âCai Cai, the new employee entering the workforce,â is eager to use Java technology to change the world. Unexpectedly, she is troubled by network environment issues, so she holds her computer with high hopes to seek help from her operations and maintenance colleague.
Ops guru, can you help check what the problem is?
Itâs obviously a network issue, so why donât you capture a packet and take a look? Canât you capture packets?
After being looked down upon multiple times, Cai Caiâs anger grew, and she secretly made a resolution to deeply study Wireshark. She thought to herself, âOnce my skills are fully developed (learned), it will be the day I soar through the sky (resign).â
âCai Cai, who has been in the workplace for a long time,â after years of trials and tribulations, becomes an experienced senior system development expert (old hand).
If your project works perfectly fine in development and testing environments with third-party integration, but exhibits issues like Connection reset or Connection timeout in production, while the third party insists their environment is normal, what should you do?
Donât panic, I know a bit of Wireshark, which is great for handling all sorts of disputes and dissatisfactions.
If your project encounters a performance bottleneck, what aspects do you think it could be, and how should you solve the problem?
Personally, I believe performance bottlenecks stem from network environments, operating systems, and program code. If you truly want to solve the bottleneck, you should first pinpoint its location. Among the three factors, the simplest is the network environment. I often use Wireshark to assist in analysis, bulabula.
Not sure if this piques your interest enough? The scenarios mentioned above are likely something many developers have encountered. For Java developers like Cai Cai, Wireshark is primarily used to help quickly analyze network environment issues, thus holding solid evidence to refute third-party claims.
Hopefully, through the upcoming articles, you can easily master Wireshark.
This is a non-technical little story. However, as a Wireshark enthusiast, it is great to understand the past and present of this software. Who wouldnât want to tell an industry story during lunch with colleagues to appear both skilled in the business and having exquisite taste?
The story starts in the 1990s. Back then, the IT industry was thriving: Motorola was ambitiously executing the Iridium project; Googleâs two founders were in their landlordâs garage developing a search engine. Our protagonist, Gerald Combs, was an unknown young man. Like many engineers of that era, Gerald was technically skilled, passionate, and highly capable. He worked for an Internet service provider and often needed analysis software for assistance. However, such software was scarce, and a license cost $80,000. Even today, thatâs not a small amount in the U.S.
Unlike many of us, Gerald didnât download pirated software but decided to write one himself. He toiled alone for several months. We can still imagine the difficultiesâmost engineers, even after years in the field, still have only a superficial understanding of many network protocols, let alone developing software that can analyze protocols. An engineer proficient in multiple protocols and able to write good code is a rare feat. But Gerald humbly downplayed it, âI spent several months doing research and making notes.â By July 1998, the software was finally released. It offered this functionality: when you look at the network through it, itâs no longer meaningless 0s and 1s but comprehensible concise text. With its professional explanation, we can almost directly understand whatâs happening on the network. Previously hard-to-track issues became evident after it stepped in. It also provided authoritative analysis reports, such as retransmission rate statistics, response times, and conversation lists, freeing network administrators overwhelmed by burdens, allowing them to focus on other matters.
Gerald named this software Ethereal, representing its function of uncovering Ethernetâs truths. The codeâs copyright naturally belonged to Gerald, while his company, NIS (Network Integration Services), owned the Ethereal trademark. At the time, no one anticipated this ownership would spark a controversy years later. Because Ethereal was so well-written and released under the GNU GPL open-source license, developers around the world participated in the project. Before long, it covered most of the worldâs communication protocols and became a popular network analysis software. It could be used in teaching; if a network teacher used it to assist in class, it would greatly increase student interest. It could also assist in development and testing, becoming a great tool for debugging network programs. Of course, its greatest use remained in diagnosing problems; from the data link layer to the application layer, wherever the network was involved, it found its application. Remarkably, Gerald never intended to profit from it; it is still entirely free today, allowing every willing engineer to benefit.
The changes in the world often exceed our imagination, especially in the IT industry. In a few years, the Iridium project completely collapsed; Google became the largest internet company. Only Gerald remained unchanged, diligently maintaining Ethereal. Every month, new protocols appeared, and existing ones launched new versions, keeping him perennially busy. There was only one renaming incident: in 2006, he left NIS to join CACE. Due to unresolved trademark issues over Ethereal with his former employer, Gerald renamed the project to Wireshark. From then on, the widely popular Ethereal project was retired, leaving only the www.ethereal.com domain. We can still visit it today, but it redirects to a company called AOS. Why not redirect to NIS? Because NIS was merged into AOS in 2011.
Wireshark has continued Etherealâs success, and now thousands of developers follow Gerald. An annual four-day Sharkfest conference is held. In 2011, Wireshark ranked first on SecTools, and in 2012, it was rated âNo. 1 Packet Sniffersâ by Insecure.org. American technical writers began authoring books on it, and Chinese publishers were importing it (such as the publication of âWireshark Network Analysis Practiceâ 2nd Edition by Peopleâs Posts and Telecommunications Publishing House). Notably, CACE was later acquired by Riverbed, making Riverbed a sponsor of the Wireshark project. Many Chinese engineers might feel Riverbed is unknown, but they wouldnât be unfamiliar with the tcpdump command commonly used in Linux. One of the tcpdump developers, Steve McCanne, is the CTO of Riverbed. WinPcapâs developer, Loris Degioanni, also worked at Riverbed. It seems fate brought pioneers in the field of network detection together at Riverbed. We salute Riverbed; thanks to these great tools, we can probe the secrets of the network.
Gerald recently announced on Twitter, âWireshark is, and will always be open source.â Even if Wireshark were no longer open source, it wouldnât erase his achievements. Heroes who change the world can lead a successful company like Jobs or create a legacy like Gerald. Their accomplishments will be engraved on the monument of IT history.
Story adapted from âWireshark Network Analysis Made Simpleâ
To do a good job, one must first sharpen their tools. Visit the official website to download, and choose the version that suits your operating system.
Download link: https://www.wireshark.org/download.html
This initial Wireshark sharing ends here. Thereâs no practical content this time, primarily to get to know Wireshark initially. Upcoming articles will focus on Wireshark practical use. Stay tuned.