Today I released the next development version of Wireshark, 1.11.0. This marks a major change in the direction of the project. We’re switching our user interface library from GTK+ to Qt. Both libraries make it easy for developers write applications that will run on different platforms without having to rewrite a lot of code. GTK+ has had a huge impact on the way Wireshark looks and feels and on its popularity but it doesn’t cover our supported platforms as effectively as it should and the situation is getting worse as time goes on.

Making such a large change wasn’t an easy decision. It means rewriting thousands of lines of code and requires a lot of careful design. We might be the largest standalone application to make this transition (feel free to correct me below). However, I think it’s well worth it and that it’s important to the long-term direction of the project. Ultimately it came down to one thing:

Wireshark’s job is to show you what’s happening on your network. If it can’t run on your system then it’s not doing that job.

If you’re using Windows, Mac OS X, or Linux Mint we need to support Windows, Mac OS X, and Linux Mint. If you’re using an iPad or a Galaxy Note we need to give you a long, hard, nonplussed stare and think about supporting IOS and Android at some point.

When I started writing Ethereal (Wireshark’s original name) it looked like this:

It looked like that on Linux and Solaris. It didn’t look like that anywhere else because those were the only two platforms we supported. I chose GTK+ for the user interface toolkit because it made the most sense. Compared to the options available at the time it had a number of advantages. It was small, light, easy to work with, had an active development team, and had a compatible license. A short time later we added support for Windows. GTK+ had some initial compatibility issues on Windows but it has gotten better over time.

Since then the platform landscape has changed but unfortunately GTK+ hasn’t. Most notably Mac OS X has gained popularity and people are starting to ask about Wireshark for their tablets. GTK+ supports OS X but it’s definitely a second-tier platform, making it hard to install and use. We either have to require X11 (like Inkscape) or use an experimental native GTK+ port (like GIMP). Either way it requires a lot of effort on the part of developers to produce a substandard application for users. With GTK+ Wireshark doesn’t look or act at all like a Mac OS X application:

Qt on the other hand provides a nice, clean user experience on all of the platforms that we currently support. If you install the 64-bit version it now looks like this:

What does this mean for users?

If you’re a power user you should probably keep using the GTK+ flavor for the time being. You should also test the Qt flavor from time to time to see how your workflow will change. Both are installed by default on Windows and Linux.

If you’re running OS X you should use the Qt flavor. For common tasks it should have a better workflow. Again, if it doesn’t we aren’t doing our job.

What does this mean for developers?

If you’re developing a new feature using GTK+ you should stop. You’re very likely wasting your time. If you would like to help with the migration grab the code and start developing.

What works?

Everything under the “File” and “Edit” menus.

You can capture, filter, and inspect traffic.

You can edit preferences.

You can follow streams.

You can view TCP stream graphs.

What doesn’t work?

Everything else. No capture options, I/O graphs, flow graphs, VoIP analysis, etc. We still have a lot of work to do.

Switching to Qt is a long and arduous process but I’m excited about what the future holds.

P.S. Solaris is still supported.