Wireshark: How Being Broke Inspired a Vibrant Open Source Community
It’s a good thing Gerald Combs didn’t have $80,000 to spend back in 1997. As a graduate student working for an ISP then, Combs needed a network packet analyzer to track down problems on the company’s network. But neither he nor the ISP could afford to spend $80,000 on a commercial offering like Network General’s Sniffer, and the open source alternatives didn’t meet his needs. So he did what “just made sense” and created Wireshark (then called Ethereal), which has become the world’s most popular network protocol analyzer.
Unlike most other open source projects, Wireshark immediately attracted outside contributions. Today Wireshark counts more than 600 contributors, but back in 1997, Combs was just trying to get his job done. In the process, he may have created the “perfect open source project,” as Combs’ friend and former colleague Loris Degioanni calls it.
Let’s look at why.
Of the Developer, for the Developer, by the Developer
Many open source projects strike it rich with users, lured by the promise of high-quality software at a low-budget price (read: free). These same projects, however, often struggle to find developers who will contribute code. Wireshark had the opposite problem.
As Combs said in a recent interview, “early on we had a critical mass of developers.” How quickly? Within a day or two of releasing the software, developers started to contribute to Wireshark and Combs says it’s been a steady stream ever since. As he describes it, this immediate interest stemmed from Wireshark filling a fundamental need to see what computers are saying to each other, and Wireshark happened to fill that need much better than early options.
“I didn’t really do any conscious marketing or promotion or anything,” Combs says. Instead, developers discovered Wireshark on Freshmeat, heard about it on Slashdot or elsewhere, and flocked to the project. Some of those early users, such as Gilbert Ramirez, Guy Harris, and Richard Sharpe, began contributing low-level dissectors (protocol parsers) and other missing functionality. Once the project added support for Windows around 2000, the dam burst for user adoption.
Throughout it all, one of the keys to Wireshark’s community success was that it was so easy for this early audience to not simply use the software, but also to improve it. Degioanni points out that Wireshark is peculiarly well-suited to community success because the user community is composed of developers. “If you’re really familiar with the ins and outs of the protocol, it’s probably because you’re some sort of developer,” Degioanni says. Additionally, those developers can work on their areas of the software in parallel.
As such, Combs says, it’s easy for a user/developer to take their knowledge about a protocol and then write a dissector for Wireshark, which has contributed to the growth of Wireshark’s breadth of capabilities in terms of analyzing different protocols.
“Each new dissector makes Wireshark incrementally more useful and grows our community a bit, which means more useful feedback for long-term developers,” Combs says. Today those contributions add up to somewhere between 2.5 and 3.5 million lines of code, depending on how you count it.
There’s another secret to Wireshark’s community success, and it’s somewhat at odds with the project’s name: kindness.
The Nicest Herd of Sharks You’ll Meet
“I love our community. It’s a very constructive community and people love helping each other out,” Combs says. “Something I picked up early on is that tone matters. Whatever tone you set as a leader of a project, that really matters, as far as how the community behaves and how it operates.”
Wireshark operates with an informal governance model, with contributions back “appreciated” but not demanded. Instead, the community suggests contributions benefit the contributor in the following ways:
- Other people who find your contributions useful will appreciate them, and you will know that you have helped people in the same way that the developers of Wireshark have helped you.
- The developers of Wireshark can further improve your changes or implement additional features on top of your code, which may also benefit you.
- The maintainers and developers of Wireshark will maintain your code, fixing it when API changes or other changes are made, and generally keeping it in tune with what is happening with Wireshark. So when Wireshark is updated (which is often), you can get a new Wireshark version from the website and your changes will already be included without any additional effort from you.
A key part of this community is Riverbed, a company that helps organizations improve network and application performance. While Riverbed doesn’t control the community, it has employed Combs since 2010 when it acquired his employer, CACE, and allows him to dedicate a significant portion of his time to helping guide the project. Riverbed also has helped to fund the infrastructure with which Wireshark builds the software. The project doesn’t yet run on GitHub or GitLab, but Combs and other developers are now actively working on this to update the infrastructure.
Open Source Made Sense
Combs never set out to make the world’s most popular protocol analyzer. “When you create an open source project and release it to the world, approval is nice and it’s good, but I had no idea what the extent would be,” Combs says. “Initially I needed to scratch an itch — I needed to solve a problem at work.” He says that he’d hoped people would find Wireshark useful, but he had no clue that it would become his job — in fact, his full-time job — for a long time.
Nor did he imagine that founding Wireshark would result in meeting a friendly, vibrant community. “It’s been a blast working with them,” he says.
At the heart of it all is open source. That part was never in doubt. When I asked Combs why he didn’t just create a personal project and keep it closed, he responded, “I had gotten so many benefits from using open source software that, for me at least, I just wanted to give back. It just made sense.”
Wireshark is released under the GNU General Public License version 2. Visit the Wireshark site to learn how you can get involved with its community.