Uncategorized on The Official Wireshark Blog

Dedication and Disagreements

Tue, 02 Jul 2019 00:52:31 +0000

As I’ve mentioned in many of my talks about the Wireshark project, our primary goal is to help as many people as possible understand their networks as much as possible. We’ve been very fortunate over the years in this regard. Many people are passionate about this goal and have dedicated themselves to help to work toward it.

Although a group of people might agree about a particular goal, they can sometimes disagree about how to get there. When you add in personal dedication and investment, the disagreement can take on a life of its own. This happened to us recently.

Years ago when I worked at CACE Technologies we created the Wireshark Foundation¹. A couple of years later, Laura Chappell came up with the idea for Wireshark University and the WCNA certification program. She worked out an agreement with CACE’s CEO to license use of Wireshark’s trademarks which they subsequently signed.

Shortly after that, Riverbed acquired CACE, along with the Wireshark Foundation. Like CACE, Riverbed has been both supportive of the project and hands-off. They pay my salary, fund SharkFest and our infrastructure, and have done so since the acquisition. We always strive to do more, and last fall it was suggested that we might be able to bring in extra money to fund more initiatives which would improve Wireshark and benefit the community.

One of the ideas for extra revenue involved restructuring Wireshark University in the hopes of including more educators. We presented the plan to Laura, and it didn’t go well. Our relationship deteriorated to the extent that Laura now maintains that Riverbed has taken over Wireshark. I love and respect her and will be forever grateful for what she’s done for the Wireshark community, but I strongly disagree with this viewpoint.

Riverbed has and continues to be very hands-off with Wireshark and is dedicated to our independence. They don’t dictate our roadmap or otherwise try to push us in a particular direction². In my keynote³ at SharkFest ’19 US, I talked about creating an independent entity for the Wireshark Foundation and our assets, and they’ve been supportive of the entire process.

Going Forward 🔗

Although we weren’t able to come to an agreement on Wireshark University, there was never any question that Laura is welcome to keep using the Wireshark trademark to describe the purpose of her training courses, books, and the WCNA certification program. I would personally prefer that she continue to use the name “Wireshark Certified Network Analyst” – we would just need to have a proper agreement in place. If any of this wasn’t made clear to her over the past few months then that’s on me.

Please don’t let this dissuade you from buying Laura’s books, attending her classes, or going through the WCNA program. She’s a great educator and we share her passion for helping people understand their networks.

Also please be assured that Wireshark is and will always remain Free and Open Source Software. I am forever grateful to our global group of enthusiastic developers who continue to evolve the project. However, stuff costs money, and some of the initiatives we’ve discussed include (but aren’t limited to) hiring support staff. In order to serve the user and developer community and fund the project we must explore options such as charging for non-exclusive use of the Wireshark University trademark.

1 I don’t recall the precise reason, but it was most likely to reduce CACE’s exposure in the event that I left the picture. They were betting the farm on Wireshark. It should be noted that my daughter and I were on Southwest flight 812, so this wasn’t an unreasonable concern.
2 Aside from the occasional bug report from one of my co-workers. 🙂
3 See the “Sustainability” the keynote at https://sharkfestus.wireshark.org/sf19, about 36:15 in.

Comments 🔗

Comment by TomLaBaude on 2019-07-02 12:10:58 +0000 🔗

Donation would be a great opportunity for people and companies to contribute financially to Wireshark.

As a freelance, I use Wireshark in my software in the terms of the license and earn some revenues from it.
But I can’t contribute back by coding, I only report bugs.

At my level, I’d donate yearly part of my revenue to Wireshark Foundation.

Imagine rest of the world.

Comment by Uli on 2019-07-02 14:37:08 +0000 🔗

I’m with Tom. Putting some donation information on the website would help. There are a lot of companies where Wireshark is important for their business. I guess some of them would like to contribute with money.

Comment by David Lopez on 2019-07-02 15:46:54 +0000 🔗

Hi Gerald, thank you for the blog and clarification. I recently attended sharkfestUS-2019 and loved it. I enjoyed and learned a lot from all the presentations. Janice did a great job at organizing the venue and it takes money to hire staff and get resources. After sharkfest I got a copy of Laura’s great books and prepared for the WCNA which I successfully passed.
My only concern now is that Riverbed may decide to come out with their version of the Wireshark Certification program.

regards,
DL

Comment by Roland on 2019-07-02 17:02:20 +0000 🔗

@David – I do not think you have anything to worry about that. WCNA has a very good name to it, and rightfully so, and it will keep having a good name, as long as Laura steers the WCNA certification, as she is an excellent teacher.

Comment by Laura Chappell on 2019-07-03 15:46:41 +0000 🔗

Roland – unfortunately, Riverbed has kicked me out of steering the Wireshark Certified Network Analyst certification. Their lawyers hound me relentlessly – hence the name change to simply “WCNA Certification.”

In November, Janice Spampinato stated that [verbatim]: “they [Riverbed Education] are very enthusiastic about bringing that [the WCNA certification program] under the Riverbed training umbrella… did you see anything about the RCP program at SharkFest? …it would be a nice complement to what they are doing.”

Comment by Roland on 2019-07-03 16:03:22 +0000 🔗

@Laura – this is simply not the situation as described above in the blogpost. WCNA is your baby and always has been. Gerald has described that above and I agree 100% with that assessment.

But Wireshark University is a brand that is thought and could be a way to create a way to finance the project in the future. This is the core issue, to enable a long-term survival of the project.

Comment by Laura Chappell on 2019-07-03 17:10:22 +0000 🔗

I’m glad you see the Wireshark Certified Network Analyst program as my “baby.” I wish Riverbed legal would see it that way.

Yeah… we were told that the “Wireshark University” name would be licensed out to make money (going into a Riverbed bank account – we were told “not to worry about that”). Sure wish Janice had come to me first to see how I could’ve helped raise funds for the project. Blindsiding a long-time partner leaves a “Riverbad” taste in my mouth! Ha ha ha ha ha….

Comment by Gerald Combs on 2019-07-03 21:05:26 +0000 🔗

@Laura – I sometimes joke that I’m a business unit of one, but it’s true. Wireshark has a department code within Riverbed and I’m its sole employee. It’s also where the income and expenses for the project are handled, and I oversee them all.

Other issues aside, we seem to be in heated agreement about the WCNA. I’d dearly love for you to keep using the name. Again, that would require an agreement.

Comment by tony on 2019-07-09 13:48:34 +0000 🔗

wow. i had no idea what was going on.
looks like i should thank Janice for blacklisting me

Comment by James Robinson on 2019-07-22 15:05:48 +0000 🔗

Wow.. I got my Wireshark Certification because of the excellent relationship between Laura and Gerald. In the books, there were meaning Forewords supporting the books and training. I felt proud to call myself a Wireshark Certified. Now, it seems like an interesting situation and I can’t but wonder about the value of the certification. The logo even changed and I can’t wait to find out what else will change. Even the portal is going away. Just hoped that there is some compromise or agreement. I am still in shock. Please get this together soon .. Let’s stop the emails, set at table, and work this out for us …

Wireshark Is Now Twenty

Sat, 14 Jul 2018 20:31:21 +0000

Twenty years ago today I announced Ethereal 0.2.0, which marks the first public release of what is now Wireshark. The release was an attempt at two things: to create an interactive protocol analyzer for Linux and Solaris so that I could do my job better, and to give back to the open source community. As it turns out the second goal had a huge effect on the first one. After the initial release developer and user communities quickly formed. Different people had different goals such as support for other platforms and protocols, troubleshooting in specific environments, education, product development, network forensics, and so on. After a while things settled down to a single goal:

To help as many people as possible understand their networks as much as possible.

As goals go that’s pretty broad and implies a lot of work. Open source project hosting services didn’t exist in 1998 so in the olden days we pretty much ate sand. For example, I made thirty releases in the first year. Twenty of them were first two months. That’s because I was our revision control system¹. Contributors would send me patches, I’d apply them to my source tree and then make a release. Everyone would then sync their source directories with the new release. Fortunately we stopped doing that in short order. Other parts of the project followed similar paths. The first Windows packages were ZIP files with no capture driver. Our first web server was a 40 MHz SPARCstation IPX with 64 MB of RAM. We inflicted X11 on our macOS users far longer than we should have.

The project grew from those humble beginnings to what is today â€“ the world’s most popular network protocol analyzer. The goal is still there, and many people and organizations are helping us achieve it. We have a wonderful sponsor in Riverbed, which pays my salary, provides our infrastructure, and sponsors SharkFest, our developer and user conference². It’s managed by Janice Spampinato, who does a spectacular job of making sure our community can share its knowledge face to face in a welcoming environment.Â Speaking of SharkFest, we’re having three of them this year! Laura Chappell does a correspondingly spectacular job with Wireshark University, educating users throughout the year. Our user and developer community is second to none in its expertise, knowledge, and willingness to help.

I could not be more proud of what we’ve accomplished and look forward to the challenges and opportunities. On behalf of the Wireshark development team, thank you for your support.

Never, ever do this. If you want to start a project, just commit your code to GitLab. Or GitHub. Or BitBucket. Or anything else that doesn’t involve manual patching.
If your career involves looking at packets you should maybe show up once in a while.

Let me tell you about Wireshark 2.0

Sat, 07 Nov 2015 00:35:54 +0000

We’re getting ready to release Wireshark 2.0, which includes a major user interface update. As a comparison, here’s a picture of Wireshark 1.12.8, which is the current stable release:

Here’s a picture of Wireshark 2.0.0rc2, which is the current development release:

See? Totally different.

Actually, quite a few things have changed. The user interface has been completely rewritten using a different interface library (Qt). It has been streamlined so that you can work faster and it should have a better look and feel on every platform. The screenshots above are similar because we’ve also tried to ensure that the new UI is familiar to current users. The features you’re used to are still there and in the same place (or at least nearby). They should work much more smoothly, however.

I can’t hope to cover all of the changes in Wireshark 2.0 in one blog post, but here are a few highlights:

Capture options. Capture options have been simplified and consolidated. In 1.12 they are spread out in many places across several windows. In 2.0 they are in two places: the Capture Options dialog (Captureâ†’Options or the “gear” icon in the toolbar) and the Manage Interfaces dialog, which you can open by pressing “Manage Interfaces” in the Capture Options dialog.

Streamlined preferences. Preferences windows usually aren’t something to get excited about and this is no exception, but it’s important to note that in the process of removing clutter some preferences have been removed from the main window. They’re still available in the “Advanced” preference section which lists every available preference item.

Translations. Thanks to the hard work of many contributors the new interface supports multiple languages. You can now select between Chinese, English, French, German, Italian, Japanese, and Polish in the “Appearance” preferences section. Many more translations are underway. You can see the status the translation efforts and help out with the effort at https://www.transifex.com/wireshark/wireshark/.

Related packets. As you scroll through the packet list you might notice little symbols pop up along its left edge. For example, you might see left and right arrows for DNS requests and Replies, or a check mark to denote an ACKed TCP packet. These are related packets. This exposes some plumbing we’ve had in place for a long time, but it’s now shown in the main window instead of buried deep in the packet detail tree.

Intelligent scrollbar. As you scroll through the packet list you might notice that the scroll bar itself looks odd. It now features a map of nearby packets, similar to the “minimap” available in many modern text editors. The number of packets shown in the map is the same as the number of physical vertical pixels in your scrollbar. The more pixels you have, the more packets you can see. In other words, if you use Wireshark regularly you now have a legitimate business case for a retina display.

Statistics dialogs. The dialogs under the Statistics and Telephony menus have seen many improvements. The backend code has been consolidated so that most of Wireshark’s statistics now share common internal logic. This in turn let us create common UI code with many workflow improvements and a much more consistent interface.

I/O Graph dialog. You can now graph as many items as you like and save graphs as PDF, PNG, JPEG, and BMP. Graph settings stay with your profile so you can customize them for multiple environments.

Follow Stream dialog. You can now switch between streams and search for text.

General dialogs. Many dialogs now have context-aware hints. For example the I/O Graph and Follow Stream dialogs will tell you which packet corresponds to the graph or stream data under your cursor. Most of them will stay open after you close a capture file so that you can compare statistics or graphs between captures.

If you want to see a live demonstration of the new UI, Laura Chappell and I are presenting a webinar next week on the 12th at 10:00 AM PST. You can register at http://bit.ly/wireshark2.

The final 2.0.0 release should be available in a couple of weeks. I’m excited about the new UI and about the opportunities that it provides for new features and further improvements.

Comments 🔗

Comment by Guy Harris on 2015-11-06 17:35:38 +0000 🔗

And the OS X version no longer requires X11.

Comment by Albert on 2015-11-06 18:39:22 +0000 🔗

Noice

Comment by Noice on 2015-11-09 18:59:59 +0000 🔗

Noice, noice

Comment by Noice, noice on 2015-11-09 21:00:38 +0000 🔗

Noice, noice, noice

Comment by Noice, noice, noice on 2015-11-10 01:53:43 +0000 🔗

Noice, noice, noice, noice

Comment by Noice, Noice, Noice, Noice on 2015-11-10 02:19:59 +0000 🔗

Noice, Noice, Noice, Noice, Noice

Comment by David Steele on 2015-11-10 03:43:40 +0000 🔗

Love the concept of color coding the drag bar so you have a chance to see where things that interest you _may_ be hiding in the cap.

Comment by c.mckenzie on 2015-11-10 04:35:17 +0000 🔗

Hey Gerald! Good job. This article made it to reddit btw, https://www.reddit.com/r/sysadmin/comments/3s6fm7/let_me_tell_you_about_wireshark_20/ … hit me up on skype sometime.

Comment by Joseph on 2015-11-10 06:22:15 +0000 🔗

The OS X version has stopped requiring X11 since months ago

Comment by noiceee on 2015-11-10 09:59:09 +0000 🔗

noiceeenoiceeenoiceeenoiceee
noiceeenoiceeenoiceee
noiceee

Comment by James on 2015-11-11 14:38:16 +0000 🔗

Can’t see packet data when opening a single frame.

Comment by Hansang Bae on 2015-11-11 18:34:45 +0000 🔗

VERY NICE! Congrats Gerald.

Comment by Hansang Bae on 2015-11-11 18:35:03 +0000 🔗

VERY NICE! Congrats Gerald, and core developers!

Comment by RoestVrijStaal on 2015-11-21 02:46:02 +0000 🔗

I’m wondering: How much C++ code have you to rewrite to the Javascriptish QML to wrap the Wireshark logic around Qt?

Comment by Gerald Combs on 2015-11-21 11:35:26 +0000 🔗

@Roest The new UI is written using Qt’s C++ API and not QML. This let us more easily take advantage of much of the pre-existing code in the GTK+ UI. We might end up using QML in the future if we ever write an Android or IOS UI. As far as I know, no one is working on that however.

Comment by Noice on 2015-12-01 00:55:51 +0000 🔗

NOICE!

Wireshark Tutorial Series #2. Tips and tricks used by insiders and veterans

Mon, 12 Aug 2013 15:27:51 +0000

Yes, I know it’s been a while since tip #1 video (https://blog.wireshark.org/2012/10/wireshark-tutorial-series/?utm_source=rss&utm_medium=rss&utm_campaign=wireshark-tutorial-series) and this one. Judging by the number of views and comments, it is helping. So keep me honest by reminding me to post more often!

In this short video (http://www.youtube.com/watch?v=aIiosBw2YH4), I discuss the dangers of using default values without fully understanding what the consequences are. In Sharkfest 2013, Christian Landström gave an excellent session on the reassembly feature of Wireshark. Unfortunately, it wasn’t recorded and I wanted to convey the message. The PDF of his excellent session can be found here: http://tinyurl.com/lko37zb

Enjoy!

Hansang Bae

Comments 🔗

Comment by juanmapalad on 2013-08-24 07:05:30 +0000 🔗

hi,

i have some issue on wireshark, you can view it from here:

https://learningnetwork.cisco.com/thread/60209?tstart=0

.. can i ask for a help? thanks

Comment by Gerald Combs on 2013-08-24 09:37:43 +0000 🔗

The best places to ask for help about Wireshark are the Q & A site and the wireshark-users mailing list.

Comment by Bolee on 2013-08-28 09:21:21 +0000 🔗

Not many take the trouble to take notes of a meeting to upload online for others so thank you firstly Hansang for doing so. I’m certain that many would find it beneficial and it would help save a lot of time. I wasn’t fortunate to attend that tutorial however we’re counting on your notes. Thanks again! =)

Comment by Hansang Bae on 2013-09-01 09:45:33 +0000 🔗

Bolee,
It’s my pleasure. Glad you find this helpful! 🙂

Comment by Otto on 2013-10-07 09:19:58 +0000 🔗

Hi Hansang,
Can’t believe I run into you again. I remember your name from way back in -97 when I was studying for my CNE 🙂
Anyway, I really like your tutorials, but being old with not-so-good eyesight anymore, is there any chance you can increase the size/resolution of the window? If I try to do that on my end, the text becomes illegible, and as is it is unreadable.
And of course, remember to make parts 3 and 4 and the rest.

Thank you for the effort, it is greatly appreciated.

Otto

Comment by Hansang Bae on 2013-10-08 08:43:34 +0000 🔗

Otto,
Man, a blast from the past from comp.sys.novell days!?! 🙂 I’m not sure if I can make it any bigger resolution wise, because I lose the ability to show all the columns. But shoot me an email, and I’ll see if I can post the raw camtasia files for you. If you don’t have camtasia, I may be able to convert to a bigger resolution. So shoot me an email and we’ll figure something out.

Thanks

Hansang

Wireshark Tutorial Series. Tips and tricks used by insiders and veterans

Wed, 17 Oct 2012 18:08:26 +0000

For those of you who have attended Sharkfest in the past, you already know that protocol analysis is near and dear to my heart. It’s also a field where experience and art still matter. As great as Wireshark is as a tool, it still takes coaxing by an analyst to ferret out root cause. And as networks and applications become more complex, keeping up will be challenging.

But the one thing that I noticed over the years is that people rush to install sniffers without really thinking about it. It’s almost as if people expect sniffers to magically spit out the root cause, served on a silver platter! In reality, it takes fair amount of protocol and application knowledge to truly bring a tool like Wireshark to bear.

I started posting to this blog so that I can help budding protocol analysts and perhaps show interesting tricks-of-the-trade to veteran users. To become good in this field, it takes a fair amount of practice. It takes practice to know how to capture the right data, where to capture the data, what filters to use, and how to interpret the data. So how do you go about getting started? First, you can watch the accompanying video/tutorial session (see below for the link.) Next, make sure you setup your Wireshark in a consistent manner – the video tutorial covers this.

Ever wonder how router jockeys like me can scroll through a “sho run” output so quickly? It’s because I’ve done it for so long that the eyes are trained to filter out unneeded information. That’s the key to training – knowing what to filter out so your brain can get to work on the important stuff. It turns out protocol analysis works the same way. You have to train your brain to filter out the noise. Setting up your Wireshark environment will go a long way to maximizing productivity.

There is no “right way” to setup Wireshark. There’s only “my way” and everyone else’s – by definition – is wrong! Some like destination address to be the first column just like in DOS Sniffer. Others prefer using Wireshark’s default order. Whatever your style is, make sure it’s consistent. And if you’re just starting out, perhaps you can benefit from my setup. Even Anthony Bourdain in his book “Kitchen Confidential” talks about “mise-en-place.” It’s a term used by chefs and signifies how the cooking stations are setup. It’s important because it makes them more productive. For the same reason, you need to develop your own Wireshark mise-en-place!

If you still have not modified the default layout of Wireshark, you’re definitely missing out. In the video, I’m going to help you setup Wireshark so that you can become more productive. And we’re going to embark on a journey where I show you all the secrets to protocol analysis. I’m like the “magicians’ tricks revealed” guy. I’m going to help make you a rock star – where protocol analysis is concerned – in your company. If you’re an industry veteran, don’t be alarmed. The first few sessions are geared towards beginners so they can catch up. After that, I promise you that we’ll be in the weeds!

Hope you enjoy it, and I’d love to hear your comments. You can reach me at hansang.bae@riverbed.com

Comments 🔗

Comment by Betty DuBois on 2012-10-18 09:24:29 +0000 🔗

Great video Hansang. I’m looking forward to the next installment. Did you know you can left click on the profile name in the status bar to toggle between all of your profiles? Just another way to achieve the goal as quick as possible.

Comment by Tony Fortunato on 2012-10-19 06:28:05 +0000 🔗

very nice. I look forward to more articles

Comment by wireshark on 2012-10-19 08:55:01 +0000 🔗

is there a way with wireshark to simulate / replay website visitor ?

i would like to simulate visitor behaviour and trafic !

thanks

sebastien

Comment by Hansang Bae on 2012-10-20 18:42:03 +0000 🔗

Thanks everyone!
Betty, yes, Gerald actually pointed that out and I was going to edit the video with a popup (but must have forgotten it! 🙂

sebastien,
Wireshark will not replay the data. You’ll need something like tcpreplay (and there are other tools, just google for ‘replay pcap’)

Comment by Chris Greer on 2012-10-21 16:43:33 +0000 🔗

Hansang,
Looking forward to reading and watching your work here.
Thanks for taking the time to get this great info together.

Comment by Travis Marlette on 2012-10-30 08:25:59 +0000 🔗

I look forward to learning more from you Hangseng! Now that my wireshark is setup properly, it should go much faster.

I look forward to your future posts!

Comment by Hansang Bae on 2012-10-31 10:29:02 +0000 🔗

Travis,
Thank you, another session will be posted (hopefully) by next (Nov 10th) weekend. Hurricane Sandy made things a bit difficult – to say the least.

Comment by Alex on 2012-11-13 12:44:53 +0000 🔗

Hey there…

I downloaded the Wirshark software and it works great for viewing packets and destinations running back and forth to my laptop….but I was wondering is there a way for me to see the traffic going to other laptops on my home router….I have 2 children and am concerned who they are chatting with etc…?

Thanks for your help.

Comment by Alex on 2012-11-13 13:31:33 +0000 🔗

Is there anyway to capture the traffic with all laptops (3)on a home router with Wireshark?

Thanks for your help.

Alex

Comment by Hansang Bae on 2012-11-18 21:36:28 +0000 🔗

Alex,
It depends on your home router. Please see

http://www.wireshark.org/faq.html

Q 7.1: When I use Wireshark to capture packets, why do I see only packets to and from my machine, or not see all the traffic I’m expecting to see from or to the machine I’m trying to monitor?

7.2 When I capture with Wireshark, why can’t I see any TCP packets other than packets to and from my machine, even though another analyzer on the network sees those packets?

Comment by Riu on 2012-11-24 08:43:26 +0000 🔗

Great video, but i was wondering how could i send packets to test server responses to them.
Thanks for your help!

Comment by Hansang Bae on 2012-11-26 06:57:06 +0000 🔗

Riu,
You can’t use Wireshark to (re)generate traffic. There are other tools for sending packets out, but for TCP, it can get a little tricky. If you’re interested check out tcpreplay or Google’s Ostinato tool.

Comment by http://business-ethernet.com on 2012-12-02 22:24:57 +0000 🔗

When you’re looking for an Internet connection for your company, you must know a few things about the telecom world, what the different circuits are, and most of all, what is guaranteed and what it is. The marketing hype is often very deceiving, so you need to understand dedicated lines such as business Ethernet, T1 and similar. Additionally you have to know where to look for the best pricing and how to make sure it truly is reliable at the best prices possible.

Comment by bernard on 2012-12-07 15:20:48 +0000 🔗

I must be among the dumber ones. I can’t find the link to the video. Where is it?

Comment by Hansang Bae on 2012-12-07 15:24:57 +0000 🔗

Bernard, it’s the hyperlink in the final paragraph.

“If you still have not modified the default layout of Wireshark, you’re definitely missing out. In the

**> video<** , I’m ….."

Comment by Kostas on 2012-12-15 00:03:21 +0000 🔗

Very helpful! Looking forward for the next one!

Comment by Hansang Bae on 2012-12-15 14:48:09 +0000 🔗

Thank you, I’m currently working on the next set (as I type this…actually). It requires some visual explanation so I’m working through my PPT issues at the moment. LOL. I can do packet analysis, but PPT can elude me at times!

Comment by decaptcha service on 2012-12-15 19:48:28 +0000 🔗

Everyone loves what you guys are usually up too. This type of
clever work and exposure! Keep up the fantastic works guys I’ve added you guys to my own blogroll.

Comment by captcha reader on 2012-12-15 19:54:17 +0000 🔗

Hey I know this is off topic but I was wondering if you
knew of any widgets I could add to my blog that automatically tweet my newest twitter updates.

I’ve been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

Comment by captcha decoder on 2012-12-15 19:55:57 +0000 🔗

When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get four e-mails with
the same comment. Is there any way you can remove people from that service?
Thanks a lot!

Comment by recaptcha bypass on 2012-12-15 19:58:03 +0000 🔗

When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a comment is added I get several emails with
the same comment. Is there any way you can remove people from that service?
Thanks a lot!

Should Sunlight Be Streaming In Like That?

Sun, 03 Apr 2011 18:47:37 +0000

Two days ago my daughter and I were flying home from vacation when a hole tore open in our plane’s roof. The oxygen masks dropped down and we had to make an emergency landing and everything. Luckily the rest of the plane held together and we were able to land quickly.

The crew and passengers did an amazing job. The pilot and co-pilot immediately got us to a safe flying altitude and pointed us toward an airfield. One of the flight attendants briefly lost consciousness and struck his nose but was immediately back up and helping passengers despite his injury. The passengers remained calm and we were all checking on each other to make sure everyone was OK and that we all had our masks on.

Once we were on the ground U.S. Marine EMTs came aboard and provided medical assistance to anyone who needed it. While we waited for Southwest to pull a cold spare 737 from the shelf and send it our way a couple of the passengers kept my daughter entertained. I wondered if the exposed wiring was ARINC 429.

I would like to extend my thanks to everyone involved — the crew, passengers, and first responders for their swift action and calm demeanor throughout the entire experience. Everyone had a job to do and they did it well, supporting each other the whole time.

P.S. The reporters who called at 4:30 and 6:30 the next morning can my .

Comments 🔗

Comment by Chris Maynard on 2011-04-04 07:20:58 +0000 🔗

Wow Gerald, that had to be quite the experience. Glad everyone is OK and hopefully your daughter doesn’t have any long-term fears of planes and flying as a result.

Southwest is inspecting all their planes now as a result of this incident: http://www.swamedia.com/releases/f0e157e2-3c65-a6ca-163b-30004d98ede3. I sure hope they inspect those planes I’ll be flying to/from Sharkfest ’11 in June extra carefully! 😉

Comment by Joshua Gallagher on 2011-04-05 14:41:22 +0000 🔗

Awesome. You were potentially seconds away from a horrifying death and you’re sitting there wondering if you could slip in a tap to dissect the packets being sent from the cockpit. In all the world, only you would think of that!

Glad you made it home safe.

Comment by Laura Chappell on 2011-04-13 18:37:58 +0000 🔗

Jeepers, Gerald… could it be that someone on that plane was trying to *gasp* SELL a copy of Wireshark to another passenger…? Sniff free or die ya know…

So glad things weren’t worse in that situation! Perhaps we need to make a “swaskylight dissector”?

Comment by Stephen Fisher on 2011-04-19 14:48:26 +0000 🔗

You were on that flight? You’re famous! (not that you weren’t already) I wish I had a cold spare 737 on the shelf. Is there such a thing as a warm or hot spare 737?

Comment by Chris Maynard on 2011-04-26 07:18:52 +0000 🔗

An update: An article in today’s (4/26/2011) NY Times suggests that a rivet manufacturing flaw may be the cause: http://www.nytimes.com/2011/04/26/business/26air.html?_r=1&nl=todaysheadlines&emc=tha23

SSL / TLS Renegotiation Bug

Thu, 05 Nov 2009 23:17:45 +0000

Marsh Ray and Steve Dispensa have an excellent writeup of the recently-discovered renegotiation bug in SSL and TLS. It really is excellent, too. I’m not just saying so because they provide a bunch of sample captures showing renegotiation in action or because Wireshark is prominently featured in their discussion.

In related news, the secure web is no longer secure and civilization will soon collapse.

Comments 🔗

Comment by Marsh Ray on 2009-11-07 00:09:03 +0000 🔗

I could not have done it without Wireshark.

Re: “In related news, the secure web is no longer secure and civilization will soon collapse.”

Please note that our research yielded little in support of that theory about civilization!

Comment by Kelt on 2009-11-18 11:52:43 +0000 🔗

I just wanted to say kudos to Marsh and Steve for finding this vulnerability. Now I have to go figure out a workaround for a few 1000 servers until a patch is released. 😉

And I’d like to point out the obvious statement: Wireshark is awesome. I used to use Ethereal and pcap but switched over to the shark. Keep up the good work guys.

Packets

Mon, 27 Jul 2009 23:49:56 +0000

Has anyone seen my packets? They were around here somewhere.

Comments 🔗

Comment by Joan Snelders on 2009-09-12 05:53:29 +0000 🔗

They are here!
http://wiki.wireshark.org/SampleCaptures