Wireshark-dev: Re: [Wireshark-dev] Preliminary Interest Gauging: Usability Review of Wireshark
From: "John McDermott" <[email protected]>
Date: Thu, 06 Jul 2006 08:29:50 -0600
On Thu, 06 Jul 2006 06:00:27 -0600, Johnathan Nightingale wrote:

I've seen several articles in the past little while talking about
"getting started with wireshark" or "ethereal basics" and, while every
decent product out there gets a couple of those, I think part of the
message I'm left with is that newbies find it hard to get up and running
with wireshark.
I teach classes that use Ethereal/Wireshark. Some classes use it as a  
major part of the course and some use it just a little. I would love some  
human factors comments on wireshark/ethereal. I have personally found 3  
major issues with usability:
- Most course participants don't know what the tool is doing. That is,  
they do not understand protocols or the basic concept of a protocol  
analyzer. As a consequence they do not grok the available tools.
- Selecting the network interface under Win32 is a bit wierd as the  
default is often the wrong one (the NDIS driver, not the card itself).
- There are lots of options available and some screens (e.g. start capture  
options can be overwhelming).
The first item is, as Johnathan noted, a fact of life. Item two could be  
changed a bit in code (or maybe the latest release has been fixed, to be  
honest the client systems we use are a few months old).
The third item made me think about the possibilities of "novice" and  
"expert" modes. In a few cases menus could be simlified for just "capture  
and look" sessions. One option is to put baaic items in the default window  
and implement a [More>>] button to get the rest of the options. The actual  
changes would require a lot of thought and human factors-oriented design,  
but might be useful for novices, occasional users and those just starting  
to learn.
It would also be cool if someone could develop a camtasia-style movie,  
maybe as a flash or AVI, to help newbies get up and running quickly.  
Nothing fancy at first. Then others might make movies on how to follow a  
tcp stream, make a filter, and so forth.  Some users are visual learners  
so no matter how great the written docs are, visual tools are better for  

