What do you like most about Wireshark?
Thanks for sharing your thoughts with the community!
Being able to dissect email data and figure out what is inside email messages was the most valuable feature. Such a feature is pretty helpful for an ongoing forensic investigation or when there is a potential insider threat that you are trying to investigate. It allows you to see the network activity of the users you are investigating. It also gives you more visibility into your network.
It was very easy to set up. There is a lot of information out there on Google and YouTube about how to use it. There is also community support. If you have any trouble, it is pretty easy to find an answer online. You will have to do some digging only if you have a very specific use case.
It has a good syntax to put the commands in and get information out of.
I use the filters very often, to determine what type of traffic I am looking for. The use of filter allows traffic to be segmented so that a value can be looked at individually apart from the other traffic.
If you were talking to someone whose organization is considering Wireshark, what would you say?
How would you rate it and why? Any other tips or advice?