Become a Wireshark Guru10 Hot Skills for Faster Troubleshooting
Laura ChappellFounder, Wireshark UniversityFounder, Chappell University
WCL201
It’s Baaaaack!Laura’s Lab Kit v10
Tenth Anniversary EditionAvailable for free at the Global Knowledge booth (#1803)Trace files and training for network forensics and troubleshooting
Announcing
“Top 10” Problems
Packet lossClient, server and wire latency Window scaling issues (RFC 1323)Service response issues and application behavior Network design issuesPath issues (QoS/DSCP)Itty bitty stinking packets (Low MTU/MSS Value)FragmentationTiming problems (think lousy VoIP calls)Infrastructure devices
Skill #1: Add Columns QuicklyReduce packet perusing
Window Size Field (TCP)Sequence Number (TCP)Acknowledgment Number (TCP)Distributed Services Code Point (IP)SSI Signal (WLAN Radiotap/PPI)Channel/Frequency (WLAN Radiotap/PPI)
Skill #2: Examine the IO Graph First
Click on high points and low points while watching Wireshark’s coloring in the background
Skill #2: Examine the IO Graph First
Compare Graphs
See Y axis
Skill #3: Watch Checksum Error Issue
NIC
IPv4/IPv6Netgroup Packet Filter (NPF)used by WinPcap
NIC Driver
TCP/UDP
Application
Skill #4: Create Custom Profiles
ColumnsFiltersColorsPreferences
See Create a Troubleshooting Profile - Import a Profile – LLK10 Profile
Skill #5: Set the Time Column Properly
Seconds Since Previous Displayed Packet enables you to spot delays between packets
Skill #6: Use a hosts File
Do not use Network Name Resolution unless you are looking at only a few IP addresses in the trace file Unknown IP addresses will start the name resolution process
Wireshark hosts file firstDNS server PTR query next
Manual resolution demo
(cached names)
Skill #7: Examine the Expert Info
Learn what each Expert item means
Limited quantities at the show bookstore
Skill #8: Create Butt-Ugly Coloring Rules
Customize, customize, customize
Skill #9: Use Exclude/Include Filter
Exclude Filters“and not” a list of good traffic qualities![protocol] && ![protocol] && ![ip.addr] …
Include FiltersConversation filtersProtocol filtersPort filters
Skill #10: Choose the Right Capture Location
Tapping In (FDX)
Mike Gabe Jill
Wireshark Run on Local Host
See Case Study: Interconnecting Device from Hell
Skill #10: Choose the Right Capture Location
Span port 2 to port 1
2 3 4
1
Wireless with AirPcap Adapters
Jill
Access Point
Skill #11: Prepare for Command-Line Capture
Tshark or dumpcaptshark –htshark –Dtshark –i #
More Tips: Laura’s Lab Kit v10
Videos – Profiles, Case Study, Adapter Testing, Filtering and more.Trace Files – over 300 samples to work with plus full listing of what’s cool in each
Related Content
SIM201: Wiretapping 101: Catching Evidence on the Network SIM202: We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) SIM327: Rethinking Cyber Threats: Experts Panel
Laura’s Lab Kit v10 DVD: Available at Global Knowledge Booth (#1803)
Wireshark Certified Network Analystwww.wiresharktraining.com/certification
Find Me Later At… the Global Knowledge Booth
Track Resources
Resource 1
Resource 2
Resource 3
Resource 4
Track Resources
Don’t forget to visit the Cloud Power area within the TLC (Blue Section) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward.
You can also find the latest information about our products at the following links:
Windows Azure - http://www.microsoft.com/windowsazure/
Microsoft System Center - http://www.microsoft.com/systemcenter/
Microsoft Forefront - http://www.microsoft.com/forefront/
Windows Server - http://www.microsoft.com/windowsserver/
Cloud Power - http://www.microsoft.com/cloud/
Private Cloud - http://www.microsoft.com/privatecloud/
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
Complete an evaluation on CommNet and enter to win!
Scan the Tag to evaluate this session now on myTech•Ed Mobile