Wireshark Reviews

I use Wireshark to analyze packets, especially network packets.

Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.

Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.

I've been using Wireshark for over twelve years.

Wireshark is stable. When it changed its UI from a legacy one to the acute, there were some crashes, but that was a while ago, and now it's pretty much stable.

Wireshark provides some macro functions and a custom parse protocol for the new protocols, so it's quite scalable.

As it's open-source, Wireshark's customer service isn't as sophisticated as private products. Developers are welcome to contribute their help, but if no one is interested in your particular issue, there's likely no mode to come up with a solution. 

The initial setup was straightforward and only took a couple of minutes to complete.

We use the free, open-source version of Wireshark.

The most important thing for new users of Wireshark is to get used to the filtering functions because all the filters are based on command input, so the ability to organize the right filter is essential. I would rate Wireshark eight out of ten.

I use Wireshark because it's an important tool for us as network engineers to find out the issue, whether it's network-related or application-related. Wireshark is a good tool for deep-dive analysis.

The feature to incorporate Voice over IP (VoIP) incidents into network traffic analysis is valuable. Capturing voice or SIP communication allows for examination of interactions between SIP clients and SIP servers. 

This helps the team investigate or analyze issues related to call center servers and operators. It's a tool for communication server functionality. These tools help the team achieve its objective of improving services by detecting issues.

You need some basic knowledge to work with Wireshark. Maybe it could be more user-friendly just for new users. Just for the new generation.

I use it every week. It is an important tool for our everyday operations.

I used Wireshark before the name change when it was Ethereal. That was the former name. Since around 2005 or 2006, I first used Ethereal, and then I got used to the name change to Wireshark.

Wireshark is fine. So far, I haven't encountered any bugs or issues. I would rate the stability a nine out of ten. 

I would rate the scalability a nine out of ten. It is fine for me. In our team, we have around five end users using this solution.

I've never contacted or needed any support from Wireshark. Everything I needed, I found in the documentation or on the web. There's a great community.

The initial setup is pretty simple and easy. Just download and install it. In some cases, admin privileges are required due to processes or features related to network systems. 

I've noticed that in some systems, you need admin privileges to use Wireshark. It's not an issue with Wireshark but a basic requirement for some systems.

Wireshark is open source and gives great value and functionality to the network investigation.

I've never checked or compared alternatives to Wireshark because this is the only thing I know. For me, there's no alternative to Wireshark. 

Wireshark is a foundation that many appliances today use the principle or functionality in their own product to provide the same objective. 

Wireshark is a premier tool in packet capture. I've never seen any alternative to Wireshark. Everybody in my environment knows Wireshark.

The GUI is okay. It's easy to use, but you still need some basic skills in ICT and IT networking and essential knowledge to interpret, as you should know some OSI layers, TCP/IP models, and have some basic knowledge in order to use Wireshark.

Overall, I would rate the solution a nine out of ten. 

On-premises

I have been using Wireshark for the packet tracing, and it has helped me to find out whatever site, et cetera. It is useful, basically capturing packets of data on the network.

It helps us to identify the source the packet is originating from and it also helps us to know about the return time of the packet from when the packet is going from our computer to when it reaches the destination IP address. It helps diagnose internet connectivity problems and also helps us to know what the website data consists of and how much data is in the website.

And it also helps us to know about the various protocols which are being utilized when we are connecting to the internet. We also get to know what bites, et cetera, are present in our data or if there is any malicious packet that is not supposed to come in. Based on it, we can configure our firewall. 

It's helping me to get to know about the packet data. I'm getting to know about the source destination IP, for example. That's quite useful to me. 

Overall, it's a great product. 

The initial setup is simple. 

It is stable. 

Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually. 

Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.

I've been using the solution for four months.

It's quite stable. I don't have any issues with Wireshark while running it. There are no bugs or glitches. It doesn't crash or freeze. 

Scalability is good. I can capture as few or as many packets as I want. There's no issue at all. 

That said, I haven't worked on it professionally, so I cannot comment much on that right now from an organizational perspective.

I've never called technical support. I can't speak to how helpful or responsive they are. 

I did not use another similar product before. 

The implementation process is not complex at all. You just have to click on the interface, and your Wireshark starts capturing the packets. 

I'm not aware of the exact pricing. 

I'm an end-user. I'm using it at my college.

I would recommend Wireshark for various network diagnostic purposes.

I'd rate the solution nine out of ten.

I use Wireshark in my company for in-depth troubleshooting, especially when you need to look at individual packets.

The filter option provided by Wireshark is its most valuable feature. In Wireshark, you view packets based upon a set of rules that helps narrow down to find the packets you want to look at, making it probably the main feature of the product. Wireshark provides you with the ability to use an option called recompile.

Wireshark provides you with the ability to use an option called recompile. The tool also provides an RTP stream to its users. With Wireshark, the ability to play audio through the application is useful.

Wireshark could make the filtering rules easier to apply and offer a drag-and-drop option as opposed to type and text. The tool should also provide data prompts for some of the filters.

In the future, I want Wireshark to provide some visual representation of packet sizes, along with some graphical analysis tools.

I think you may have to download a separate interface driver when working with Wireshark, so I believe that the setup phase could be made simpler.

I have been using Wireshark for ten years.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a ten out of ten.

Around five people in my company use Wireshark.

Wireshark's initial setup phase is not bad.

The solution is deployed on a virtual machine.

I use Wireshark's free version.

I rate the overall tool an eight out of ten.

I work on WiFi and I am a customer engineer. We use Wireshark to analyze the sniffer captures or tcpdumps. That's the purpose of the solution.

There are very handy filters available in Wireshark.

It’s free and doesn’t cost us anything to use.

The product is simple to implement.

It is a stable solution.

In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI.

Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis.

I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.

It's been a pretty long time since I started using the product. It’s been more than five years.

Wireshark in general is good. It is stable. We have used it on Windows. We have used it on Linux. We have used it on MacBook and it works pretty well on every platform.

The solution is scalable in the sense you can add it to however many laptops you need to. It's not like you have 500 people using the same Wireshark or using a common license. It is installed on everyone's PC and whoever wants to use it can. We are using the free version. Therefore, getting more people to put it on their PCs also doesn’t cost the company more.

In our company, about 150 people, or many a few more, are using the solution.

We’ve never had the need to reach out to technical support.

I used Omnipeek. The UI was better than Wireshark. However, it is quite expensive.

If somebody pays for Omnipeek that heavy price, they also prefer to get a compatible adapter or a compatible card that works with Omnipeek.

In this company, people just use the solution. However, there wasn’t a discount moment when management suggested it to everyone.

The initial setup was pretty easy. It was straightforward. We didn’t find it to be difficult.

It only takes a few minutes to get everything up and running.

The solution is free to use. We do not have to pay any licensing fees.

I’m a customer and end-user.

The solution is installed on my PC.

Wireshark is a pretty good tool if somebody wants to learn packet analysis or just plain, simple debugging of network issues at an L2 or L3 level. It is quite good for anybody, even a beginner. Anybody can use this tool and the installation is simple. The default installation should work quite well.

I’d rate the solution eight out of ten. If they could make the UI a little better and help us to get some more crucial information easily while providing some options to enable certain parameters based on the protocol, I’d give it a ten out of ten.

Wireshark is a network analyzer used to capture traffic. It's used to analyze patterns in the network to check for any malicious traffic generated from devices or endpoints.

Wireshark is a good tool to start with network analyzing and packet capturing. The solution provides good performance and stability.

The solution’s user interface could be improved.

I have been using Wireshark since 2019.

Wireshark is a stable solution.

Wireshark is not a scalable solution. The tool's purpose is not to scale, and there is no use case to scale it.

The solution’s initial setup is straightforward.

I have deployed Wireshark on my laptop. You need to download the software from the web and then run it. It's free of charge, and there's no license involved. We need to enable the solution and run it to capture the traffic.

Wireshark is free of charge, and there's no license involved.

I would recommend the solution to other users. Wireshark is a good tool to start with network analyzing and packet capturing. You can use Wireshark for packet capturing to find the root cause of any issues in the network.

Overall, I rate the solution an eight out of ten.

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'

Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark. An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.

Wireshark continues to be updated and is still an alive application. Continue to explore this product.

My work includes a feature that allows me to download traffic between different points, whether internal, external, or general. I use Wireshark to analyze this traffic. I also use it mostly for threat hunting.

I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.

I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed. I find it to be a very useful tool beyond other traffic analysis tools.

I have been using Wireshark for more than five years now.

I have not faced any issues with stability.

Wireshark does everything I need.

I have never contacted their support team.

Positive

I was using Splunk about three months ago and tried to ingest some Wireshark captures.

I recommend Wireshark to other people.

I'd rate the solution eight out of ten.