Wireshark Room for Improvement
With Wireshark, you cannot download and utilize the packet in automation. Automation is right now expanding its own stuff. People are using some headless servers that do not need a GUI. So Wireshark will only be available if there is a GUI so you can see that packet clearly. So there is no transferring form of Wireshark right now available. You need to have some GUI on the server so you can check that via the check packet.
View full review »I can't suggest anything as of now regarding Wireshark. I have never found any issues or had any difficulty using it. Be it connecting the system to the network directly and capturing the data through Wireshark, or for a specific time, it's been flawless. I have got the results every time I've needed them.
You need good network connectivity to download during the setup, otherwise, it might take a while.
View full review »I wish the filters were a little bit more prepopulated. It would have been easy to hit a drop-down and select a filter. If I only wanted to look at DCP, UDP, or IP, it would be easy to filter it out. Advanced network knowledge is required to get a lot out of the tool. However, it's very easy to install and deploy.
It would be nice if there were some handheld Android devices with a Wireshark-specialized application that would allow us to mirror a Cisco port. Then, we can just plug into the port and click the green start button, and it will start ingesting the packet capture. Then, we won’t be using a laptop.
The only downside is that we must have a laptop and connect a network cable. Some new laptops don't have network ports, so we have to get another adapter. Having an all-in-one device, like NetAlly or Fluke, and some of their network devices would be cool.
Buyer's Guide
Wireshark
March 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,847 professionals have used our research since 2012.
There is a disadvantage when it comes to sampling intervals. While the solution supports sampling as fine as one millisecond, it requires a copy at that interval. My Python script allows me to achieve a granularity of up to ten microseconds, but I can't go beyond that. When dealing with provisioning on both issues, it would be beneficial if I could go down to the microsecond level, if not the nanosecond. Additionally, I've heard from a colleague that Wireshark might be less effective in the voice domain.
View full review »The product has been using the same GUI for many years. The product must make its GUI more interactive and user-friendly. Any IT person working on the product would understand the information displayed on the product, but the GUI is not that familiar.
View full review »Previously, I have used Wireshark in some of the financial companies I have been involved with. For example, when I was employed at a bank, we used Wireshark. However, I have noticed that Wireshark is restricted when any sort of encryption is involved, such as XSL encryption or DLX. This means that Wireshark cannot be used to its full potential. Therefore, I think that Wireshark or the vendors should consider including features to penetrate firewalls and get the data, such as including any hash types.
I would like the ability to sniff user credentials, such as passwords, rather than clear text. Wireshark should be able to sniff basic encryption, such as 128 and 64-bit encryption, as other solutions do.
In the future, it would be nice to see color coding. It is just black and white.
You need some basic knowledge to work with Wireshark. Maybe it could be more user-friendly just for new users. Just for the new generation.
View full review »MF
reviewer2171574
Chief Technologist at a consumer goods company with 10,001+ employees
Wireshark could make the filtering rules easier to apply and offer a drag-and-drop option as opposed to type and text. The tool should also provide data prompts for some of the filters.
In the future, I want Wireshark to provide some visual representation of packet sizes, along with some graphical analysis tools.
I think you may have to download a separate interface driver when working with Wireshark, so I believe that the setup phase could be made simpler.
SS
Shah Sachinkumar
Lead Engineer at NXP Semiconductors
Wireshark is similar to an OS defense tool, meaning that it runs on an OS such as Ubuntu and Fedora, but I'm unsure if it's compatible with Windows or if it's a straightforward process to run it on Windows. Right now, my team needs to run Wireshark from a dongle to use it, so it's an OS-dependable tool, and that's an area for improvement.
I was unable to use Wireshark on Windows, and I couldn't capture it, as I'm unsure how to configure the wireless card into monitoring mode on Windows. The process was straightforward on Linux, but it wasn't the case on Windows OS. It seems Wireshark isn't compatible with all OS. For example, you can analyze the log, and you can analyze it on the Windows server, but you can't do a capture in Windows. Configuring Wireshark for Windows isn't as easy as configuring it for Linux.
What I'd like to see in the next release of Wireshark is the capability to capture packets from the ethernet.
View full review »In my previous company, we had Omnipeek, and the UI was better than Wireshark. This product needs to improve the UI.
Generally, you can use Omnipeek to capture packets. You can also use Wireshark to capture packets. However, they need a compatible adapter. If we use Wireshark without a compatible adapter, we really don't go to capture packets using it. We already get captures from the field and from customers, and we just use it for analysis.
I would make maybe adding filters easy. There are some options that we can enable to look into the packet. For example, the default installation of Wireshark doesn't have much information. You can just get to see the packet number, the time's terms, the source address, the destination address, and some detailed information. If I want to see the RSSI, the channel number, the protocol information, or the data rate, I need to go and modify some of the configurations to add columns to display this information. I need to spend some time with it. Therefore, the Wireshark default installation could probably include some more crucial information. That would be a little helpful.
View full review »
Not always simple to setup and get the filtering right when capturing data. The TCPDUMP pre filter is a bit hard to get use to when you are used to using the post filter. It will help when they have the same filter for both. Of course I'm assuming that the Post filter will be the filter of choice and translate the Post Filter into what needs to be done for the Pre Filter. I use the export to CSV and also the Print Full trace to a file features to do post analysis that would otherwise be impossible to do any other way than using WireShark.
An example is watching MQ Traffic through a MQ Broker. Using the MQ Token, I'm able to combine the send / receive responses together to see the final response time and also where the packets are sent/received. This has helped with the SOA analysis when you have traffic going to a MQ Broker to be sent to other servers for responses. 4 packet sets are involved when this is done. 1 Request in to the Broker, 1 Response out from the Broker to a Responder, then a response from the Responder to the Broker again, and the final response from the Broker back to the original Requestor. All of that chatter needs to be captured and seen for the full response time analysis. Using the Packet Print, I'm able to dig into the header of the MQ packet and find that information for post assembly of information into a CSV file. Using Perl, I'm able to read these files in automation and create CSV files for use in Excel to then provide the packet numbers to use again in the Post Filter process of WireShark to look at further details. This is complex, but so are the actual interactions that are taking place. This work would be impossible with out a tool like Wireshark that provides the insight and decoding of the MQ headers of the packets. This brings out the Tokens and response Tokens of the packets for analysis. The other SOA and complex Websphere interaction tools are getting better at presenting this information, but there are still times where the developors have created something that the other tools have not tackled yet. Then WireShark is the only way to really drill into those interactions.
View full review »
Wireshark's UI isn't easy to handle and doesn't have as nice a view as Omnipeek.
View full review »The solution has a steep learning curve. There are so many filters and features that are frequently being updated, it takes research, experience and familiarity to be able to use them. It could be a lot more user-friendly.
View full review »BM
reviewer1480065
Service Operations Engineer at a tech vendor with 10,001+ employees
It works pretty well, and we haven't seen any areas that are lacking.
We'd like to be able to extract the output into an Excel table.
View full review »A room for improvement in Wireshark is its ease of use for beginners. It could be better. Another room for improvement in the tool is for it to provide more details about the traffic load.
At the moment, Wireshark is adequate for me, so there isn't anything I'd like added to it in its next version.
View full review »While Wireshark is useful, the GUI interface is less accurate, showing only limited information.
View full review »IS
reviewer2045031
Student at a university with 1,001-5,000 employees
Whenever we select one of the packets, in terms of the number of bytes, for example, there are three planes, and in the detailed plane, I have to count the number of bytes manually.
Also, sometimes when I'm trying to select the number of bytes, the selection does not go properly. If we were to go on selecting it, the number of bytes also showed up as to how many bytes have been selected in the detailed plane.
View full review »It would be better if they offered a hybrid version like My Cloud Control.
View full review »The solution’s user interface could be improved.
View full review »VS
reviewer1430742
Software Engineer at a computer software company with 10,001+ employees
The decryption of encrypted packets could be better.
View full review »We would like the product to be developed so that it doesn't rely on internet access for installation. We would like to see all of the components required to be integrated into the installer.
The average person would probably find Wireshark hard to use. When I first installed it, I was overwhelmed by all the data it was shooting out. It doesn't make sense until you start doing some research and figure out what everything means. It isn't the most user-friendly tool. It just provides so much information.
I'm probably not familiar with it enough to say what features it's missing, but it could be a bit more accessible to the average system administrator having issues on their network so they can pull it out and run some scans.
View full review »Wireshark could be improved with a delay option when getting data automatically. It could also work faster.
View full review »TN
Toan Ngo
Network Specialist at a tech services company with 501-1,000 employees
DNS could be improved.
View full review »Wireshark doesn't have a dashboard.
View full review »Wireshark could be improved by adding more monitoring features.
View full review »VP
VijayPal
Network Engineer at a tech services company with 51-200 employees
One thing that I feel is currently missing in Wireshark is the ability to perform deep analytics on traffic streams after they have been decoded. While it may not be the major use case right now, it would be beneficial to have some sort of leveraging of artificial intelligence or machine learning to automatically detect threats or vulnerabilities based on specific types of network traffic. Predictive analysis of this nature is currently absent in Wireshark.
So in future releases, it would be great to see more robust analytics for traffic streams in the next version of Wireshark.
One improvement I would suggest is having more graphical representations of network topologies in Wireshark. Currently, when we deploy Wireshark to collect streams, we lack visibility into how different entities are connected at that specific time. Having a network topology view of connected devices, showing the source and destination, would be really beneficial. For example, in DNS troubleshooting, visualizing the network path can help recreate certain issues. Unfortunately, this feature is not currently available in Wireshark.
View full review »RD
reviewer2011050
Lead Engineer at a tech services company with 10,001+ employees
The solution can be improved by increasing its capacity to manage larger files. Wireshark gets stuck when it is a larger file.
View full review »Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data.
This is no complaint, but is not an easy program. You will need to study to use it to its full capabilities (follow a course), but the more you know about it, the more you will use it.
The system could be improved upon by adding a better and more powerful data processing engine. The original was based on the Raspberry Pi. The RPi unit acted as a sensor on the network relaying information back to a centralized computer which was able to correlate and provide analysis as to the packets and their reaction to traffic loads. Much improvement could have been done but we were not that lucky. The more we designed items the more we began to realize that we were getting too far from our central goal of trying to make the network better.
View full review »AC
reviewer1561449
Founder and CEO at a tech services company with 1-10 employees
Its user interface was a little less friendly. They can make its user interface a little bit more friendly. It is for technical people, and most of the technical people would be able to figure it out, but it would be good to improve its user interface.
They can maybe build artificial intelligence into it. Currently, it takes a lot of manpower to analyze and dissect all the data.
View full review »YD
Yafes Duygulutuna
Sr. Security Engineer at SugarCRM
It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network.
View full review »
Can be difficult for non "packet heads" to understand
View full review »
It is easy to get overwhelmed with the amount of data you are looking at. But that is true with any analysis tool. The best approach is to focus on a single process that interests you, follow its stream and walk through the packets until you understand what is happening. Then move on to learn the next thing. How do you eat an elephant? One "byte" at a time.
View full review »
As some of the other reviewers here have stated, one con is that this software is only an observer, not an interactive component of the network, meaning you cant change anything with it.It also lacks a few modules that other, closed source software's have, but I have no doubt that the community will come up with a solution soon for that issue! It's continuously being developed and changed.
View full review »
BW
Brad Wilson
Owner at QOS NETWORKING INC
The only thing that I don't like is sometimes there is an update, and something that I was using is either no longer there or it has changed. However, this is common when they upgrade software, so it's normal with any software.
Because this product is open-source, sometimes there are contributors who make changes and they aren't properly vetted throughout the whole community. Access to older functionality should stay as a user preference so that they can still use it the old way if they want to.
View full review »NN
Nyanda Nyalusanda
Engineer at Mzinga
I would like better control of bandwidth from the service provider. Some network failures are due to bandwidth so I would like to be able to increase capacity at any time and ensure it holds at that level.
View full review »DI
reviewer1527936
Competence Center Manager at a tech services company with 201-500 employees
I would like to see Wireshark improve the ease of application of the command. The command is very powerful, but not easy to apply.
For the next release, I would like to see the motion of the measurement of the terminal loss packet. The round-trip delay. Also, it would benefit from improving the capability to evolve in real-time.
View full review »
Few cons of Wireshark are
1) Running Wireshark through an admin account for multiple exploits, is unsecured
2) Cannot manipulate things on the network
3) Cannot be used for MIDM attacks
4) Lack of intrusion detection module
5) Lack of modules for ARP poisoning and caching
View full review »
The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve.
View full review »The UI redesign threw me for a loop but I have learned to overcome it. The product is great but I wish there were more of an emphasis on the command line tools.
View full review »Maximum buffer size of captured data should be unlimited and should allow ability to archive all old captures (not save option) in real time, it should support a destination location where old captures can be directed for long term storage.
View full review »
• Wireshark does not allw you to make any changes relevant to the network. In other words, you can only observe the network.
View full review »
Good working knowledge of TCP/IP is needed to use this tool, including packet structure, headers, and ports.
The volume of data on a typical TCP segment is so large that it can be challenging to capture and find the right data.
Can't sniff wireless networks without additional hardware, e.g. wireless dongle.
View full review »
Built-in help system is not robust.Advance knowledge is required for protocol analysis.
View full review »
Bigger memory footprint.
View full review »
- Packet filter used in wireshark is quite cryptic and the syntax is quite different from the other command line packet analyzers, like tcpdump.
- Requires admin privileges for running the packet capture utility.
- You cannot change anything on the packet i.e. you can not modify anything in the packet, packet header, etc. You can only read them.
- Requires basic knowledge of Networking to decipher the packet capture.
-Cannot be used to diagnose any kind of network intrusions and hacking exploits.
View full review »
Wireshark is also used for hacking which is a security breach. This can happen in wireless networks because they are not secure and most protocols of which are also not secure.Hackers use Wireshark to capture login details or information sent over networks. It is a free open source software that can be freely downloaded from the internet. Wireshark can be used on windows systems, Unix systems as well as Mac OS X systems and can also capture raw USB traffic.
View full review »
It’s helpful only if you have the basic knowledge of networking. You are required to have TCP/IP protocol suite knowledge and many other protocols as well.
View full review »
Buyer's Guide
Wireshark
March 2024
Learn what your peers think about Wireshark. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,847 professionals have used our research since 2012.