WEBVTT

00:00.000 --> 00:06.500
Probably time to get started.

00:06.500 --> 00:14.000
I'm Gerald Cummins, the creator and lead developer of Wireshark.

00:14.000 --> 00:19.000
Also, we're a bunch of other hats including working in System and part of the Wireshark

00:19.000 --> 00:20.000
Foundation.

00:20.000 --> 00:26.000
Early on in my career, I worked in an ISP where I accidentally deleted the candidacy

00:26.000 --> 00:28.000
website.

00:28.000 --> 00:31.000
I thought I'd mention that since they're going to be in the Super Bowl soon.

00:31.000 --> 00:36.000
But that also goes into what I did at that ISP.

00:36.000 --> 00:40.000
At that ISP, we had a bunch of big-name clients like the Chiefs in AT&T and Apple

00:40.000 --> 00:42.000
and a few other big companies.

00:42.000 --> 00:48.000
And I needed to support them as best I could and make sure that network was reliable.

00:48.000 --> 00:53.000
And at a previous job I worked at a university where we had a sniffer,

00:53.000 --> 00:56.000
which was this thing made by network general.

00:56.000 --> 01:01.000
It was this huge piece of gear that was about as cost about as much as a luxury car.

01:01.000 --> 01:04.000
And I would lug it around the campus and plug it in and troubleshoot the network.

01:04.000 --> 01:06.000
And I didn't have this at that ISP.

01:06.000 --> 01:10.000
And every time I asked for a sniffer, they said, no.

01:10.000 --> 01:12.000
Because it just wasn't in the budget.

01:12.000 --> 01:17.000
Plus, I think the executives probably wondered why I wanted this thing that cost as much of their car.

01:17.000 --> 01:22.000
But I finally broke down and said, fine, I'll see if I can write my own protocol

01:22.000 --> 01:25.000
analyzer and just seem like the thing to do.

01:25.000 --> 01:30.000
And at that point I'd used open source quite a bit in my career and thought,

01:30.000 --> 01:34.000
well, that would be a good way to give back to the open source community

01:34.000 --> 01:37.000
because I had benefited from all this software that other people had written.

01:37.000 --> 01:42.000
And so that kind of crystallized into the original goal and writing what was back then a

01:42.000 --> 01:47.000
thrill, which we remember later renamed to Wireshark.

01:47.000 --> 01:53.000
And as you can see, that was the original goal of the project.

01:53.000 --> 01:59.000
Now to get going on the project, you had to remember this was in 1998.

01:59.000 --> 02:01.000
This was before GitHub.

02:01.000 --> 02:02.000
This was before GitLab.

02:02.000 --> 02:07.000
This was before source forge, which was, I don't know if it would be remembered that even.

02:07.000 --> 02:13.000
But you can, okay, you're giving away the fact that you're old.

02:13.000 --> 02:19.000
So I went on this brand new, I guarantee it was brand new website called eBay.

02:19.000 --> 02:27.000
And I bought a server and installed a bunch of software to be able to host this project.

02:27.000 --> 02:32.000
And as you saw the title, the talk was Wireshark Eology and it wouldn't be a good

02:32.000 --> 02:35.000
archeology presentation without a relic.

02:35.000 --> 02:49.000
Is it not adorable that you just want to give it a hug?

02:49.000 --> 02:54.000
But in order to host the project, like I said, you kind of had to do everything yourself.

02:54.000 --> 03:00.000
And so I would go around to different ISPs around town because I knew had a lot of friends that worked at these different ISPs.

03:00.000 --> 03:03.000
And I would trade consulting time for hosting.

03:03.000 --> 03:08.000
And that works, I don't know, for about three or six months.

03:08.000 --> 03:14.000
And veryably, I get a call from whoever was hosting the box at the time and they'd say, look, we're being acquired.

03:14.000 --> 03:18.000
And right now we're doing inventory and your box cannot be on inventory.

03:18.000 --> 03:20.000
You had to come and get it.

03:20.000 --> 03:29.000
So on at least two occasions I transported this under the cover of darkness from an ISP to another to make sure that we had continuous coverage for the box.

03:29.000 --> 03:38.000
So at the same time, and I'm going to point to some people here and say it's their fault.

03:38.000 --> 03:40.000
But at the same time, the project was growing.

03:40.000 --> 03:44.000
I kept getting contributions from people around the world.

03:44.000 --> 03:47.000
And so my job was to kind of keep up with them.

03:47.000 --> 03:52.000
And so the original goal expanded.

03:52.000 --> 03:58.000
It went from supporting just Linux and Solaris, which were, you know, the OSIS that I ran at work to supporting

03:58.000 --> 04:01.000
other un-exoperating systems.

04:01.000 --> 04:06.000
And then there were these two grad students in Italy.

04:06.000 --> 04:10.000
I mean, there's Dijonian Jean-Luc of Brittany, who developed this thing called Win Peacap.

04:10.000 --> 04:13.000
And that let you do pack a capture on Windows.

04:13.000 --> 04:16.000
And so suddenly we had a whole bunch of Windows users.

04:16.000 --> 04:18.000
And the project really grew at that point.

04:18.000 --> 04:23.000
I mean, that was instrumental in making sure that everybody could use the three of them.

04:23.000 --> 04:26.000
And later on, we added support for Mac OS.

04:26.000 --> 04:29.000
And so as you can see, the goal keeps growing and growing and growing.

04:29.000 --> 04:35.000
And due to the nature of the application, you know, you have to know about protocols and how they work.

04:35.000 --> 04:37.000
And in order to use a protocol analyzer effectively.

04:37.000 --> 04:40.000
And so our community grew to include educators.

04:40.000 --> 04:45.000
And a whole bunch of other people and students in security researchers on and on and on and on.

04:45.000 --> 04:50.000
And so it kind of crystallized that down again.

04:50.000 --> 04:54.000
The goal evolved into helping as many people as possible.

04:54.000 --> 05:01.000
And you know, that's kind of been the goal for the project for a very long time.

05:01.000 --> 05:05.000
To get to that goal, you have to do a lot of things.

05:05.000 --> 05:12.000
You have to ensure that the developers have the tools they need to develop and contribute to the project.

05:12.000 --> 05:17.000
You need to make sure that the application is easy to obtain and install.

05:17.000 --> 05:22.000
You know, something that I've always tried to pay attention to throughout the life of the project is.

05:22.000 --> 05:28.000
You know, how easy or difficult is it if starting from zero and going to the website and getting you know,

05:28.000 --> 05:33.000
how easy or difficult is it to go from there to having packets in front of your face.

05:33.000 --> 05:37.000
And so that includes things like code signing certificates.

05:37.000 --> 05:44.000
You know, you don't want to download this thing and have your operating system complain that it's not secure and you can install it.

05:44.000 --> 05:48.000
So that's a lot of stuff that I have to pay attention to.

05:48.000 --> 05:55.000
And again, you have to make sure the community has access to educational resources just due to the nature of being a protocol analyzer.

05:55.000 --> 05:59.000
So to get to that goal, you ultimately need a business model.

05:59.000 --> 06:06.000
And you know, the previous presentation talked about the business model that used for Sir Codden and ours is kind of similar.

06:06.000 --> 06:14.000
I originally started out as you can see with this box having no business model, which if you can get away with that, that's the best thing to do.

06:14.000 --> 06:21.000
Nowadays, it's really easy. You just go to get how we get lab and throw your project on the server and and you're done.

06:21.000 --> 06:28.000
The thing to keep in mind about getting up and get lab though is the services they offer are services they can automate.

06:28.000 --> 06:31.000
Services that can throw compute that.

06:31.000 --> 06:38.000
Get up and get lab have, you know, buttons that let you open a polar quest or a merger quest or open up an issue.

06:38.000 --> 06:43.000
They don't have buttons that connect you to a lawyer or an accountant and that's very important at least in our case.

06:43.000 --> 06:47.000
So, you know, that's something they had to take care of.

06:47.000 --> 06:57.000
And so the model that we ultimately, initially went with was something I call corporate overlord or just asked my boss to back in host the box where I work and that's what I went with initially.

06:57.000 --> 07:00.000
And that's probably the second easiest model.

07:00.000 --> 07:03.000
And it's one that we stuck with for a very long time.

07:03.000 --> 07:08.000
Originally, we had a corporate sponsor named network integration services and that's when we were still ethereal.

07:08.000 --> 07:11.000
A little while later on.

07:12.000 --> 07:18.000
I don't want to give Windows XP a lot of credit here, but but they do deserve some credit.

07:18.000 --> 07:25.000
Windows XP was instrumental in a serial becoming wire shark because Windows XP had such terrible wireless drivers.

07:25.000 --> 07:30.000
In the middle of the 2000s.

07:30.000 --> 07:40.000
In the middle of the 2011 was getting very, very popular and very, you know, it was everywhere but it wasn't very reliable and we have a bunch of users because of one pcap.

07:40.000 --> 07:45.000
On Windows who are saying, you know, I want to capture on Windows, but I can't.

07:45.000 --> 07:49.000
What would happen is you fire up the serial.

07:49.000 --> 07:54.000
Try to pick your wireless driver into monitor mode and it would shut down.

07:54.000 --> 07:57.000
Which, you know, that's not useful behavior.

07:57.000 --> 08:04.000
So, I send an email to the developers of one pcap and at that time they started a company called case technologies.

08:04.000 --> 08:13.000
And, you know, we went back and forth a few times and it ultimately developed something called, well, I say, we, but it was lorys.

08:13.000 --> 08:21.000
He developed something called air pcap, which was this little dedicated USB wireless adapter that let you capture packets at the same time.

08:21.000 --> 08:28.000
After I went and joined case technologies, I had to leave the name, a serial behind because network integration services on that trademark.

08:28.000 --> 08:31.000
And so that's how we became more a shark.

08:31.000 --> 08:44.000
A lot of other stuff happened to case we started up shark fest, which is our developer and user conference and we're able to expand our educational initiatives and teach people how to analyze protocols.

08:44.000 --> 08:57.000
We did so well at case that a company called a riverbed acquired us and then maybe came our corporate overlord and a few years later, Lori founded another company called system and I joined system in 2021.

08:57.000 --> 09:06.000
So, as convenient as your employer funding your project is, you have to keep in mind, you're probably going to run into a couple of single points of failure.

09:06.000 --> 09:22.000
One big single point of failure was me on the Linux side, I remember they used the term bus factor, but the problem there was that I was typically the only person employed at that company who was also working on the project.

09:22.000 --> 09:31.000
So I was the only one legalized, authorized to go purchase services, I was the only person who was able to do a lot of stuff like that.

09:31.000 --> 09:42.000
And that was a concern that built up over time. Another concern is that if you have only one entity funding your project, you kind of run into financial risks.

09:42.000 --> 09:55.000
The worry I've always had and I don't want, I mean, well fine. The worry I always had was okay, what if we get bot bot Oracle? What happens then?

09:55.000 --> 10:01.000
So, I mean, I'm in a room full of networking people, what do you do with single points of failure? You get rid of them.

10:01.000 --> 10:14.000
And so that's what we worked on. We looked at a couple of options. The first one we looked at was joining an umbrella organization and there are a lot of great umbrellas out there.

10:14.000 --> 10:28.000
But they, early I mentioned that having labed don't connect to lawyers and that's what umbrellas do. They provide services that involve that require humans.

10:28.000 --> 10:36.000
They can do accounting for you. They can provide IP, bot legal services. And they can be a great choice.

10:36.000 --> 10:43.000
And if your project is of a certain size that needs the sort of thing, I do recommend that you look into an umbrella.

10:43.000 --> 10:49.000
Our problem was we already had our own organization. We had a team of people that did our conferences.

10:49.000 --> 11:01.000
And so, you know, once we had that in place, we kind of didn't fit well with all the umbrellas that we've talked to. So, we finally came to our last option for a business model.

11:01.000 --> 11:04.000
And I'll throw up this quote here.

11:04.000 --> 11:06.000
I love this quote, but it's not real.

11:06.000 --> 11:10.000
Winston Churchill never said this, but he gets credit for it.

11:10.000 --> 11:17.000
But after exhausting all of our possibilities, we said fine. We're going to start up our own nonprofit.

11:17.000 --> 11:24.000
And that's what we did. We, with the help of cystig, set up the Wireshark Foundation.

11:24.000 --> 11:35.000
And this is the, you know, the first part of the letter just to explain what's going on here.

11:35.000 --> 11:43.000
Especially since I'm in Europe, I should explain that the letters and numbers at the top 501c3, that's a section of the US tax code.

11:43.000 --> 11:50.000
That's the section that says, all right, if your organization operates under these rules, then we can designate you as a nonprofit.

11:50.000 --> 11:57.000
And that means that people can donate money to you and get tax benefits from that and things like that.

11:57.000 --> 12:04.000
But just, this is just to say that the Wireshark Foundation is set up as a public benefit corporation as a nonprofit.

12:04.000 --> 12:09.000
And that's what we used to support the Wireshark project now.

12:09.000 --> 12:14.000
But in my work at cystig, since we're kind of expanding into system calls and logs and stuff,

12:14.000 --> 12:20.000
that original goal has expanded just a little bit to, you know, from helping people, as many people as possible,

12:20.000 --> 12:25.000
understand their networks as much as possible to throwing end systems in there.

12:25.000 --> 12:33.000
And so, one of the things I'm really excited about is what I'm working on right now, a strider shark.

12:33.000 --> 12:42.000
So, as the future direction of the project, we've kind of expanded out into looking beyond network packets and doing deep analysis of systems.

12:42.000 --> 12:45.000
You know, at the system call level and at the log level.

12:45.000 --> 12:51.000
So, you know, since you're all networkers, maybe you don't care about system calls, but I'm sure you have a gear that generates logs.

12:51.000 --> 12:54.000
And so, you can pull those logs into strider shark.

12:54.000 --> 12:58.000
We also have some other stuff that I can announce yet, sorry.

12:58.000 --> 13:03.000
But, you know, keep an eye out for some announcements in the next few minutes.

13:03.000 --> 13:12.000
So, as a bit of thanks, and I always try to do this at every talk, I have to say that, you know, Wireshark is a great and wonderful thing,

13:12.000 --> 13:14.000
but it's not because of me.

13:14.000 --> 13:20.000
It's especially because of this group, because of all the networks out there that contribute to the project,

13:20.000 --> 13:25.000
either, you know, it's a writing code or through education, or just being a user of this project that's really useful.

13:26.000 --> 13:28.000
So, I can't thank you enough.

13:28.000 --> 13:29.000
Thanks.

13:42.000 --> 13:43.000
Any questions?

13:50.000 --> 13:54.000
No, the spark station has no power supply at the moment, so.

13:55.000 --> 13:59.000
Any other questions?

13:59.000 --> 14:04.000
My presentation wasn't that complete.

14:04.000 --> 14:05.000
I mean, come on.

14:18.000 --> 14:23.000
Just for sake of interest, now that you're pivoting into looking deeper into systems and logs,

14:23.000 --> 14:32.000
or you worry that the original mission of Wireshark will change and what implications it has for you.

14:32.000 --> 14:38.000
Because of my position, I worry about everything all the time.

14:38.000 --> 14:42.000
But that was kind of a concern.

14:42.000 --> 14:49.000
In a way, I'm not, you know, Wireshark is still Wireshark, and we still have this wonderful community.

14:49.000 --> 14:52.000
It's just that we're kind of growing that community.

14:52.000 --> 14:54.000
At least that's the way I look at it.

14:54.000 --> 14:56.000
But that's a very good question.

15:04.000 --> 15:14.000
How did you navigate any friction that happened by transferring, like, from one company to another, moving from a company to another,

15:14.000 --> 15:18.000
just moving the Wireshark team around, how was that for you?

15:18.000 --> 15:21.000
Was there any friction in that for difficulties?

15:21.000 --> 15:29.000
Probably, well, the big friction was when I moved to case technologies and changed the name.

15:29.000 --> 15:34.000
You know, everybody, the news at the time was that, you know, there was a new fork of the material, and I'm thinking it's not a fork.

15:34.000 --> 15:35.000
We just changed the name.

15:35.000 --> 15:42.000
I mean, seriously, when I said that I was moving to case, the, I was freaking out internally.

15:42.000 --> 15:48.000
I had a newborn daughter at the time, and I was figuring out the parking go, okay, what am I doing here?

15:48.000 --> 15:55.000
But to their credit, the development community, especially the court development team, their response was, okay, where's the new repository?

15:55.000 --> 15:56.000
Let's go.

15:56.000 --> 16:01.000
And, you know, I got a lot of support from the community, which I'm grateful for.

16:01.000 --> 16:03.000
Thank you very much.

16:07.000 --> 16:14.000
How did you make sure that another company said you worked for claimed ownership of the project, and basically stole it underneath you?

16:14.000 --> 16:15.000
I'm sorry.

16:15.000 --> 16:20.000
How did you make sure that all of the companies that you worked for with Wireshark?

16:20.000 --> 16:26.000
How to make sure that I didn't own, sorry, claim ownership of the project?

16:26.000 --> 16:30.000
I, again, that goes to the development team.

16:30.000 --> 16:36.000
They, you know, were very great at supporting me as an individual leading the project.

16:36.000 --> 16:43.000
And so, you know, that plus the fact that it's, you know, released under the GPL, you know, you can't really steal the GPL.

16:44.000 --> 16:47.000
At least not, you know, effectively or legally or easily.

16:47.000 --> 16:58.000
So, it, I mean, if the company really wanted to have taken control of the project at various points, I'm sure they probably could have that, fortunately for us that didn't work out the way.

16:58.000 --> 16:59.000
Thank you.

17:06.000 --> 17:09.000
Thank you for a wonderful presentation.

17:09.000 --> 17:21.000
Regarding the system call tracing, are you right now targeting more unique like operating systems or windows side of things too?

17:21.000 --> 17:25.000
Right now, we only support this call tracing on Linux.

17:25.000 --> 17:30.000
Just due to the fact that you can write a kernel model and bring an EPS, EBPF.

17:30.000 --> 17:42.000
And we, you know, having windows system call tracing and macOS system call tracing would be very useful, but I don't know when that might happen.

17:42.000 --> 17:43.000
Thank you.

17:49.000 --> 17:54.000
I've been using wire shark for many years when it's still at the old name.

17:54.000 --> 18:02.000
All is amazed by the amount of protocols you support, but DIA still have protocols that need a lot of help and love because we're here with a lot of developers.

18:02.000 --> 18:04.000
Someone might be able to contribute.

18:04.000 --> 18:07.000
I, you're right.

18:07.000 --> 18:13.000
I mean, we're always need, we always need support for new and different protocols.

18:13.000 --> 18:18.000
So, if you would like to contribute, we have some of the core developers here if you want to talk to them.

18:24.000 --> 18:34.000
First of all, thank you for the great talk.

18:34.000 --> 18:44.000
Since you mentioned you needed this kind of access to lawyers and accountants, but was there ever a need to press that hypothetical lawyer button?

18:44.000 --> 18:49.000
There's kind of a continued need.

18:49.000 --> 18:54.000
You know, people want to use the trademark for, say, a book or, you know, some other publication.

18:54.000 --> 18:59.000
You know, we need to enter a agreement with them to do that if they want to use the logo and things like that.

18:59.000 --> 19:06.000
So, you know, it's not like we've had to run to the lawyer for some sort of emergency where we need to, you know, enter litigation.

19:06.000 --> 19:21.000
But there's all, there are content, you know, there's a continuous need for just business agreements and that's where the legal help comes in.

19:21.000 --> 19:22.000
All right.

19:22.000 --> 19:23.000
Cool.

19:23.000 --> 19:24.000
Thank you very much.

19:24.000 --> 19:27.000
Thanks.

19:36.000 --> 19:42.000
Thank you very much.