One of the features of Wireshark, which is incredibly valuable, is its ability to provide detailed and representative traffic analysis. It allows me to differentiate between protocols like DCP and UDP and even drill down to specifics, such as identifying potential issues caused by a particular destination IP. Additionally, the solution has proven to be a valuable tool for troubleshooting the issues I encounter since my primary focus is on data switching.

View full review »

Wireshark plays a very important part in resolving day-to-day KRAs. Wireshark is a helpful tool for anyone working with a firewall or proxy. When we put up a scan for a particular destination, the product shows the sync at a very granular level. It shows whether the packet has been received or acknowledged by the end server or not. One of the best things about the product is that we can use it to track whether an issue occurred due to the website. Sometimes, the acknowledgment does not happen, and the end server does not accept the request. We get a granular bifurcation of the logs to see at what step it is dropping the connection. Wireshark helps us to understand network traffic.

View full review »

I like the feature that captures voice calls. It helps me see where the specific latency and jitters happen in the call. If there's a gap in audio, I can see the gap. If there's a digitization as a result of latency, I can see that. I love looking at the packet and seeing Expedited Forwarding or the DSCP tag.

The live capture and offline analysis have been helpful because I can see the real-time capture of the package coming in. The GUI is easy to use. I love that there's a portal feature and an install feature. We can look at multiple interfaces. We can set time frames for capture. I can only capture for ten minutes or only capture a certain amount of packets. I love the ability to see the color codes and change them. I can save the PCAP historical reference. 

View full review »

The feature to incorporate Voice over IP (VoIP) incidents into network traffic analysis is valuable. Capturing voice or SIP communication allows for examination of interactions between SIP clients and SIP servers. 

This helps the team investigate or analyze issues related to call center servers and operators. It's a tool for communication server functionality. These tools help the team achieve its objective of improving services by detecting issues.

View full review »

The filter option provided by Wireshark is its most valuable feature. In Wireshark, you view packets based upon a set of rules that helps narrow down to find the packets you want to look at, making it probably the main feature of the product. Wireshark provides you with the ability to use an option called recompile.

Wireshark provides you with the ability to use an option called recompile. The tool also provides an RTP stream to its users. With Wireshark, the ability to play audio through the application is useful.

View full review »

You can use Wireshark to see the traffic packet format, the IP layers, the fields, and the enabled flags. If you fetch those packets into the TShark version, cybersecurity employees can manipulate and use that packet. Wireshark is powerful to monitor the traffic and check the flags.

View full review »

There are very handy filters available in Wireshark.

It’s free and doesn’t cost us anything to use.

The product is simple to implement.

It is a stable solution.

View full review »

I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.

View full review »

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

View full review »

Wireshark is very user-friendly; even someone with basic IT knowledge can use it. Wireshark has a large user interface and a good graphical user interface. Wireshark has all the features needed, such as sniffing the network, tracking packets, and sorting packets.

View full review »

I have found the most valuable feature you can design your sniffer the way you want to. As I said, by default it will have all the legacy features or legacy or advanced features. So apart from that in your device, if you have a particular feature that is enabled, then you can modify it by changing the source code. It provides you with the source code. It is an open source so you can get a source code, you just need to create a plugin or API and point it to that source and you compile it.

View full review »

What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.

View full review »

I've been using it for quite some time, and I find that it's very user-friendly. The interface is good. 

The options that are required to get the details for the packet drops are good. All the options are available for whatever is required. I can choose any of them and search easily, and I can also pull the report and publish it to the team or whoever requires it. 

It's easy to set up.

View full review »

Wireshark is a good tool to start with network analyzing and packet capturing. The solution provides good performance and stability.

View full review »

It's helping me to get to know about the packet data. I'm getting to know about the source destination IP, for example. That's quite useful to me. 

Overall, it's a great product. 

The initial setup is simple. 

It is stable. 

View full review »

I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.

The tool is also user-friendly.

View full review »

Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.

View full review »

Wireshark is a simple solution. 

View full review »

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

View full review »

The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.

View full review »

Wireshark's best features are that it lets us see what traffic is in the network and what data should be encrypted.

View full review »

The ability to decrypt traffic and the abundance of filters available are both valuable features.

View full review »

I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.

The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data. 

View full review »

The most valuable feature is the traffic gate, which shows which IPs are getting more bandwidth or traffic.

View full review »

Wireshark provides many different functions which are very useful for my job. There are a lot of features, and I still haven't used everything yet. It's easy to troubleshoot issues because there's a large online community.

View full review »

The transmission and reception issues are valuable. For example, while debugging through food issues, we can draw the graph of the data captured in the solution and see how the throughput is moving.

View full review »

The solution is open-source. 

It does have SolarWinds in it or is involved in SolarWinds in some way.

The search filtering is very good. 

It has good basic features. 

There's a lot of information available online. Even if I am looking for something special, I can find details about that aspect. 

It is well structured.

The initial setup is very easy.

I find the product to be quite stable. 

We can scale the solution. 

View full review »

Being able to dissect email data and figure out what is inside email messages was the most valuable feature. Such a feature is pretty helpful for an ongoing forensic investigation or when there is a potential insider threat that you are trying to investigate. It allows you to see the network activity of the users you are investigating. It also gives you more visibility into your network.

It was very easy to set up. There is a lot of information out there on Google and YouTube about how to use it. There is also community support. If you have any trouble, it is pretty easy to find an answer online. You will have to do some digging only if you have a very specific use case.

View full review »

For simple protocol and packet capture, it is very easy to use.

It has a good syntax to put the commands in and get information out of.

View full review »

I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic. I remember one day when we had to find out what was causing one of the systems to crash. We used our system to look at the network as a whole and we found that the device actually gave us the ability to segment the network finding the problem is a faster way which allowed for a more accurate test of the network.

View full review »

I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.).

View full review »

Making different profiles to tune the tool for the problems at hand, the graphing options, to customize the screen layout, etc.

Also, shines for wireless troubleshooting, but most hardware does not give full insight in WiFi communication (beacon frames, etc.).

View full review »

The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting.

View full review »

Packet analysis and filtering. Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files without opening them so that you can take large captures, say 2-10GB, and return only relevant information.

View full review »

Some valuable features of Wireshark are deep packet inspections based on the capturing process with it's sniffing capabilities.

View full review »

The packet details pane. View full review »

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem' View full review »

The best thing about Wireshark is the community/ecosystem. Answers are easy to find in either the documentation or on the wiki. Packet analysis is not for the weak at heart, but Wireshark makes it as painless as possible with profiles, extensive decodes (dissectors), expert system and filtering capability. I use it everyday.Best features to get started with: Network Monitoring with Statistics>Endpoints - Who is talking? Network Monitoring with Statistics>Conversations - Who is talking to who? Application Monitoring with Statistics>Service Response Time - How fast did they get an Application layer response? Visualization with Statistics>IO Graph - Can I see it all in a pretty picture? View full review »

It is free, easy to use, getting better with every release. View full review »

This is the de-facto standard network protocol analysis tool. It's designed for network experts who need to do deep network packet analysis. Contains powerful filters and conversation views help to target relevant data. Open-source, multi-platform, and best of all, free. View full review »

- The best network analyzer tool out there in the market. - Being open source makes it highly sought after for both network admins and developers alike. - Supported on all major platforms like Windows, Linux and Macintosh. - You can easily analyze each and every packet captured from the network based on protocol types like TCP, IP, UDP, etc. - Captured packet list can be very easily exported to files. - Can be customized to suit your needs. - Very user friendly layout. - Supports filter creation for narrowing down packet selection. View full review »

Free and open source packet analyzer, which is extremely powerful and customizable.Captures real time data from a variety of network interfaces and types, and also displays data from previously captured files.Over 850 protocols are supported, including common protocols like IP and DHCP and also advanced protocols, like AppleTalk and IPX.The tool is compatible with all major operating system platforms including Windows, MAC, and Linux.GUI layout is user friendly and straightforward, which provides protocol-based color coding and comprehensive graphical representation of raw data. View full review »

Wireshark is an open source development product so it doesn't cost anything and anyone can use it. It is easy to install and there is community support for different OS platforms. Wireshark is a great tool to help network engineers identify network problems like broadcasting, injection, poisoning, etc. You can see your network traffic protocol base on a GUI screen. It’s a real time monitoring tool for your network and is therefore very helpful for a network engineer when trying to identify a PC on a network that is causing a problem. You are able to capture network traffic and export it into different formats, and the same opposite import facility is also there. View full review »

• This software analyzes network packets in detail and displays a detailed view of the network packets, highlighting any malware and suspicious software • Users (network administrators) can easily identify and troubleshoot any network problems that are visible in the packet data • It works with a large number of protocols • The network packet analysis report is saved in multiple formats including XML, PS, TXT & CSV. • Network packets can be captured from various media types • When combined with GeoIP, you have the edge to capture traffic on a country basis • Open source tool that can be customized to user preferences • Protocol based color coding enabled • User-friendly layout • Supported with GUI interface View full review »

The biggest pro I can think of is that this excellent software is open source, meaning it's developed from a community driven perspective i.e. users have a voice and can develop and add features as they see fit.It supports a wide variety of platforms, has a GUI and CLI interface, and supports the a pcap variation on every one of its platforms.It's filter creation tool is top notch, letting you specify what traffic you want to see and how many packets you want to see.You can actually export packets to text files for later review if need be as well. View full review »

Pros of Wireshark are 1) Open Source 2) Support on Windows, Linux, MAC, Solaris 3) Presence of both command shell and graphical user interface 4) Port Mirroring 5) Inbuilt support for WinPcap, libPcap 6) Filter creation for better packet capture techniques View full review »

Wireshark is an open-source network protocol used to monitor and analyze packets in a network.Wireshark analyzes networks, captures traffic and decrypts information passed through the communication channels into a form that is readable and can thus be used to learn how network protocols work.Wireshark also captures traffic that can help in troubleshooting network problems and it is free. View full review »

The best part about Wireshark, in my opinion, is its ability to analyze packet capture files. It lists out various protocols like TCP, UDP, or SCTP, along with source and destination codes. This feature is truly amazing.

View full review »

The session-level filtering features are valuable. Life would be tough without Wireshark.

View full review »

The solution is easy to install and use. 

View full review »

The most valuable feature of Wireshark is the ability to choose a destination of flow that has not been working as expected, it looks for a label, and we put the label within.

View full review »

The features I find most effective in Wireshark include the current speed monitoring, data flow inspection, PPPoE clients, and inspecting our advanced switches and routers. 

Packet capturing capabilities are what I'm currently using the most.

View full review »