Try our new research platform with insights from 80,000+ expert users
Lead Engineer at NXP Semiconductors
Real User
Top 20
Scalable, stable, doesn't require installation, and allows you to capture packets at any time
Pros and Cons
  • "What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark."
  • "Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement. I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux."

What is our primary use case?

We're using an internal Wi-Fi card in the laptop, so we configure that particular wireless interface into monitoring mode, configure the channel, and use Wireshark for that specific interface. We can capture the packets and activities on that channel, analyze the packets for poor connections, etc.

What is most valuable?

What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.

What needs improvement?

Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement.

I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux.

What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.

For how long have I used the solution?

I started using Wireshark six or seven years ago.

Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

Wireshark is a stable product.

What do I think about the scalability of the solution?

Wireshark is a scalable product.

How are customer service and support?

I never needed to contact technical support for Wireshark.

Which solution did I use previously and why did I switch?

My company uses Wireshark and has not tried a different solution. The biggest factor on why it decided to use Wireshark is because it's open-source software that doesn't require installation and a license, so anyone can use it.

How was the initial setup?

Wireshark is pretty easy to set up. Its deployment doesn't take much time. It only takes ten to twenty minutes max to complete Wireshark deployment.

What's my experience with pricing, setup cost, and licensing?

Wireshark is an open-source product, so it's free to use.

What other advice do I have?

All people within my company use Wireshark, so that's two hundred users.

My advice to anyone looking into using Wireshark is that you should know how to configure the interface and the internal Wi-Fi card into monitoring mode, so you can capture via Wireshark. As Wireshark is a good tool, I'd recommend it to others, but you should have some knowledge of how to use it and how to configure it. Before implementing Wireshark, you need to know your objectives, working scenarios, what type of features you'd want to implement, and what changes you need to make.

I'd rate Wireshark eight out of ten because for you to configure and use it requires proper knowledge. It's straightforward to use if you have some knowledge of configuring it for monitoring.

I'm a customer of Wireshark.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AdeelAgha - PeerSpot reviewer
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
Real User
Top 5Leaderboard
Easy to deploy, user-friendly, and stable
Pros and Cons
  • "Wireshark is very user-friendly; even someone with basic IT knowledge can use it."
  • "Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX."

What is our primary use case?

The primary purpose of Wireshark is to monitor network communications. For example, if we need to track our target in order to exploit it, or to understand our use cases, we can use Wireshark for both internal and external penetration testing. We can use Wireshark to capture communication from any IP, and if there is no encryption, we can also use it to retrieve client passwords. This is the main function of the solution.

What is most valuable?

Wireshark is very user-friendly; even someone with basic IT knowledge can use it. Wireshark has a large user interface and a good graphical user interface. Wireshark has all the features needed, such as sniffing the network, tracking packets, and sorting packets.

What needs improvement?

Previously, I have used Wireshark in some of the financial companies I have been involved with. For example, when I was employed at a bank, we used Wireshark. However, I have noticed that Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX. This means that Wireshark cannot be used to its full potential. Therefore, I think that Wireshark or the vendors should consider including features to penetrate firewalls and get the data, such as including any hash types.

I would like the ability to sniff user credentials, such as passwords, rather than clear text. Wireshark should be able to sniff basic encryption, such as 128 and 64-bit encryption, as other solutions do.

For how long have I used the solution?

I have been using the solution for over ten years.

What do I think about the stability of the solution?

Wireshark is a stable solution.

How are customer service and support?

I rarely need to contact technical support, as most issues can be resolved by looking at the Wireshark questions or FAQs. We can usually find solutions quickly.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is very easy. We can send an executable file, we can just run the solution. Wireshark can be installed on a standalone workstation or if we want to create a server, we can also do that. The deployment takes around 30 minutes.

What other advice do I have?

I give the solution a nine out of ten.

There is a purpose for using Wireshark. If we don't know the purpose or our agenda, then why are we using it? The solution would be useless for us in this case. If we are following an example and are a SOC person, we just need to sniff the communication and confirm that it is stable. However, if we are general IT people and do not know the purpose, then Wireshark would be useless.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Siwon Kang - PeerSpot reviewer
Software Engeener at Mbition
Real User
Adaptive, open-source tool for network-related developers
Pros and Cons
  • "Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers."
  • "Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek."

What is our primary use case?

I use Wireshark to analyze packets, especially network packets.

What is most valuable?

Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers, as when the new protocol comes up, it's rapidly applied to the system, so I can just look into the packet. For example, I'm working in the automotive industry, and Wireshark supports some IP protocols, which not many tools do.

What needs improvement?

Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.

For how long have I used the solution?

I've been using Wireshark for over twelve years.

What do I think about the stability of the solution?

Wireshark is stable. When it changed its UI from a legacy one to the acute, there were some crashes, but that was a while ago, and now it's pretty much stable.

What do I think about the scalability of the solution?

Wireshark provides some macro functions and a custom parse protocol for the new protocols, so it's quite scalable.

How are customer service and support?

As it's open-source, Wireshark's customer service isn't as sophisticated as private products. Developers are welcome to contribute their help, but if no one is interested in your particular issue, there's likely no mode to come up with a solution. 

How was the initial setup?

The initial setup was straightforward and only took a couple of minutes to complete.

What's my experience with pricing, setup cost, and licensing?

We use the free, open-source version of Wireshark.

What other advice do I have?

The most important thing for new users of Wireshark is to get used to the filtering functions because all the filters are based on command input, so the ability to organize the right filter is essential. I would rate Wireshark eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology
Real User
Useful, allows you to deeply understand what's going on at the packet level, and helps you analyze adverse signatures
Pros and Cons
  • "I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark. The tool is also user-friendly."
  • "A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load. At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version."

What is our primary use case?

We use Wireshark to check the network traffic, and if there's any network problem or issue, we can check it through the tool. We also use Wireshark during analysis, to check if there's any network connectivity or attempts from the malware to communicate with the C&C server. We use the tool for further analysis and investigation.

What is most valuable?

I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.

The tool is also user-friendly.

What needs improvement?

A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load.

At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.

For how long have I used the solution?

I've been using Wireshark for a long time, so I can't remember the exact number of years I've been using it.

What do I think about the stability of the solution?

Wireshark is a stable tool. I didn't see any issues with its stability.

What do I think about the scalability of the solution?

Wireshark is a scalable tool.

How are customer service and support?

We never raised an issue or ticket with the Wireshark technical support team.

How was the initial setup?

The setup process for Wireshark was very simple.

What's my experience with pricing, setup cost, and licensing?

We're using the free version of Wireshark.

Which other solutions did I evaluate?

We didn't try to use other solutions apart from Wireshark.

What other advice do I have?

Two hundred people use Wireshark within the company.

My rating for Wireshark is a nine out of ten because I like it and I use it so much.

I'm only a user of Wireshark.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Student at a university with 1,001-5,000 employees
Real User
Top 20
Good for diagnostics and working with packet data and easy to set up
Pros and Cons
  • "The initial setup is simple."
  • "Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually."

What is our primary use case?

I have been using Wireshark for the packet tracing, and it has helped me to find out whatever site, et cetera. It is useful, basically capturing packets of data on the network.

It helps us to identify the source the packet is originating from and it also helps us to know about the return time of the packet from when the packet is going from our computer to when it reaches the destination IP address. It helps diagnose internet connectivity problems and also helps us to know what the website data consists of and how much data is in the website.

And it also helps us to know about the various protocols which are being utilized when we are connecting to the internet. We also get to know what bites, et cetera, are present in our data or if there is any malicious packet that is not supposed to come in. Based on it, we can configure our firewall. 

What is most valuable?

It's helping me to get to know about the packet data. I'm getting to know about the source destination IP, for example. That's quite useful to me. 

Overall, it's a great product. 

The initial setup is simple. 

It is stable. 

What needs improvement?

Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually. 

Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.

For how long have I used the solution?

I've been using the solution for four months.

What do I think about the stability of the solution?

It's quite stable. I don't have any issues with Wireshark while running it. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

Scalability is good. I can capture as few or as many packets as I want. There's no issue at all. 

That said, I haven't worked on it professionally, so I cannot comment much on that right now from an organizational perspective.

How are customer service and support?

I've never called technical support. I can't speak to how helpful or responsive they are. 

Which solution did I use previously and why did I switch?

I did not use another similar product before. 

How was the initial setup?

The implementation process is not complex at all. You just have to click on the interface, and your Wireshark starts capturing the packets. 

What's my experience with pricing, setup cost, and licensing?

I'm not aware of the exact pricing. 

What other advice do I have?

I'm an end-user. I'm using it at my college.

I would recommend Wireshark for various network diagnostic purposes.

I'd rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
DeepakKumar - PeerSpot reviewer
Senior Lead Engineer at a wireless company with 10,001+ employees
Real User
Free to use, simple to implement, and reliable
Pros and Cons
  • "The product is simple to implement."
  • "This product needs to improve the UI."

What is our primary use case?

I work on WiFi and I am a customer engineer. We use Wireshark to analyze the sniffer captures or tcpdumps. That's the purpose of the solution.

What is most valuable?

There are very handy filters available in Wireshark.

It’s free and doesn’t cost us anything to use.

The product is simple to implement.

It is a stable solution.

What needs improvement?

In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI.

Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis.

I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.

For how long have I used the solution?

It's been a pretty long time since I started using the product. It’s been more than five years.

What do I think about the stability of the solution?

Wireshark in general is good. It is stable. We have used it on Windows. We have used it on Linux. We have used it on MacBook and it works pretty well on every platform.

What do I think about the scalability of the solution?

The solution is scalable in the sense you can add it to however many laptops you need to. It's not like you have 500 people using the same Wireshark or using a common license. It is installed on everyone's PC and whoever wants to use it can. We are using the free version. Therefore, getting more people to put it on their PCs also doesn’t cost the company more.

In our company, about 150 people, or many a few more, are using the solution.

How are customer service and support?

We’ve never had the need to reach out to technical support.

Which solution did I use previously and why did I switch?

I used Omnipeek. The UI was better than Wireshark. However, it is quite expensive.

If somebody pays for Omnipeek that heavy price, they also prefer to get a compatible adapter or a compatible card that works with Omnipeek.

In this company, people just use the solution. However, there wasn’t a discount moment when management suggested it to everyone.

How was the initial setup?

The initial setup was pretty easy. It was straightforward. We didn’t find it to be difficult.

It only takes a few minutes to get everything up and running.

What's my experience with pricing, setup cost, and licensing?

The solution is free to use. We do not have to pay any licensing fees.

What other advice do I have?

I’m a customer and end-user.

The solution is installed on my PC.

Wireshark is a pretty good tool if somebody wants to learn packet analysis or just plain, simple debugging of network issues at an L2 or L3 level. It is quite good for anybody, even a beginner. Anybody can use this tool and the installation is simple. The default installation should work quite well.

I’d rate the solution eight out of ten. If they could make the UI a little better and help us to get some more crucial information easily while providing some options to enable certain parameters based on the protocol, I’d give it a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Aqeel Junaid - PeerSpot reviewer
Junior Executive - Information Security at sunshine holdings
Real User
Top 5Leaderboard
Used to analyze patterns in the network and check for any malicious traffic generated from devices
Pros and Cons
  • "Wireshark is a good tool to start with network analyzing and packet capturing."
  • "The solution’s user interface could be improved."

What is our primary use case?

Wireshark is a network analyzer used to capture traffic. It's used to analyze patterns in the network to check for any malicious traffic generated from devices or endpoints.

What is most valuable?

Wireshark is a good tool to start with network analyzing and packet capturing. The solution provides good performance and stability.

What needs improvement?

The solution’s user interface could be improved.

For how long have I used the solution?

I have been using Wireshark since 2019.

What do I think about the stability of the solution?

Wireshark is a stable solution.

What do I think about the scalability of the solution?

Wireshark is not a scalable solution. The tool's purpose is not to scale, and there is no use case to scale it.

How was the initial setup?

The solution’s initial setup is straightforward.

What about the implementation team?

I have deployed Wireshark on my laptop. You need to download the software from the web and then run it. It's free of charge, and there's no license involved. We need to enable the solution and run it to capture the traffic.

What's my experience with pricing, setup cost, and licensing?

Wireshark is free of charge, and there's no license involved.

What other advice do I have?

I would recommend the solution to other users. Wireshark is a good tool to start with network analyzing and packet capturing. You can use Wireshark for packet capturing to find the root cause of any issues in the network.

Overall, I rate the solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Henry-Steinhauer - PeerSpot reviewer
Systems Engineer at LifePoint Health
Real User
Best general purpose tool for trouble shooting anything on the network.

Valuable Features:

-One of the best products that can provide the details of what is happening with an application and the full life cycle of the response time. - Using Multiple trace files can allow you to create really big trace samples. Thus not a problem to let it run for awhile to gather that hard to catch 'problem'

Room for Improvement:

Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark. An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.

Other Advice:

Wireshark continues to be updated and is still an alive application. Continue to explore this product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user4401 - PeerSpot reviewer
it_user4401Developer at a transportation company with 1,001-5,000 employees
Vendor

Wireshark excels in the number of protocols that it supports, over 850. Also, the Wireshark interface is one of the easiest to understand of any packet sniffing application. I would like to mention that it is free, so it's pricing can't be beat. Wireshark supports all major modern operating systems, including Windows, Mac OS and Linux-based platforms.

Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Product Categories
Network Troubleshooting
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.