Wireshark Pros and Cons
It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors.View full review »
The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting.View full review »
I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.).
Setup is very easy. It's also possible to change source code and compile if you want to change something in the code, because it's free.View full review »
Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files with out opening them so that you can take large captures, say 2-10GB, and return only relevant information.View full review »
Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data.
It is not an easy program. You will need to study to use it to its full capabilities (follow a course).View full review »
The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve.View full review »
It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network.
Sometimes I need to use tcpdump when I need to check the packets on CLI.View full review »
The product is great but I wish there were more of an emphasis on the command line tools.View full review »