Wireshark

Wireshark

About TrustRadius Scoring
Score 9.2 out of 100
Wireshark

Overview

Recent Reviews

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Wireshark, and make your voice heard!

Pricing

View all pricing

Wireshark

Free

On Premise

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Wireshark?

Wireshark is an open source network troubleshooting tool.

Wireshark Technical Details

Deployment TypesOn-premise
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo

Comparisons

View all alternatives

Frequently Asked Questions

What is Wireshark?

Wireshark is an open source network troubleshooting tool.

What is Wireshark's best feature?

Reviewers rate Support Rating and Implementation Rating highest, with a score of 10.

Who uses Wireshark?

The most common users of Wireshark are from Enterprises (1,001+ employees) and the Information Technology & Services industry.

Reviews and Ratings

 (108)

Ratings

Reviews

(1-18 of 18)
Companies can't remove reviews or game the system. Here's why
Arnab Mukherjee | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Wireshark is a tool used by our Network Systems and Security Teams to analyze incoming and outgoing traffic to troubleshoot Network Issues. The tool gives end-users the option to filter traffic on specific ports and protocols and provides the ability to select a specific packet and view the entire N/W stream the packet belongs to.
  • Analyzing Network Traffic
  • Verify is Specific Ports/Traffic is being blocked by N/W device Firewall
  • Provided Life Capture and also save a Packet Capture for further analysis
  • Provide Dashboard/Graphs to display N/W Traffic
  • Trigger Notifications based on certain Traffic received
Analyze Traffic across the Network. You can create your own filters with specific color codes to track the traffic of interest. The packet capture provides you all the details including the source, destination, protocol, ports and helps troubleshoot Network and Security related issues. This tool can also be used for Network and Security audits and Network Scans to monitor any rogue traffic.
Mauro Biefeni | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Wireshark allows us to capture traffic on our network and see if there is any unusual activity that we need to worry about. It also allows us to track specific users' data to find if there are issues relating to client/server connectivity.
  • Capture Network Traffic - This really is the essential functionality of Wireshark as without consistent data capture there is nothing to analyze
  • Filtering - We need to often filter for specific data that we are looking for.
  • Live Capture as well as offline analysis - This gives us the flexibility to do what we need to do when we need to do it.
  • A more user-friendly interface would be nice, but then again it is not really designed for those who are not quite comfortable with this type of software.
  • Changes to functionality on updates - this can sometimes happen unexpectedly and can be an annoyance.
  • More powerful data processing would be welcomed
Wireshark is great for forensic analysis of network traffic. If users are having issues, or if we are seeing connectivity issues for VPN users, or if there is suspicion of unexpected or unwanted traffic on the network, Wireshark can help to find the source of any/all of these. With filtering by key values, protocols, or IPs, this can be a very powerful tool.
Score 7 out of 10
Vetted Review
Verified User
Review Source
Wireshark is used at the IT department of our company and those with a lot of development and IT experience. It's being used to troubleshoot when software or script communication fails and troubleshoot network-related issues. It's also being used when we suspect there may be a security flaw and need to analyze packets for potential problems.
  • Inspect Network Packets
  • Troubleshoot Software Issues
  • Solve Router and Switch Problems
  • Not for the Novice User
  • Trouble Reading Some Types Encrypted Traffic
  • Interface Could Use an Update
Wireshark is excellent for analyzing traffic across your computer or network. When there are communication issues between software, scripts, router, and switches, Wireshark will help troubleshoot the issue at hand. Wireshark is great at analyzing a wide variety of protocols and packets that are transferred. However, there is a really steep learning curve bunched up with an interface that could be modernized.
Chase Palmer, CISSP | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Wireshark is one of those tools that should be in every cyber security professional's toolbox. We use Wireshark for research and investigation. When reviewing a new software we will check the network traffic coming from applications to make sure that nothing strange is coming from or to the application.

We also set up various Capture the Flag challenges for recruiting purposes and use Wireshark to set up those challenges.
  • Network traffic inspection
  • Packet inspection
  • API testing/troubleshooting
  • Filters can be difficult to remember and formulate. A simple filter set or filter builder would be helpful.
I don't know of any other tool that works as well as Wireshark for packet capture an inspection. It's extremely easy to get up and running, and even with little to no knowledge of how to use the tool, you can be looking at all the traffic coming off a network interface.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Wireshark is used across all of our client sites for in-depth network troubleshooting. Out of all the tools we have at our disposal, the ability to install a managed switch inline with a problematic device and/or workstation allows our technicians to deep dive into the network traffic and locate the issue.
  • Network Troubleshooting
  • Packet Analysis
  • Traffic Filtering
  • GUI Interface
  • Product Support
  • Product Training
Wireshark is great for enterprise networks with large amounts of data traversing the network that need a way to filter and inspect specific traffic by specific parameters (i.e. destination / source IP address, host, or type). There are use-cases for smaller environments, but the amount of time needed to learn how to effectively use the tool may not be beneficial for home / small office users.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We are using Wireshark for all of our deep packet inspectings. We have addressed issues such as network latency or lack of resilience by using this tool to determine root causes. We use this in-depth tool to complement other solutions we have in place for network performance monitoring and security.
  • Deep packet inspection
  • Password sniffing
  • Better dashboard
  • Toolset integrations
Wireshark is well suited for situations where you have to get to the root cause of specific network issues. Things like why is the network running so slow or why is an application less responsive to this IP zone than others. It gets you to the packet level for better diagnostics and troubleshooting.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We've used Wireshark to investigate and diagnose issues with our VOIP phone system. We were able to capture network traffic in order to troubleshoot/track packet loss that was causing calls to drop. This tool was very effective in allowing us to provide the required information to the provider.
  • network traffic capture
  • header information
  • supports many protocols
  • UI/UX experience could be improved
I'd always recommend Wireshark to colleagues if they're looking to analyze network traffic. They're a well know, trusted market leader in this space. I'd recommend that they watch a video demo on the product to get a better understanding of how to use it most effectively but if they were to commit some time to explore the product
Drew Harrison | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Wireshark was my go-to tool for capturing and analyzing network traffic while building automation technologies (web bots) for years. It allowed me to quickly see what headers, cookies, and data were being sent during web requests and responses. So I could quickly and accurately mimic the data for automation, and it made life so much easier to have all that data collected and presented in one decent interface.
  • Captures all kinds of packet data in network traffic
  • Save & restore captured packed data
  • Show errors and issues in levels below the HTTP protocol
  • Can't modify or manipulate things/data on the network (only records data)
  • A better interface would be nice - it's functional as-is, but it could use some polish
If you need to analyze packet data across your network and want the low-level details, Wireshark is perfect for the job. It records the necessary data and presents it in a way that's relatively easy to read, analyze, and understand. It's got a ton of features (more than most people will ever need). However, if you're simply interested in HTTP traffic, I believe Fiddler is a slightly better choice, as it is more explicitly geared towards the HTTP protocol.
I don't believe Wireshark has "true" support as the software is open source. However, there is an active & friendly community around Wireshark that are more than happy to help answer questions. From a comprehensive Wiki and FAQ section on the site to the Ask a Question forum and bug tracker section, there's plenty of support options to make sure your questions and issues are addressed.
Score 10 out of 10
Vetted Review
Verified User
Review Source
I use it as a systems information manager to capture traffic on the network and analyze the packets for various reasons. I have used it to find a ping scan from a wireless network that was DOS'ing an external location, and also have used it to pinpoint a system with a corrupted NIC driver that was causing a severe broadcast storm on our main network.
  • Packet capturing
  • Packet analysis
  • Traffic monitoring and reporting
  • It is beginner-friendly as far as installation, but it could use a tutorial.
  • Perhaps there is a way to do this already, but I haven't yet seen it. It would be nice if it could be integrated with a network package that could detect network anomalies, fire up an automated packet analysis, and send a report to an administrator.
It is invaluable for capturing and analyzing network traffic and identifying issues with devices that are either malfunctioning, or possibly even set up as rogue devices on a network. Using the data from a packet analysis combined with logs and MAC tables from various network devices, it can be used to find specifically where a device might be located. It's not a "set it and forget it" application, but it is well suited for on-the-spot analysis.
I haven't had to contact their official support because there is a HUGE amount of documentation and community support available. I imagine that one would be hard pressed to find many issues where they might need to contact actual support.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Wireshark whenever there is a need for deep-dive packet captures. We usually turn to Wireshark after we have done all other steps in general troubleshooting. Wireshark is being used by both the campus network teams, data center network teams, corporate systems team, and production systems team. It is a great tool not only for network engineers.
  • EXTENSIVE detail
  • Easy to run, even for non-networking individuals. Makes it so they can run a packet capture on their machine and send to the network team for analysis.
  • Lowcost
  • Packet capture files get extremely large, extremely quickly.
  • Sifting through packet capture can be arduous at times.
  • Sometimes it feels almost "too in-depth" and can be overwhelming to look at. Hard to know where to start looking.
Wireshark is a great tool to use after general network troubleshooting has taken place; checking subnet mask, default gateway, route table, etc. It can help identify breaks or hiccups in network communication, and narrow down where further investigation should be focused. It is not a good tool to use for general troubleshooting, you need to have a core knowledge of networking to find the tool valuable.
I have never engaged Wireshark support directly. Whenever I would run into a question or needed to learn about a certain feature, I was able to find the information I was looking for on tech blogs and forum posts by other network engineers. The Wireshark community has been more than enough whenever I had issues.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Wireshark is being used widely in my organization especially in network engineering and operation teams. It's being used for multiple purposes in network design, testing, operation, and troubleshooting.
  • Wireshark is easy to use, the user can customize the display layout of the packet based on the user's own interests to only highlight the network layers and parameters being cared about.
  • There are plenty of integrated/embedded tools inside Wireshark can be used to perform deep analysis of the different type of network issues.
  • Filter and search functionality are so powerful which can be helpful for network issue troubleshooting.
  • It's better to integrate some APIs to the high-level users allowing them to design and program their own deep analysis functions to support the work.
  • it's better to optimize the algorithm processor a little bit as I will normally have trouble to open a big size packet capture larger than 3GB, the computer will become very slow and take a very long time to open the file and perform any analysis.
I use Wireshark nearly every day, it's the most important tool in my daily work as a network engineer to troubleshoot the real network problem in the production network. It helps me to look into the problematic protocol scenarios in the packet layer to understand where is the problem and how to fix.
Jaspreet Singh | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
Wireshark is used in our organization for monitoring the network traffic and troubleshooting in case we are facing any network related issues. It is one the most used software which lets you dissect the network packet to the tiniest details and pull out any network related information. It is used by our department only and not by everyone across the organization. Our job requires making all the systems and communications across the systems to run smoothly. So we have a constant session running on all the systems via Wireshark and in case of any problem, we quickly dump all the network packets and filter its using amazing filter function of Wireshark and then find out the problem. Without software, it might take hours or even days to solve the problems.
  • Light-weight software - Does not require high end specifications; also runs smoothly on Legacy systems
  • Filter function - Lets you filter you packets from thousands to tens so as to find your target much easily
  • Simultaneous capturing on all the network adapters - You can capture packets from all the Network Interface Cards (NIC's) at once.
  • GUI of the software can improve a bit; like some more animations can be added to make it more user friendly
  • Some more learning resources can be officially added; like filter query function is much advanced, but everyone does not know how to efficiently use it
  • Themes can also be provided to users so that people who work on this software for hours can have a new experience by changing the colors of the software
Wireshark is well suited for scenarios in which the technical difficulties are being faced. A lot of times we are not aware of how computers actually talk with each other. With Wireshark, you can learn this topic in depth and help yourself and your colleagues in case anyone is facing any sort of networking related problems. Many people just use the computer system for basic tasks and often tend to get stuck on simple things like if the system is not able to retrieve the IP from the router. After you learn these concepts you can easily solve these problems. Wireshark is a bit of a technical software program and only intended for people who have a basic understanding/ background of computers. If not, this software might end up giving you a lot of information which will be really tough for you to understand. So I would recommend if you want to use this software and are interested in the concepts as mentioned before/ above, go through a quick course on computer networking concepts and you shall be good to start exploring Wireshark.
February 11, 2019

Wireshark is Solid :-)

NAKIA EPLEY | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
I use Wireshark almost daily in school. I am in my final quarter of my Bachelor's Degree in Networking and Securities. We use Wireshark both on our real-time environments, virtual environments, and physical lab equipment. We utilize this through the entire I.T. program, and on the network side for the securities pathway.
  • Wireshark is SO easy to use! At very first glance, it can be a little overwhelming but after about 2 or 3 times of being walked through instruction, the ease of use makes the packet capture process easy to understand.
  • The *(TCP/UDP/HTTP, etc) filters make things very clear, and hides the information that you do not need at the moment. Following the TCP stream is laid out easily to be able to view the intrusion.
  • Integrates very well into the virtual environments as well as real-time. It acts on the virtual environment just as if it were on my physical computer.
  • There are a lot of troubleshooting features, but at this point in my program, I have not really run into anything too terribly negative to say about Wireshark.
Wireshark is nicely laid out, integrates with Snort, Splunk, etc, and overall is great software. I am moving into a Critical Informatics role, or as a security analyst after graduation, and Wireshark will be one of my most solid backbone tools in pen testing. So using it on an educational platform has set me up for success once I get into a real-time environment.
Kenneth Hess | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We/I use Wireshark to capture and to analyze both wireless and wired network traffic. It is an absolutely required tool for any system administrator or network administrator. Our entire IT department uses it. Wireshark is both free and open source software, which, for what it does, saves us a lot of money. This graphical tool is easy to use and makes network packet analysis far less painful than if we had to rely just on the command line. Using Wireshark, we can analyze network traffic for further analysis ourselves or we can capture it and send it as a pcap file to a security consultant for further investigation. It is an essential part of our administrative toolbox.
  • Wireshark is easy to use and to collect network traffic with.
  • Wireshark color codes network packets based on which type of packet has been captured. This makes the analysis much quicker.
  • Wireshark has a lot of different filters that can be applied either during capture or during analysis to filter out uninteresting packets from the feed.
  • You can download and use a standalone (not installed) version to run on USB thumb drives or other external media in case you want to analyze a potentially compromised system in place.
  • Wireshark requires elevated privileges, which can either be bad or good depending on your perspective.
  • It has the standard disadvantage of capturing packets that might not reflect actual network traffic because the data is captured locally. Not a flaw of Wireshark, specifically, but of any locally run sniffing software.
  • It can be confusing for new users to see all the columns and colors. You can do a lot of customization but it takes some effort.
Wireshark is best suited to capturing and analyzing network traffic data. It is not an intrusion detection system (IDS), or a honeypot, or any real-time security tool. Offline analysis is where Wireshark shines. Take a capture using it or some other tool and load it into Wireshark for extensive analysis. Wireshark is great for forensic analysis of network traffic. You can find malformed packets, attack signatures, suspicious traffic, etc. Nothing gets by Wireshark.
Matthew Frederickson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use Wireshark to troubleshoot network problems - both wired and wireless. It's not uncommon to get a ticket from a user stating that the network is "slow". Since that is always less then helpful, we usually (after basic troubleshooting steps) start a Wireshark capture closest tot he endpoint with the issue. Invariably, we are always able to find the issue - whether it's endpoint or switch related - or even if it's something downstream. We've managed to train some of the IT staff in how to do a capture - so even if they don't understand what they are looking at, they are familiar with grapping a pcap file for our review.
  • Displays data (network captures) in a logical, clear way that enables you to easily see what is happening on the wire.
  • Provides expert help and color codes packet types so it's easy to quickly pick out different types of traffic.
  • Separates the data into three panes so you can get an overview, packet details, and see string data.
  • Can be a little intimidating right out of the box.
Wireshark is awesome for troubleshooting network issues. It gives you a direct view into what is happening on the wire. It takes the guesswork out of knowing what is happening on the wire - you can tell whether there are delays from web sites; file servers; voice issues. Yes - it is great for troubleshooting SIP traffic also.

It does not do massive file captures; it does not do a good job on massive packet capture files. If you are capturing traffic on a ten-gig or higher port, use tcpdump or some other mechanism to grab the data. Then use tshark (or one of the other included tools) to parse out what you need (time range, or specific type of traffic) to analyze inside wireshark.
Ari Robinson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Troubleshooting of reported issues and verification of facts (i.e. that a certain protocol is being used).
  • Very powerful and easy to use (once you understand the basic interface).
  • Free and easy to install.
  • Flexible and can be used in many different scenarios.
  • Bring back the Legacy option!
  • Improve the ease of use for some advanced functionality (such as decoding of video into H.264 or seeing the encryption type being used).
  • Sometimes the GUI can become non-responsive when using RDP.
Anytime you want to see what is happening between point A and point B on the network.
Obviously, it can't be used when trying to capture communication between one socket and another socket on the same machine.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Wireshark is used both in the network team and helpdesk team. It helps us to identify and troubleshoot network connectivity issues.
  • It can help us to determine the network issue such as if it would be at the application level or network routing issue.
  • It also can identify how the source and destination communicate.
  • It can track the network traffic to determine the actually network flow.
  • I find it's pretty easy to use and have been a fan of it.
It's one of the best network tools for our network engineers.
November 04, 2016

Wireshark

Score 7 out of 10
Vetted Review
Verified User
Review Source
Wireshark is being used across our organization to trouble shoot all network related issues. We are also using it to trouble shoot application speed issues between locations.
  • Wireshark provides an immense amount of data. If the data is being sent you will be able to track it.
  • Will flag some notable information if you don't know what you are looking for.
  • Can analyze VoIP data as well.
  • It can be difficult to parse and filter data without working with Wireshark for a while. The amount of data can be overwhelming for first time users.
  • We have had difficulties getting it to run properly with MacOS
Wireshark can be used to find speed issues for an internal application slowing down between geographical locations. Wireshark works well for tracking down unmanaged switches and hubs that are causing issues in our network. If you have no idea what your are looking for, Wireshark may not be the way to go. Also when tracking issues with a web application, as there are easier tools to use for that.