Networking

Review: Wireshark network analyzer

Wireshark is an open source network monitoring and analysis tool that can also read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor.

Your network is your lifeline to your clients, your work, and (often) your bottom line. Why would you not want to keep constant tabs on this lifeline to ensure its health and security? The problem is there are so many tools out there for the job. Some of these tools are quite costly so they are pushed aside for more important spending. Budget, however, does not need to be a factor when looking for a network protocol analyzer. Wireshark is an open source network monitoring and analysis tool that can also read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor.

Supported operating systems

Who's it for?

Wireshark is a tool designed for anyone needing to monitor their network for security or performance issues. Wireshark will meet the needs of the single-home user all the way up to the enterprise-level user. And because Wireshark can read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor, it can also serve as an additional tool for network analysis.

What problem does it solve?

Wireshark solves the problem of being able to analyze network traffic on any size network. Wireshark does this with the power often found in more costly tools, but for free. So any IT department in need of a powerful network analyzer, but without the budget to purchase such power, can turn to Wireshark and miss nary a feature.

Standout features

  • Expert Info logs problematic network behavior.
  • Data can be viewed live or from previously captured files.
  • Live data can be captured from numerous network interfaces and types.
  • Powerful filtering system is available.
  • Powerful macro system is included.
  • End point, protocol hierarchy, conversion, and more statistics are viewable.
  • VoIP Analysis can be performed.
  • Read/Write in numerous capture formats.
  • Decryption is supported.
  • Coloring rules are supported.
  • Exporting reports to XML, PostScript, CSV, or plain text is included.

What's wrong?

Finding fault with Wireshark is tough, but for the enterprise user the glaring issue is the lack of formal documentation and support. Yes, Wireshark has one of the most active development communities in the open source world, and yes, you can find plenty of support in the form of forums, how-tos, and mailing lists, but when the enterprise level IT pro needs a 1-800 number to call for immediate help, Wireshark can't comply.

Competitive Products:

Bottom Line for Business

Wireshark is the defacto standard for open source network analysis. If you (or your IT staff) do not depend upon standard, phone-based, support you will do well to deploy Wireshark. It is a very user-friendly, incredibly powerful tool that will keep you completely aware of what is going through your network.

User rating

Have you used Wireshark? If so, what do you think? Rate it and compare the results to what other TechRepublic members think. Give your own personal review of Wireshark or let us know if you think we left anything out in our review above.

Read our field-tested reviews of hardware and software in TechRepublic's Product Spotlight newsletter, delivered each Thursday. We explain who would use the product and describe what problem the product is designed to solve. Automatically sign up today!

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

17 comments
Jene11
Jene11

You can try the program Advanced IP Scanner 2.3 quick and convenient free network scanner IP addresses for Windows.www.advancedipscanner.com 

samson125
samson125

I find Capsa has a free edition.

laura
laura

Jack... correction here - Wireshark DOES have support (via CACE Technologies - which houses the Wireshark developer code) and a full training curriculum via Wireshark University. The sites are www.cacetech.com and www.wiresharkU.com. In addition, we run a monthly free "Wireshark Jumpstart" over at chappellseminars.com.

oldbaritone
oldbaritone

I had a TON of activity on my cable modem, and wondered if someone had hacked through my firewall. One day with Wireshark monitoring, and I found that the traffic I'm seeing is hub traffic addressed to other IP's. Cheap two-bit system using hubs instead of switches, but that's on the WAN side. Wireshark told me what I needed to know, fast-and-free

Mark W. Kaelin
Mark W. Kaelin

As I asked about Microsoft Network Monitor, what application do you use for network monitoring? Do you have a single application or a suite of tools?

wfriddle
wfriddle

I have signed up for the Jumpstart and will update this blog after I take it. Thank you for the info on it! Cheers...

wfriddle
wfriddle

Does anyone know or recommend any courseware or online classes for Wireshark? Thanks, W

reggaethecat
reggaethecat

This batters everything else I have used for packet analysis. Not only is it an easy to use packet analyser, it also creates real-time and historical graphs and reports on things like 'Top Talkers' and protocol distribution. It costs money, but not a great deal considering the power it has.

klh456
klh456

We use ORION from Solarwinds for monitoring the network overall, but I use Wireshark extensively to solve or even just to spot problems before they become a problem. Wireshark is hard to beat.

pgit
pgit

...depending for instance on whether it's routine monitoring or troubleshooting. For the later I find iperf very helpful, it's a client-server tool for measuring packet round trip time and reliability. (latency and collisions/lost packets) But just about anywhere I go with my trusty Linux laptop I'll fire up wireshark and/or etherape and see how well things are going. The shark has helped me speed things up by identifying unneeded network traffic and shutting it down. The amount of traffic a default Vista deployment pumps out is annoying. Well over 50% is useless for the standard office deploy.

CEdwards478
CEdwards478

I haven't taken any of their classes, but I would assume Wireshark University is the best place for training (http://www.wiresharktraining.com/) The classes were created by Gerald Combs and Laura Chappell.

Forum Surfer
Forum Surfer

I also have several plug in modules. Expensive, yet invaluable tools. Far and away more user friendly than cisco works for many tasks. It has saved me troubleshooting time many times, from just a quick glance. I still keep wireshark handy. Recently used it to prove to a client that his wireless could easily be hacked despite the use of zone-cd at his shop as a "secure" management method.

Neon Samurai
Neon Samurai

That's the latest on my die-die-die list. There is no reason for the service to be running let alone creating network noise in a business environment. I'm collecting a rather nice .cmd script to kill off crap services in one single go.

klh456
klh456

I am in the process of working through the 2nd of the 4 WireShark U courses and they are excellent (and won't break the bank, plus no travel expense). Another resource I am working through is the book Practical Packet Analysis by Chris Sanders. It is a well written, easily understood guide to packet analysis.

pgit
pgit

Media player network "discovery" multicast. I saw it producing like 50-60% of the total traffic on a LAN with the introduction of a single Vista machine.

Editor's Picks