Wireshark-dev: Re: [Wireshark-dev] Preliminary Interest Gauging: Usability Review of Wireshark
From: "John McDermott" <[email protected]>
Date: Thu, 06 Jul 2006 08:29:50 -0600
On Thu, 06 Jul 2006 06:00:27 -0600, Johnathan Nightingale wrote:

I've seen several articles in the past little while talking about
"getting started with wireshark" or "ethereal basics" and, while every
decent product out there gets a couple of those, I think part of the
message I'm left with is that newbies find it hard to get up and running
with wireshark.
I teach classes that use Ethereal/Wireshark. Some classes use it as a  
major part of the course and some use it just a little. I would love some  
human factors comments on wireshark/ethereal. I have personally found 3  
major issues with usability:
- Most course participants don't know what the tool is doing. That is,  
they do not understand protocols or the basic concept of a protocol  
analyzer. As a consequence they do not grok the available tools.
- Selecting the network interface under Win32 is a bit wierd as the  
default is often the wrong one (the NDIS driver, not the card itself).
- There are lots of options available and some screens (e.g. start capture  
options can be overwhelming).
The first item is, as Johnathan noted, a fact of life. Item two could be  
changed a bit in code (or maybe the latest release has been fixed, to be  
honest the client systems we use are a few months old).
The third item made me think about the possibilities of "novice" and  
"expert" modes. In a few cases menus could be simlified for just "capture  
and look" sessions. One option is to put baaic items in the default window  
and implement a [More>>] button to get the rest of the options. The actual  
changes would require a lot of thought and human factors-oriented design,  
but might be useful for novices, occasional users and those just starting  
to learn.
It would also be cool if someone could develop a camtasia-style movie,  
maybe as a flash or AVI, to help newbies get up and running quickly.  
Nothing fancy at first. Then others might make movies on how to follow a  
tcp stream, make a filter, and so forth.  Some users are visual learners  
so no matter how great the written docs are, visual tools are better for  

John McDermott, CPLP, CCP
Writer, Educator, Consultant
jjm at jkintl.com        www.jkintl.com
V: +1 505/377-6293  F: +1 505/377-6313