PeerSpot user
Senior Network Engineer at a tech services company with 501-1,000 employees
Consultant
Download
Drill-down for packet analysis is great, gives insight into what is going on at packet level
Pros and Cons
  • "The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting."
  • "The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve."

How has it helped my organization?

The people to whom I have introduced this product have found it a great tool to analyze packets. Instead of troubleshooting by trial and error, they have a way to investigate, verify, and then apply a solution. Of course, to derive value from the product, you must know its features.

What is most valuable?

The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting.

What needs improvement?

The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve.

For how long have I used the solution?

Three to five years.
Buyer's Guide
Wireshark
April 2024
Free Report: Wireshark Reviews and More
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
DOWNLOAD NOW
769,789 professionals have used our research since 2012.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and support?

I have not used technical support.

Which solution did I use previously and why did I switch?

I used Microsoft's Network Monitor, but with due respect to Microsoft, I prefer Wireshark.

How was the initial setup?

Straightforward.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PeerSpot user
ArcSight Engineer at a tech vendor with 51-200 employees
Vendor
Download
Parses large packet capture files without opening them, returns relevant information
Pros and Cons
  • "Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files with out opening them so that you can take large captures, say 2-10GB, and return only relevant information."
  • "The product is great but I wish there were more of an emphasis on the command line tools."

What is our primary use case?

It is utilized for forensic work, with full packet capture.

What is most valuable?

Packet analysis and filtering. Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files without opening them so that you can take large captures, say 2-10GB, and return only relevant information.

What needs improvement?

The UI redesign threw me for a loop but I have learned to overcome it. The product is great but I wish there were more of an emphasis on the command line tools.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How was the initial setup?

Just install the software and the WinPcap software.

What's my experience with pricing, setup cost, and licensing?

It's a standalone tool. If there is a commercial license for it I am unaware of it.

What other advice do I have?

Make sure you are comfortable installing the WinPcap driver for packet collection. This tool could be used maliciously to capture data on your network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Wireshark
April 2024
Free Report: Wireshark Reviews and More
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
DOWNLOAD NOW
769,789 professionals have used our research since 2012.
PeerSpot user
Network Engineer at a tech services company with 51-200 employees
Consultant
My Favorite Wireshark Filters

Wireshark is hands down one of the best analysis tools on the planet. It is intuitive, simple to use, and gives the depth needed to find problems in today's network and application environments. Sometimes it can be tough to remember some of the filtering commands though, so here is a list of some of my favorites:

1. !(ip.addr==10.0.0.1) [displays everything except IP traffic to or from 10.0.0.1]


    2. ip.addr==10.0.0.1 && ip.addr==10.0.0.2 [sets a conversation filter between the two defined IP addresses]


    3. http or dns [sets a filter to display all http and dns]


    4. tcp.port==4000 [sets a filter for any TCP packet with 4000 as a source or dest port]


    5. tcp.flags.reset==1 [displays all TCP resets]


    6. http.request [displays all HTTP GET requests]


    7. tcp contains traffic [displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID]


    8. !(arp or icmp or dns) [masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest]


    9. udp contains 2069999999 [sets a filter for the number string, great when trying to locate a specific caller ID in a VoIP capture]


    10. tcp.analysis.retransmission [displays all retransmissions in the trace. Helps when tracking down slow application performance and packet loss]


Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
it_user133842 - PeerSpot reviewer
it_user133842Infrastructure Connectivity Engineer at Reputable Service Company
Consultant
Report as inappropriate

In order to be more intelligent about all the bits/frames/packets/data traversing your network regardless of how small or large the network is, Wireshark is a network analytic tool which provides such an intelligent information in a network.

Wireshark is that intelligent, not only for production environment alone but also aids study about the packet fields that may exist in any type of packet header of data flowing in your network. to view how all the classes of QoS marking in a packet are and can be used to also sniff packets during reconnaissance phase of a network security attack.

Wireshark provides better understanding on how the bits are set for different fields in a packet header.

It is indeed a very good tool which all network administrators need to be familiar with.

Like(0)Reply
PeerSpot user
Network Engineer with 51-200 employees
Vendor
Troubleshooting FTP Errors With Wireshark

The most daunting problem to troubleshoot is when the application spits out a generic error that could mean anything. Here’s the analogy; how helpful is the ‘Check Engine’ light on your car dashboard.

The worst part is when the customer tries to take the cryptic, generic application error message and tries to make sense of it in an attempt to assist the analyst. Don’t get me wrong, any information is helpful while troubleshooting, but you have to be selective in what you pursue.

In this example FTP works one moment and fails the next. Of course the customer immediately called the help desk, who pings the ftp server and comments that is up and no outages have been recorded by the network management system. Then the ticket goes to the server dept who ftp’s without an issue, unfortunately by now so can the customer. The server department says the connection error must be a ‘network thing’.

I captured some packets and have recreated what I found and how the application, Chrome in this example, failed to pass on the FTP server connection limit error. The only way I was able to get real meaningful data is from the wire.

This isn’t a Chrome ‘bash’ session since I have seen many applications not report what was on the wire or reinterpret what was reported by the server.
In summary, the ftp server ran out of connections or had a limit on the number of connections an IP address could have. The administrator was told about this and the FTP server configuration was adjusted to allow more connections.

http://www.youtube.com/watch?v=zJoeYugcvTA

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PeerSpot user
Network Engineer with 51-200 employees
Vendor
Troubleshooting WiFi Issues with Wireshark

A customer called me and wanted some help troubleshooting some wireless problems. Their users have been reporting intermittent wireless performance issues and getting ‘dropped’. To top it all off, their WLAN controller has also been reporting ‘containment’ error messages that weren’t to descriptive or helpful.

I showed up on site and did all the basic RF checks with my AirMagnet Spectrum XT to make sure there wasn’t an RF issue like an interferer or channel planning issues. Like I always say, “Start at Layer 1”.

Then I moved up a layer using my Fluke Networks AirCheck and AirMagnet WiFi Analyzer. Everything looked pretty quiet and nothing jumped up at me, so I saved some trace files to review later.

Then I thought I would take the trace file and open it with Wireshark since I have more experience with packet analysis than I do using the AirMagnet/AirCheck tools.

In this video I show you some of the filters I used, what they mean and what I found.

I always enjoy getting to the packet level since packets don’t lie, but would also like to spend more time with the other tools now that I know what issues are to see how, or what, they report.

In closing there are a few points I want to make sure aren’t lost throughout the video;

1. Just because I used Wireshark to find some clues does not mean that the other tools were less effective, I just have more experience with protocol analysis/Wireshark.

2. If you deploy any kind of wireless intrusion system, make sure you don’t just turn it on without proper network due diligence.

http://www.youtube.com/watch?v=rpL5irIj_Qo

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
PeerSpot user
Infrastructure Connectivity Engineer at Reputable Service Company
Consultant
Download
Regardless of network size, it provides intelligence about any type of data packets, especially during a security attack, although buffer size of captured data should be unlimited and archived.

Valuable Features:

Some valuable features of Wireshark are deep packet inspections based on the capturing process with it's sniffing capabilities.

Improvements to My Organization:

In order to be more intelligent about all the bits/frames/packets/data traversing your network regardless of how small or large the network is, Wireshark is a network analytic tool which provides such an intelligent information in a network.

Wireshark is that intelligent, not only for production environment alone but also aids study about the packet fields that may exist in any type of packet header of data flowing in your network.To view how all the classes of QoS marking in a packet are and can be used to also sniff packets during reconnaissance phase of a network security attack.

Wireshark provides better understanding on how the bits are set for different fields in a packet header.

It is indeed a very good tool which all network administrators need to be familiar with.

Room for Improvement:

Maximum buffer size of captured data should be unlimited and should allow ability to archive all old captures (not save option) in real time, it should support a destination location where old captures can be directed for long term storage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
it_user1125 - PeerSpot reviewer
Network Engineer at a retailer with 51-200 employees
Vendor
Download
"Best Packet Analyzer, report generator, and troubleshooter."

Valuable Features:

• This software analyzes network packets in detail and displays a detailed view of the network packets, highlighting any malware and suspicious software • Users (network administrators) can easily identify and troubleshoot any network problems that are visible in the packet data • It works with a large number of protocols • The network packet analysis report is saved in multiple formats including XML, PS, TXT & CSV. • Network packets can be captured from various media types • When combined with GeoIP, you have the edge to capture traffic on a country basis • Open source tool that can be customized to user preferences • Protocol based color coding enabled • User-friendly layout • Supported with GUI interface

Room for Improvement:

• Wireshark does not allw you to make any changes relevant to the network. In other words, you can only observe the network.

Other Advice:

Wireshark is a dynamic software that has developed and adapted to the latest technology advancements and network challenges. It helps network administrators in conducting their packet analysis on a regular basis. Because of its detailed reports, Wireshark enables users to identify and troubleshoot network issues at a glance.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
it_user2979 - PeerSpot reviewer
Network Engineer at a tech consulting company with 1,001-5,000 employees
Consultant
Download
The must-have network analyzer.

Valuable Features:

This is the de-facto standard network protocol analysis tool. It's designed for network experts who need to do deep network packet analysis. Contains powerful filters and conversation views help to target relevant data. Open-source, multi-platform, and best of all, free.

Room for Improvement:

Good working knowledge of TCP/IP is needed to use this tool, including packet structure, headers, and ports. The volume of data on a typical TCP segment is so large that it can be challenging to capture and find the right data. Can't sniff wireless networks without additional hardware, e.g. wireless dongle.

Other Advice:

Somewhere out there, product managers are cursing Wireshark for providing such a great tool for free, when tools like this used to cost tens-of-thousands of dollars.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
sandeep - PeerSpot reviewer
sandeepSenior Manager of Network at a tech company with 1,001-5,000 employees
Real User
Report as inappropriate

Aaron well said and nicely summarized, Wireshark is a very user-friendly, simple to use but powerful tool that will keep you completely aware of what is going on under-the-hood of a network. Yes, the data gathered is too vast and challenging to capture but still it can be filtered. Above all, Wireshark is free. Novice could use Wireshark to study the nuts and bolts of a network and Expert could use it to troubleshoot or restructure the network.

Rightly, The must-have network analyzer for all from Novice to Expert ................

Like(0)Reply
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2024
DOWNLOAD NOW
Product Categories
Network Troubleshooting
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.
Buyer's Guide
Wireshark
April 2024
DOWNLOAD NOW
Quick Links
Learn More: Questions: