There is no “right way” to setup Wireshark. Setting up your Wireshark environment will go a long way to maximizing productivity. You have to train your brain to filter out the noise. It turns out protocol analysis works the same way. That’s the key to training – knowing what to filter out so your brain can get to work on the important stuff. So how do you go about getting started? First, you can watch the accompanying video/tutorial session (see below for the link.) Next, make sure you setup your Wireshark in a consistent manner – the video tutorial covers this.Įver wonder how router jockeys like me can scroll through a “sho run” output so quickly? It’s because I’ve done it for so long that the eyes are trained to filter out unneeded information. It takes practice to know how to capture the right data, where to capture the data, what filters to use, and how to interpret the data. To become good in this field, it takes a fair amount of practice. I started posting to this blog so that I can help budding protocol analysts and perhaps show interesting tricks-of-the-trade to veteran users. It’s almost as if people expect sniffers to magically spit out the root cause, served on a silver platter! In reality, it takes fair amount of protocol and application knowledge to truly bring a tool like Wireshark to bear. And as networks and applications become more complex, keeping up will be challenging.īut the one thing that I noticed over the years is that people rush to install sniffers without really thinking about it. As great as Wireshark is as a tool, it still takes coaxing by an analyst to ferret out root cause. It’s also a field where experience and art still matter. For those of you who have attended Sharkfest in the past, you already know that protocol analysis is near and dear to my heart.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |