knows?
to post comments)