Gerald Combs, creator of Ethereal, changed jobs and couldn't take the trademark with him. He took the code (which he held copyright on) and the entire development community, rebranding the world's most popular packet analyzer as Wireshark.
Wireshark is a free and open-source packet analyzer written in C using the Qt GUI toolkit. It supports deep inspection of hundreds of protocols, with live capture and offline analysis capabilities. It reads and writes dozens of capture file formats and uses display filters with a rich expression language.
In the late 1990s, Gerald Combs was working at a small ISP called Network Integration Services (NIS) in Kansas City, where he needed a tool to track down network problems. Commercial protocol analyzers cost around $1,500 and didn't run on his platforms of choice (Solaris and Linux), so he did what any self-respecting engineer would do: he wrote his own. Ethereal was born in 1998, and it quickly became the go-to network analysis tool for anyone who couldn't justify dropping serious cash on proprietary alternatives.
For eight years, Ethereal grew into the most widely used network protocol analyzer on the planet, with hundreds of contributors and support for dissecting thousands of protocols. But there was a problem lurking beneath the surface: NIS owned the Ethereal trademark and logo, even though Combs held copyright on most of the source code.
In 2006, Combs accepted a position at CACE Technologies (the WinPcap people) to work on wireless capture support. When he tried to negotiate taking the Ethereal trademark with him, NIS wouldn't budge. So Combs did the most power move possible in open source: he took the entire Subversion repository, the development community, and all the momentum, and simply renamed the project Wireshark. The old Ethereal project issued a security advisory telling users to switch to Wireshark. NIS was left holding an empty trademark.
The transition was so complete that most people today don't even know Wireshark was ever called anything else. Ethereal development ceased entirely, and the last Ethereal release became an instant artifact. In 2023, the Wireshark Foundation was established under the sponsorship of Sysdig, giving the project a proper organizational home for the first time.
This is the platonic ideal of a naming fork: when you own the code and the community, the name is just a label. NIS learned the hard way that trademarks without the talent behind them are worth exactly nothing.
Gerald Combs releases Ethereal 0.2.0 as a network protocol analyzer
Combs joins CACE Technologies; unable to negotiate Ethereal trademark transfer from NIS
Project renamed from Ethereal to Wireshark; entire development community follows
Ethereal issues security advisory recommending users switch to Wireshark
Wireshark Foundation established under Sysdig sponsorship
“I own the copyright on most of the source code. They own the trademarks.”
Wireshark remains the undisputed king of packet analysis, installed on virtually every network engineer's machine worldwide. The rename was so successful that 'Ethereal' has been completely forgotten by the mainstream tech community, despite being the same codebase.
The fork demonstrated a crucial principle: in open source, the trademark holder is not necessarily the project owner. When the creator holds copyright and the community follows them, a rename is trivially easy. NIS got to keep an empty trademark; Combs got to keep a thriving project.