Wireshark Switches To Qt

An anonymous reader writes "Beginning with version 1.11.0, open source packet analyzer Wireshark is switching its user interface library from GTK+ to Qt. 'Both libraries make it easy for developers [to] write applications that will run on different platforms without having to rewrite a lot of code. GTK+ has had a huge impact on the way Wireshark looks and feels and on its popularity but it doesn't cover our supported platforms as effectively as it should and the situation is getting worse as time goes on.'"

Meh

[MBGMorden]

I can't say that I really mind. I like to try to use mostly GTK based apps but it still falls down to the quality of the app. I use qBittorrent as my Torrent client because it works better than Deluge or any other GTK client I've found. Particularly when set to the same theme QT is just fine.

Re:Meh

[intermodal]

The quality of applications is all I've come to care about. I used to be the same about trying to use GTK, but I just can't bring myself to ditch a superior program for an inferior one just because of which toolkit they use. License for their code? Sure. GTK vs QT? Meh.

Re:Meh

GTK is not called the Gay ToolKit for nothing!

Re:Meh

[larry+bagina]

ahem, that's GIMP ToolKit. Not all gimps are gay.

There goes another one

[krkhan]

VLC, Maemo, TwimGo, LXDE; I for one would like to see a future where GIMP is the only major application left using GTK. Poetic justice.

Re:There goes another one

I really want to see gimp ported to Qt. That would be hilarious. We could call it qtImp, pronounced "cute imp."

Re:There goes another one

[K.+S.+Kyosuke]

Replace the interface, and then replace the imaging kernel. What remains?

Re:There goes another one

[X0563511]

GIMP isn't named GIMP because it used GTK.

Re:There goes another one

[doti]

It's just the opposite. GTK is named after GIMP.

GIMP is GNU Image Manipulation Program

GTK is GIMP ToolKit

Re:There goes another one

[K.+S.+Kyosuke]

They'd have to rename it to Nobody's ToolKit...?

Re:There goes another one

[geminidomino]

Not the guy who said it originally, but I think that would be the lion's share of the hilarity he mentioned.

Re:There goes another one

Gnome ToolKit?

Re:There goes another one

[binarylarry]

He'll switch when Microsoft does.

Re:There goes another one

[dbIII]

That was my feeling in the early days of gnome when their fuckups meant that gimp would no longer compile. They did improve.

Re:Is gnome loosing?

[barlevg]

What exactly are you concerned about them loosing? Maybe some horrible monster they've been keeping in their basement? Or a bio-genetic plague?

Re:Is gnome loosing?

[kpsimm]

loosing? really?

Props to all sticking it out and trying Qt out!

[Dino]

This is a big win for the Qt ecosystem. Between KDE libraries reworked into portable Qt modules and official iOS and Android support even with support from Digia-- Qt is gaining momentum. They even managed to survive being gobbled by Nokia, then being sold to Digia-- it has been a bumpy ride.

I recently tried out the latest Kubuntu and have been loving it installed on an old Dell D410 (12inch, 1.8Ghz SC Pentium, 1.5G RAM) laptop and it runs well and does everything I need (which in this case is Qt related application development :-)

Re:Props to all sticking it out and trying Qt out!

[TopherC]

You're running Kubuntu 13.10? How is it so far?

I've long enjoyed KDE and pyqt programming. It's nice to see the underlying library move forward so successfully. I've found that, at least with pyqt, the QT libraries are rather large to ship around. I hope this doesn't increase the size of wireshark too much. It's nice to be able to easily install and run it on platforms like raspbian.

Re:Props to all sticking it out and trying Qt out!

[Dimwit]

Someone really needs to explain the appeal of Kubuntu and KDE to me. I just don't get it. It's so *busy*: everything is huge with glowing drop shadows and spinning cursors and animations everywhere. It's also the only desktop environment I've ever sat down at that I couldn't just use immediately - I tried "creating an activity" and was left with a completely blank desktop, not even any panels or anything. There may have been keyboard shortcuts to get out of that situation, but I didn't know them and shouldn't have had to. I tried creating another activity later and the session segfaulted. This was a release version, not a beta or something.

I really want to like KDE, truly. I used KDE on FreeBSD for years, but eventually moved over to CDE on Solaris and then GNOME on Linux. I tried going back to KDE with Kubuntu 13.04 and had the above experience. So someone, please explain what KDE offers that I don't get through GNOME, Unity, XFCE, or Razor...

Re:Props to all sticking it out and trying Qt out!

[Dino]

Activities are just workspaces. They might offer a little more customization than a workspace-- but that's all they are.

I used XFCE for many years on this same machine-- without compliant. What I liked about KDE is that it ran as well as XFCE and came with everything I needed for Qt development. Also I don't need to double-load application frameworks. Iv'e been able to use KDE or pure Qt apps for everything I need.

As for drop-shadows, bouncy cursors and business-- that's both accepted and came be done tastefully. (**Cough** Unity **Cough) Like any environment, customization is both available and desirable. IMHO it was easier for me to get KDE where I wanted then Unity or XFCE

Re:Props to all sticking it out and trying Qt out!

[countach74]

Haha yeah those glowing drop shadows are hideous. Thank goodness we're not stuck with them. The great thing about KDE is it's extremely customizable and actually rather performant, considering how all-encompassing it is.

Re:Props to all sticking it out and trying Qt out!

[game+kid]

It's probably due in part to the whole KDE Free Qt thing. It keeps Qt free in the event Qt isn't...um...kept free. It's pretty nice.

Re:Props to all sticking it out and trying Qt out!

[richlv]

Someone really needs to explain the appeal of Kubuntu and KDE to me. I just don't get it. It's so *busy*: everything is huge with glowing drop shadows and spinning cursors and animations everywhere.

hmm. i stare at the animations a couple of days after my first install, then disable them all :)

It's also the only desktop environment I've ever sat down at that I couldn't just use immediately - I tried "creating an activity" and was left with a completely blank desktop, not even any panels or anything. There may have been keyboard shortcuts to get out of that situation, but I didn't know them and shouldn't have had to.

i'll admit that as a kde user since kde 2 (and it being my primary platform since kde 3.0), i do not use activities. i kinda understand the concept, but don't fully embrace it. the great thing is that i don't have to use them ;)

GTK+ is ugly.

There you go, "Gnome" with all your bullshit misunderstanding of how a GUI is intended to look like. Go Qt!

Re:Is gnome loosing?

[RabidReindeer]

What exactly are you concerned about them loosing? Maybe some horrible monster they've been keeping in their basement? Or a bio-genetic plague?

Why can't you just tow the line and give him free reign? It passed the spell checker, isn't that all that counts?

Gnome tool kit

[caseih]

Gtk used to stand for the gimp toolkit, but more and more it's the gnome toolkit. I wouldn't be surprised to see it merged into the gnome framework entirely at and future date. Even the mailing list is now renamed to gnome-list.

It's still a great toolkit, and still somewhat cross-platform. It's still being actively worked on on Windows and Mac osx. But with the focus mainly on gnome and Linux (gnome 3 has little support for other platforms now) they are not as advanced or stable ports.

I think wireshark's move to qt is a good one. Will definitely lead to better apps on Windows and Mac.

Re:Gnome tool kit

[kthreadd]

Gtk used to stand for the gimp toolkit, but more and more it's the gnome toolkit. I wouldn't be surprised to see it merged into the gnome framework entirely at and future date. Even the mailing list is now renamed to gnome-list.

They did? I still receive email to gtk-list.

Re:Gnome tool kit

[Darinbob]

Well with GTK+ being cross platform, Wireshark on MacOS still required using the X Windows interface. So will the move to Qt finally make it a native app?

Re:Gnome tool kit

[Guy+Harris]

Well with GTK+ being cross platform, Wireshark on MacOS still required using the X Windows interface. So will the move to Qt finally make it a native app?

It will make it an app that doesn't use X11 on OS X.

It won't make it an all-Cocoa app (although it will, modulo issues with QtMacExtras, use the native toolbar widget, at least, and, time permitting, it'll use the native file dialog sheets rather than the definitely-doesn't-look-like-OS-X Qt file dialog).

It won't be sufficient to make it an app following the OS X "one process for all open windows" model; that would require, for example, replacing all the static variables holding dissection state with per-open-file variables (doable, but a fair bit of work). Whether that will be done for 1.12 is another question.

Re:Gnome tool kit

[caseih]

Yes Qt will make it a non-X11, more native application on OS X (carbon, though if I recall correctly).

Re:Gnome tool kit

[caseih]

That's true. gtk-list is still gtk-list@gnome.org, but my e-mail client shows "Gnome list" as the long name.

Re:Gnome tool kit

[Guy+Harris]

Yes Qt will make it a non-X11, more native application on OS X (carbon, though if I recall correctly).

Newer versions of Qt support 64-bit programs, so they don't run atop Carbon.

Re:Is gnome loosing?

[K.+S.+Kyosuke]

Loose, v.: pass. and intr. To finish working; (of a school, factory, etc.) to close, disperse, ‘break up’.

If you like historicisms, there's also: intr. To crumble away; to dissolve, melt. Or even transf. To relax or loosen (the bowels). Yeah, the last one could be accurate. I hope they have their brown pants at the ready. :-)

Re:Is gnome loosing?

[MightyYar]

Not... a... typographical error!!!

Re:Is gnome loosing?

[geminidomino]

Worse. Much worse.

More code.

WINGs

[turgid]

I'd like to see it ported to WINGs. It's simple, fast, pretty and not married to C++.

Status of QT?

When last I heard, a few years ago, QT had been acquired by Nokia. More recently, it seems that Nokia is being acquired by the borg(Microsoft).

It would seem that QT is to be owned by Microsoft. Is this correct? If so, what does that hold for QT? I realize that QT is LGPL or some such, but that doesn't mean that Microsoft won't ruin it or snuff it out. See Oracle and MySQL for a road map. Hopefully I am wrong.

Re:Status of QT?

[Guy+Harris]

When last I heard, a few years ago, QT had been acquired by Nokia. More recently, it seems that Nokia is being acquired by the borg(Microsoft).

It would seem that QT is to be owned by Microsoft. Is this correct? If so, what does that hold for QT? I realize that QT is LGPL or some such, but that doesn't mean that Microsoft won't ruin it or snuff it out. See Oracle and MySQL for a road map. Hopefully I am wrong.

Fortunately, yes, you are wrong. Digia bought the business side of Qt from Nokia in 2012. The free-software side of Qt is the Qt Project.

Re:Status of QT?

[richlv]

i met digia guys in tallinn last year at akademy (kde conference), they gave me a free t-shirt. seemed nice =)

Re:Is gnome loosing?

[psmears]

It should have read: "Why can't ewe just tow the line and give him free rain?

The "reign" was already wrong - the correct word would have been "rein". Not quite as much fail as at first sight?

Re:Is gnome loosing?

[mrchaotica]

A Beowulf cluster of grammar Nazis!

GTK+ community is declining

[jcdr]

GTK+ was outrageously superior to anything out there about 5 years ago and today it's a declining community without clear goals and without strong support from developers that need this kind of library. I don't fully understand all the details that make this happened, but I clearly remember that about 2 or 3 years ago, something changed radically when Nokia changed the Qt license and when the Gnome leaders started to act against there own community with the suicidal Gnome 3 project.

There nothing to hope when a few peoples take the power to deny the criticisms from a large part of there community. The community simple change to get away from the toxic. That's the strong power of the open source, and it's a shame that leaders from leading open source project don't understand that simple rule.

In a ideal world GTK+ and QT should have merged there most valuable features in a new neutral project as soon as QT was fully open source. Real developers don't car about the name of the project as long as the quality and the community are driving the project up to the edge of there expectations.

Re:GTK+ community is declining

[Desler]

The only thing Nokia changed was adding an LGPL option. It was already dual licensed under the GPL.

Re:GTK+ community is declining

[jcdr]

LGPL vs GPL was the key point for non-free projects that instead was forced to use the commercial license.

Re:GTK+ community is declining

[jcdr]

I should have used the Gnome libraries dependencies instead of GTK+ to compare to the Qt complete library.

The GPL license was a showstopper for non-open projects that don't wants to use a commercial license. The LGPL changed that important nuance.

The difference in the language is certainly a massive concern in case of a direct merge, but I don't think there is any features of one of the project that cannot be implemented in the language used by the other project. This is still a hug amount of work...

A other even more ideal dream, C and C++ should also merge. Each new standard tend to share the best feature of the other, but this process is depressingly slow, and the C++ name mangling fiasco that make each compilers incompatible is still not even in the radar of the foreseeable next C++ standards.

Re:Wireshark [chown] sucks

[Guy+Harris]

I don't use software that chmods or chown mydirectories. Wireshark has done so. Citation? Look it up. Wireshark sucks.

Well, I looked it up, and there are no chmod or chown calls in the Wireshark source (trunk, 1.10, or 1.8), and there are no obvious pages found by Teh Google about this.

Citation (and, no, "look it up" isn't a citation, it's a trick used by people who don't actually have citations) or it didn't happen.

Intrusion detection

[ralphaostrander]

I fired up wireshark and did a data capture just to test the software. But what I was looking for was the way you could watch a interface pre 2000 like with blackice. Anyone know what software you could do that with today?

Re:Wireshark [chown] sucks

[deviated_prevert]

I don't use software that chmods or chown mydirectories. Wireshark has done so. Citation? Look it up. Wireshark sucks.

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete. The result is that the files created by wireshark then are owned by # not $

All packet sniffers technically need to have root to be effective on any Unix like system. All you have to do is chown the output files and you can edit and delete them to your hearts content. Technically wireshark does not change the ownership of any directories but only inherits root because it is run as root so any directories or files that it creates are the property of root.

Wireshark is a great tool but it requires higher privilege to do the job it does. For a core logging piece of software it is very good and does not eat up resources like other ones that I have run over the years. One thing though if you turn down the verbosity level of the output so that it does less prefixing it sure helps to keep the output file size down, the default output is a little too verbose and includes too much unneeded spacing and device descriptions at all the start and stop requests. Sometimes if you are tracking a malicious web site bounce pattern it is nice to not have to wade through 30-40 meg of text data just to see a few dozen server hops!

A few weeks back tracking down a simple vbulletin hacked to do linkbucks scam site bounces created over 60 meg of data that I had to search through for the offending server sites, thank heavens for the line numbering capabilities and search features in Kate!

The use of Wireshark without a doubt helps keep servers clear of these assholes if it wasn't for a crowd of people tracking the linkbucks malware slinging assholes down and getting them kicked off servers using MS Windows on the net would be down right impossible.

Re:Wireshark [chown] sucks

[Guy+Harris]

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

Re:Wireshark [chown] sucks

[deviated_prevert]

To fully access the data stack from eth0 or wlan0 you need to run wireshark as root otherwise your trace will not be complete.

Nope.

For one thing, Wireshark shouldn't be accessing the network interfaces, it should be asking the dumpcap program, which is one of the components of Wireshark, to do so. To quote Wireshark's README.packaging file:

WIRESHARK CONTAINS OVER TWO MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.

For another thing, the README.packaging document (in the "Privileges" section, which contains that rather emphatic quote), and the CaptureSetup/CapturePrivileges page in the Wireshark Wiki, discuss ways in which you can avoid even running dumpcap as root - it may need additional privileges, but not full root privileges.

All packet sniffers technically need to have root to be effective on any Unix like system.

Nope. See the above documents and the main libpcap man page (following "Reading packets from a network interface may require that you have special privileges:"). That's what the ChmodBPF script installed by Wireshark on OS X does; see the "Under BSD (this includes Mac OS X)" section - it does the "some other way to make that happen at boot time".

This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call

Presumably he had to answer to the Coca-Cola company for that?

Ok Thanks I am running the older version LOL

$ wireshark --version wireshark 1.4.6 Copyright 1998-2011 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GTK+ 2.24.4, with GLib 2.28.6, with libpcap 1.1.1, with libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.3, with Lua 5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 18 2011 15:44:36), without AirPcap. Running on Linux 2.6.38-8-generic, with libpcap version 1.1.1, with libz 1.2.3.4, GnuTLS 2.8.6, Gcrypt 1.4.6. Built using gcc 4.5.2. ~ $

Guess I should upgrade and RTFM. I only use it when doing single traces though so the chances of leaving something open and being hacked while using it are almost zero, I do not run it as a process on the server only as a tracking mechanism if something gets hacked and then only on a the old laptop that I use for diagnostics. I should set it up as a service though if I can figure out an effective way to keep the log sizes down to specific info instead of a verbose as hell text file! Would be great if the files it created could be time stamped and compressed by wireshark itself on the fly as it logs. I tried setting up a cron with a shell script to do that but could not get it to spawn an output text log. Guess I should hone up my bash skills and do some more RTFM. Hopefully wireshark can use automated scripts to setup logging with a cron job without running a the gui something like the way I run vlc nox.

Re: Wireshark runs without X11 under MacOSX

[datalife]

Well with GTK+ being cross platform, Wireshark on MacOS still required using the X Windows interface. So will the move to Qt finally make it a native app?

Wireshark doesn't require X11, GTK2 does.
So when you've installed GTK2 via Macports like this
  gtk2 @2.24.21_0+no_x11+quartz+universal
then wireshark isn't using X11 and feels like a native MacOS-Application:
- Wireshark-Dockicon
- No X11 is started
- The menubar is on top, like in any other mac-applcation

regards

Re:Wireshark [chown] sucks

[NotBorg]

Wireshark isn't for crybabies anyway.