What you can and can’t do with Wireshark

Generally speaking, when it comes to packet capture tools, many people think of “Wireshark” first.

And to be honest it is a very useful tool with great filtering and analytic capabilities.

So why do you need paid tools?

Two features of Wireshark

Wireshark has two major functions: packet capture capability and display and analysis (protocol analyzer) function.

Wireshark’s capture function captures via drivers called Npcap (for Windows) and Libpcap (for Linux).
Before Ver.2.x, Winpcap was used for Windows, but since we can’t expect future maintenance of Winpcap, Npcap has been changed in Ver.3.x.
The driver is essential to import the frame confirmed by the NIC into Wireshark.
By changing from Winpcap to Npcap, it is now possible to capture Localhost communication on Windows. ( It has been possible on Linux for a long time.) This function is convenient for server verification, etc.

The other is the function of display and analysis. It is a function to analyze information from various angles of acquired packets.
There are many useful functions such as translation at each layer, statistical information, graph display, etc.
As most networking professionals would agree, it’s fantastic that we can use such a fulfilling application provided for free.

This is why we need paid tools?

I hear a lot of times ‘So why do I need to buy a paid tool when I can do everything I need with Wireshark?
There are three main reasons for this.

  • Guarantee of performance
  • Unique data analysis
  • Extensive support system

This is an important point of view when comparing open source software and paid products.

  1. Guarantee of performance

Wireshark certainly has a capture function, but it is difficult to capture high-load traffic continuously. If it is up to 1 Gbps, there is a possibility that it can be done with a combination of general-purpose hardware, but if it is around 10 Gbps, it is difficult to continuously capturing without loss unless you use dedicated hardware and architecture.

In the case of Wireshark capture, it is often difficult to determine from the capture data whether the packet did not exist in the first place or whether the packet was lost with the general purpose device.

In that regard, paid tools guarantee performance from the beginning. Therefore, it is possible to select the product that suits the purpose from the beginning.

This is where the product solution called SYNESIS from Toyo comes into play. Toyo have a deep history with these products originally bringing us ClearSight (before being acquired by Fluke Networks and then NETSCOUT).

SYNESIS is a powerful tool used by network engineers who need to capture line-rate traffic without any packet loss.

  1. Unique data analysis

Wireshark’s packet analysis function is very flexible, but difficult to use when grasping at a caputre that includes a large number of packets. Continuous analysis of the data contained in packets may be possible by combining it with existing OSS or making your own software, but in the end it costs money, and generally these tools are not cohesive costing additional money in analysis time.

Paid tools have functions such as statistical information and graph display on the premise of acquiring a large amount of data from the beginning. And it is designed so that you can take out only the necessary data from there and analyse it with Wireshark or other 3rd party analytic tools.

  1. Support system

If it is a product that will be used for many years, support is important. Serious vulnerabilities may be discovered while operating. OS and third-party packages will also be upgraded. In the case of paid tools, the support policy is clearly determined, and there is always a clearly defined roadmap of features and new capabilities.

In addition, if you want user-specific product training, a full manual, and quick support in case of trouble, in general, paid tools are still more substantial.

About the packet capture product SYNESIS

PlexNet has been involved with packet capture product SYNESIS for many years.

SYNESIS is sold not only in Australia but also in 17 countries and regions around the world.

SYNESIS is a product that can capture large capacity without packet loss on a high-speed line up to 200G.

There are analysis functions that assume continuous capture for a long period of time, such as graphs and statistical report creation that can visualise what kind of traffic was included in captured packets.

In addition, Wireshark is installed at the factory, so you can also use Wireshark’s excellent analysis features on SYNESIS.

The maintenance support is generally business hours, however, it is also possible to respond to menus according to requests such as 24/365 days maintenance and long-term maintenance.

During the maintenance contract, we will support not only product failure countermeasures, but also vulnerability countermeasures, provision of version upgrade software, response to inquiries, etc. at once, so you can use it with confidence.

Comments are closed.