Wireshark Is 25: The email that started it all and the lessons learned along the way
Categories:
Announcement
25 years ago, I sent this email, which ended up changing the course of my life From: Gerald Combs - Unicom Communications <gerald [at] … > To: gtk-list [at] redhat . com Subject: ANNOUNCE: Ethereal 0.2.0 Date: Tue, 14 Jul 1998 21:47:01 -0500 (CDT) Ethereal is a network analyzer that lets you capture and interactively browse the contents of Ethernet frames. Packet data can be read from a file, or live from a local network interface. More information, including the source distribution, can be found at http://ethereal.zing.org . Comments and patches are welcome. I remember being nervous and excited at the time, wondering what the reaction would be. I had spent the previous few months working on a protocol analyzer, which was something I needed at work.
There are a couple of things to note: the name wasn’t Wireshark (we changed the name in 2006) and at the time of this email, protocol analyzers were rare, you could even say a precious thing. Back then, if you wanted to see what was happening on your network, command line tools like tcpdump and snoop were available at no cost, but if you wanted a GUI analyzer, you had to pay for a product that might cost the equivalent of a luxury car.
Announcing the Wireshark Foundation
Categories:
Announcement
The thing that I most love about working on Wireshark is our community. Our users, educators, and developers have a passion for packets and protocols, and their work is important – modern society runs on computer networks and those networks need to be reliable, fast, and secure. I’m grateful that my employers and other sponsors have ensured that the community has had the resources to grow and thrive over the years.
This is why I’m beyond thrilled to announce that the Wireshark community now has a permanent home: the Wireshark Foundation. The foundation is a 501(c)(3) nonprofit and will host SharkFest, our developer and user conference, help to facilitate Wireshark’s development, and promote analysis and troubleshooting education.
The project leadership and I have been working on this for a long time, and many other people have generously given their time and expertise in order to make this happen. In particular I’d like to thank the following people for helping to make this a reality: the Wireshark core development team for providing much needed support and advice, and for making all of this possible.
What’s New In Wireshark 4.0?
Categories:
Announcement
Wireshark 4.0 was released today, and as you might have guessed from the version number, quite a few things have changed since 3.6. If you are a regular Wireshark user we recommend that you pay close attention to the release notes this time around, since it includes quite a few changes. I’ll cover some highlights here, but the release notes go into much greater detail.
Display Filter Changes 🔗Display filters are one of Wireshark’s defining features and 4.0 makes them more powerful and more consistent. These improvements give you more control over the way that multiple occurrences of the same field are handled, let you do arithmetic, and many other things.
First, let’s look at the way multiple field occurrences are handled. Suppose you want to filter on an IPv4 source address. Within Wireshark that means using the “ip.src” filter field. You might assume that the packets on your network have one IPv4 header and therefore one source address, but that’s not necessarily the case. You might be in an environment that uses some form of tunneling like GRE or one of the many VPN protocols, and even on simple networks ICMP errors carry the IPv4 header of the offending packet.