Early iterations of Ethereal provided basic functionality and could run on Unix, Linux, and macOS. At that time, Ethereal could not run on Windows, primarily because there was not a capture engine for Windows at the time. In the early 2000s, Loris Degioanni and Gianluca Varenni released WinPcap. One of the early Ethereal developers, Gilbert Ramirez, used WinPcap to grab traffic using Windows. Some time after that, the developers added a Windows installer.

With the addition of a Windows installer, the Ethereal community responded positively and grew significantly, as many saw the need to do packet analysis on a Windows machine. As a result, Ethereal expanded from the academic world, which was predominantly Unix and Linux, to the rest of the world, where the Windows OS was quickly becoming the predominant player.

In 2001, a significant early development in Ethereal's history was the ability to follow a stream. This was a powerful improvement over sniffers, many of which at the time could not reconstruct a stream.

In 2006, Gerald Combs began working for CACE Technologies, the developers of WinPcap, and had to leave the name Ethereal and any active development behind due to trademark issues.

Ethereal had a new name, yet the functionality of Wireshark remained the same. At that point, the Ethereal project officially became Wireshark. In 2008, the developers released Wireshark 1.0. After the release of Wireshark 2.0, developers referred to Wireshark 1.0 as Wireshark Legacy.

This early development—until today—grew quickly as more and more people began to see the benefits of packet analysis using Wireshark.

If you used Wireshark in the past, you know that the interface was different. The next section gives an overview of the graphical user interface of the past and the current interface of today's Wireshark.