What is Wireshark?Wireshark is the world's foremost network protocol analyzer.
Download the Network Troubleshooting Buyer's Guide including reviews and more. Updated: June 2021
Wireshark CustomersComversion, ADP, Talbots
Filter Archived Reviews (More than two years old)
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Sr. Security Engineer at SugarCRM
Mar 5, 2018
Helps me solve network transaction and security issues
Pros and Cons
- "I can save the traffic and analysis when I want to. Also, it's especially helpful to follow the stream (TCP, UDP, etc.)."
- "Setup is very easy. It's also possible to change source code and compile if you want to change something in the code, because it's free."
- "It needs the ability to follow multiple interfaces for specific traffic from different network zones/virtual networks. It would help to understand how any packet is going through the network."
- "Sometimes I need to use tcpdump when I need to check the packets on CLI."
What other advice do I have?I believe everyone should use this tool if they need to analyze packets.
Feb 28, 2018
It is free to download and install, and it runs on multiple platforms
What is our primary use case?Wireshark can be used to troubleshoot network issues, but also to baseline applications. When you know what an app does when there is no issue at hand, you will be better able to spot the problem when there is an issue. Everything that happens on the network can be analysed with Wireshark. However, the tool is as good as the person using it. You need TCP/IP knowledge to be able to use a tool like this. The more you know about packets on the wire, the better you can use this tool.
Pros and Cons
- "It gives us the ability to pinpoint problems and to communicate network problems with software and hardware vendors."
- "Big trace files (more than 1,000,000 packets) can be slow, but then you can use "TraceWrangler" (also free) to help with slicing and dicing the data."
- "It is not an easy program. You will need to study to use it to its full capabilities (follow a course)."
What other advice do I have?If you profile yourself as a network specialist, and don't use it, I would not trust you on my network. It is even referenced in the book "TCP/IP Illustrated, Vol. 1", the TCP/IP bible!
Find out what your peers are saying about Wireshark, Colasoft, Viavi Solutions and others in Network Troubleshooting. Updated: June 2021.
509,820 professionals have used our research since 2012.
Feb 5, 2018
Drill-down for packet analysis is great, gives insight into what is going on at packet level
Pros and Cons
- "The drill-down available for packet analysis is great. It gives a network security engineer insight into what is going on at the packet level and enables better troubleshooting."
- "The Wireshark search function shows green for a correct search and red for an incorrect search. If there were a way to provide a description about what a search - and the similar ones which are available - can do, while a person is typing it, it would make the product easier to use and simultaneously decrease the learning curve."
Feb 5, 2018
Parses large packet capture files without opening them, returns relevant information
What is our primary use case?It is utilized for forensic work, with full packet capture.
Pros and Cons
- "Packet-capture files can be hard to use due to their size. Wireshark has a tool called tshark that can parse the files with out opening them so that you can take large captures, say 2-10GB, and return only relevant information."
- "The product is great but I wish there were more of an emphasis on the command line tools."
What other advice do I have?Make sure you are comfortable installing the WinPcap driver for packet collection. This tool could be used maliciously to capture data on your network.
Sep 16, 2015
Regardless of network size, it provides intelligence about any type of data packets, especially during a security attack, although buffer size of captured data should be unlimited and archived.
Sep 21, 2014
A good open source & free packet analyzer. Versatile tool that helps enigneers analyze & troubleshooot networks issues.
What is most valuable?The packet details pane.
How has it helped my organization?Use daily for packet analysis.
What needs improvement?Bigger memory footprint.
For how long have I used the solution?7 years.
What was my experience with deployment of the solution?No
What do I think about the stability of the solution?I blame the PC OS.
What do I think about the scalability of the solution?No
How are customer service and technical support?Open source so feedback to forum.
Which solution did I use previously and why did I switch?Nope.
How was the initial setup?Yes.
What's my experience with pricing, setup cost, and…
Systems Engineer at a tech services company with 10,001+ employees
Best general purpose tool for trouble shooting anything on the network.
What other advice do I have?Wireshark continues to be updated and is still an alive application. Continue to explore this product.
My Favorite Wireshark Filters
Wireshark is hands down one of the best analysis tools on the planet. It is intuitive, simple to use, and gives the depth needed to find problems in today's network and application environments. Sometimes it can be tough to remember some of the filtering commands though, so here is a list of some of my favorites: 1. !(ip.addr==10.0.0.1) [displays everything except IP traffic to or from 10.0.0.1] 2. ip.addr==10.0.0.1 && ip.addr==10.0.0.2 [sets a conversation filter between the two defined IP addresses] 3. http or dns [sets a filter to display all http and dns] 4. tcp.port==4000 [sets a filter for any TCP packet with 4000 as a source or dest port] 5. tcp.flags.reset==1 [displays all TCP resets] 6. http.request [displays all HTTP GET requests] 7. tcp contains traffic [displays…
Troubleshooting IIS Connection Issues
I really get excited when I am able to reproduce problems in the lab. With this specific case, the customer was experiencing errors within their web browsers that looked like either a network or server issue. The specific symptom was that certain images would not display. If you waited a while, and ‘refreshed’ the page, more of it loaded or the entire page loaded properly. I’m sure you can imagine the chaos this type of intermittent problem causes. The sequence of events unfolds in the following manner; the client reports the webpage issue to the help desk and the help desk tests the webpage with mixed results. In either event, the problem goes to the server group who tests and finds nothing wrong, and then the problem goes to the network group which, in most cases, does not see the…
Troubleshooting FTP Errors With Wireshark
The most daunting problem to troubleshoot is when the application spits out a generic error that could mean anything. Here’s the analogy; how helpful is the ‘Check Engine’ light on your car dashboard. The worst part is when the customer tries to take the cryptic, generic application error message and tries to make sense of it in an attempt to assist the analyst. Don’t get me wrong, any information is helpful while troubleshooting, but you have to be selective in what you pursue. In this example FTP works one moment and fails the next. Of course the customer immediately called the help desk, who pings the ftp server and comments that is up and no outages have been recorded by the network management system. Then the ticket goes to the server dept who ftp’s without an issue,…
Hunting For Devices With ARP's And Wireshark
It always gives me sense of satisfaction when I have a challenge and can leverage some knowledge to figure out. Today I was in the lab and was powering on two Cisco switches when I noticed that they weren’t labeled with their IP addresses. I’m not sure why I did not label them, but now I have to pay for it. For those of you who have not been in this situation before I will explain. My switches have a DB9 serial connection and of course good luck finding a computer with a serial port. So now I have to rummage through the box of wires to find the serial to USB adapter. I have had to buy a second one in 2 years since my original does not have a Windows 7 driver, but I digress. After I find the cable, I have to find the installation disk because last week I migrated to a new laptop….…
Troubleshooting WiFi Issues with Wireshark
A customer called me and wanted some help troubleshooting some wireless problems. Their users have been reporting intermittent wireless performance issues and getting ‘dropped’. To top it all off, their WLAN controller has also been reporting ‘containment’ error messages that weren’t to descriptive or helpful. I showed up on site and did all the basic RF checks with my AirMagnet Spectrum XT to make sure there wasn’t an RF issue like an interferer or channel planning issues. Like I always say, “Start at Layer 1”. Then I moved up a layer using my Fluke Networks AirCheck and AirMagnet WiFi Analyzer. Everything looked pretty quiet and nothing jumped up at me, so I saved some trace files to review later. Then I thought I would take the trace file and open it with Wireshark since I have…
Excellent packet analyzer tool. Easy to use.
Excellent packet analyzer tool. I have used this a lot and had very good luck with it, it is pretty easy to use and can provide a lot of information and insight when troubleshooting network issues.
VP of Network/Comms/Infra at a consultancy with 10,001+ employees
Mar 7, 2013
When you need to get down into the weeds to solve thorny network issues everyone has access to it.
Valuable Features:It is free, easy to use, getting better with every release.
Room for Improvement:Can be difficult for non "packet heads" to understand
Other Advice:Put in a just a bit of time with Laura Chappell's great resource - Wireshark 101 and one will be well on their way to becoming a packet head geek. The payback for the time spent is many times the cost of the book.
Multitrace Analysis - Start at layer 1 and work yourself up
NAT Packet Analysis Using Wireshark One of the most popular questions I get when people get the hang of protocol analysis is the daunting exercise of multitrace analysis. As with anything else the best advice is to start with the basics before tackling anything complicated. Multitrace analysis is only effective if you truly understand your vendors products, networking and how it relates to the OSI model or packet analysis. I always suggest that you start at layer 1 and work yourself up. The key is to know what fields in the frame or packet changes, or remains the same. Ideally when you figure this out you can use a better capture or display filter A multitrace capture of a hub, switched, or bridged network is most straight forward since a hub or switch is transparent at layer 1 or…
Multitrace analysis: rewarding and frustrating
Multitrace analysis can be the most interesting, rewarding and unfortunately, most frustrating exercise an analyst will face. Before we get to the packet analysis, setting up your tools for simultaneous capturing can be a feat in itself. The time issue is the most critical when using 2 devices since the time is used to calculate the delay, jitter or latency. Some people are fine with syncing both devices to a common ntp server. Then there’s the “how the #!!$!@#!!” do I physically capture . This is where you have to be familiar with the problem, the network you are working on and what equipment is available to you. If you are lucky enough to be able to change the speed and duplex to 100 half duplex a good old hub fits the bill. Other than the mirror/span command, a tap is also very…
Using protocol analysis to document a problem
Documenting a Problem With Wireshark I remember talking to a group about the ‘superman syndrome’ where the analyst wants to swoop in and save the day. I explained that like most forensic tasks, protocol analysis can be tedius, confusing and downright boring at times. Alright who wants to capture some packets now!? If you can’t see it, you can’t fix it. That is why I like to use protocol analysis to minimally document the problem that I’m experiencing. Even if the packets don’t show any anomalies, that worth knowing as well, isn’t it? If you do see an anomaly, you might not have the solution but at least you know what it looks like when its broken. Ideally protocol analysis is most helpful when you have two traces to compare; the good and bad trace. In most realistic scenarios,…
Finding the Rogue DHCP server With Wireshark
I am surprised that this exercise we do in class still proves to be helpful as well as quite popular. There are many utilities out there to help find rogue servers, but why bother when you already have Wireshark installed. When you get comfortable with this exercise you can save some steps by creating a capture filter for just DHCP packets, or better yet, just DHCP server packets. As always with protocol analysis, there are many ways to do this exercise and this is just my preference since it forces me and the attendees to review the DHCP process as they go through the packets. Rogue DHCP servers are becoming more common these days since a DHCP server can simply be a part of an application loaded on your computer. The introduction of tablets and smart phones that can provide…
Using Wireshark To See The Impact of Applets and Extensions On Your Network
While troubleshooting a Wifi performance issue on a large BYOD network, I was explaining to the customer a lot of people on a wireless network sending a lot of small packets can cause a performance issue by robbing precious time from other Wifi clients. They didn’t quite understand how this could happen since many users’ computers and phones are idle and just simply connected to the WiFi network. I illustrated the impact of having common applications installed on a smartphone/tablet as well as browser extensions or add-ons would have on a network by using Wireshark. The trickiest part of this exercise is actually capturing the Wireless packets. You can use Riverbed’s Airpcap adapter, or any other vendors WiFi packet capturing product. Just keep in mind that in many cases where you…
Network Engineer at a tech consulting company with 1,001-5,000 employees
Dec 6, 2012
The must-have network analyzer.
What other advice do I have?Somewhere out there, product managers are cursing Wireshark for providing such a great tool for free, when tools like this used to cost tens-of-thousands of dollars.
Developer at a computer software company with 1,001-5,000 employees
Jul 17, 2012
Best open source network packet analyzer in the market
What other advice do I have?Having used Wireshark for more than 3 years, I'm glad to find this useful application. The GUI is very good and helps you decipher the packet header, packet content, etc. very easily. Although, adding packet filters requires a basic knowledge of network concepts. Supports exporting captured packets to a text file for offline viewing.
Network Manager at a healthcare company with 51-200 employees
Jul 16, 2012
Wireshark is an outstanding tool that resolves network, security, and performance issues
What other advice do I have?Wireshark is incredibly powerful, user-friendly, and a free tool, which is capable of live capture and offline analysis of traffic on any size network.
Infrastructure Expert at a government with 501-1,000 employees
Jul 14, 2012
Great Packet Sniffer
What other advice do I have?Wireshark is a complete protocol base network monitoring tool. It’s a real-time debugging protocol over your network. It also has import and export facilities to debug the traffic of your network.
Network Engineer at a retailer with 51-200 employees
Jul 13, 2012
"Best Packet Analyzer, report generator, and troubleshooter."
What other advice do I have?Wireshark is a dynamic software that has developed and adapted to the latest technology advancements and network challenges. It helps network administrators in conducting their packet analysis on a regular basis. Because of its detailed reports, Wireshark enables users to identify and troubleshoot network issues at a glance.
Jul 11, 2012
Best Packet Sniffing Tool out there
What other advice do I have?I've been using Wireshark for a long time, since back in the days when it was still called Ethereal. Since then, there has been no alternative for me for Packet Sniffing. Wireshark does exactly what I want and leaves me with no need to look elsewhere.
Senior Manager of Data Center at a integrator with 51-200 employees
Jul 2, 2012
Wireshark is the most reputed network protocol analyzer globally
What other advice do I have?Wireshark is the world's most powerful network protocol analyzer tool. It can be used for various purposes such as, analysis of protocols like TCP, HTTP, UDP, and complete analysis of networks and troubleshooting. It has the option to use the wireless adapter directly in promiscuous mode for interception of wireless packets. It is much more effective than other tools such as tcpdump and dumpcap with a good user interface and hex detection.
Product CategoriesNetwork Troubleshooting
Download our free Network Troubleshooting Report and find out what your peers are saying about Wireshark, Colasoft, Viavi Solutions, and more!