Wireshark Reviews

I used it for a couple of school projects last semester. We basically had to emulate how to capture packets in transit in a network. After capturing those packets, we analyzed them. We also had to break down email messages and dig out pictures inside email messages.

It was deployed through a cloud. They had set up a subscription for a class VM.

Being able to dissect email data and figure out what is inside email messages was the most valuable feature. Such a feature is pretty helpful for an ongoing forensic investigation or when there is a potential insider threat that you are trying to investigate. It allows you to see the network activity of the users you are investigating. It also gives you more visibility into your network.

It was very easy to set up. There is a lot of information out there on Google and YouTube about how to use it. There is also community support. If you have any trouble, it is pretty easy to find an answer online. You will have to do some digging only if you have a very specific use case.

Its user interface was a little less friendly. They can make its user interface a little bit more friendly. It is for technical people, and most of the technical people would be able to figure it out, but it would be good to improve its user interface.

They can maybe build artificial intelligence into it. Currently, it takes a lot of manpower to analyze and dissect all the data.

I started using it last November. It has been six months.

It was pretty stable. It never crashed.

Scalability could be a challenge because you can analyze so much data with Wireshark, which can be hard if you don't have a very specific case or plan for it. 

If there is no automated solution, scalability could be a little bit difficult. It gives you more visibility into your network, and you can see the packets that are coming in and going out of the network. The only challenge is that if it is a big organization, there would be a lot to process. Having an automated solution on the side would probably help.

I didn't have to contact them.

It was pretty straightforward. It took less than 20 minutes.

I deployed it myself. It does not require any maintenance.

It is free.

I would advise others to have a game plan for it because there is a lot of data that goes into it. You can analyze a lot of data. Having a very strategic game plan would be ideal.

I would rate Wireshark a ten out of ten.

Public Cloud

I basically use Wireshark for network troubleshooting.

For simple protocol and packet capture, it is very easy to use.

It has a good syntax to put the commands in and get information out of.

The only thing that I don't like is sometimes there is an update, and something that I was using is either no longer there or it has changed. However, this is common when they upgrade software, so it's normal with any software.

Because this product is open-source, sometimes there are contributors who make changes and they aren't properly vetted throughout the whole community. Access to older functionality should stay as a user preference so that they can still use it the old way if they want to.

I have been using Wireshark since it first came out, between 10 and 20 years ago.

Stability-wise, it is very good.

The scalability is very good and it's simple to do.

The initial setup is straightforward for a technical person. This is not the type of product that can be easily set up by an end-user who is non-technical.

This is an open-source product that can be used free of charge.

This is a good product for quick and easy troubleshooting.

I would rate this solution a ten out of ten.

I use it for network investigation, I even have a patent for the simplification of Protocol Analysis. I have used Wireshark many times to troubleshoot network situations and problems. The patent solved the problem of troubleshooting where you needed to know the direction and course a packet takes in the network which helps with the ability to know where problems lie in the network. We developed the system to actually troubleshoot an entire network through the use of network probes, which acted as smaller protocol analyzers.

It helped in the sense that it allowed the team to troubleshoot networks faster. While I worked at Verizon, our group was able to provide network analysis of our testbed which gave us an advantage over most test groups. This was because we could follow a packet throughout the network to examine the treatment that the packet was receiving in the network. The improvement came when we realized that through the use of this method we could duplicate the results of using a much more expensive version of our program called RMON.

I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic. I remember one day when we had to find out what was causing one of the systems to crash. We used our system to look at the network as a whole and we found that the device actually gave us the ability to segment the network finding the problem is a faster way which allowed for a more accurate test of the network.

The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.

I have been using it since it was called Ethereal.

I am impressed with the stability. 

Great scalability, but they are beginning to sacrifice ease of use for complexity. That was why we needed to simplify things.

No, we did not use another solution like wire-shark, but what we used in the past was the RADco. The RADcon was a protocol analyzer that was an all in one unit that was the standard at the time but did not allow for cooperative testing.

If you can get the same use for less cost do it.

No, we did not.

It has help me to 

• solve network and transaction issues
• understand protocols and application communication
• check quality
• solve security issues. 

I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.).

It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network.

More than five years.

Sometimes, in the previous version, it lost the scroll when I needed to scroll back and forth.

No issues with scalability.

Sometimes I need to use tcpdump when I need to check the packets on CLI.

Very easy. It's also possible to change source code and compile if you want to change something in the code, because it's free.

It's free.

I believe everyone should use this tool if they need to analyze packets.

Wireshark can be used to troubleshoot network issues, but also to baseline applications. When you know what an app does when there is no issue at hand, you will be better able to spot the problem when there is an issue. Everything that happens on the network can be analysed with Wireshark. However, the tool is as good as the person using it. You need TCP/IP knowledge to be able to use a tool like this. The more you know about packets on the wire, the better you can use this tool.

It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors. The packets never lie!

Making different profiles to tune the tool for the problems at hand, the graphing options, to customize the screen layout, etc.

Also, shines for wireless troubleshooting, but most hardware does not give full insight in WiFi communication (beacon frames, etc.).

Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data.

This is no complaint, but is not an easy program. You will need to study to use it to its full capabilities (follow a course), but the more you know about it, the more you will use it.

More than five years.

No issues.

Big trace files need to be chopped for analysis.

My bug reports were in the next release, therefore a great experience.

I have used it more or less since 2001. So no, I did not use a previous solution.

Download, run setup, enter;enter;enter..., it is ready.

In-house.

It is free to download and install. It runs on multiple platforms, so how can you go wrong?

In those days, there was a tool "Sniffer", but it was too expensive.

If you profile yourself as a network specialist, and don't use it, I would not trust you on my network.

It is even referenced in the book "TCP/IP Illustrated, Vol. 1", the TCP/IP bible!

The people to whom I have introduced this product have found it a great tool to analyze packets. Instead of troubleshooting by trial and error, they have a way to investigate, verify, and then apply a solution. Of course, to derive value from the product, you must know its features.

The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting.

The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve.

Three to five years.

No stability issues.

No scalability issues.

I have not used technical support.

I used Microsoft's Network Monitor, but with due respect to Microsoft, I prefer Wireshark.

Straightforward.

It is utilized for forensic work, with full packet capture.

Packet analysis and filtering. Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files without opening them so that you can take large captures, say 2-10GB, and return only relevant information.

The UI redesign threw me for a loop but I have learned to overcome it. The product is great but I wish there were more of an emphasis on the command line tools.

Three to five years.

No stability issues.

No scalability issues.

Just install the software and the WinPcap software.

It's a standalone tool. If there is a commercial license for it I am unaware of it.

Make sure you are comfortable installing the WinPcap driver for packet collection. This tool could be used maliciously to capture data on your network.

Some valuable features of Wireshark are deep packet inspections based on the capturing process with it's sniffing capabilities.

In order to be more intelligent about all the bits/frames/packets/data traversing your network regardless of how small or large the network is, Wireshark is a network analytic tool which provides such an intelligent information in a network.

Wireshark is that intelligent, not only for production environment alone but also aids study about the packet fields that may exist in any type of packet header of data flowing in your network.To view how all the classes of QoS marking in a packet are and can be used to also sniff packets during reconnaissance phase of a network security attack.

Wireshark provides better understanding on how the bits are set for different fields in a packet header.

It is indeed a very good tool which all network administrators need to be familiar with.

Maximum buffer size of captured data should be unlimited and should allow ability to archive all old captures (not save option) in real time, it should support a destination location where old captures can be directed for long term storage.

The packet details pane.

Use daily for packet analysis.

Bigger memory footprint.

7 years.

No

I blame the PC OS.

No

Open source so feedback to forum.

Nope.

Yes.

Free.

No

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'

Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark. An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.

Wireshark continues to be updated and is still an alive application. Continue to explore this product.