Gerald Combs is the original author and lead developer of the open-source, multi-platform, Wireshark network protocol analyzer. Combs works for CACE Technologies – a company which makes products that compliment Wireshark.  Today he mostly takes care of the administrative parts of the project but still does development as well, and he controls the version numbers and release schedule.

After ten years of development, Wireshark finally reached the milestone of a 1.0 release.  We speak to Mr. Combs in an interview below: 

NPD: So what is Wireshark?

Combs: Wireshark is a network protocol analyzer.  It’s kind of a traditional analyzer in that it’s a GUI that has three panes, the top pane shows a list of the packets captured off the wire, the middle pane a detail of whatever packet you have selected, and the bottom page shows the actual hex output – the bytes in the actual output.

NPD: Why did you decided to build Wireshark?

Combs: Years ago, I worked at a small ISP in the Midwest, and unfortunately, they couldn’t get me a Sniffer, which was the standard analyzer at the time, and of the products out there that were available, none of them ran on the platforms we used at the ISP – namely Solaris and Linux.  So I decided to sit down one day and start writing my own analyzer. 

I did the first release in July of 1998, and soon after started getting a steady stream of contributions from a bunch of really smart people.  After that, we built up a pretty good following of users.  And right now, Wireshark is the world’s most popular network protocol analyzer. 

NPD: Why did you decide to open-source the project?

Combs: I’d used open source software for a long time at that point.  Before then, I worked at a university and we made a lot of use of open source software.  It just made sense to me.  I wanted to give back to the community and it just seemed like a good way to go.  As it turned out, it was a great way to go, because Wireshark is appealing for a lot of people who write code for it.

NPD: Why has it taken ten years to reach Version 1.0? 

Combs: I just wasn’t comfortable until recently putting out the 1.0 release.  I’ve known for years - shortly after we made the initial release, people started using it in production environments.  And some people had trepidation because it wasn’t 1.0 yet.  But for the most part, people just didn’t care about the version number and they used it wherever they wanted to and wherever they needed to. 

But for me there were a number of features that were crucial and missing until recently that prevented me from putting a 1.0 stamp on it.  Probably the last one, one of the main ones, was privileged operation on Linux – getting it so that you could capture as root but run the GUI as non-root user. 

NPD: Have people come up to you and told you about how Wireshark helped them out?

Combs: I get e-mails from time to time from people, saying that I’ve helped them out.  I have some former coworkers that have mentioned that.  It’s actually pretty encouraging. 

We get a huge amount of code each month.  Between each release, we have 200,000 and a million lines of changes.  That’s just changes.  The actual source code is about 1.5 million lines now.  That’s a bigger job than I can do individually.  And luckily there are a bunch of smart and talented people that can help me with that.

NPD: What was the greatest challenge in developing Wireshark?

Combs: The greatest challenge is just the day-to-day maintenance, keeping the project going.  But several years ago, we had an initial push of fixing security bugs a while back and it was a huge undertaking. I just remember spending several months doing nothing but fixing these security bugs, and it was a big chore.   We have a huge codebase now, and unfortunately we just don’t have the resources to audit that.  But we have a lot of automated processes in place like fuzzing and static analysis that help us find those bugs. 

I can’t say this enough: Thank you to all the Wireshark developers out there and the user team – this has just been a great journey and it’s one that I hope to continue.