I frickin love Wireshark. It is just the best.
It tells the truth.
I have never asked for a packet capture and been disappointed for having looked at the captured data. It doesn't always have the answers I am looking for, but I can't recall a time when reviewing data in Wireshark has led me astray.
I have often wished for the Wireshark review format for other data sources. My dream would be to have a Wireshark capture for Windows local process communications (LPC)
One of my favorite parts about Wireshark is the ease of contribution. Over the past 6 years I have submitted a handful of merge requests to their public Gitlab repository, and every time I do so it is a pleasant process.
To really emphasize how easy it is to contribute to, the first MR I supplied in 2021 was adding a brand-new parser to Wireshark. I wrote this before working a single day as a software engineer. At the time, I had never written any C or made any contribution to any Open-Source project and it was still a great experience! Long story short, If I need Wireshark to do something, I have confidence that I personally can get it there.
Caveat #
Windows development for Wireshark is not so great... It is a painful experience that I have really given up on. Anytime I need to contribute I typically do my development in WSL and use tshark to validate my changes.
I should probably create a Docker development container that I can use for something like this, but that is a job for another day.
Contributions: #
- Backport: kerberos: Add new IAKerb error codes to Kerberos asn1 files
- kerberos: Add IAKerb error codes to Kerberos asn1 files
- Add header-flags to IAKerb
- Add NTDS object sid to x509 ASN
- Add Microsoft Cluster Route Control Protocol (MSRCP)
Copyright © 2023 wanl.blue
