Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.

Submission Preview

Link to Story

Wireshark 2.0: Now with Qt

Accepted submission by Phoenix666 at 2015-12-18 16:14:44
Software

Phoenix666 [soylentnews.org] writes:

The headline feature for Wireshark 2.0, which was released [wireshark.org] on November 18, is the switch away from GTK+ and to the Qt framework, but there is more to it than just that. The bulk of the changes to Wireshark [wireshark.org]—the venerable free-software network packet sniffer that started out as Ethereal in 1998—come under the heading of user-interface improvements, but that leads to some improved functionality as well.
...
At its core, Wireshark provides a way for users to capture packets on the local network [lwn.net], then to display them for analysis. The basic three-pane display, with a pane for a list of packets captured (i.e. the "Packet List" pane) and two that show details of the currently selected packet, looks much the same. The packet-specific panes show a decoded version of the packet that splits out various fields in it (Packet Details), while the other shows a hex and ASCII version of the packet (Packet Bytes). There is also a toolbar, display filter entry box, and a menu at the top (as seen at right for 2.0.0rc2 from Combs's post).

  There are some things that have changed in the analysis interface, however. Packets related to the one selected in the packet list now have icons to indicate that status. For example, DNS requests and replies have left and right arrows and TCP packets that have been acknowledged have a check mark next to them. In addition, the packet list scrollbar shows a "minimap" of the color of packets nearby in the list—similar to the minimaps in modern text editors. When combined with rules that display different types of packets in various colors, it can help find more interesting portions of the captured packets. The minimap from the screen shot above can be seen at left.

In a webinar [YouTube] [youtube.com] given on November 12, Combs and Laura Chappell demonstrate some of the features in the new interface. Many things have been streamlined in the Qt-based interface, they said. But, the GTK+ interface will still be supported until the next stable release, which will be 2.2—odd minor numbers are for development releases.

Some of the examples shown in the webinar were things like an improved interface to choose a saved filter to apply to a capture. Previously that required bringing up a separate window that listed all of the saved filters to choose from; now that can be done directly from a menu just to the left of the filter entry box in the main window. Hiding and showing columns in the packet list can also be chosen directly from a menu that comes up when right-clicking the column headings. The interface for setting coloring rules has also been improved so that colors can be chosen from a "picker" rather than having to enter color names.

Original Submission