Interview with Gerald Combs

LWN: Gerald, many system administrators and network software developers would be familiar with the Ethereal network sniffer and packet dissector. You were the original author, and release coordinator for Ethereal, but you recently announced that the project's name was changing to Wireshark and was moving to a new website. Can you provide a bit of background on the reason for the name change?

GC: Several years ago, my former employer registered trademarks for Ethereal and the Ethereal logo. Along with hosting the main web site, this provided a valuable service to the community.

Recently I took a job with CACE Technologies, the people behind WinPcap (the Windows Packet Capture Library). The Ethereal trademarks ended up staying with my former employer, which meant that someone with no direct involvement with the project had custody of the name. Also, no one involved with the project had administrative access to any machines in the ethereal.com domain. This put the project in a weird position, which forced the name change. When we were discussing names, my wife came up with the motto "Sniffing problems a mile away," which I really like. By the way, the fin pointing left symbolizes the move west that my family and I are about to make (from Kansas City, MO to Davis, CA).

LWN: Who will own the Wireshark trademark?

GC: I will, at least initially. We're looking at the benefits of this versus setting up an organization around Wireshark. Either way, the trademarks will be owned by an entity with a vested interest in the success of the project.

LWN: What sort of work will you be doing for CACE? How will it relate to Wireshark?

GC: My top assignment is to continue working on Wireshark, and to make sure the project stays strong and healthy.

LWN: CACE Technologies are supporters of WinPcap and Snort, right? Do you see the future of Wireshark being affected by closer association with those products?

GC: CACE is deeply involved with WinPcap. Its two main developers work there, and CACE provides services and hosting for WinPcap. There is no connection with Snort or Sourcefire.

LWN: Ah, OK - my mistake on the Snort connection. Of those developer that had commit rights for Ethereal, how many have moved over to work on Wireshark?

GC: All of them. They've accepted the name change a lot better than I have. The Wireshark community is very fortunate to have a team like this working on the project.

LWN: There appeared to be some concerns from some members of the wider Ethereal development community over the approach you took for the renaming and rehosting. Can you explain why you took the approach that you did?

GC: While we were throwing around ideas for the new name, we were vulnerable to poaching. I would (have) loved to have discussed the name with the user community, but what would have stopped someone from preemptively registering a domain name or trademark? At the same time, my focus was on bringing up the new infrastructure for the project -- the web site, mailing lists, code repository, build servers, etc. We ended up postponing the announcement a couple of weeks while all of that was put into place.

LWN: How do you see the development approach for Wireshark differing from what happened on Ethereal?

GC: In the immediate sense, very little has changed. The same exact developers are working on the same exact code. Our development process has evolved over time in order to keep our developers productive and happy, and to improve the quality of the product. I don't see that changing in the future.

LWN: What do you see as the future for Wireshark?

GC: We're going to continue our role as the world's most popular network protocol analyzer. Hopefully this means releasing version 1.0 at some point. :) The developers are constantly adding great new features to the product, as well as improving protocol support. I don't see that changing. We're also making great strides where we haven't done so well in the past (most notably with security). There will be a huge benefit from working alongside Loris Degioanni and Gianluca Varenni, the developers of WinPcap. The advantage that CACE has to offer greatly outstrips any losses from changing the name.

LWN: When do you expect the first Wireshark release?

GC: We already have a pre-release of version 0.99.1 available for download. If you're adventurous, we also have automated builds of the latest development code. The first "real" release (0.99.1 or 0.99.2) should be out in the next couple of weeks. Several months ago we established roadmap to define the features that will be in version 1.0. We've been making steady progress on the roadmap, and 1.0 will hopefully be released in the next few months.

LWN: Any thoughts on what is likely to happen to Ethereal?

GC: Not a clue. No one on the development team has administrative access on any of the Ethereal servers; their upkeep is now the responsibility of my former employer. As far as I know they haven't indicated what's going to happen.

LWN: So, do you expect to see the mailing list support / discussion move over to the new Wireshark mailing lists in the near future?

GC: That's happening right now. Activity on the Wireshark lists is starting to pick up. I'm not sure if there will ever be an explicit move, e.g. by pointing mail aliases from the old lists to the new ones, but who knows?