Understanding The Value Of The Wireshark Certification

About two and a half years ago, I set out to obtain a new certification. This certification wasn’t only new to me, it was new to everyone.  The name of the certification was the WCNA, or Wireshark Certified Network Analyst. I had a handful of people ask me why I would pursue such a certification. My consistent response was that I wanted to be a better engineer. In my opinion, understanding actual protocol behavior from the perspective of the wire was, and still is, the best way to gain a holistic understanding of today’s modern networks.

The certification focuses on Wireshark, the default tool engineers use to look at raw network traffic. That’s not to say that there aren’t other great tools that compete with Wireshark, but its free and open nature has led to widespread use and adoption. The certification also focuses on protocol analysis and protocol characteristics. Knowing that I was going to be tested on that type of material, I poured through every chapter of Laura Chappell’s unbelievably well written book. After passing the exam, I wrote an article that outlined my opinion on the Certification Process as well as the value of the certification. At that point in time, the certification was new and not even that well known.

Over the couple of years following my Certification, I’ve had a few inquiries as to what I felt the value of it. Many question it would ever be a certification that is important to employers. There are actually a couple of ways that this could be answered. Before I get into the position of a typical employer, let me state that I did use the certification as a way to demonstrate some knowledge of protocol analysis in a job interview. I ultimately accepted another position before this job materialized, but the interview went well. I didn’t really use the WCNA as a crutch or a prop, but mentioned it alongside my experiences doing protocol analysis. I’m certain that part of the interview went well because the employer later told me they’d struggled to find someone with protocol analysis experience like I had.

On a more typical note, many job seekers would look at the value of a certification by how regularly it turns up as a job requirement. If this is used as the criteria to gauge the value of the WCNA program, I’d have to state the value is quite low. I cannot recall ever seeing a job posting that stated Wireshark Certification was “required” or “highly desired”. Sometimes you will happen upon a listing that is seeking a “working knowledge” of Wireshark. In comparison to well-known industry certifications, searching for postings that contain Wireshark Certification (and derivative acronyms) requirements still returns very few results.

The fact that employers aren’t actively seeking WCNA’s doesn’t make it a bad certification. It also doesn’t mean it doesn’t offer value to the candidate. The value is in the knowledge, and the application of the knowledge, that is received through the certification process. At best, the certification process would have introduced the candidate to new ways to understand their networks and troubleshoot real-world problems. Even an experienced protocol analyst would likely learn new tips and tricks about the Wireshark interface while studying for the exam. Unlike other certifications, there are no vendor requirements or partner levels that require WCNA certified employees. Therefore, employment listings don’t typically list this certification as a requirement.

In conclusion, I think the Wireshark program is valuable. However, the value seems to be in the knowledge and how the knowledge is applied. The certification itself isn’t typical requirement. I’m sure some readers would say they would just study and not spend the money on the exam. I believe this would be a logical approach, especially for those on a tight budget. With that being said, I tend to study more judiciously if I use an exam as accountability.

Do you possess the Wireshark Certification? If so, post comment your view below on the value of the certification to your career.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Career. Bookmark the permalink.

9 Responses to Understanding The Value Of The Wireshark Certification

  1. Pico says:


    Thanks for this post. I looked into this certification years ago and it appeared to me that its focus is to expect you how to learn to use wireshark. That is to say as learning how to change views, generate graphs, and other items like that. That was my general understanding.

    My problem with that is that it does not help someone trying to be a network analysis expert. If you are not already a true master of TCP, UDP, etc, then this cert may not be what people (like me) are expecting.

    A wireshark expert (in my opinion) is someone who knows (TCP, UDP, SIP, TLS, SSL, FCOE, ETH, yadda yadda, yadda, etc) to the RFC. A true wireshark expert (not myself by any means) can take a capture and analyze the data, provide meaningful input to the issue at hand, and bring the problem to closure simply through a view of the capture. If you do not know how MTU is affected by encryption, how window size may affect transfer times, how acks increment and how to match a data stream, the fact that wireshark blogs say you can decrypt ssl but you really cant no matter how hard you try :), how to read a SIP flow, how to view ARP or ND packets and determine what they mean, and thousands of other items, then you are not a wireshark expert. You are not going to be able to help anyone.

    I’m waiting for a wireshark training session to help me learn higher level TCP (3ACK ???), SIP, TLS, etc.

  2. Hi Paul,

    I think the real problem is that people look at certifications as a means to further their career and not a means to further their knowledge and abilities. There are plenty of folks including myself that don’t hold a great many certifications, however, we understand the technology better than many ‘certified’ people. It doesn’t help that someone without any experience can go to a 1-2 week boot camp and come out ‘certified’. I’ve met too many of those folks and while some have definitely taken the opportunity to learn and grow, too many are just looking for the easy track to a higher paying job without actually being qualified.


    You’re ability to read and understand the protocol really doesn’t relate to WireShark so much as the industry or field you work in. Since I work with IP telephony I’m very handy and reading UNIStim and SIP traces, and can show you all sorts of tricks with the RSTP re-assembly. I haven’t a clue about FCoE because I don’t have anything but a basic understanding of the protocol and have never had the need.


    • Paul Stewart says:

      I think these are all great points. I felt like the Wireshark Certification was partially about Wireshark and partially an intfoduction to basic protocol analysis. As you mention, you will quickly become most familiar with what you regularly work with. Being an expert on anything is about understanding the fundamentals, familiarity with the tools and the ability to bring it all together. The Wireshark certification is only a starting point for the protocol analysis aspect of it. Obviously, I think candidates will go much deeper into the features of the product and the level of understanding as it relates to the protocols they regularly troubleshoot.

  3. Mike says:

    Hello Paul, nice article. I would like to ask if you see any advantage of wireshark certification as a part of preparation for CCIE cert? For me it looks interesting but I would like to focus on CCIE, and I am wondering if it is good to spend time on wireshark before CCIE. thanks

    • I would say that the Wireshark certification and its process is not that valuable to the CCIE Study process. Knowing the applicable [for your track] protocols is very important for the CCIE Lab. For example, understanding ISAKMP, OSPF or BGP might be very important. However, the Wireshark certification doesn’t go that deep into the protocols that you’d be interested in from a CCIE perspective. The knowledge of the Wireshark UI and the confidence to troubleshoot from the wire is valuable to your career. However, the best place to spend your time for the CCIE lab is solidifying and practicing the items on the blueprint. Hope that helps.

  4. Carl says:

    Good evening all,
    I too recently began to use Laura’s tips and can’t wait to get the book. As far as the cert, well I’m not sure. Remember Network General? I passed their exam one upon a time, and I have to agree that the knowledge has stood the test of time and tooling.
    Study, apply, grow…

  5. S.E. Foulk says:

    Hi Paul,
    Last October 2015, I got my Wireshark Certification, on the heels of the Network+ and Security+ (in that order). If I may say, I simply loved the tool! Once upon a time I wrote embedded systems software to do packet analysis, using Assembly language and C. I enjoyed my work, and even got to write a whole PPPoE implementation. I have always enjoyed the low level stuff, because to me it is the truth of what is going on. Network packets, like Assembly language, is the low level of what happens on the network. It takes certain types, and thus is why so few people test and get their certification. It’s like taking the Assembly language class in college. Everyone pisses and moans. Except for me and one other guy in the course. Truthfully, I’d love if Laura Chappell and Gerald Combs added a few more classes and specialty certs that go deeper into the protocols, like security (SSL/TLS), VoIP, WiFi, etc. I’d certainly go for the book(s) and the test(s).

    My job does not require Wireshark, but knowing it for me makes all the difference, just as you have described. I have noticed that everyone who has responded to you so far has NOT gotten the certification, for various reasons. It is work for sure, quite a bit, but what a great tool; and one thing they will notice if they take it is that this tool does MOST of the analysis work for you in many instances.

    Anyway, good article. I’m a little late chiming in, but hope you are well.

Comments are closed.