Overall Satisfaction with Wireshark
We/I use Wireshark to capture and to analyze both wireless and wired network traffic. It is an absolutely required tool for any system administrator or network administrator. Our entire IT department uses it. Wireshark is both free and open source software, which, for what it does, saves us a lot of money. This graphical tool is easy to use and makes network packet analysis far less painful than if we had to rely just on the command line. Using Wireshark, we can analyze network traffic for further analysis ourselves or we can capture it and send it as a pcap file to a security consultant for further investigation. It is an essential part of our administrative toolbox.
- Wireshark is easy to use and to collect network traffic with.
- Wireshark color codes network packets based on which type of packet has been captured. This makes the analysis much quicker.
- Wireshark has a lot of different filters that can be applied either during capture or during analysis to filter out uninteresting packets from the feed.
- You can download and use a standalone (not installed) version to run on USB thumb drives or other external media in case you want to analyze a potentially compromised system in place.
- Wireshark requires elevated privileges, which can either be bad or good depending on your perspective.
- It has the standard disadvantage of capturing packets that might not reflect actual network traffic because the data is captured locally. Not a flaw of Wireshark, specifically, but of any locally run sniffing software.
- It can be confusing for new users to see all the columns and colors. You can do a lot of customization but it takes some effort.
- Wireshark continues to have a positive effect/impact on our business because we don't necessarily have to hire an outside consultant to read our captures.
- Wireshark, being free of charge, allows us to use a very advanced tool at no cost.
- All packet analysis tools are non-trivial to learn and to use. Wireshark is perhaps the simplest of all that I've seen. It is mostly intuitive and well-designed.
I've looked at several over the years but Wireshark's no cost and advanced capabilities make it an easy choice for me. Wireshark's biggest advantage is its cost, which I've mentioned several times. It's significant in budget terms. I can't justify paying $1,000 for software that I can get for free. If I need something more advanced, I'd just pay a consultant, but they're likely to use Wireshark, so I'm not sure what I'd be paying for in the long run except a second opinion or another pair of eyes on the data.
Wireshark is best suited to capturing and analyzing network traffic data. It is not an intrusion detection system (IDS), or a honeypot, or any real-time security tool. Offline analysis is where Wireshark shines. Take a capture using it or some other tool and load it into Wireshark for extensive analysis. Wireshark is great for forensic analysis of network traffic. You can find malformed packets, attack signatures, suspicious traffic, etc. Nothing gets by Wireshark.
I give Wireshark a 10 for usability because it is very usable. Just about anyone can capture packets within a few seconds of opening the program. The analysis is a science but as far as just using Wireshark; it's very easy.
Like to use
Easy to use
Technical support not required
Feel confident using
- Wireshark is quick to use. Open it, and click Capture->Start to begin capturing packets.
- Wireshark can load/ingest data from other sources such as tcpdump, so offline analysis is easy.
- There are a lot of filters built into it, which are handy because you will capture thousands of packets very quickly. You'll need to use these filters.