writer, geek, science fiction junkie, computer tech, die-hard Cal Golden Bears fan -- just this girl, y'know?
3 stories
·
2 followers

Intro to Wireshark – Sharkweek Teaser! (by Chris Greer)

2 Comments

Does opening a packet trace stress you out?

If so, you aren’t alone. Packet analysis is tedious, detailed, and can be very time consuming. Usually captures are taken to troubleshoot issues when the stakes are high and failure to find the problem is not an option. You may even have your boss breathing down your neck, expecting you to miraculously see the smoking gun in a matter of minutes, leaving you to wonder if your job is on the line.

Hey, we’ve all been there.

Packet analysis with Wireshark is an art form that can take a long time to develop. Gaining comfort with trace files starts with some basic steps that can go a long way in helping you find the culprit of your performance or security problem. Here, we will take a look at a couple quick hints that all new Wireshark users should know – but we will definitely leave some for the Intro to Wireshark session at Viavi Sharkweek starting on Monday, November 6th. Register here! https://observer.viavisolutions.com/wireshark-week/

Step 1.

Know the packet path and capture well.

The worst thing you can do is install a copy of Wireshark on a laptop, plug into a regular switch port, hit capture, and pray. First, it is important to know a bit about the problem you are troubleshooting. Get clear answers to these questions before hitting the blue fin:

  • Is the problem intermittent or ongoing?
  • Is it reproducible?
  • Does it impact all applications or just one?
  • What users are impacted?
  • What time of day does it happen?
  • What path do packets take on their way ot the application?

Getting clear answers to these questions will save you a ton of head (and heart) ache when analysis time comes.

Step 2.

Setup your analyzer.

On Wireshark, it is important to create a profile for the application or protocol that you are troubleshooting. This works like a container to hold all your useful columns, timers, colors, and buttons for resolving the issue. Also – make sure to create a Delta Time Displayed column!

Step 3.

Make sure no capture filters are set. (At least initially)

If you make assumptions, you can get in trouble. For example, since Jim is complaining of a problem, it is tempting to set a capture filter for his IP address. That would make sense – but – there are a bunch of other things that could be the root cause that would be filtered out. ARP Traffic, ICMP messages, unusual broadcast activity and a bunch more would be lost to the wire. So be careful to not make assumptions out of the gate.

Step 4.

Learn and get comfortable with common display filters.

Set filters for IP addresses, conversations, port numbers, and response codes. These are the common ones you will need in order to hone in on the problem.

Step 5.

Relax and take your time.

Many times, we can miss a simple issue just because we were in a hurry.

At the Introduction to Wireshark session next week at the Viavi Sharkweek, we will be showing these steps and more, helping you get the comfort you need to move to the next level with Wireshark.

Come join us! 

Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Chris Greer Packet Pioneer Logo

Read the whole story
katster
982 days ago
reply
Something helpful
Sactown, CA
Share this story
Delete
1 public comment
JayM
982 days ago
reply
Heh... Stress me out? Opposite... Nothing but protocols (and payload) in there... Well defined with everyone in agreement on how they work... I know when I open it, I will often leave with the evidence of who is doing something wrong.

My day job in organizational leadership... Ha! Zero chance everyone believes the same things or sees any given situation the same way... Everyone has their own idea... Including me! Hearding cats, as they say.

That said, when one wants a challenge they find something new to do. Why do I like challenges again?!?! Give me hexadecimal. :)
Atlanta, GA

Are you your body? And which half of your brain is you?

1 Comment and 2 Shares

Kurzgesagt and CGPGrey collaborated on a pair of videos about the self. The first video considers the human being as a collection of cells. How many of those cells can you take away before you stop being you? And does that question even make sense? The second video notes that if you sever the connection between the two halves of the human brain, they will each seemingly continue to operate as separate entities. But which of those entities is you? Are there two yous?

Tags: humans   science   video
Read the whole story
katster
1503 days ago
reply
Huh. Fascinating.
Sactown, CA
Share this story
Delete

Heartbleed Explanation

27 Comments and 115 Shares
Are you still there, server? It's me, Margaret.
Read the whole story
katster
2284 days ago
reply
Simple is good.
Sactown, CA
popular
2280 days ago
reply
Share this story
Delete
26 public comments
Jerom
2276 days ago
reply
Я больше шар не видел. Супер пост.
Moscow, Russia
tomazed
2279 days ago
reply
crystal clear
josephwebster
2281 days ago
reply
This is actually a very good explanation.
Denver, CO, USA
Tobiah
2282 days ago
reply
XKCD explains heartbleed
San Jose, California
Lacrymosa
2282 days ago
reply
good simple explanation of heartbleed
Boston, MA
jchristopherslice
2283 days ago
reply
Computer Science 101
Clemson, SC
expatpaul
2283 days ago
reply
The best explanation of Heartbleed I've seen.
Belgium
chrisminett
2283 days ago
reply
xkcd does it again!
Milton Keynes, UK
mitthrawnuruodo
2284 days ago
reply
Best explanation, yet.
Wherever
mrnevets
2284 days ago
reply
Heartbleed: a simple explanation. It affected a huge number of websites. Be safe and change your passwords!
macjustice
2284 days ago
reply
Best explanation yet.
Seattle
jkevmoses
2284 days ago
reply
Great explanation of Heartbleed that is causing internet security issues all over the place.
McKinney, Texas
srsly
2284 days ago
reply
You know I'm only sharing this because I've never seen a story this shared before. 56 people! 57 now.

I should get back to work.
Atlanta, Georgia
grammargirl
2284 days ago
reply
Clearest explanation I've seen by FAR.
Brooklyn, NY
smadin
2284 days ago
yeah, I think this does a very good job of making clear JUST HOW BAD this is.
glindsey1979
2284 days ago
reply
If you aren't a techie, this will explain the Heartbleed bug to you super-simply.
Aurora, IL
chrispt
2284 days ago
reply
Perfect explanation of how Heartbleed works.
37.259417,-79.935122
aaronwe
2285 days ago
reply
Perfect.
Denver
sfringer
2285 days ago
reply
In a nutshell!
North Carolina USA
JayM
2285 days ago
reply
.
Atlanta, GA
adamgurri
2285 days ago
reply
nice
New York, NY
bgschaid
2285 days ago
reply
You can’t explain it simpler and more to the point
bogorad
2285 days ago
reply
Умеет!
Barcelona, Catalonia, Spain
Covarr
2285 days ago
reply
Ah, now I understand.
Moses Lake, WA
rohitt
2283 days ago
Yes. Clear as a day
revme
2285 days ago
reply
This actually makes it really clear.
Seattle, WA
teh_g
2285 days ago
reply
Alt text: Are you still there, server? It's me Margaret.
Roseville, CA