Wireshark Review

Parses large packet capture files without opening them, returns relevant information


What is our primary use case?

It is utilized for forensic work, with full packet capture.

What is most valuable?

Packet analysis and filtering. Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files without opening them so that you can take large captures, say 2-10GB, and return only relevant information.

What needs improvement?

The UI redesign threw me for a loop but I have learned to overcome it. The product is great but I wish there were more of an emphasis on the command line tools.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How was the initial setup?

Just install the software and the WinPcap software.

What's my experience with pricing, setup cost, and licensing?

It's a standalone tool. If there is a commercial license for it I am unaware of it.

What other advice do I have?

Make sure you are comfortable installing the WinPcap driver for packet collection. This tool could be used maliciously to capture data on your network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email