Wireshark Reviews

It has help me to 

• solve network and transaction issues
• understand protocols and application communication
• check quality
• solve security issues. 

I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.).

It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network.

More than five years.

Sometimes, in the previous version, it lost the scroll when I needed to scroll back and forth.

No issues with scalability.

Sometimes I need to use tcpdump when I need to check the packets on CLI.

Very easy. It's also possible to change source code and compile if you want to change something in the code, because it's free.

It's free.

I believe everyone should use this tool if they need to analyze packets.

Wireshark can be used to troubleshoot network issues, but also to baseline applications. When you know what an app does when there is no issue at hand, you will be better able to spot the problem when there is an issue. Everything that happens on the network can be analysed with Wireshark. However, the tool is as good as the person using it. You need TCP/IP knowledge to be able to use a tool like this. The more you know about packets on the wire, the better you can use this tool.

It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors. The packets never lie!

Making different profiles to tune the tool for the problems at hand, the graphing options, to customize the screen layout, etc.

Also, shines for wireless troubleshooting, but most hardware does not give full insight in WiFi communication (beacon frames, etc.).

Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data.

This is no complaint, but is not an easy program. You will need to study to use it to its full capabilities (follow a course), but the more you know about it, the more you will use it.

More than five years.

No issues.

Big trace files need to be chopped for analysis.

My bug reports were in the next release, therefore a great experience.

I have used it more or less since 2001. So no, I did not use a previous solution.

Download, run setup, enter;enter;enter..., it is ready.

In-house.

It is free to download and install. It runs on multiple platforms, so how can you go wrong?

In those days, there was a tool "Sniffer", but it was too expensive.

If you profile yourself as a network specialist, and don't use it, I would not trust you on my network.

It is even referenced in the book "TCP/IP Illustrated, Vol. 1", the TCP/IP bible!

The people to whom I have introduced this product have found it a great tool to analyze packets. Instead of troubleshooting by trial and error, they have a way to investigate, verify, and then apply a solution. Of course, to derive value from the product, you must know its features.

The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting.

The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve.

Three to five years.

No stability issues.

No scalability issues.

I have not used technical support.

I used Microsoft's Network Monitor, but with due respect to Microsoft, I prefer Wireshark.

Straightforward.

It is utilized for forensic work, with full packet capture.

Packet analysis and filtering. Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files without opening them so that you can take large captures, say 2-10GB, and return only relevant information.

The UI redesign threw me for a loop but I have learned to overcome it. The product is great but I wish there were more of an emphasis on the command line tools.

Three to five years.

No stability issues.

No scalability issues.

Just install the software and the WinPcap software.

It's a standalone tool. If there is a commercial license for it I am unaware of it.

Make sure you are comfortable installing the WinPcap driver for packet collection. This tool could be used maliciously to capture data on your network.

Some valuable features of Wireshark are deep packet inspections based on the capturing process with it's sniffing capabilities.

In order to be more intelligent about all the bits/frames/packets/data traversing your network regardless of how small or large the network is, Wireshark is a network analytic tool which provides such an intelligent information in a network.

Wireshark is that intelligent, not only for production environment alone but also aids study about the packet fields that may exist in any type of packet header of data flowing in your network.To view how all the classes of QoS marking in a packet are and can be used to also sniff packets during reconnaissance phase of a network security attack.

Wireshark provides better understanding on how the bits are set for different fields in a packet header.

It is indeed a very good tool which all network administrators need to be familiar with.

Maximum buffer size of captured data should be unlimited and should allow ability to archive all old captures (not save option) in real time, it should support a destination location where old captures can be directed for long term storage.

The packet details pane.

Use daily for packet analysis.

Bigger memory footprint.

7 years.

No

I blame the PC OS.

No

Open source so feedback to forum.

Nope.

Yes.

Free.

No

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'

Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark. An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.

Wireshark continues to be updated and is still an alive application. Continue to explore this product.

The best thing about Wireshark is the community/ecosystem. Answers are easy to find in either the documentation or on the wiki. Packet analysis is not for the weak at heart, but Wireshark makes it as painless as possible with profiles, extensive decodes (dissectors), expert system and filtering capability. I use it everyday.Best features to get started with: Network Monitoring with Statistics>Endpoints - Who is talking? Network Monitoring with Statistics>Conversations - Who is talking to who? Application Monitoring with Statistics>Service Response Time - How fast did they get an Application layer response? Visualization with Statistics>IO Graph - Can I see it all in a pretty picture?

It is easy to get overwhelmed with the amount of data you are looking at. But that is true with any analysis tool. The best approach is to focus on a single process that interests you, follow its stream and walk through the packets until you understand what is happening. Then move on to learn the next thing. How do you eat an elephant? One "byte" at a time.