The coloring rules and expert information seem to be used a lot. I was initially skeptical about the expert features because I've been led down the wrong path by so-called expert systems in other products in the past. In Wireshark it's worked out surprisingly well.

Are you satisfied with the pace Wireshark is being developed or would you prefer to have updates released more often? How many developers contribute to Wireshark?

On the whole I'm very satisfied. We've has always had an excellent team of developers. Releases come out every one to two months, which is a pretty good pace. At any given time there are ten to twenty people actively working on Wireshark. Over the years several hundred people have contributed to the project.


What are the most requested features and fixes for future versions of Wireshark? Are there any requests that will never see the light of day for one reason or another?

The long-time "missing" features have been for things like packet editing, scrubbing, and replay. As OS X has gained popularity a lot of people have asked for a native Mac interface.

Wireshark has one intrinsic "hard" problem. As networks get faster and resources expand people naturally want to open larger and larger capture files. We've made improvements in this area over time but Wireshark's job is to show you every last detail of every packet. If you have millions of packets that's going to use a lot of processing power and memory. You can alleviate the problem in Wireshark using capture filters and multiple capture files. CACE Pilot is a commercial solution that works with Wireshark and lets you drill down and isolate the traffic you're looking for.