We're using an internal Wi-Fi card in the laptop, so we configure that particular wireless interface into monitoring mode, configure the channel, and use Wireshark for that specific interface. We can capture the packets and activities on that channel, analyze the packets for poor connections, etc.
Lead Engineer at NXP Semiconductors
Scalable, stable, doesn't require installation, and allows you to capture packets at any time
Pros and Cons
- "What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark."
- "Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement. I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux."
What is our primary use case?
What is most valuable?
What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.
What needs improvement?
Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement.
I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux.
What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.
For how long have I used the solution?
I started using Wireshark six or seven years ago.
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
Wireshark is a stable product.
What do I think about the scalability of the solution?
Wireshark is a scalable product.
How are customer service and support?
I never needed to contact technical support for Wireshark.
Which solution did I use previously and why did I switch?
My company uses Wireshark and has not tried a different solution. The biggest factor on why it decided to use Wireshark is because it's open-source software that doesn't require installation and a license, so anyone can use it.
How was the initial setup?
Wireshark is pretty easy to set up. Its deployment doesn't take much time. It only takes ten to twenty minutes max to complete Wireshark deployment.
What's my experience with pricing, setup cost, and licensing?
Wireshark is an open-source product, so it's free to use.
What other advice do I have?
All people within my company use Wireshark, so that's two hundred users.
My advice to anyone looking into using Wireshark is that you should know how to configure the interface and the internal Wi-Fi card into monitoring mode, so you can capture via Wireshark. As Wireshark is a good tool, I'd recommend it to others, but you should have some knowledge of how to use it and how to configure it. Before implementing Wireshark, you need to know your objectives, working scenarios, what type of features you'd want to implement, and what changes you need to make.
I'd rate Wireshark eight out of ten because for you to configure and use it requires proper knowledge. It's straightforward to use if you have some knowledge of configuring it for monitoring.
I'm a customer of Wireshark.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
Easy to deploy, user-friendly, and stable
Pros and Cons
- "Wireshark is very user-friendly; even someone with basic IT knowledge can use it."
- "Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX."
What is our primary use case?
The primary purpose of Wireshark is to monitor network communications. For example, if we need to track our target in order to exploit it, or to understand our use cases, we can use Wireshark for both internal and external penetration testing. We can use Wireshark to capture communication from any IP, and if there is no encryption, we can also use it to retrieve client passwords. This is the main function of the solution.
What is most valuable?
Wireshark is very user-friendly; even someone with basic IT knowledge can use it. Wireshark has a large user interface and a good graphical user interface. Wireshark has all the features needed, such as sniffing the network, tracking packets, and sorting packets.
What needs improvement?
Previously, I have used Wireshark in some of the financial companies I have been involved with. For example, when I was employed at a bank, we used Wireshark. However, I have noticed that Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX. This means that Wireshark cannot be used to its full potential. Therefore, I think that Wireshark or the vendors should consider including features to penetrate firewalls and get the data, such as including any hash types.
I would like the ability to sniff user credentials, such as passwords, rather than clear text. Wireshark should be able to sniff basic encryption, such as 128 and 64-bit encryption, as other solutions do.
For how long have I used the solution?
I have been using the solution for over ten years.
What do I think about the stability of the solution?
Wireshark is a stable solution.
How are customer service and support?
I rarely need to contact technical support, as most issues can be resolved by looking at the Wireshark questions or FAQs. We can usually find solutions quickly.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is very easy. We can send an executable file, we can just run the solution. Wireshark can be installed on a standalone workstation or if we want to create a server, we can also do that. The deployment takes around 30 minutes.
What other advice do I have?
I give the solution a nine out of ten.
There is a purpose for using Wireshark. If we don't know the purpose or our agenda, then why are we using it? The solution would be useless for us in this case. If we are following an example and are a SOC person, we just need to sniff the communication and confirm that it is stable. However, if we are general IT people and do not know the purpose, then Wireshark would be useless.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
Software Engeener at Mbition
Adaptive, open-source tool for network-related developers
Pros and Cons
- "Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers."
- "Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek."
What is our primary use case?
I use Wireshark to analyze packets, especially network packets.
What is most valuable?
Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.
What needs improvement?
Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.
For how long have I used the solution?
I've been using Wireshark for over twelve years.
What do I think about the stability of the solution?
Wireshark is stable. When it changed its UI from a legacy one to the acute, there were some crashes, but that was a while ago, and now it's pretty much stable.
What do I think about the scalability of the solution?
Wireshark provides some macro functions and a custom parse protocol for the new protocols, so it's quite scalable.
How are customer service and support?
As it's open-source, Wireshark's customer service isn't as sophisticated as private products. Developers are welcome to contribute their help, but if no one is interested in your particular issue, there's likely no mode to come up with a solution.
How was the initial setup?
The initial setup was straightforward and only took a couple of minutes to complete.
What's my experience with pricing, setup cost, and licensing?
We use the free, open-source version of Wireshark.
What other advice do I have?
The most important thing for new users of Wireshark is to get used to the filtering functions because all the filters are based on command input, so the ability to organize the right filter is essential. I would rate Wireshark eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Student at a university with 1,001-5,000 employees
Good for diagnostics and working with packet data and easy to set up
Pros and Cons
- "The initial setup is simple."
- "Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually."
What is our primary use case?
I have been using Wireshark for the packet tracing, and it has helped me to find out whatever site, et cetera. It is useful, basically capturing packets of data on the network.
It helps us to identify the source the packet is originating from and it also helps us to know about the return time of the packet from when the packet is going from our computer to when it reaches the destination IP address. It helps diagnose internet connectivity problems and also helps us to know what the website data consists of and how much data is in the website.
And it also helps us to know about the various protocols which are being utilized when we are connecting to the internet. We also get to know what bites, et cetera, are present in our data or if there is any malicious packet that is not supposed to come in. Based on it, we can configure our firewall.
What is most valuable?
It's helping me to get to know about the packet data. I'm getting to know about the source destination IP, for example. That's quite useful to me.
Overall, it's a great product.
The initial setup is simple.
It is stable.
What needs improvement?
Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually.
Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.
For how long have I used the solution?
I've been using the solution for four months.
What do I think about the stability of the solution?
It's quite stable. I don't have any issues with Wireshark while running it. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
Scalability is good. I can capture as few or as many packets as I want. There's no issue at all.
That said, I haven't worked on it professionally, so I cannot comment much on that right now from an organizational perspective.
How are customer service and support?
I've never called technical support. I can't speak to how helpful or responsive they are.
Which solution did I use previously and why did I switch?
I did not use another similar product before.
How was the initial setup?
The implementation process is not complex at all. You just have to click on the interface, and your Wireshark starts capturing the packets.
What's my experience with pricing, setup cost, and licensing?
I'm not aware of the exact pricing.
What other advice do I have?
I'm an end-user. I'm using it at my college.
I would recommend Wireshark for various network diagnostic purposes.
I'd rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Lead Engineer at a wireless company with 10,001+ employees
Free to use, simple to implement, and reliable
Pros and Cons
- "The product is simple to implement."
- "This product needs to improve the UI."
What is our primary use case?
I work on WiFi and I am a customer engineer. We use Wireshark to analyze the sniffer captures or tcpdumps. That's the purpose of the solution.
What is most valuable?
There are very handy filters available in Wireshark.
It’s free and doesn’t cost us anything to use.
The product is simple to implement.
It is a stable solution.
What needs improvement?
In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI.
Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis.
I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.
For how long have I used the solution?
It's been a pretty long time since I started using the product. It’s been more than five years.
What do I think about the stability of the solution?
Wireshark in general is good. It is stable. We have used it on Windows. We have used it on Linux. We have used it on MacBook and it works pretty well on every platform.
What do I think about the scalability of the solution?
The solution is scalable in the sense you can add it to however many laptops you need to. It's not like you have 500 people using the same Wireshark or using a common license. It is installed on everyone's PC and whoever wants to use it can. We are using the free version. Therefore, getting more people to put it on their PCs also doesn’t cost the company more.
In our company, about 150 people, or many a few more, are using the solution.
How are customer service and support?
We’ve never had the need to reach out to technical support.
Which solution did I use previously and why did I switch?
I used Omnipeek. The UI was better than Wireshark. However, it is quite expensive.
If somebody pays for Omnipeek that heavy price, they also prefer to get a compatible adapter or a compatible card that works with Omnipeek.
In this company, people just use the solution. However, there wasn’t a discount moment when management suggested it to everyone.
How was the initial setup?
The initial setup was pretty easy. It was straightforward. We didn’t find it to be difficult.
It only takes a few minutes to get everything up and running.
What's my experience with pricing, setup cost, and licensing?
The solution is free to use. We do not have to pay any licensing fees.
What other advice do I have?
I’m a customer and end-user.
The solution is installed on my PC.
Wireshark is a pretty good tool if somebody wants to learn packet analysis or just plain, simple debugging of network issues at an L2 or L3 level. It is quite good for anybody, even a beginner. Anybody can use this tool and the installation is simple. The default installation should work quite well.
I’d rate the solution eight out of ten. If they could make the UI a little better and help us to get some more crucial information easily while providing some options to enable certain parameters based on the protocol, I’d give it a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Junior Executive - Information Security at sunshine holdings
Used to analyze patterns in the network and check for any malicious traffic generated from devices
Pros and Cons
- "Wireshark is a good tool to start with network analyzing and packet capturing."
- "The solution’s user interface could be improved."
What is our primary use case?
Wireshark is a network analyzer used to capture traffic. It's used to analyze patterns in the network to check for any malicious traffic generated from devices or endpoints.
What is most valuable?
Wireshark is a good tool to start with network analyzing and packet capturing. The solution provides good performance and stability.
What needs improvement?
The solution’s user interface could be improved.
For how long have I used the solution?
I have been using Wireshark since 2019.
What do I think about the stability of the solution?
Wireshark is a stable solution.
What do I think about the scalability of the solution?
Wireshark is not a scalable solution. The tool's purpose is not to scale, and there is no use case to scale it.
How was the initial setup?
The solution’s initial setup is straightforward.
What about the implementation team?
I have deployed Wireshark on my laptop. You need to download the software from the web and then run it. It's free of charge, and there's no license involved. We need to enable the solution and run it to capture the traffic.
What's my experience with pricing, setup cost, and licensing?
Wireshark is free of charge, and there's no license involved.
What other advice do I have?
I would recommend the solution to other users. Wireshark is a good tool to start with network analyzing and packet capturing. You can use Wireshark for packet capturing to find the root cause of any issues in the network.
Overall, I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 23, 2024
Flag as inappropriateSystems Engineer at LifePoint Health
Best general purpose tool for trouble shooting anything on the network.
Valuable Features:
-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time.
- Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'
Room for Improvement:
Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark.
An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.
Other Advice:
Wireshark continues to be updated and is still an alive application. Continue to explore this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cybersecurity Operations Lead at a tech services company with 51-200 employees
Traffic analysis and threat hunting with very good essential features
Pros and Cons
- "It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere."
- "I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed."
What is our primary use case?
My work includes a feature that allows me to download traffic between different points, whether internal, external, or general. I use Wireshark to analyze this traffic. I also use it mostly for threat hunting.
What is most valuable?
I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.
What needs improvement?
I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed. I find it to be a very useful tool beyond other traffic analysis tools.
For how long have I used the solution?
I have been using Wireshark for more than five years now.
What do I think about the stability of the solution?
I have not faced any issues with stability.
What do I think about the scalability of the solution?
Wireshark does everything I need.
How are customer service and support?
I have never contacted their support team.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I was using Splunk about three months ago and tried to ingest some Wireshark captures.
What other advice do I have?
I recommend Wireshark to other people.
I'd rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 30, 2024
Flag as inappropriateBuyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Network TroubleshootingPopular Comparisons
Auvik Network Management (ANM)
AirMagnet Survey
DX Spectrum
NetAlly EtherScope nXG
AirCheck G3
Observer GigaStor
LinkSprinter
Broadcom Network Flow Analysis
ManageEngine NetFlow Analyzer
Colasoft Capsa
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Would you recommend implementing Wireshark for network troubleshooting?
- Cisco Catalyst Switch 3560 is not working - looking for advice
- When evaluating Network Troubleshooting, what aspect do you think is the most important to look for?
- How has the Facebook outage (October 2021) happened? Could it have been prevented?
- Why is Network Troubleshooting important for companies?
Wireshark excels in the number of protocols that it supports, over 850. Also, the Wireshark interface is one of the easiest to understand of any packet sniffing application. I would like to mention that it is free, so it's pricing can't be beat. Wireshark supports all major modern operating systems, including Windows, Mac OS and Linux-based platforms.