What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.
The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.
I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.
I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.
The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data.
Founder and CEO at a tech services company with 1-10 employees
Real User
2021-05-05T21:07:41Z
May 5, 2021
Being able to dissect email data and figure out what is inside email messages was the most valuable feature. Such a feature is pretty helpful for an ongoing forensic investigation or when there is a potential insider threat that you are trying to investigate. It allows you to see the network activity of the users you are investigating. It also gives you more visibility into your network.
It was very easy to set up. There is a lot of information out there on Google and YouTube about how to use it. There is also community support. If you have any trouble, it is pretty easy to find an answer online. You will have to do some digging only if you have a very specific use case.
NextGen TV (ATSC 3.0) Systems Engineer at PeerSpot
Real User
Top 20
2020-03-16T22:00:00Z
Mar 16, 2020
I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic.
The GUI is easy to use.
Wireshark is a good tool to start with network analyzing and packet capturing.
The session-level filtering features are valuable.
It is a stable product. I would rate the stability a ten out of ten.
Wireshark helps us to understand network traffic.
You can use Wireshark to see the traffic packet format, the IP layers, the fields, and the enabled flags.
Wireshark is very user-friendly; even someone with basic IT knowledge can use it.
The initial setup is simple.
The transmission and reception issues are valuable.
What's best about Wireshark is that it doesn't require installation. It supports cards and monitoring permissions and is sufficient for appending and capturing activities. You won't need to install other tools to use Wireshark, so this saves you time. You can capture packets at any time from your laptop through Wireshark.
The strongest feature of this solution, is the ability it gives us to carry out deep-packet inspections on our network, particularly when a function isn't performing as it should.
It has good basic features.
I find Wireshark a very useful tool. Its best feature is that it allows me to deeply understand what's going on at the packet level, as well as any adverse signatures that I can analyze. When I need to create an IPS rule, I need to check the traffic deeply to get more insights about the actual traffic, what's the name of certain flags, etc., and I'm able to do all that through Wireshark.
The tool is also user-friendly.
The options that are required to get the details for the packet drops are good.
Wireshark's best feature is that it's adaptive, which means it's the go-to tool for network-related developers.
Wireshark's best features are that it lets us see what traffic is in the network and what data should be encrypted.
I like the filtering feature as we can filter data easily. This feature is also available in tcpdump, but it's a simple piece of software. Wireshark is more advanced and has many features. It allows you to filter a lot of things. The output can be filtered easily.
The most important feature is colorization. If I say, "Okay, this particular SMB protocol in red, it will show me red." It's easy to identify that protocol or capture data.
The most valuable feature of Wireshark is the ability to choose a destination of flow that has not been working as expected.
It's easy to troubleshoot issues because there's a large online community.
Being able to dissect email data and figure out what is inside email messages was the most valuable feature. Such a feature is pretty helpful for an ongoing forensic investigation or when there is a potential insider threat that you are trying to investigate. It allows you to see the network activity of the users you are investigating. It also gives you more visibility into your network.
It was very easy to set up. There is a lot of information out there on Google and YouTube about how to use it. There is also community support. If you have any trouble, it is pretty easy to find an answer online. You will have to do some digging only if you have a very specific use case.
It has a good syntax to put the commands in and get information out of.
I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic.