Wireshark Reviews

My work includes a feature that allows me to download traffic between different points, whether internal, external, or general. I use Wireshark to analyze this traffic. I also use it mostly for threat hunting.

I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.

I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed. I find it to be a very useful tool beyond other traffic analysis tools.

I have been using Wireshark for more than five years now.

I have not faced any issues with stability.

Wireshark does everything I need.

I have never contacted their support team.

Positive

I was using Splunk about three months ago and tried to ingest some Wireshark captures.

I recommend Wireshark to other people.

I'd rate the solution eight out of ten.

We primarily use Wireshark for troubleshooting critical issues in our network, retrieving packet headers using packet capture, and for creating custom apps. There are six people on our team and we all use Wireshark on our devices. 

When we are stuck with an issue that requires deep packet inspection, we capture the traffic with Wireshark, which allows us to resolve it.  

The ability to decrypt traffic and the abundance of filters available are both valuable features.

The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly. 

I have been using this solution for six years.

I think Wireshark is the most stable product of its kind.

The solution is very scalable, you can capture traffic on any device regardless of your vendor. 

We have never needed to use customer service or technical support. Whenever we have an issue, a Google search provides us everything we need through community support including Wireshark tutorials.  

The setup of the product is very simple. It's freeware, just download the .exe, go through the installation and select the desired interface you want to capture traffic on. It's a simple and very straightforward process. 

Wireshark is free software, so you can download it and use it for free with no licensing fees.  

I would rate this solution a nine out of ten. Wireshark has been getting better and better in the time I've been using it and it is a very helpful tool. 

We use this solution for troubleshooting network issues.

The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.

We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.

We have been working with this solution for around three years.

This is a very stable product.

We have found this solution to be scalable across all operating systems.

The initial setup of this solution is very simple.

We are using a freeware version of this solution, so there are no licence costs involved.

We would rate this solution a nine out of ten.

When we can see in the customer environment that traffic is getting blocked; suppose we have a VPN channel, and when the VPN channel is up but the traffic is not running through it, we use Wireshark to recapture the channel. We check whether the PPP handshake is ongoing or not. The acknowledgment team posts this packet, and after that, the PPP handshake is ongoing or not. 

So these are the things that we check by filtering out the things and based upon that, we get support. Because in five to six seconds, there are more than a thousand packets. So we have to filter out and check on which speed it is getting dropped. For that reason, we are using Wireshark. I am using it just for troubleshooting purposes.

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

While Wireshark is useful, the GUI interface is less accurate, showing only limited information.

I have been using Wireshark for three years. 

It is a stable product. I would rate the stability a ten out of ten. Every engineer in our organization uses this solution in our company. So, more than 22 users are using this solution. 

I would rate the scalability a nine out of ten. There is always room for improvement. 

It is easy to scale Wireshark. The GUI is very user-friendly. They have multiple videos online and on YouTube. Going through these resources provides a better understanding of Wireshark, its functionality, and how things operate within it. Essentially, it aligns with what we can learn from fundamental books or authoritative works.  

What we have analyzed on a theoretical basis, like the TCP handshake, SSL handshake, wireless controller handshake, SMTP handshake, and whatever we read in the books, we can technically see it in Wireshark each and every packet. For SSL, we can see multiple streams getting transmitted: server, client hello, client-server hello, then the client where Client Pre-shared. The client ciphers also send the TLS, TLS certificate SSL certificate. Then in the server, we can see the SSL certificate and the Cypress suite, which they want to negotiate on, and then their pre-master secret key, which is generated, and then the session keys are getting generated. So these are all the things that we read in our books; we can see it packet-wise, each and everything. The acknowledgment comes from their end, from the client or the server side. So we can see it is very much easy to use in Wireshark.

Gain practical knowledge of what we comprehend. Analogous to the basic mathematical concept of two plus two, this is a protocol-oriented understanding, similar to the alphabet in language. However, in the realm of networking, Wireshark proves highly beneficial. You can put into practice what you read in books by actively examining and validating it yourself.

Every engineer will always try to make things easy for the customer. S 

Positive

The initial setup depends upon the basics. You need to have a clear understanding of the basics. When you have a clear understanding, there's nothing more difficult for us.

We have deployed it both on the cloud and on-premises. We usually install agents from Google. Everyone cannot use it. At least we need to have a basic understanding of theoretical concepts. Once the theoretical concept is clear, then you can use the packet capture. So it is easy to do packet captures. You need to just check videos on YouTube.

Overall, I would rate the solution a nine out of ten. Just focus on the basics. Once they are clear, you can handle and master any of the products in the secure network market, whether it's switches, routers, firewalls, VPNs, load balancers, or whatever it is. Just focus on the basics of what you want to pursue in your career.

Wireshark is a tool for ARP scanning. I started using Wireshark back when I had a YouTube channel. It was mostly a security channel to show people how easily you can get hacked and how to hack. I was doing some research for my videos. I didn't know much about security, but I was interested in it, and Wireshark was one of the software solutions that kept popping up.

I watched some videos on how to use it and incorporated that into some of my videos. When I discovered something funny on my network a couple of years later, I decided to reinstall Wireshark to run some scans and found the culprit.

 It's all on-premises. Here in South Africa, a couple of companies have migrated to the cloud, but that's quite expensive for many of them. It's much easier and cheaper to buy a server and host everything locally. The only thing they keep in the cloud is email because on-premise email is just horrible. Most of my clients are on-premises. One or two has Azure or something like that.

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information. 

I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.

I rate Wireshark eight out of 10 for stability.

I probably won't be able to give good input on this, but I will give Wireshark eight out of 10 for scalability based on the limited time that I've used it.

I also use MikroTik. It's easy because I've been working with it for years, so it's hard for me to compare it with Wireshark, which I only learned to make my YouTube videos and used a couple of times in the past. 

I'd say Wireshark and Nmap are more advanced and in-depth than using MikroTik by itself, but I haven't encountered a problem I couldn't resolve without using Wireshark. The exception is when a client doesn't have MikroTik, and they use a plain router or something like that. Obviously, I would need to pull out the other tools. MikroTik does what I need it to do. 

Wireshark uses a simple "next, next, finish" installer. Any person who can read can install it.

I rate Wireshark eight out of 10. It has much more network functionality than MikroTik, but the downside is a person has to learn it to use it correctly. Maybe make it my New Year's resolution to watch a tutorial on how to use it and start using it more in the new year.

We are using Wireshark for inspecting the vertical line to know the data flow in and out of the cables. This is to determine if there is real traffic flow through the physical connections or not. 

Additionally, we use Wireshark for physical inspection on the data line.

Wireshark saves a lot of time, especially with network troubleshooting.

The features I find most effective in Wireshark include the current speed monitoring, data flow inspection, PPPoE clients, and inspecting our advanced switches and routers. 

Packet capturing capabilities are what I'm currently using the most.

The speed of the Internet could be improved, especially its performance. Performance can sometimes be a challenge due to numerous factors.

I have been working with Wireshark for more than five years.

I would rate the stability of Wireshark as nine out of ten.

Wireshark is quite scalable, and I would also rate its scalability at nine out of ten.

The initial setup of Wireshark is simple for new users. However, there are complex features that require expertise to understand. The interface is easy, and everything is well-arranged, allowing users to find functionalities easily from the options tab.

Wireshark is priced at a medium range, not too high, not too low. The pricing could be more flexible, and they might make it more expensive. That said, compared to other products, it is competitive.

I have heard from colleagues that other solutions do not provide exact results. Comparatively, Wireshark is better and more popular.

I recommend Wireshark to users of both small and enterprise-level companies. It is effective for the minimum business and large enterprise scales.

I'd rate the solution ten out of ten.

Wireshark is a packet analysis tool. We check Wireshark when we don't know what's causing an issue.  The network packets never lie. Three people on my company's network team use Wireshark. 

It's an efficient solution for determining unexplained issues. It helps us rule out the network as the cause of an issue. When people don't know the reason for a problem, they always believe it's the network. Wireshark enables us to prove ourselves to the other teams. 

Wireshark is a simple solution. 

Wireshark doesn't have a dashboard. 

We have been using Wireshark for around 10 years.

Wireshark is stable. 

Wireshark is scalable.

Setting up Wireshark is easy and usually takes about 10 to 15 minutes. 

Wireshark is open source, but you can pay for support. 

I rate Wireshark seven out of 10. If you use the free version, you can't get technical support, but it's cost-effective. When you first use Wireshark, it can seem complex, but it's an effective solution once you get used to it. Packet analysis is complicated, but it's the best way to do the job once you understand the solution.

I use Wireshark for DT inspection of several protocols and choose different color patterns to make it easy to see the various protocols. It also involves live analysis because I can see the live analysis on the Internet. The main task of Wireshark is to inspect the throttle and live data, and it's doing them.

I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.

The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data. 

It would be better if they offered a hybrid version like My Cloud Control.

I have been working with Wireshark for about five years.

Wireshark is a stable solution.

Wireshark is a scalable solution. Almost all protocols are covered by Wireshark. 

I have never contacted technical support. If I have an issue with some functionality or operation, I use Wireshark's community support or Google the information I need.

I was working with Nmap and Cisco Analyzer, but then I started working with Wireshark. Before that, I used another packet analyzer called tcpdump, which is similar to Wireshark.

The initial setup is straightforward. I just downloaded the software and installed it. I completed the whole process within two minutes. It's very simple.

I implemented this solution. 

I am using the free version of this solution.

It's a user-friendly solution. I can start by capturing the interface's data because it will show me the number of interferences. Then I have to select and begin the inspection.

On a scale from one to ten, I would give Wireshark an eight.