Wireshark Reviews

Wireshark is a tool for ARP scanning. I started using Wireshark back when I had a YouTube channel. It was mostly a security channel to show people how easily you can get hacked and how to hack. I was doing some research for my videos. I didn't know much about security, but I was interested in it, and Wireshark was one of the software solutions that kept popping up.

I watched some videos on how to use it and incorporated that into some of my videos. When I discovered something funny on my network a couple of years later, I decided to reinstall Wireshark to run some scans and found the culprit.

 It's all on-premises. Here in South Africa, a couple of companies have migrated to the cloud, but that's quite expensive for many of them. It's much easier and cheaper to buy a server and host everything locally. The only thing they keep in the cloud is email because on-premise email is just horrible. Most of my clients are on-premises. One or two has Azure or something like that.

Wireshark has a lot of features. It's a powerful tool if you're familiar with it. You can see everything on the network with it.

The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information. 

I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.

I rate Wireshark eight out of 10 for stability.

I probably won't be able to give good input on this, but I will give Wireshark eight out of 10 for scalability based on the limited time that I've used it.

I also use MikroTik. It's easy because I've been working with it for years, so it's hard for me to compare it with Wireshark, which I only learned to make my YouTube videos and used a couple of times in the past. 

I'd say Wireshark and Nmap are more advanced and in-depth than using MikroTik by itself, but I haven't encountered a problem I couldn't resolve without using Wireshark. The exception is when a client doesn't have MikroTik, and they use a plain router or something like that. Obviously, I would need to pull out the other tools. MikroTik does what I need it to do. 

Wireshark uses a simple "next, next, finish" installer. Any person who can read can install it.

I rate Wireshark eight out of 10. It has much more network functionality than MikroTik, but the downside is a person has to learn it to use it correctly. Maybe make it my New Year's resolution to watch a tutorial on how to use it and start using it more in the new year.

I mainly use Wireshark for knowledge purposes, debugging, and to view what's going on in the network.

Wireshark's best features are that it lets us see what traffic is in the network and what data should be encrypted.

Wireshark could be improved with a delay option when getting data automatically. It could also work faster.

I've been working with Wireshark for over five years.

Wireshark is stable.

Wireshark is easy to scale.

Previously, I used Microsoft Network Monitor but switched to Wireshark because it's open-source and richer in features.

The initial setup is pretty simple.

I implemented Wireshark myself.

Wireshark is open-source and free of charge.

Wireshark is a very nice product that's really easy to use from the start. I would rate it nine out of ten.

On-premises

Wireshark is a packet analysis tool. We check Wireshark when we don't know what's causing an issue.  The network packets never lie. Three people on my company's network team use Wireshark. 

It's an efficient solution for determining unexplained issues. It helps us rule out the network as the cause of an issue. When people don't know the reason for a problem, they always believe it's the network. Wireshark enables us to prove ourselves to the other teams. 

Wireshark is a simple solution. 

Wireshark doesn't have a dashboard. 

We have been using Wireshark for around 10 years.

Wireshark is stable. 

Wireshark is scalable.

Setting up Wireshark is easy and usually takes about 10 to 15 minutes. 

Wireshark is open source, but you can pay for support. 

I rate Wireshark seven out of 10. If you use the free version, you can't get technical support, but it's cost-effective. When you first use Wireshark, it can seem complex, but it's an effective solution once you get used to it. Packet analysis is complicated, but it's the best way to do the job once you understand the solution.

It has help me to 

• solve network and transaction issues
• understand protocols and application communication
• check quality
• solve security issues. 

I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.).

It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network.

More than five years.

Sometimes, in the previous version, it lost the scroll when I needed to scroll back and forth.

No issues with scalability.

Sometimes I need to use tcpdump when I need to check the packets on CLI.

Very easy. It's also possible to change source code and compile if you want to change something in the code, because it's free.

It's free.

I believe everyone should use this tool if they need to analyze packets.

There are multiple use cases for Wireshark. One of the primary use cases is capturing the customer's network traffic. When an issue occurs on the customer's network, we take packet captures to analyze and decode the streams that were active during the time of the incident. 

Additionally, we use Wireshark to replay packet streams. This helps us troubleshoot issues that may not be readily observable on the live network. With the packet capture in hand, we can analyze the decoded packets and identify the protocols involved and the specific nature of the issue that occurred.

It has helped us in debugging challenging customer issues

The best part about Wireshark, in my opinion, is its ability to analyze packet capture files. It lists out various protocols like TCP, UDP, or SCTP, along with source and destination codes. This feature is truly amazing.

One thing that I feel is currently missing in Wireshark is the ability to perform deep analytics on traffic streams after they have been decoded. While it may not be the major use case right now, it would be beneficial to have some sort of leveraging of artificial intelligence or machine learning to automatically detect threats or vulnerabilities based on specific types of network traffic. Predictive analysis of this nature is currently absent in Wireshark.

So in future releases, it would be great to see more robust analytics for traffic streams in the next version of Wireshark.

One improvement I would suggest is having more graphical representations of network topologies in Wireshark. Currently, when we deploy Wireshark to collect streams, we lack visibility into how different entities are connected at that specific time. Having a network topology view of connected devices, showing the source and destination, would be really beneficial. For example, in DNS troubleshooting, visualizing the network path can help recreate certain issues. Unfortunately, this feature is not currently available in Wireshark.

I've been working with Wireshark for more than 13 years. I would consider myself a network software development professional with extensive experience.

I've worked with major companies like Cisco Systems and other networking companies.

I would rate the stability of Wireshark as nine out of ten. It's quite stable.

In terms of scalability, I would rate the scalability a seven out of ten. It is difficult to scale this solution. 

The use cases I've worked on require deploying Wireshark independently on each node. However, if I want to deploy Wireshark on hundreds of devices and collect information at a single location for better network management, that capability is currently not available. We need Wireshark to run on all the devices and have one device act as a controller to collect and process the information.

Wireshark is popular among both individual users and enterprise organizations, but currently, it is mostly used individually for debugging network traffic.

I usually troubleshoot issues on my own. However, since Wireshark is open source, there is a community support system available.

Positive

Deployment-wise, Wireshark is relatively simple. It's not overly complex, and it works quite well. So, in that respect, it's a good solution.

We are working with a hybrid model. We deploy Wireshark in both cloud platforms and on-premises. Depending on the real devices and entities, we sometimes deploy it onto virtual machines in the cloud and collect and process information using a switch. This flexible deployment approach allows us to cater to different scenarios and adapt accordingly.

I can compare Wireshark with tools like Suricata and Zeek. Suricata and Zeek are both implemented considering setting objectives, meaning that they are designed to achieve specific goals. For example, Suricata is designed to decode packet streams, perform analysis, and push configuration changes to devices. This makes it a good choice for an Intrusion Prevention System (IPS), which is a system that can detect and prevent attacks.

Wireshark is the base of Suricata. Suricata both use the same packet filter implementation, known as BPF (Berkley Packet Filter). BPF is a powerful tool that can be used to capture and analyze network traffic.

In general, I'm quite fond of Wireshark, so I would rate it an eight out of ten.

I mainly use Wireshark to look at traffic conditions when something is getting stopped in our network.

The most valuable feature is the traffic gate, which shows which IPs are getting more bandwidth or traffic.

Wireshark could be improved by adding more monitoring features.

I've been working with Wireshark since 2008.

Wireshark is stable.

The initial setup was very simple.

Wireshark is the best packet capturing tool, and I would rate it eight out of ten.

On-premises

I use it for network investigation, I even have a patent for the simplification of Protocol Analysis. I have used Wireshark many times to troubleshoot network situations and problems. The patent solved the problem of troubleshooting where you needed to know the direction and course a packet takes in the network which helps with the ability to know where problems lie in the network. We developed the system to actually troubleshoot an entire network through the use of network probes, which acted as smaller protocol analyzers.

It helped in the sense that it allowed the team to troubleshoot networks faster. While I worked at Verizon, our group was able to provide network analysis of our testbed which gave us an advantage over most test groups. This was because we could follow a packet throughout the network to examine the treatment that the packet was receiving in the network. The improvement came when we realized that through the use of this method we could duplicate the results of using a much more expensive version of our program called RMON.

I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic. I remember one day when we had to find out what was causing one of the systems to crash. We used our system to look at the network as a whole and we found that the device actually gave us the ability to segment the network finding the problem is a faster way which allowed for a more accurate test of the network.

The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.

I have been using it since it was called Ethereal.

I am impressed with the stability. 

Great scalability, but they are beginning to sacrifice ease of use for complexity. That was why we needed to simplify things.

No, we did not use another solution like wire-shark, but what we used in the past was the RADco. The RADcon was a protocol analyzer that was an all in one unit that was the standard at the time but did not allow for cooperative testing.

If you can get the same use for less cost do it.

No, we did not.

Pros of Wireshark are 1) Open Source 2) Support on Windows, Linux, MAC, Solaris 3) Presence of both command shell and graphical user interface 4) Port Mirroring 5) Inbuilt support for WinPcap, libPcap 6) Filter creation for better packet capture techniques

Few cons of Wireshark are 1) Running Wireshark through an admin account for multiple exploits, is unsecured 2) Cannot manipulate things on the network 3) Cannot be used for MIDM attacks 4) Lack of intrusion detection module 5) Lack of modules for ARP poisoning and caching

Wireshark is the world's most powerful network protocol analyzer tool. It can be used for various purposes such as, analysis of protocols like TCP, HTTP, UDP, and complete analysis of networks and troubleshooting. It has the option to use the wireless adapter directly in promiscuous mode for interception of wireless packets. It is much more effective than other tools such as tcpdump and dumpcap with a good user interface and hex detection.