Networking

Review: Wireshark network analyzer

Wireshark is an open source network monitoring and analysis tool that can also read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor.

Your network is your lifeline to your clients, your work, and (often) your bottom line. Why would you not want to keep constant tabs on this lifeline to ensure its health and security? The problem is there are so many tools out there for the job. Some of these tools are quite costly so they are pushed aside for more important spending. Budget, however, does not need to be a factor when looking for a network protocol analyzer. Wireshark is an open source network monitoring and analysis tool that can also read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor.

Supported operating systems

Who's it for?

Wireshark is a tool designed for anyone needing to monitor their network for security or performance issues. Wireshark will meet the needs of the single-home user all the way up to the enterprise-level user. And because Wireshark can read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor, it can also serve as an additional tool for network analysis.

What problem does it solve?

Wireshark solves the problem of being able to analyze network traffic on any size network. Wireshark does this with the power often found in more costly tools, but for free. So any IT department in need of a powerful network analyzer, but without the budget to purchase such power, can turn to Wireshark and miss nary a feature.

Standout features

  • Expert Info logs problematic network behavior.
  • Data can be viewed live or from previously captured files.
  • Live data can be captured from numerous network interfaces and types.
  • Powerful filtering system is available.
  • Powerful macro system is included.
  • End point, protocol hierarchy, conversion, and more statistics are viewable.
  • VoIP Analysis can be performed.
  • Read/Write in numerous capture formats.
  • Decryption is supported.
  • Coloring rules are supported.
  • Exporting reports to XML, PostScript, CSV, or plain text is included.

What's wrong?

Finding fault with Wireshark is tough, but for the enterprise user the glaring issue is the lack of formal documentation and support. Yes, Wireshark has one of the most active development communities in the open source world, and yes, you can find plenty of support in the form of forums, how-tos, and mailing lists, but when the enterprise level IT pro needs a 1-800 number to call for immediate help, Wireshark can't comply.

Competitive Products:

Bottom Line for Business

Wireshark is the defacto standard for open source network analysis. If you (or your IT staff) do not depend upon standard, phone-based, support you will do well to deploy Wireshark. It is a very user-friendly, incredibly powerful tool that will keep you completely aware of what is going through your network.

User rating

Have you used Wireshark? If so, what do you think? Rate it and compare the results to what other TechRepublic members think. Give your own personal review of Wireshark or let us know if you think we left anything out in our review above.

Read our field-tested reviews of hardware and software in TechRepublic's Product Spotlight newsletter, delivered each Thursday. We explain who would use the product and describe what problem the product is designed to solve. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

Editor's Picks