Try our new research platform with insights from 80,000+ expert users
Sagar More - PeerSpot reviewer
Network Security Engineer at Ares Management Corporation
Real User
Free with excellent community support, enables deep packet inspection and is continually being improved
Pros and Cons
  • "The ability to decrypt traffic and the abundance of filters available are both valuable features."
  • "The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly."

What is our primary use case?

We primarily use Wireshark for troubleshooting critical issues in our network, retrieving packet headers using packet capture, and for creating custom apps. There are six people on our team and we all use Wireshark on our devices. 

How has it helped my organization?

When we are stuck with an issue that requires deep packet inspection, we capture the traffic with Wireshark, which allows us to resolve it.  

What is most valuable?

The ability to decrypt traffic and the abundance of filters available are both valuable features.

What needs improvement?

The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly. 

Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for six years.

What do I think about the stability of the solution?

I think Wireshark is the most stable product of its kind.

What do I think about the scalability of the solution?

The solution is very scalable, you can capture traffic on any device regardless of your vendor. 

How are customer service and support?

We have never needed to use customer service or technical support. Whenever we have an issue, a Google search provides us everything we need through community support including Wireshark tutorials.  

How was the initial setup?

The setup of the product is very simple. It's freeware, just download the .exe, go through the installation and select the desired interface you want to capture traffic on. It's a simple and very straightforward process. 

What's my experience with pricing, setup cost, and licensing?

Wireshark is free software, so you can download it and use it for free with no licensing fees.  

What other advice do I have?

I would rate this solution a nine out of ten. Wireshark has been getting better and better in the time I've been using it and it is a very helpful tool. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MohamedEladawy - PeerSpot reviewer
Service Security Lead at Salam Technology
Real User
Useful, allows you to deeply understand what's going on at the packet level, and helps you analyze adverse signatures
Pros and Cons
  • "I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark. The tool is also user-friendly."
  • "A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load. At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version."

What is our primary use case?

We use Wireshark to check the network traffic, and if there's any network problem or issue, we can check it through the tool. We also use Wireshark during analysis, to check if there's any network connectivity or attempts from the malware to communicate with the C&C server. We use the tool for further analysis and investigation.

What is most valuable?

I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.

The tool is also user-friendly.

What needs improvement?

A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load.

At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.

For how long have I used the solution?

I've been using Wireshark for a long time, so I can't remember the exact number of years I've been using it.

What do I think about the stability of the solution?

Wireshark is a stable tool. I didn't see any issues with its stability.

What do I think about the scalability of the solution?

Wireshark is a scalable tool.

How are customer service and support?

We never raised an issue or ticket with the Wireshark technical support team.

How was the initial setup?

The setup process for Wireshark was very simple.

What's my experience with pricing, setup cost, and licensing?

We're using the free version of Wireshark.

Which other solutions did I evaluate?

We didn't try to use other solutions apart from Wireshark.

What other advice do I have?

Two hundred people use Wireshark within the company.

My rating for Wireshark is a nine out of ten because I like it and I use it so much.

I'm only a user of Wireshark.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
SanjeevKumar19 - PeerSpot reviewer
Technical Support Engineer at AlgoSec
Real User
Top 5Leaderboard
Offers both GUI and command-line interfaces, and good for troubleshooting network issues
Pros and Cons
  • "It is a stable product. I would rate the stability a ten out of ten."
  • "The initial setup depends upon the basics. You need to have a clear understanding of the basics."

What is our primary use case?

When we can see in the customer environment that traffic is getting blocked; suppose we have a VPN channel, and when the VPN channel is up but the traffic is not running through it, we use Wireshark to recapture the channel. We check whether the PPP handshake is ongoing or not. The acknowledgment team posts this packet, and after that, the PPP handshake is ongoing or not. 

So these are the things that we check by filtering out the things and based upon that, we get support. Because in five to six seconds, there are more than a thousand packets. So we have to filter out and check on which speed it is getting dropped. For that reason, we are using Wireshark. I am using it just for troubleshooting purposes.

What is most valuable?

Wireshark is pretty handy. It's especially useful for troubleshooting issues. However, the GUI interface is not that accurate. It can only show a limited amount of information, such as the source code, destination code, and services that are being blocked. If we want to know why a packet is being blocked by a particular policy, we need to check the packet capture.

We also use Wireshark to troubleshoot packet-level inspection issues, such as whether the payload is present, whether the packet size is too large for the receiver, and whether the DMTU (Dynamic Maximum Transmission Unit) is correct. We also use it to troubleshoot issues with fragmented packets.

In addition to the GUI, we also use the developer's tool and the command line to troubleshoot issues with Wireshark. For example, we use the cat and grep commands to filter out the information we need and to turn on debug mode. We also use the tail command to view the current history of logs.

I am currently working in a Linux environment, so I use the SysLog for configuration purposes on the Algo server. I use the TCP system command because Cisco uses port 514. So, I have to use the TCP system command to check whether we are receiving logs from the particular firewall or not.

Customers often tell us that they have open WDP 5144 traffic. They usually show us this in Splunk. For example, they might say, "We are forwarding the packet to the system, but we are not receiving the packet." This is usually because they need to test their end because they require some identity virus for the traffic to flow through our application.

Sometimes, the Algo server goes down, and we have to build it from scratch. Other times, the load distribution unit does not get synced with the primary. These are just some of the things we do on a daily basis with Wireshark.

What needs improvement?

While Wireshark is useful, the GUI interface is less accurate, showing only limited information.

For how long have I used the solution?

I have been using Wireshark for three years. 

What do I think about the stability of the solution?

It is a stable product. I would rate the stability a ten out of ten. Every engineer in our organization uses this solution in our company. So, more than 22 users are using this solution. 

What do I think about the scalability of the solution?

I would rate the scalability a nine out of ten. There is always room for improvement. 

It is easy to scale Wireshark. The GUI is very user-friendly. They have multiple videos online and on YouTube. Going through these resources provides a better understanding of Wireshark, its functionality, and how things operate within it. Essentially, it aligns with what we can learn from fundamental books or authoritative works.  

What we have analyzed on a theoretical basis, like the TCP handshake, SSL handshake, wireless controller handshake, SMTP handshake, and whatever we read in the books, we can technically see it in Wireshark each and every packet. For SSL, we can see multiple streams getting transmitted: server, client hello, client-server hello, then the client where Client Pre-shared. The client ciphers also send the TLS, TLS certificate SSL certificate. Then in the server, we can see the SSL certificate and the Cypress suite, which they want to negotiate on, and then their pre-master secret key, which is generated, and then the session keys are getting generated. So these are all the things that we read in our books; we can see it packet-wise, each and everything. The acknowledgment comes from their end, from the client or the server side. So we can see it is very much easy to use in Wireshark.

Gain practical knowledge of what we comprehend. Analogous to the basic mathematical concept of two plus two, this is a protocol-oriented understanding, similar to the alphabet in language. However, in the realm of networking, Wireshark proves highly beneficial. You can put into practice what you read in books by actively examining and validating it yourself.

How are customer service and support?

Every engineer will always try to make things easy for the customer. S 

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup depends upon the basics. You need to have a clear understanding of the basics. When you have a clear understanding, there's nothing more difficult for us.

We have deployed it both on the cloud and on-premises. We usually install agents from Google. Everyone cannot use it. At least we need to have a basic understanding of theoretical concepts. Once the theoretical concept is clear, then you can use the packet capture. So it is easy to do packet captures. You need to just check videos on YouTube.

What other advice do I have?

Overall, I would rate the solution a nine out of ten. Just focus on the basics. Once they are clear, you can handle and master any of the products in the secure network market, whether it's switches, routers, firewalls, VPNs, load balancers, or whatever it is. Just focus on the basics of what you want to pursue in your career.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chad Nel - PeerSpot reviewer
Senior System Administrator at YGtech
Real User
It's a powerful tool that lets you see everything in your network
Pros and Cons
  • "Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it."
  • "The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information."

What is our primary use case?

Wireshark is a tool for ARP scanning. I started using Wireshark back when I had a YouTube channel. It was mostly a security channel to show people how easily you can get hacked and how to hack. I was doing some research for my videos. I didn't know much about security, but I was interested in it, and Wireshark was one of the software solutions that kept popping up.

I watched some videos on how to use it and incorporated that into some of my videos. When I discovered something funny on my network a couple of years later, I decided to reinstall Wireshark to run some scans and found the culprit.

 It's all on-premises. Here in South Africa, a couple of companies have migrated to the cloud, but that's quite expensive for many of them. It's much easier and cheaper to buy a server and host everything locally. The only thing they keep in the cloud is email because on-premise email is just horrible. Most of my clients are on-premises. One or two has Azure or something like that.

What is most valuable?

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

What needs improvement?

The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information. 

I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.

What do I think about the stability of the solution?

I rate Wireshark eight out of 10 for stability.

What do I think about the scalability of the solution?

I probably won't be able to give good input on this, but I will give Wireshark eight out of 10 for scalability based on the limited time that I've used it.

Which solution did I use previously and why did I switch?

I also use MikroTik. It's easy because I've been working with it for years, so it's hard for me to compare it with Wireshark, which I only learned to make my YouTube videos and used a couple of times in the past. 

I'd say Wireshark and Nmap are more advanced and in-depth than using MikroTik by itself, but I haven't encountered a problem I couldn't resolve without using Wireshark. The exception is when a client doesn't have MikroTik, and they use a plain router or something like that. Obviously, I would need to pull out the other tools. MikroTik does what I need it to do. 

How was the initial setup?

Wireshark uses a simple "next, next, finish" installer. Any person who can read can install it.

What other advice do I have?

I rate Wireshark eight out of 10. It has much more network functionality than MikroTik, but the downside is a person has to learn it to use it correctly. Maybe make it my New Year's resolution to watch a tutorial on how to use it and start using it more in the new year.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Moataz Said - PeerSpot reviewer
Systems Administrator at a tech services company with 51-200 employees
Real User
Top 20
Optimizing network inspection through effective packet capturing with a simple setup
Pros and Cons
  • "Wireshark saves a lot of time, especially with network troubleshooting."
  • "The speed of the Internet could be improved, especially its performance."

What is our primary use case?

We are using Wireshark for inspecting the vertical line to know the data flow in and out of the cables. This is to determine if there is real traffic flow through the physical connections or not. 

Additionally, we use Wireshark for physical inspection on the data line.

How has it helped my organization?

Wireshark saves a lot of time, especially with network troubleshooting.

What is most valuable?

The features I find most effective in Wireshark include the current speed monitoring, data flow inspection, PPPoE clients, and inspecting our advanced switches and routers. 

Packet capturing capabilities are what I'm currently using the most.

What needs improvement?

The speed of the Internet could be improved, especially its performance. Performance can sometimes be a challenge due to numerous factors.

For how long have I used the solution?

I have been working with Wireshark for more than five years.

What do I think about the stability of the solution?

I would rate the stability of Wireshark as nine out of ten.

What do I think about the scalability of the solution?

Wireshark is quite scalable, and I would also rate its scalability at nine out of ten.

How was the initial setup?

The initial setup of Wireshark is simple for new users. However, there are complex features that require expertise to understand. The interface is easy, and everything is well-arranged, allowing users to find functionalities easily from the options tab.

What's my experience with pricing, setup cost, and licensing?

Wireshark is priced at a medium range, not too high, not too low. The pricing could be more flexible, and they might make it more expensive. That said, compared to other products, it is competitive.

Which other solutions did I evaluate?

I have heard from colleagues that other solutions do not provide exact results. Comparatively, Wireshark is better and more popular.

What other advice do I have?

I recommend Wireshark to users of both small and enterprise-level companies. It is effective for the minimum business and large enterprise scales.

I'd rate the solution ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Ahmet Kilic - PeerSpot reviewer
Network and Security Unit Manager at Bankalararası Kart Merkezi (BKM)
Real User
Top 5Leaderboard
It's an effective way to troubleshoot unknown issues, but it could use a dashboard

What is our primary use case?

Wireshark is a packet analysis tool. We check Wireshark when we don't know what's causing an issue.  The network packets never lie. Three people on my company's network team use Wireshark. 

How has it helped my organization?

It's an efficient solution for determining unexplained issues. It helps us rule out the network as the cause of an issue. When people don't know the reason for a problem, they always believe it's the network. Wireshark enables us to prove ourselves to the other teams. 

What is most valuable?

Wireshark is a simple solution. 

What needs improvement?

Wireshark doesn't have a dashboard. 

For how long have I used the solution?

We have been using Wireshark for around 10 years.

What do I think about the stability of the solution?

Wireshark is stable. 

What do I think about the scalability of the solution?

Wireshark is scalable.

How was the initial setup?

Setting up Wireshark is easy and usually takes about 10 to 15 minutes. 

What's my experience with pricing, setup cost, and licensing?

Wireshark is open source, but you can pay for support. 

What other advice do I have?

I rate Wireshark seven out of 10. If you use the free version, you can't get technical support, but it's cost-effective. When you first use Wireshark, it can seem complex, but it's an effective solution once you get used to it. Packet analysis is complicated, but it's the best way to do the job once you understand the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Harish (Kumar) - PeerSpot reviewer
Cyber Security and IT Head at a outsourcing company with 51-200 employees
Real User
Top 5Leaderboard
A free and open-source packet analyzer with a useful filtering and coloring feature
Pros and Cons
  • "I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily. The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data."
  • "It would be better if they offered a hybrid version like My Cloud Control."

What is our primary use case?

I use Wireshark for DT inspection of several protocols and choose different color patterns to make it easy to see the various protocols. It also involves live analysis because I can see the live analysis on the Internet. The main task of Wireshark is to inspect the throttle and live data, and it's doing them.

What is most valuable?

I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.

The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data. 

What needs improvement?

It would be better if they offered a hybrid version like My Cloud Control.

For how long have I used the solution?

I have been working with Wireshark for about five years.

What do I think about the stability of the solution?

Wireshark is a stable solution.

What do I think about the scalability of the solution?

Wireshark is a scalable solution. Almost all protocols are covered by Wireshark. 

How are customer service and support?

I have never contacted technical support. If I have an issue with some functionality or operation, I use Wireshark's community support or Google the information I need.

Which solution did I use previously and why did I switch?

I was working with Nmap and Cisco Analyzer, but then I started working with Wireshark. Before that, I used another packet analyzer called tcpdump, which is similar to Wireshark.

How was the initial setup?

The initial setup is straightforward. I just downloaded the software and installed it. I completed the whole process within two minutes. It's very simple.

What about the implementation team?

I implemented this solution. 

What's my experience with pricing, setup cost, and licensing?

I am using the free version of this solution.

What other advice do I have?

It's a user-friendly solution. I can start by capturing the interface's data because it will show me the number of interferences. Then I have to select and begin the inspection.

On a scale from one to ten, I would give Wireshark an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2011050 - PeerSpot reviewer
Lead Engineer at a tech services company with 10,001+ employees
Real User
Useful in viewing the data transmission, throughput and wifi connection
Pros and Cons
  • "The transmission and reception issues are valuable."
  • "Wireshark gets stuck when it is a larger file."

What is our primary use case?

Our primary use case for the solution is to see the over-the-air packets, the data transmission, and the wifi connection.

What is most valuable?

The transmission and reception issues are valuable. For example, while debugging through food issues, we can draw the graph of the data captured in the solution and see how the throughput is moving.

What needs improvement?

The solution can be improved by increasing its capacity to manage larger files. Wireshark gets stuck when it is a larger file.

For how long have I used the solution?

We have been using the solution for approximately eight years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

We have not had experience with customer service and support.

How was the initial setup?

The initial setup is straightforward. 

What other advice do I have?

I rate the solution a nine out of ten. The solution is good, but the solution can be improved by increasing its capacity to manage larger files. I advise users considering the solution to have the latest PC to load it. The newest voice is also required to load it otherwise it is difficult to open.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user