Wireshark Reviews

Pros of Wireshark are 1) Open Source 2) Support on Windows, Linux, MAC, Solaris 3) Presence of both command shell and graphical user interface 4) Port Mirroring 5) Inbuilt support for WinPcap, libPcap 6) Filter creation for better packet capture techniques

Few cons of Wireshark are 1) Running Wireshark through an admin account for multiple exploits, is unsecured 2) Cannot manipulate things on the network 3) Cannot be used for MIDM attacks 4) Lack of intrusion detection module 5) Lack of modules for ARP poisoning and caching

Wireshark is the world's most powerful network protocol analyzer tool. It can be used for various purposes such as, analysis of protocols like TCP, HTTP, UDP, and complete analysis of networks and troubleshooting. It has the option to use the wireless adapter directly in promiscuous mode for interception of wireless packets. It is much more effective than other tools such as tcpdump and dumpcap with a good user interface and hex detection.

Wireshark is an open-source network protocol used to monitor and analyze packets in a network.Wireshark analyzes networks, captures traffic and decrypts information passed through the communication channels into a form that is readable and can thus be used to learn how network protocols work.Wireshark also captures traffic that can help in troubleshooting network problems and it is free.

Wireshark is also used for hacking which is a security breach. This can happen in wireless networks because they are not secure and most protocols of which are also not secure.Hackers use Wireshark to capture login details or information sent over networks. It is a free open source software that can be freely downloaded from the internet. Wireshark can be used on windows systems, Unix systems as well as Mac OS X systems and can also capture raw USB traffic.

There are multiple use cases for Wireshark. One of the primary use cases is capturing the customer's network traffic. When an issue occurs on the customer's network, we take packet captures to analyze and decode the streams that were active during the time of the incident. 

Additionally, we use Wireshark to replay packet streams. This helps us troubleshoot issues that may not be readily observable on the live network. With the packet capture in hand, we can analyze the decoded packets and identify the protocols involved and the specific nature of the issue that occurred.

It has helped us in debugging challenging customer issues

The best part about Wireshark, in my opinion, is its ability to analyze packet capture files. It lists out various protocols like TCP, UDP, or SCTP, along with source and destination codes. This feature is truly amazing.

One thing that I feel is currently missing in Wireshark is the ability to perform deep analytics on traffic streams after they have been decoded. While it may not be the major use case right now, it would be beneficial to have some sort of leveraging of artificial intelligence or machine learning to automatically detect threats or vulnerabilities based on specific types of network traffic. Predictive analysis of this nature is currently absent in Wireshark.

So in future releases, it would be great to see more robust analytics for traffic streams in the next version of Wireshark.

One improvement I would suggest is having more graphical representations of network topologies in Wireshark. Currently, when we deploy Wireshark to collect streams, we lack visibility into how different entities are connected at that specific time. Having a network topology view of connected devices, showing the source and destination, would be really beneficial. For example, in DNS troubleshooting, visualizing the network path can help recreate certain issues. Unfortunately, this feature is not currently available in Wireshark.

I've been working with Wireshark for more than 13 years. I would consider myself a network software development professional with extensive experience.

I've worked with major companies like Cisco Systems and other networking companies.

I would rate the stability of Wireshark as nine out of ten. It's quite stable.

In terms of scalability, I would rate the scalability a seven out of ten. It is difficult to scale this solution. 

The use cases I've worked on require deploying Wireshark independently on each node. However, if I want to deploy Wireshark on hundreds of devices and collect information at a single location for better network management, that capability is currently not available. We need Wireshark to run on all the devices and have one device act as a controller to collect and process the information.

Wireshark is popular among both individual users and enterprise organizations, but currently, it is mostly used individually for debugging network traffic.

I usually troubleshoot issues on my own. However, since Wireshark is open source, there is a community support system available.

Positive

Deployment-wise, Wireshark is relatively simple. It's not overly complex, and it works quite well. So, in that respect, it's a good solution.

We are working with a hybrid model. We deploy Wireshark in both cloud platforms and on-premises. Depending on the real devices and entities, we sometimes deploy it onto virtual machines in the cloud and collect and process information using a switch. This flexible deployment approach allows us to cater to different scenarios and adapt accordingly.

I can compare Wireshark with tools like Suricata and Zeek. Suricata and Zeek are both implemented considering setting objectives, meaning that they are designed to achieve specific goals. For example, Suricata is designed to decode packet streams, perform analysis, and push configuration changes to devices. This makes it a good choice for an Intrusion Prevention System (IPS), which is a system that can detect and prevent attacks.

Wireshark is the base of Suricata. Suricata both use the same packet filter implementation, known as BPF (Berkley Packet Filter). BPF is a powerful tool that can be used to capture and analyze network traffic.

In general, I'm quite fond of Wireshark, so I would rate it an eight out of ten.

I use the solution to analyze packet captures that I receive from customers. It can also be used for troubleshooting networking issues.

The session-level filtering features are valuable. Life would be tough without Wireshark.

The decryption of encrypted packets could be better.

I have been using the solution for about eight years.

I rate the tool’s stability a nine out of ten.

I rate the tool’s scalability a nine out of ten. Around 10 to 15 people in my team use the solution.

I have explored Microsoft Message Analyzer.

The initial setup is simple.

I work for Cisco. We use a custom version of Wireshark, which is built within Cisco. I might be using functions that don’t exist in the community version. I haven't contacted the support team. When I had an issue a few years ago, I contacted the person who developed it. I recommend the solution to others. Overall, I rate the product a nine out of ten.

On-premises

I use the solution to monitor our company network. It is installed on my PC and I pull data from our local server to conduct monitoring.

The solution is easy to install and use. 

I would like better control of bandwidth from the service provider. Some network failures are due to bandwidth so I would like to be able to increase capacity at any time and ensure it holds at that level. 

I have been using the solution for four months. 

The solution is stable. 

The solution is scalable and its capabilities are broad. 

The solution is open source so does not offer technical support.

I utilize YouTube videos to learn and troubleshoot. 

The initial setup was easy and took about 15 minutes. 

I installed the solution on my PC.

Our company uses the open source version so it is free. In the future, we may purchase a license. 

The solution is a good tool for network troubleshooting or management and I rate it a ten out of ten. 

On-premises

We use Wireshark as a tool for network troubleshooting when we need to verify something directly. It is not used every day.

As an example, FortiGate, Wireshark can also export, we can pick up a file, process it, and apply it. Some tools allow us to take, capture, define and export to Wireshark, so we are able to analyze in great detail.

The most valuable feature of Wireshark is the ability to choose a destination of flow that has not been working as expected, it looks for a label, and we put the label within.

I would like to see Wireshark improve the ease of application of the command. The command is very powerful, but not easy to apply.

For the next release, I would like to see the motion of the measurement of the terminal loss packet. The round-trip delay. Also, it would benefit from improving the capability to evolve in real-time.

I have been using Wireshark for ten years.

Wireshark has been stable when I have had to use it.

The initial setup of Wireshark is not straightforward.

The version of Wireshark we use is free. 

Wireshark is a very useful tool. I would rate the solution an eight out of ten.

We are using Wireshark for inspecting the vertical line to know the data flow in and out of the cables. This is to determine if there is real traffic flow through the physical connections or not. 

Additionally, we use Wireshark for physical inspection on the data line.

Wireshark saves a lot of time, especially with network troubleshooting.

The features I find most effective in Wireshark include the current speed monitoring, data flow inspection, PPPoE clients, and inspecting our advanced switches and routers. 

Packet capturing capabilities are what I'm currently using the most.

The speed of the Internet could be improved, especially its performance. Performance can sometimes be a challenge due to numerous factors.

I have been working with Wireshark for more than five years.

I would rate the stability of Wireshark as nine out of ten.

Wireshark is quite scalable, and I would also rate its scalability at nine out of ten.

The initial setup of Wireshark is simple for new users. However, there are complex features that require expertise to understand. The interface is easy, and everything is well-arranged, allowing users to find functionalities easily from the options tab.

Wireshark is priced at a medium range, not too high, not too low. The pricing could be more flexible, and they might make it more expensive. That said, compared to other products, it is competitive.

I have heard from colleagues that other solutions do not provide exact results. Comparatively, Wireshark is better and more popular.

I recommend Wireshark to users of both small and enterprise-level companies. It is effective for the minimum business and large enterprise scales.

I'd rate the solution ten out of ten.

On-premises