Try our new research platform with insights from 80,000+ expert users
Joel Ogbechie - PeerSpot reviewer
Cybersecurity Operations Lead at a tech services company with 51-200 employees
Real User
Top 10
Traffic analysis and threat hunting with very good essential features
Pros and Cons
  • "It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere."
  • "I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed."

What is our primary use case?

My work includes a feature that allows me to download traffic between different points, whether internal, external, or general. I use Wireshark to analyze this traffic. I also use it mostly for threat hunting.

What is most valuable?

I look at aspects like who is downloading the most data and who are the most active. I also check which country is generating the most traffic. It helps in analyzing if something looks suspicious, such as a brute force attack or scanning from somewhere. It assists in identifying source and destination and possible data extraction, which is helpful for incident response.

What needs improvement?

I have not used Wireshark to an advanced point where I could provide a detailed opinion on improvements needed. I find it to be a very useful tool beyond other traffic analysis tools.

For how long have I used the solution?

I have been using Wireshark for more than five years now.

Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

What do I think about the stability of the solution?

I have not faced any issues with stability.

What do I think about the scalability of the solution?

Wireshark does everything I need.

How are customer service and support?

I have never contacted their support team.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I was using Splunk about three months ago and tried to ingest some Wireshark captures.

What other advice do I have?

I recommend Wireshark to other people.

I'd rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Sagar More - PeerSpot reviewer
Network Security Engineer at Ares Management Corporation
Real User
Free with excellent community support, enables deep packet inspection and is continually being improved
Pros and Cons
  • "The ability to decrypt traffic and the abundance of filters available are both valuable features."
  • "The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly."

What is our primary use case?

We primarily use Wireshark for troubleshooting critical issues in our network, retrieving packet headers using packet capture, and for creating custom apps. There are six people on our team and we all use Wireshark on our devices. 

How has it helped my organization?

When we are stuck with an issue that requires deep packet inspection, we capture the traffic with Wireshark, which allows us to resolve it.  

What is most valuable?

The ability to decrypt traffic and the abundance of filters available are both valuable features.

What needs improvement?

The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly. 

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

I think Wireshark is the most stable product of its kind.

What do I think about the scalability of the solution?

The solution is very scalable, you can capture traffic on any device regardless of your vendor. 

How are customer service and support?

We have never needed to use customer service or technical support. Whenever we have an issue, a Google search provides us everything we need through community support including Wireshark tutorials.  

How was the initial setup?

The setup of the product is very simple. It's freeware, just download the .exe, go through the installation and select the desired interface you want to capture traffic on. It's a simple and very straightforward process. 

What's my experience with pricing, setup cost, and licensing?

Wireshark is free software, so you can download it and use it for free with no licensing fees.  

What other advice do I have?

I would rate this solution a nine out of ten. Wireshark has been getting better and better in the time I've been using it and it is a very helpful tool. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Hafiz Umar Farooq - PeerSpot reviewer
Founder & CEO at ITGAT
Real User
Top 10
A comprehensive troubleshooting tool, with excellent deep-packet inspection functionality
Pros and Cons
  • "The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should."
  • "We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer."

What is our primary use case?

We use this solution for troubleshooting network issues.

What is most valuable?

The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.

What needs improvement?

We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.

For how long have I used the solution?

We have been working with this solution for around three years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

We have found this solution to be scalable across all operating systems.

How was the initial setup?

The initial setup of this solution is very simple.

What's my experience with pricing, setup cost, and licensing?

We are using a freeware version of this solution, so there are no licence costs involved.

What other advice do I have?

We would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SanjeevKumar19 - PeerSpot reviewer
Technical Support Engineer at AlgoSec
Real User
Top 5Leaderboard
Offers both GUI and command-line interfaces, and good for troubleshooting network issues
Pros and Cons
  • "It is a stable product. I would rate the stability a ten out of ten."
  • "The initial setup depends upon the basics. You need to have a clear understanding of the basics."

What is our primary use case?

When we can see in the customer environment that traffic is getting blocked; suppose we have a VPN channel, and when the VPN channel is up but the traffic is not running through it, we use Wireshark to recapture the channel. We check whether the PPP handshake is ongoing or not. The acknowledgment team posts this packet, and after that, the PPP handshake is ongoing or not. 

So these are the things that we check by filtering out the things and based upon that, we get support. Because in five to six seconds, there are more than a thousand packets. So we have to filter out and check on which speed it is getting dropped. For that reason, we are using Wireshark. I am using it just for troubleshooting purposes.

What is most valuable?

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

What needs improvement?

While Wireshark is useful, the GUI interface is less accurate, showing only limited information.

For how long have I used the solution?

I have been using Wireshark for three years. 

What do I think about the stability of the solution?

It is a stable product. I would rate the stability a ten out of ten. Every engineer in our organization uses this solution in our company. So, more than 22 users are using this solution. 

What do I think about the scalability of the solution?

I would rate the scalability a nine out of ten. There is always room for improvement. 

It is easy to scale Wireshark. The GUI is very user-friendly. They have multiple videos online and on YouTube. Going through these resources provides a better understanding of Wireshark, its functionality, and how things operate within it. Essentially, it aligns with what we can learn from fundamental books or authoritative works.  

What we have analyzed on a theoretical basis, like the TCP handshake, SSL handshake, wireless controller handshake, SMTP handshake, and whatever we read in the books, we can technically see it in Wireshark each and every packet. For SSL, we can see multiple streams getting transmitted: server, client hello, client-server hello, then the client where Client Pre-shared. The client ciphers also send the TLS, TLS certificate SSL certificate. Then in the server, we can see the SSL certificate and the Cypress suite, which they want to negotiate on, and then their pre-master secret key, which is generated, and then the session keys are getting generated. So these are all the things that we read in our books; we can see it packet-wise, each and everything. The acknowledgment comes from their end, from the client or the server side. So we can see it is very much easy to use in Wireshark.

Gain practical knowledge of what we comprehend. Analogous to the basic mathematical concept of two plus two, this is a protocol-oriented understanding, similar to the alphabet in language. However, in the realm of networking, Wireshark proves highly beneficial. You can put into practice what you read in books by actively examining and validating it yourself.

How are customer service and support?

Every engineer will always try to make things easy for the customer. S 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup depends upon the basics. You need to have a clear understanding of the basics. When you have a clear understanding, there's nothing more difficult for us.

We have deployed it both on the cloud and on-premises. We usually install agents from Google. Everyone cannot use it. At least we need to have a basic understanding of theoretical concepts. Once the theoretical concept is clear, then you can use the packet capture. So it is easy to do packet captures. You need to just check videos on YouTube.

What other advice do I have?

Overall, I would rate the solution a nine out of ten. Just focus on the basics. Once they are clear, you can handle and master any of the products in the secure network market, whether it's switches, routers, firewalls, VPNs, load balancers, or whatever it is. Just focus on the basics of what you want to pursue in your career.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chad Nel - PeerSpot reviewer
Senior System Administrator at YGtech
Real User
It's a powerful tool that lets you see everything in your network
Pros and Cons
  • "Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it."
  • "The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information."

What is our primary use case?

Wireshark is a tool for ARP scanning. I started using Wireshark back when I had a YouTube channel. It was mostly a security channel to show people how easily you can get hacked and how to hack. I was doing some research for my videos. I didn't know much about security, but I was interested in it, and Wireshark was one of the software solutions that kept popping up.

I watched some videos on how to use it and incorporated that into some of my videos. When I discovered something funny on my network a couple of years later, I decided to reinstall Wireshark to run some scans and found the culprit.

 It's all on-premises. Here in South Africa, a couple of companies have migrated to the cloud, but that's quite expensive for many of them. It's much easier and cheaper to buy a server and host everything locally. The only thing they keep in the cloud is email because on-premise email is just horrible. Most of my clients are on-premises. One or two has Azure or something like that.

What is most valuable?

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

What needs improvement?

The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information. 

I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.

What do I think about the stability of the solution?

I rate Wireshark eight out of 10 for stability.

What do I think about the scalability of the solution?

I probably won't be able to give good input on this, but I will give Wireshark eight out of 10 for scalability based on the limited time that I've used it.

Which solution did I use previously and why did I switch?

I also use MikroTik. It's easy because I've been working with it for years, so it's hard for me to compare it with Wireshark, which I only learned to make my YouTube videos and used a couple of times in the past. 

I'd say Wireshark and Nmap are more advanced and in-depth than using MikroTik by itself, but I haven't encountered a problem I couldn't resolve without using Wireshark. The exception is when a client doesn't have MikroTik, and they use a plain router or something like that. Obviously, I would need to pull out the other tools. MikroTik does what I need it to do. 

How was the initial setup?

Wireshark uses a simple "next, next, finish" installer. Any person who can read can install it.

What other advice do I have?

I rate Wireshark eight out of 10. It has much more network functionality than MikroTik, but the downside is a person has to learn it to use it correctly. Maybe make it my New Year's resolution to watch a tutorial on how to use it and start using it more in the new year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Moataz Said - PeerSpot reviewer
Systems Administrator at a tech services company with 51-200 employees
Real User
Optimizing network inspection through effective packet capturing with a simple setup
Pros and Cons
  • "Wireshark saves a lot of time, especially with network troubleshooting."
  • "The speed of the Internet could be improved, especially its performance."

What is our primary use case?

We are using Wireshark for inspecting the vertical line to know the data flow in and out of the cables. This is to determine if there is real traffic flow through the physical connections or not. 

Additionally, we use Wireshark for physical inspection on the data line.

How has it helped my organization?

Wireshark saves a lot of time, especially with network troubleshooting.

What is most valuable?

The features I find most effective in Wireshark include the current speed monitoring, data flow inspection, PPPoE clients, and inspecting our advanced switches and routers. 

Packet capturing capabilities are what I'm currently using the most.

What needs improvement?

The speed of the Internet could be improved, especially its performance. Performance can sometimes be a challenge due to numerous factors.

For how long have I used the solution?

I have been working with Wireshark for more than five years.

What do I think about the stability of the solution?

I would rate the stability of Wireshark as nine out of ten.

What do I think about the scalability of the solution?

Wireshark is quite scalable, and I would also rate its scalability at nine out of ten.

How was the initial setup?

The initial setup of Wireshark is simple for new users. However, there are complex features that require expertise to understand. The interface is easy, and everything is well-arranged, allowing users to find functionalities easily from the options tab.

What's my experience with pricing, setup cost, and licensing?

Wireshark is priced at a medium range, not too high, not too low. The pricing could be more flexible, and they might make it more expensive. That said, compared to other products, it is competitive.

Which other solutions did I evaluate?

I have heard from colleagues that other solutions do not provide exact results. Comparatively, Wireshark is better and more popular.

What other advice do I have?

I recommend Wireshark to users of both small and enterprise-level companies. It is effective for the minimum business and large enterprise scales.

I'd rate the solution ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Ahmet Kilic - PeerSpot reviewer
Network and Security Unit Manager at Bankalararası Kart Merkezi (BKM)
Real User
Top 5Leaderboard
It's an effective way to troubleshoot unknown issues, but it could use a dashboard

What is our primary use case?

Wireshark is a packet analysis tool. We check Wireshark when we don't know what's causing an issue.  The network packets never lie. Three people on my company's network team use Wireshark. 

How has it helped my organization?

It's an efficient solution for determining unexplained issues. It helps us rule out the network as the cause of an issue. When people don't know the reason for a problem, they always believe it's the network. Wireshark enables us to prove ourselves to the other teams. 

What is most valuable?

Wireshark is a simple solution. 

What needs improvement?

Wireshark doesn't have a dashboard. 

For how long have I used the solution?

We have been using Wireshark for around 10 years.

What do I think about the stability of the solution?

Wireshark is stable. 

What do I think about the scalability of the solution?

Wireshark is scalable.

How was the initial setup?

Setting up Wireshark is easy and usually takes about 10 to 15 minutes. 

What's my experience with pricing, setup cost, and licensing?

Wireshark is open source, but you can pay for support. 

What other advice do I have?

I rate Wireshark seven out of 10. If you use the free version, you can't get technical support, but it's cost-effective. When you first use Wireshark, it can seem complex, but it's an effective solution once you get used to it. Packet analysis is complicated, but it's the best way to do the job once you understand the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Harish (Kumar) - PeerSpot reviewer
Cyber Security and IT Head at a outsourcing company with 51-200 employees
Real User
Top 5Leaderboard
A free and open-source packet analyzer with a useful filtering and coloring feature
Pros and Cons
  • "I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily. The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data."
  • "It would be better if they offered a hybrid version like My Cloud Control."

What is our primary use case?

I use Wireshark for DT inspection of several protocols and choose different color patterns to make it easy to see the various protocols. It also involves live analysis because I can see the live analysis on the Internet. The main task of Wireshark is to inspect the throttle and live data, and it's doing them.

What is most valuable?

I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.

The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data. 

What needs improvement?

It would be better if they offered a hybrid version like My Cloud Control.

For how long have I used the solution?

I have been working with Wireshark for about five years.

What do I think about the stability of the solution?

Wireshark is a stable solution.

What do I think about the scalability of the solution?

Wireshark is a scalable solution. Almost all protocols are covered by Wireshark. 

How are customer service and support?

I have never contacted technical support. If I have an issue with some functionality or operation, I use Wireshark's community support or Google the information I need.

Which solution did I use previously and why did I switch?

I was working with Nmap and Cisco Analyzer, but then I started working with Wireshark. Before that, I used another packet analyzer called tcpdump, which is similar to Wireshark.

How was the initial setup?

The initial setup is straightforward. I just downloaded the software and installed it. I completed the whole process within two minutes. It's very simple.

What about the implementation team?

I implemented this solution. 

What's my experience with pricing, setup cost, and licensing?

I am using the free version of this solution.

What other advice do I have?

It's a user-friendly solution. I can start by capturing the interface's data because it will show me the number of interferences. Then I have to select and begin the inspection.

On a scale from one to ten, I would give Wireshark an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Product Categories
Network Troubleshooting
Buyer's Guide
Download our free Wireshark Report and get advice and tips from experienced pros sharing their opinions.