Wireshark is an open source network troubleshooting tool.
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Local and Remote Sniffing with Wireshark
Wireshark demo (simple http)
Saving Files From Wireshark
How to Use Wireshark's Follow TCP Stream Feature
Wireshark SIP Capture
- Tech Details
|Operating Systems||Windows, Linux, Mac|
- Possibility to analyze packets from various interfaces (LAN,Wifi,BT,USB).
- Ability to integrate with GNS3 easily.
- Its a free tool and available on all platforms.
- Provide comprehension analysis on communication protocols.
- Learning curve is a little steep.
- Encrypted network traffic read is a a struggle.
- User interface can be developed
- Ease of capturing and analyzing incoming and outgoing network traffic.
- It allows offline analysis of inspected and captured packages.
- Excellent and friendly interface.
- Large community with great support and advanced feature tips.
- Windows compatible.
- It is bad for parsing very large packets.
- It takes time and patience to analyze all packages.
While saying that, I only used it primarily to get a deep understanding of our network.
- Great UI & Command Line Tools
- Packet capture feature is very good
- It is open source which is the best thing in a tool like Wireshark
- A little bit of intrusion detection feature would help
- Other than that, I don't think it lacks anything
- Perfect little tool
- Dropped packets
- Latency issues
- I don't miss anything
- Packet sniffing
- Traffic pattern recreation
- Traffic monitoring
- More point and click
- Images are difficult to decode
- Captures network traffic
- Categorizes network traffic based on many different categories
- Offers numerous filtering options to reduce unnecessary clutter
- Perhaps Wireshark could offer more regular updates/upgrades.
- Inspection of protocols
- Analysis of packets
- Live data
- More user friendly
- A more detailed explanation of certain packets
- Packet Capture
- Easy to use GUI
- Packet capturing is on point
- Rock solid stable
- A lot of functionality
- Great support and maintenance
- Large PCAP files load too long
- Manual query syntax is hard to remember
- Some features are hard to find
2. Network troubleshooting by reviewing the packets to determine the issue
3. Monitoring interfaces to identify missing / extra packets
4. Analyzing packet structure of required protocol
- Analyse VOIP protocol
- See everything occuring on interface
- See bothi inboud and outbound reqeuest
- Better Wizards
- Basic / Pro view
- Limit capture rather than capture everything to reduce log size
- Network packets
- Detailed information
- Learning on how to use.
- More documentation
- View of the application
- Realtime network data visibility
- TCP/IP Packet inspection
- Wired/Wireless network troubleshooting
- Fairly straightforward, but not the simplest program to use
- You do bounce around between windows and clicking various buttons for starting and stopping. While the interface is good, it could be streamlined somewhat
- Analyzing Network Traffic
- Verify is Specific Ports/Traffic is being blocked by N/W device Firewall
- Provided Life Capture and also save a Packet Capture for further analysis
- Provide Dashboard/Graphs to display N/W Traffic
- Trigger Notifications based on certain Traffic received
- Capture Network Traffic - This really is the essential functionality of Wireshark as without consistent data capture there is nothing to analyze
- Filtering - We need to often filter for specific data that we are looking for.
- Live Capture as well as offline analysis - This gives us the flexibility to do what we need to do when we need to do it.
- A more user-friendly interface would be nice, but then again it is not really designed for those who are not quite comfortable with this type of software.
- Changes to functionality on updates - this can sometimes happen unexpectedly and can be an annoyance.
- More powerful data processing would be welcomed
- Inspect Network Packets
- Troubleshoot Software Issues
- Solve Router and Switch Problems
- Not for the Novice User
- Trouble Reading Some Types Encrypted Traffic
- Interface Could Use an Update
We also set up various Capture the Flag challenges for recruiting purposes and use Wireshark to set up those challenges.
- Network traffic inspection
- Packet inspection
- API testing/troubleshooting
- Filters can be difficult to remember and formulate. A simple filter set or filter builder would be helpful.
- Network Troubleshooting
- Packet Analysis
- Traffic Filtering
- GUI Interface
- Product Support
- Product Training
- network traffic capture
- header information
- supports many protocols
- UI/UX experience could be improved
- Captures all kinds of packet data in network traffic
- Save & restore captured packed data
- Show errors and issues in levels below the HTTP protocol
- Can't modify or manipulate things/data on the network (only records data)
- A better interface would be nice - it's functional as-is, but it could use some polish
- Packet capturing
- Packet analysis
- Traffic monitoring and reporting
- It is beginner-friendly as far as installation, but it could use a tutorial.
- Perhaps there is a way to do this already, but I haven't yet seen it. It would be nice if it could be integrated with a network package that could detect network anomalies, fire up an automated packet analysis, and send a report to an administrator.
- EXTENSIVE detail
- Easy to run, even for non-networking individuals. Makes it so they can run a packet capture on their machine and send to the network team for analysis.
- Packet capture files get extremely large, extremely quickly.
- Sifting through packet capture can be arduous at times.
- Sometimes it feels almost "too in-depth" and can be overwhelming to look at. Hard to know where to start looking.
- Wireshark is easy to use, the user can customize the display layout of the packet based on the user's own interests to only highlight the network layers and parameters being cared about.
- There are plenty of integrated/embedded tools inside Wireshark can be used to perform deep analysis of the different type of network issues.
- Filter and search functionality are so powerful which can be helpful for network issue troubleshooting.
- It's better to integrate some APIs to the high-level users allowing them to design and program their own deep analysis functions to support the work.
- it's better to optimize the algorithm processor a little bit as I will normally have trouble to open a big size packet capture larger than 3GB, the computer will become very slow and take a very long time to open the file and perform any analysis.
- Light-weight software - Does not require high end specifications; also runs smoothly on Legacy systems
- Filter function - Lets you filter you packets from thousands to tens so as to find your target much easily
- Simultaneous capturing on all the network adapters - You can capture packets from all the Network Interface Cards (NIC's) at once.
- GUI of the software can improve a bit; like some more animations can be added to make it more user friendly
- Some more learning resources can be officially added; like filter query function is much advanced, but everyone does not know how to efficiently use it
- Themes can also be provided to users so that people who work on this software for hours can have a new experience by changing the colors of the software
- Wireshark is SO easy to use! At very first glance, it can be a little overwhelming but after about 2 or 3 times of being walked through instruction, the ease of use makes the packet capture process easy to understand.
- The *(TCP/UDP/HTTP, etc) filters make things very clear, and hides the information that you do not need at the moment. Following the TCP stream is laid out easily to be able to view the intrusion.
- Integrates very well into the virtual environments as well as real-time. It acts on the virtual environment just as if it were on my physical computer.
- There are a lot of troubleshooting features, but at this point in my program, I have not really run into anything too terribly negative to say about Wireshark.
- Wireshark is easy to use and to collect network traffic with.
- Wireshark color codes network packets based on which type of packet has been captured. This makes the analysis much quicker.
- Wireshark has a lot of different filters that can be applied either during capture or during analysis to filter out uninteresting packets from the feed.
- You can download and use a standalone (not installed) version to run on USB thumb drives or other external media in case you want to analyze a potentially compromised system in place.
- Wireshark requires elevated privileges, which can either be bad or good depending on your perspective.
- It has the standard disadvantage of capturing packets that might not reflect actual network traffic because the data is captured locally. Not a flaw of Wireshark, specifically, but of any locally run sniffing software.
- It can be confusing for new users to see all the columns and colors. You can do a lot of customization but it takes some effort.