Wireshark Reviews

I have been using Wireshark for the packet tracing, and it has helped me to find out whatever site, et cetera. It is useful, basically capturing packets of data on the network.

It helps us to identify the source the packet is originating from and it also helps us to know about the return time of the packet from when the packet is going from our computer to when it reaches the destination IP address. It helps diagnose internet connectivity problems and also helps us to know what the website data consists of and how much data is in the website.

And it also helps us to know about the various protocols which are being utilized when we are connecting to the internet. We also get to know what bites, et cetera, are present in our data or if there is any malicious packet that is not supposed to come in. Based on it, we can configure our firewall. 

It's helping me to get to know about the packet data. I'm getting to know about the source destination IP, for example. That's quite useful to me. 

Overall, it's a great product. 

The initial setup is simple. 

It is stable. 

Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually. 

Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.

I've been using the solution for four months.

It's quite stable. I don't have any issues with Wireshark while running it. There are no bugs or glitches. It doesn't crash or freeze. 

Scalability is good. I can capture as few or as many packets as I want. There's no issue at all. 

That said, I haven't worked on it professionally, so I cannot comment much on that right now from an organizational perspective.

I've never called technical support. I can't speak to how helpful or responsive they are. 

I did not use another similar product before. 

The implementation process is not complex at all. You just have to click on the interface, and your Wireshark starts capturing the packets. 

I'm not aware of the exact pricing. 

I'm an end-user. I'm using it at my college.

I would recommend Wireshark for various network diagnostic purposes.

I'd rate the solution nine out of ten.

My work includes a feature that allows me to download traffic between different points, whether internal, external, or general. I use Wireshark to analyze this traffic. I also use it mostly for threat hunting.

I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.

I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed. I find it to be a very useful tool beyond other traffic analysis tools.

I have been using Wireshark for more than five years now.

I have not faced any issues with stability.

Wireshark does everything I need.

I have never contacted their support team.

Positive

I was using Splunk about three months ago and tried to ingest some Wireshark captures.

I recommend Wireshark to other people.

I'd rate the solution eight out of ten.

I use Wireshark in my company for in-depth troubleshooting, especially when you need to look at individual packets.

The filter option provided by Wireshark is its most valuable feature. In Wireshark, you view packets based upon a set of rules that helps narrow down to find the packets you want to look at, making it probably the main feature of the product. Wireshark provides you with the ability to use an option called recompile.

Wireshark provides you with the ability to use an option called recompile. The tool also provides an RTP stream to its users. With Wireshark, the ability to play audio through the application is useful.

Wireshark could make the filtering rules easier to apply and offer a drag-and-drop option as opposed to type and text. The tool should also provide data prompts for some of the filters.

In the future, I want Wireshark to provide some visual representation of packet sizes, along with some graphical analysis tools.

I think you may have to download a separate interface driver when working with Wireshark, so I believe that the setup phase could be made simpler.

I have been using Wireshark for ten years.

Stability-wise, I rate the solution an eight out of ten.

Scalability-wise, I rate the solution a ten out of ten.

Around five people in my company use Wireshark.

Wireshark's initial setup phase is not bad.

The solution is deployed on a virtual machine.

I use Wireshark's free version.

I rate the overall tool an eight out of ten.

When we can see in the customer environment that traffic is getting blocked; suppose we have a VPN channel, and when the VPN channel is up but the traffic is not running through it, we use Wireshark to recapture the channel. We check whether the PPP handshake is ongoing or not. The acknowledgment team posts this packet, and after that, the PPP handshake is ongoing or not. 

So these are the things that we check by filtering out the things and based upon that, we get support. Because in five to six seconds, there are more than a thousand packets. So we have to filter out and check on which speed it is getting dropped. For that reason, we are using Wireshark. I am using it just for troubleshooting purposes.

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

While Wireshark is useful, the GUI interface is less accurate, showing only limited information.

I have been using Wireshark for three years. 

It is a stable product. I would rate the stability a ten out of ten. Every engineer in our organization uses this solution in our company. So, more than 22 users are using this solution. 

I would rate the scalability a nine out of ten. There is always room for improvement. 

It is easy to scale Wireshark. The GUI is very user-friendly. They have multiple videos online and on YouTube. Going through these resources provides a better understanding of Wireshark, its functionality, and how things operate within it. Essentially, it aligns with what we can learn from fundamental books or authoritative works.  

What we have analyzed on a theoretical basis, like the TCP handshake, SSL handshake, wireless controller handshake, SMTP handshake, and whatever we read in the books, we can technically see it in Wireshark each and every packet. For SSL, we can see multiple streams getting transmitted: server, client hello, client-server hello, then the client where Client Pre-shared. The client ciphers also send the TLS, TLS certificate SSL certificate. Then in the server, we can see the SSL certificate and the Cypress suite, which they want to negotiate on, and then their pre-master secret key, which is generated, and then the session keys are getting generated. So these are all the things that we read in our books; we can see it packet-wise, each and everything. The acknowledgment comes from their end, from the client or the server side. So we can see it is very much easy to use in Wireshark.

Gain practical knowledge of what we comprehend. Analogous to the basic mathematical concept of two plus two, this is a protocol-oriented understanding, similar to the alphabet in language. However, in the realm of networking, Wireshark proves highly beneficial. You can put into practice what you read in books by actively examining and validating it yourself.

Every engineer will always try to make things easy for the customer. S 

Positive

The initial setup depends upon the basics. You need to have a clear understanding of the basics. When you have a clear understanding, there's nothing more difficult for us.

We have deployed it both on the cloud and on-premises. We usually install agents from Google. Everyone cannot use it. At least we need to have a basic understanding of theoretical concepts. Once the theoretical concept is clear, then you can use the packet capture. So it is easy to do packet captures. You need to just check videos on YouTube.

Overall, I would rate the solution a nine out of ten. Just focus on the basics. Once they are clear, you can handle and master any of the products in the secure network market, whether it's switches, routers, firewalls, VPNs, load balancers, or whatever it is. Just focus on the basics of what you want to pursue in your career.

Wireshark is a packet analysis tool. We check Wireshark when we don't know what's causing an issue.  The network packets never lie. Three people on my company's network team use Wireshark. 

It's an efficient solution for determining unexplained issues. It helps us rule out the network as the cause of an issue. When people don't know the reason for a problem, they always believe it's the network. Wireshark enables us to prove ourselves to the other teams. 

Wireshark is a simple solution. 

Wireshark doesn't have a dashboard. 

We have been using Wireshark for around 10 years.

Wireshark is stable. 

Wireshark is scalable.

Setting up Wireshark is easy and usually takes about 10 to 15 minutes. 

Wireshark is open source, but you can pay for support. 

I rate Wireshark seven out of 10. If you use the free version, you can't get technical support, but it's cost-effective. When you first use Wireshark, it can seem complex, but it's an effective solution once you get used to it. Packet analysis is complicated, but it's the best way to do the job once you understand the solution.

Wireshark is a tool for ARP scanning. I started using Wireshark back when I had a YouTube channel. It was mostly a security channel to show people how easily you can get hacked and how to hack. I was doing some research for my videos. I didn't know much about security, but I was interested in it, and Wireshark was one of the software solutions that kept popping up.

I watched some videos on how to use it and incorporated that into some of my videos. When I discovered something funny on my network a couple of years later, I decided to reinstall Wireshark to run some scans and found the culprit.

 It's all on-premises. Here in South Africa, a couple of companies have migrated to the cloud, but that's quite expensive for many of them. It's much easier and cheaper to buy a server and host everything locally. The only thing they keep in the cloud is email because on-premise email is just horrible. Most of my clients are on-premises. One or two has Azure or something like that.

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information. 

I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.

I rate Wireshark eight out of 10 for stability.

I probably won't be able to give good input on this, but I will give Wireshark eight out of 10 for scalability based on the limited time that I've used it.

I also use MikroTik. It's easy because I've been working with it for years, so it's hard for me to compare it with Wireshark, which I only learned to make my YouTube videos and used a couple of times in the past. 

I'd say Wireshark and Nmap are more advanced and in-depth than using MikroTik by itself, but I haven't encountered a problem I couldn't resolve without using Wireshark. The exception is when a client doesn't have MikroTik, and they use a plain router or something like that. Obviously, I would need to pull out the other tools. MikroTik does what I need it to do. 

Wireshark uses a simple "next, next, finish" installer. Any person who can read can install it.

I rate Wireshark eight out of 10. It has much more network functionality than MikroTik, but the downside is a person has to learn it to use it correctly. Maybe make it my New Year's resolution to watch a tutorial on how to use it and start using it more in the new year.

We're using an internal Wi-Fi card in the laptop, so we configure that particular wireless interface into monitoring mode, configure the channel, and use Wireshark for that specific interface. We can capture the packets and activities on that channel, analyze the packets for poor connections, etc.

What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.

Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement.

I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux.

What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.

I started using Wireshark six or seven years ago.

Wireshark is a stable product.

Wireshark is a scalable product.

I never needed to contact technical support for Wireshark.

My company uses Wireshark and has not tried a different solution. The biggest factor on why it decided to use Wireshark is because it's open-source software that doesn't require installation and a license, so anyone can use it.

Wireshark is pretty easy to set up. Its deployment doesn't take much time. It only takes ten to twenty minutes max to complete Wireshark deployment.

Wireshark is an open-source product, so it's free to use.

All people within my company use Wireshark, so that's two hundred users.

My advice to anyone looking into using Wireshark is that you should know how to configure the interface and the internal Wi-Fi card into monitoring mode, so you can capture via Wireshark. As Wireshark is a good tool, I'd recommend it to others, but you should have some knowledge of how to use it and how to configure it. Before implementing Wireshark, you need to know your objectives, working scenarios, what type of features you'd want to implement, and what changes you need to make.

I'd rate Wireshark eight out of ten because for you to configure and use it requires proper knowledge. It's straightforward to use if you have some knowledge of configuring it for monitoring.

I'm a customer of Wireshark.

I use Wireshark to analyze packets, especially network packets.

Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.

Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.

I've been using Wireshark for over twelve years.

Wireshark is stable. When it changed its UI from a legacy one to the acute, there were some crashes, but that was a while ago, and now it's pretty much stable.

Wireshark provides some macro functions and a custom parse protocol for the new protocols, so it's quite scalable.

As it's open-source, Wireshark's customer service isn't as sophisticated as private products. Developers are welcome to contribute their help, but if no one is interested in your particular issue, there's likely no mode to come up with a solution. 

The initial setup was straightforward and only took a couple of minutes to complete.

We use the free, open-source version of Wireshark.

The most important thing for new users of Wireshark is to get used to the filtering functions because all the filters are based on command input, so the ability to organize the right filter is essential. I would rate Wireshark eight out of ten.