Try our new research platform with insights from 80,000+ expert users
Hafiz Umar Farooq - PeerSpot reviewer
Founder & CEO at ITGAT
Real User
A comprehensive troubleshooting tool, with excellent deep-packet inspection functionality
Pros and Cons
  • "The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should."
  • "We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer."

What is our primary use case?

We use this solution for troubleshooting network issues.

What is most valuable?

The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.

What needs improvement?

We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.

For how long have I used the solution?

We have been working with this solution for around three years.

Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

We have found this solution to be scalable across all operating systems.

How was the initial setup?

The initial setup of this solution is very simple.

What's my experience with pricing, setup cost, and licensing?

We are using a freeware version of this solution, so there are no licence costs involved.

What other advice do I have?

We would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Engineer at a tech company with 10,001+ employees
Real User
It is free to download and install, and it runs on multiple platforms
Pros and Cons
  • "It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors."
  • "Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data."
  • "It is not an easy program. You will need to study to use it to its full capabilities (follow a course)."

What is our primary use case?

Wireshark can be used to troubleshoot network issues, but also to baseline applications. When you know what an app does when there is no issue at hand, you will be better able to spot the problem when there is an issue. Everything that happens on the network can be analysed with Wireshark. However, the tool is as good as the person using it. You need TCP/IP knowledge to be able to use a tool like this. The more you know about packets on the wire, the better you can use this tool.

How has it helped my organization?

It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors. The packets never lie!

What is most valuable?

Making different profiles to tune the tool for the problems at hand, the graphing options, to customize the screen layout, etc.

Also, shines for wireless troubleshooting, but most hardware does not give full insight in WiFi communication (beacon frames, etc.).

What needs improvement?

Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data.

This is no complaint, but is not an easy program. You will need to study to use it to its full capabilities (follow a course), but the more you know about it, the more you will use it.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

Big trace files need to be chopped for analysis.

How are customer service and technical support?

My bug reports were in the next release, therefore a great experience.

Which solution did I use previously and why did I switch?

I have used it more or less since 2001. So no, I did not use a previous solution.

How was the initial setup?

Download, run setup, enter;enter;enter..., it is ready.

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

It is free to download and install. It runs on multiple platforms, so how can you go wrong?

Which other solutions did I evaluate?

In those days, there was a tool "Sniffer", but it was too expensive.

What other advice do I have?

If you profile yourself as a network specialist, and don't use it, I would not trust you on my network.

It is even referenced in the book "TCP/IP Illustrated, Vol. 1", the TCP/IP bible!

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Wireshark
October 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
PraveenMoule - PeerSpot reviewer
System Network Administrator at Mungi Engineers Pvt. Ltd.
Real User
Top 10
Easy to use and feature-rich
Pros and Cons
  • "Wireshark's best features are that it lets us see what traffic is in the network and what data should be encrypted."
  • "Wireshark could be improved with a delay option when getting data automatically."

What is our primary use case?

I mainly use Wireshark for knowledge purposes, debugging, and to view what's going on in the network.

What is most valuable?

Wireshark's best features are that it lets us see what traffic is in the network and what data should be encrypted.

What needs improvement?

Wireshark could be improved with a delay option when getting data automatically. It could also work faster.

For how long have I used the solution?

I've been working with Wireshark for over five years.

What do I think about the stability of the solution?

Wireshark is stable.

What do I think about the scalability of the solution?

Wireshark is easy to scale.

Which solution did I use previously and why did I switch?

Previously, I used Microsoft Network Monitor but switched to Wireshark because it's open-source and richer in features.

How was the initial setup?

The initial setup is pretty simple.

What about the implementation team?

I implemented Wireshark myself.

What's my experience with pricing, setup cost, and licensing?

Wireshark is open-source and free of charge.

What other advice do I have?

Wireshark is a very nice product that's really easy to use from the start. I would rate it nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Specialist at a tech services company with 501-1,000 employees
Real User
Free solution with a large online community, which makes it simple to troubleshoot problems
Pros and Cons
  • "It's easy to troubleshoot issues because there's a large online community."
  • "DNS could be improved."

What is our primary use case?

This solution is deployed on-premises.

What is most valuable?

Wireshark provides many different functions which are very useful for my job. There are a lot of features, and I still haven't used everything yet. It's easy to troubleshoot issues because there's a large online community.

What needs improvement?

DNS could be improved.

For how long have I used the solution?

I have been using this solution for 10 years.

What do I think about the scalability of the solution?

The scalability is pretty good. If I have a big file, I can always divide it into smaller ones. I haven't had any problems with opening big files.

How are customer service and support?

There's a big community of people on the internet involved in Wireshark. There are a lot of free resources on Wireshark. If I ever need anything, I just search on YouTube, and there are people that are analyzing or troubleshooting a particular issue with DNS or with retransmission, etc.

How was the initial setup?

Setup is very easy. It's simple to install it on your PC.

We have a software team that automatically installs the solution on our PC, and a variety of my colleagues use it for troubleshooting. There are multiple teams involved.

What about the implementation team?

Deployment was done in-house.

What's my experience with pricing, setup cost, and licensing?

Wireshark is free software, so you don't have to pay any licensing fee. Individual people can use it and then donate to Wireshark.

What other advice do I have?

I would rate this solution 10 out of 10. 

Wireshark is very good for network engineers. It's free software, and you can install it very easily, and there are a lot of features. I mainly use Wireshark in Windows. My advice is to do research on the internet, especially on YouTube, if you have any troubleshooting issues.

It's a very popular solution, and if you're able to, I think it would be helpful to donate to the organization so people can continue to develop Wireshark.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Henry A. McKelvey - PeerSpot reviewer
NextGen TV (ATSC 3.0) Systems Engineer at PeerSpot
Real User
Top 20
Filters enable traffic to be segmented so that a value can be looked at individually apart from the other traffic
Pros and Cons
  • "I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic."
  • "The system could be improved upon by adding a better and more powerful data processing engine."

What is our primary use case?

I use it for network investigation, I even have a patent for the simplification of Protocol Analysis. I have used Wireshark many times to troubleshoot network situations and problems. The patent solved the problem of troubleshooting where you needed to know the direction and course a packet takes in the network which helps with the ability to know where problems lie in the network. We developed the system to actually troubleshoot an entire network through the use of network probes, which acted as smaller protocol analyzers.

How has it helped my organization?

It helped in the sense that it allowed the team to troubleshoot networks faster. While I worked at Verizon, our group was able to provide network analysis of our testbed which gave us an advantage over most test groups. This was because we could follow a packet throughout the network to examine the treatment that the packet was receiving in the network. The improvement came when we realized that through the use of this method we could duplicate the results of using a much more expensive version of our program called RMON.

What is most valuable?

I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic. I remember one day when we had to find out what was causing one of the systems to crash. We used our system to look at the network as a whole and we found that the device actually gave us the ability to segment the network finding the problem is a faster way which allowed for a more accurate test of the network.

What needs improvement?

The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.

For how long have I used the solution?

I have been using it since it was called Ethereal.

What do I think about the stability of the solution?

I am impressed with the stability. 

What do I think about the scalability of the solution?

Great scalability, but they are beginning to sacrifice ease of use for complexity. That was why we needed to simplify things.

Which solution did I use previously and why did I switch?

No, we did not use another solution like wire-shark, but what we used in the past was the RADco. The RADcon was a protocol analyzer that was an all in one unit that was the standard at the time but did not allow for cooperative testing.

What's my experience with pricing, setup cost, and licensing?

If you can get the same use for less cost do it.

Which other solutions did I evaluate?

No, we did not.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
ASM Naushad Alam - PeerSpot reviewer
Network Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 10
The best packet capturing tool
Pros and Cons
  • "The most valuable feature is the traffic gate, which shows which IPs are getting more bandwidth or traffic."
  • "Wireshark could be improved by adding more monitoring features."

What is our primary use case?

I mainly use Wireshark to look at traffic conditions when something is getting stopped in our network.

What is most valuable?

The most valuable feature is the traffic gate, which shows which IPs are getting more bandwidth or traffic.

What needs improvement?

Wireshark could be improved by adding more monitoring features.

For how long have I used the solution?

I've been working with Wireshark since 2008.

What do I think about the stability of the solution?

Wireshark is stable.

How was the initial setup?

The initial setup was very simple.

What other advice do I have?

Wireshark is the best packet capturing tool, and I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Engineer at a tech services company with 51-200 employees
Real User
Excels at analyzing and decoding packet capture files and powerful tool for troubleshooting network issues
Pros and Cons
  • "The best part about Wireshark, in my opinion, is its ability to analyze packet capture files."
  • "It is difficult to scale this solution."

What is our primary use case?

There are multiple use cases for Wireshark. One of the primary use cases is capturing the customer's network traffic. When an issue occurs on the customer's network, we take packet captures to analyze and decode the streams that were active during the time of the incident. 

Additionally, we use Wireshark to replay packet streams. This helps us troubleshoot issues that may not be readily observable on the live network. With the packet capture in hand, we can analyze the decoded packets and identify the protocols involved and the specific nature of the issue that occurred.

How has it helped my organization?


What is most valuable?

The best part about Wireshark, in my opinion, is its ability to analyze packet capture files. It lists out various protocols like TCP, UDP, or SCTP, along with source and destination codes. This feature is truly amazing.

What needs improvement?

One thing that I feel is currently missing in Wireshark is the ability to perform deep analytics on traffic streams after they have been decoded. While it may not be the major use case right now, it would be beneficial to have some sort of leveraging of artificial intelligence or machine learning to automatically detect threats or vulnerabilities based on specific types of network traffic. Predictive analysis of this nature is currently absent in Wireshark.

So in future releases, it would be great to see more robust analytics for traffic streams in the next version of Wireshark.

One improvement I would suggest is having more graphical representations of network topologies in Wireshark. Currently, when we deploy Wireshark to collect streams, we lack visibility into how different entities are connected at that specific time. Having a network topology view of connected devices, showing the source and destination, would be really beneficial. For example, in DNS troubleshooting, visualizing the network path can help recreate certain issues. Unfortunately, this feature is not currently available in Wireshark.

For how long have I used the solution?

I've been working with Wireshark for more than 12 years. I would consider myself a network software development professional with extensive experience.

I've worked with major companies like Cisco Systems and other networking companies.

What do I think about the stability of the solution?

I would rate the stability of Wireshark as nine out of ten. It's quite stable.

What do I think about the scalability of the solution?

In terms of scalability, I would rate the scalability a seven out of ten. It is difficult to scale this solution. 

The use cases I've worked on require deploying Wireshark independently on each node. However, if I want to deploy Wireshark on hundreds of devices and collect information at a single location for better network management, that capability is currently not available. We need Wireshark to run on all the devices and have one device act as a controller to collect and process the information.

Wireshark is popular among both individual users and enterprise organizations, but currently, it is mostly used individually for debugging network traffic.

How are customer service and support?

I usually troubleshoot issues on my own. However, since Wireshark is open source, there is a community support system available.

What about the implementation team?

Deployment-wise, Wireshark is relatively simple. It's not overly complex, and it works quite well. So, in that respect, it's a good solution.

We are working with a hybrid model. We deploy Wireshark in both cloud platforms and on-premises. Depending on the real devices and entities, we sometimes deploy it onto virtual machines in the cloud and collect and process information using a switch. This flexible deployment approach allows us to cater to different scenarios and adapt accordingly.

Which other solutions did I evaluate?

I can compare Wireshark with tools like Suricata and Zeek. Suricata and Zeek are both implemented considering setting objectives, meaning that they are designed to achieve specific goals. For example, Suricata is designed to decode packet streams, perform analysis, and push configuration changes to devices. This makes it a good choice for an Intrusion Prevention System (IPS), which is a system that can detect and prevent attacks.

Wireshark is the base of Suricata. Suricata both use the same packet filter implementation, known as BPF (Berkley Packet Filter). BPF is a powerful tool that can be used to capture and analyze network traffic.

What other advice do I have?

In general, I'm quite fond of Wireshark, so I would rate it an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1480065 - PeerSpot reviewer
Service Operations Engineer at a tech vendor with 10,001+ employees
MSP
Top 20
Open-source with good documentation online and good search filtering capabilities
Pros and Cons
  • "It has good basic features."
  • "We'd like to be able to extract the output into an Excel table."

What is our primary use case?

We primarily use the solution for reading packet captures. It's like a packet analyzer, packet capture. 

I'm just reading some packets and looking for interesting tracking. That's all.

What is most valuable?

The solution is open-source. 

It does have SolarWinds in it or is involved in SolarWinds in some way.

The search filtering is very good. 

It has good basic features. 

There's a lot of information available online. Even if I am looking for something special, I can find details about that aspect. 

It is well structured.

The initial setup is very easy.

I find the product to be quite stable. 

We can scale the solution. 

What needs improvement?

It works pretty well, and we haven't seen any areas that are lacking. 

We'd like to be able to extract the output into an Excel table.

For how long have I used the solution?

I've used the solution for a couple of years. 

What do I think about the stability of the solution?

The solution performs well. It's stable. We haven't had issues with bugs or glitches. It doesn't crash or freeze. 

In the beginning, maybe seven or eight years ago, we did have some issues. However, that was a long time ago, and that was resolved. 

What do I think about the scalability of the solution?

It's my understanding that the solution can scale. 

How are customer service and support?

You can pay for a version that offers a support tier. However, I am using the basic, free, open-source version. There is no support tier. If you need information in relation to troubleshooting, everything you need is online. You can search the internet and find what you need. 

How was the initial setup?

The solution is very simple and straightforward. It's pretty easy. I wouldn't classify it as complex or difficult. 

I'd rate it five out of five in terms of ease of setup.

What's my experience with pricing, setup cost, and licensing?

The solution is open-source and free to use. That said, there is a paid tier with more features if a company needs a bit more. 

What other advice do I have?

I'm a customer and end-user. 

I'd recommend the solution to others. It's a good product. 

I'd rate the solution ten out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user