Wireshark Is Now Twenty
Categories:
Uncategorized
Twenty years ago today I announced Ethereal 0.2.0, which marks the first public release of what is now Wireshark. The release was an attempt at two things: to create an interactive protocol analyzer for Linux and Solaris so that I could do my job better, and to give back to the open source community. As it turns out the second goal had a huge effect on the first one. After the initial release developer and user communities quickly formed. Different people had different goals such as support for other platforms and protocols, troubleshooting in specific environments, education, product development, network forensics, and so on. After a while things settled down to a single goal:
To help as many people as possible understand their networks as much as possible.
As goals go that’s pretty broad and implies a lot of work. Open source project hosting services didn’t exist in 1998 so in the olden days we pretty much ate sand. For example, I made thirty releases in the first year. Twenty of them were first two months. That’s because I was our revision control system1.
The Cloudflare Incident And Its Impact On Wireshark.org
Cloudflare recently announced a security incident that potentially impacts anyone who visited various wireshark.org and winpcap.org sites for the past six months.
What happened? 🔗Cloudflare is a popular service that provides content delivery, DDoS protection and DNS services for web sites.
A software bug Cloudflare’s servers leaked potentially sensitive information. Some of that information ended up in caches all over the Internet. At Google, Microsoft, your ISP, your company’s or university’s proxy servers, and elsewhere. Due to the randomness and distributed nature of the bug, it’s difficult to know what the full impact is. Cloudflare provides the following estimate:
“The greatest period of impact was from February 13 and February 18 with around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulting in memory leakage (that’s about 0.00003% of requests).”
The bug was introduced on September 22, 2016 and fixed on February 18th, 2017.
The Google Project Zero bug describing the issue in detail can be found at https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
Cloudflare’s incident report can be found at https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
The initial Hacker News discussion can be found at https://news.ycombinator.com/item?id=13718752
Was Wireshark affected?
Getting Ready for SharkFest ’16
Categories:
Announcement
The week leading up to SharkFest is always a busy and hectic time around here, but it’s also exciting. I can’t wait to see everyone, and the talks and labs this year promise to continue our tradition of imparting protocol analysis knowledge and insight.
If you’re sill unsure about attending, perhaps this list of reasons for attending that Laura Chappell recently posted will sway you:
1. Gerald Combs and the Wireshark Developers
Gerald Combs, the creator of Wireshark (formerly Ethereal), and many of the core developers will be there actually working on the code in the Developer’s Den. They will be presenting many of the sessions, joining in on the social events (they are a fun group!) and sharing tips and techniques to improve your analysis process.
2. Wireshark Experts as Presenters and Varied Content Levels
There is no dispute that the presenters at SharkFest are the world-authorities on troubleshooting, security analysis, and network optimization. These are the folks who live in the world at packet-level and can spot a rogue packet at 50 paces! Through a variety of introductory through advanced lectures and hands-on labs, these presenters will show you some hot Wireshark techniques to speed up your time to resolution.
Recent Posts
- Those Aren't Packets: How Stratoshark Brings the Power of Wireshark to the Cloud
- What’s New In Wireshark 4.4?
- From Network Packets to Log Data: How Logray built upon Falco’s foundation
- The evolution of system introspection from BPF to Wireshark to Falco
- Wireshark Is 25: The email that started it all and the lessons learned along the way