Gerald Combs works with the developers of WinPcap at CACE Technologies as the Director of Open Source Projects, and is the lead developer of Wireshark. In this interview, he discusses Wireshark in detail, with history details and features to what we can expect in the future.

Give us some background on Wireshark. What was your journey from raw idea to a product with a massive user base?

In the mid to late 90's I worked at an ISP in the midwestern U.S. We needed a protocol analyzer that had features comparable to commercial analyzers at the time, was affordable, and ran on Solaris and Linux (our primary platforms). Such a product didn't exist so I ended up writing my own. By that time I had used open source software for a number of years. I released Ethereal (Wireshark's original name) under the GPL as a way of giving back to the community.

Immediately after the first release in July 1998 I started receiving contributions from developers around the world. Support for other protocols, safer data handling, and a Windows port were added early on. At around the same time Loris Degioanni and Gianluca Varenni were working on WinPcap. This let us capture packets on Windows and made Ethereal usable for a much larger class of users. By 2002 or 2003 it was in wide use on many platforms including Windows, Linux, and Solaris.

In 2006 I got the opportunity to work with Loris and Gianluca at CACE Technologies. Moving to CACE took the project in a much needed direction. We now a clear business model around the project and better sustainability. The move was also literal - my family and I moved from Missouri to California. Trademark issues meant leaving the name "Ethereal" behind. That's how Wireshark was born.


Due to the great work of the development team Wireshark is now a popular, award-winning application. The user community is active and ethusiastic. CACE provides the infrastructure for the project as well as complementary products and services. We host Sharkfest, a yearly user and developer conference. Partners such as Laura Chappell provide training. All of this together forms a thriving ecosystem that I'm honored to be part of.

What are the features you see Wireshark users most excited about?

I think the primary feature is the visibility that a classic protocol analyzer provides. It's one thing to have an abstract notion of packets going back and forth on a network. It's quite another to interactively browse them and see them broken down to the last bit and byte.

The ability to follow a TCP stream and see the messages sent back and forth between the client and server is useful to people who troubleshoot and develop network applications. Likewise the VoIP analysis and playback features are useful for people who work with IP telephony.