Wireshark Reviews

I use Wireshark in my company for in-depth troubleshooting, especially when you need to look at individual packets.

The filter option provided by Wireshark is its most valuable feature. In Wireshark, you view packets based upon a set of rules that helps narrow down to find the packets you want to look at, making it probably the main feature of the product. Wireshark provides you with the ability to use an option called recompile.

Wireshark provides you with the ability to use an option called recompile. The tool also provides an RTP stream to its users. With Wireshark, the ability to play audio through the application is useful.

Wireshark could make the filtering rules easier to apply and offer a drag-and-drop option as opposed to type and text. The tool should also provide data prompts for some of the filters.

In the future, I want Wireshark to provide some visual representation of packet sizes, along with some graphical analysis tools.

I think you may have to download a separate interface driver when working with Wireshark, so I believe that the setup phase could be made simpler.

I have been using Wireshark for ten years.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a ten out of ten.

Around five people in my company use Wireshark.

Wireshark's initial setup phase is not bad.

The solution is deployed on a virtual machine.

I use Wireshark's free version.

I rate the overall tool an eight out of ten.

We're using an internal Wi-Fi card in the laptop, so we configure that particular wireless interface into monitoring mode, configure the channel, and use Wireshark for that specific interface. We can capture the packets and activities on that channel, analyze the packets for poor connections, etc.

What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.

Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement.

I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux.

What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.

I started using Wireshark six or seven years ago.

Wireshark is a stable product.

Wireshark is a scalable product.

I never needed to contact technical support for Wireshark.

My company uses Wireshark and has not tried a different solution. The biggest factor on why it decided to use Wireshark is because it's open-source software that doesn't require installation and a license, so anyone can use it.

Wireshark is pretty easy to set up. Its deployment doesn't take much time. It only takes ten to twenty minutes max to complete Wireshark deployment.

Wireshark is an open-source product, so it's free to use.

All people within my company use Wireshark, so that's two hundred users.

My advice to anyone looking into using Wireshark is that you should know how to configure the interface and the internal Wi-Fi card into monitoring mode, so you can capture via Wireshark. As Wireshark is a good tool, I'd recommend it to others, but you should have some knowledge of how to use it and how to configure it. Before implementing Wireshark, you need to know your objectives, working scenarios, what type of features you'd want to implement, and what changes you need to make.

I'd rate Wireshark eight out of ten because for you to configure and use it requires proper knowledge. It's straightforward to use if you have some knowledge of configuring it for monitoring.

I'm a customer of Wireshark.

I work on WiFi and I am a customer engineer. We use Wireshark to analyze the sniffer captures or tcpdumps. That's the purpose of the solution.

There are very handy filters available in Wireshark.

It’s free and doesn’t cost us anything to use.

The product is simple to implement.

It is a stable solution.

In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI.

Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis.

I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.

It's been a pretty long time since I started using the product. It’s been more than five years.

Wireshark in general is good. It is stable. We have used it on Windows. We have used it on Linux. We have used it on MacBook and it works pretty well on every platform.

The solution is scalable in the sense you can add it to however many laptops you need to. It's not like you have 500 people using the same Wireshark or using a common license. It is installed on everyone's PC and whoever wants to use it can. We are using the free version. Therefore, getting more people to put it on their PCs also doesn’t cost the company more.

In our company, about 150 people, or many a few more, are using the solution.

We’ve never had the need to reach out to technical support.

I used Omnipeek. The UI was better than Wireshark. However, it is quite expensive.

If somebody pays for Omnipeek that heavy price, they also prefer to get a compatible adapter or a compatible card that works with Omnipeek.

In this company, people just use the solution. However, there wasn’t a discount moment when management suggested it to everyone.

The initial setup was pretty easy. It was straightforward. We didn’t find it to be difficult.

It only takes a few minutes to get everything up and running.

The solution is free to use. We do not have to pay any licensing fees.

I’m a customer and end-user.

The solution is installed on my PC.

Wireshark is a pretty good tool if somebody wants to learn packet analysis or just plain, simple debugging of network issues at an L2 or L3 level. It is quite good for anybody, even a beginner. Anybody can use this tool and the installation is simple. The default installation should work quite well.

I’d rate the solution eight out of ten. If they could make the UI a little better and help us to get some more crucial information easily while providing some options to enable certain parameters based on the protocol, I’d give it a ten out of ten.

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'

Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark. An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.

Wireshark continues to be updated and is still an alive application. Continue to explore this product.

I use Wireshark to analyze packets, especially network packets.

Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.

Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.

I've been using Wireshark for over twelve years.

Wireshark is stable. When it changed its UI from a legacy one to the acute, there were some crashes, but that was a while ago, and now it's pretty much stable.

Wireshark provides some macro functions and a custom parse protocol for the new protocols, so it's quite scalable.

As it's open-source, Wireshark's customer service isn't as sophisticated as private products. Developers are welcome to contribute their help, but if no one is interested in your particular issue, there's likely no mode to come up with a solution. 

The initial setup was straightforward and only took a couple of minutes to complete.

We use the free, open-source version of Wireshark.

The most important thing for new users of Wireshark is to get used to the filtering functions because all the filters are based on command input, so the ability to organize the right filter is essential. I would rate Wireshark eight out of ten.

We primarily use Wireshark for troubleshooting critical issues in our network, retrieving packet headers using packet capture, and for creating custom apps. There are six people on our team and we all use Wireshark on our devices. 

When we are stuck with an issue that requires deep packet inspection, we capture the traffic with Wireshark, which allows us to resolve it.  

The ability to decrypt traffic and the abundance of filters available are both valuable features.

The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly. 

I have been using this solution for six years.

I think Wireshark is the most stable product of its kind.

The solution is very scalable, you can capture traffic on any device regardless of your vendor. 

We have never needed to use customer service or technical support. Whenever we have an issue, a Google search provides us everything we need through community support including Wireshark tutorials.  

The setup of the product is very simple. It's freeware, just download the .exe, go through the installation and select the desired interface you want to capture traffic on. It's a simple and very straightforward process. 

Wireshark is free software, so you can download it and use it for free with no licensing fees.  

I would rate this solution a nine out of ten. Wireshark has been getting better and better in the time I've been using it and it is a very helpful tool. 

On-premises

We use Wireshark to check the network traffic, and if there's any network problem or issue, we can check it through the tool. We also use Wireshark during analysis, to check if there's any network connectivity or attempts from the malware to communicate with the C&C server. We use the tool for further analysis and investigation.

I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.

The tool is also user-friendly.

A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load.

At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.

I've been using Wireshark for a long time, so I can't remember the exact number of years I've been using it.

Wireshark is a stable tool. I didn't see any issues with its stability.

Wireshark is a scalable tool.

We never raised an issue or ticket with the Wireshark technical support team.

The setup process for Wireshark was very simple.

We're using the free version of Wireshark.

We didn't try to use other solutions apart from Wireshark.

Two hundred people use Wireshark within the company.

My rating for Wireshark is a nine out of ten because I like it and I use it so much.

I'm only a user of Wireshark.

On-premises

When we can see in the customer environment that traffic is getting blocked; suppose we have a VPN channel, and when the VPN channel is up but the traffic is not running through it, we use Wireshark to recapture the channel. We check whether the PPP handshake is ongoing or not. The acknowledgment team posts this packet, and after that, the PPP handshake is ongoing or not. 

So these are the things that we check by filtering out the things and based upon that, we get support. Because in five to six seconds, there are more than a thousand packets. So we have to filter out and check on which speed it is getting dropped. For that reason, we are using Wireshark. I am using it just for troubleshooting purposes.

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

While Wireshark is useful, the GUI interface is less accurate, showing only limited information.

I have been using Wireshark for three years. 

It is a stable product. I would rate the stability a ten out of ten. Every engineer in our organization uses this solution in our company. So, more than 22 users are using this solution. 

I would rate the scalability a nine out of ten. There is always room for improvement. 

It is easy to scale Wireshark. The GUI is very user-friendly. They have multiple videos online and on YouTube. Going through these resources provides a better understanding of Wireshark, its functionality, and how things operate within it. Essentially, it aligns with what we can learn from fundamental books or authoritative works.  

What we have analyzed on a theoretical basis, like the TCP handshake, SSL handshake, wireless controller handshake, SMTP handshake, and whatever we read in the books, we can technically see it in Wireshark each and every packet. For SSL, we can see multiple streams getting transmitted: server, client hello, client-server hello, then the client where Client Pre-shared. The client ciphers also send the TLS, TLS certificate SSL certificate. Then in the server, we can see the SSL certificate and the Cypress suite, which they want to negotiate on, and then their pre-master secret key, which is generated, and then the session keys are getting generated. So these are all the things that we read in our books; we can see it packet-wise, each and everything. The acknowledgment comes from their end, from the client or the server side. So we can see it is very much easy to use in Wireshark.

Gain practical knowledge of what we comprehend. Analogous to the basic mathematical concept of two plus two, this is a protocol-oriented understanding, similar to the alphabet in language. However, in the realm of networking, Wireshark proves highly beneficial. You can put into practice what you read in books by actively examining and validating it yourself.

Every engineer will always try to make things easy for the customer. S 

Positive

The initial setup depends upon the basics. You need to have a clear understanding of the basics. When you have a clear understanding, there's nothing more difficult for us.

We have deployed it both on the cloud and on-premises. We usually install agents from Google. Everyone cannot use it. At least we need to have a basic understanding of theoretical concepts. Once the theoretical concept is clear, then you can use the packet capture. So it is easy to do packet captures. You need to just check videos on YouTube.

Overall, I would rate the solution a nine out of ten. Just focus on the basics. Once they are clear, you can handle and master any of the products in the secure network market, whether it's switches, routers, firewalls, VPNs, load balancers, or whatever it is. Just focus on the basics of what you want to pursue in your career.