Wireshark 2 0 What happened with the Statistics Summary Screen
As I get familiar with Wireshark 2.0, I’m finding that there are subtle differences from the previous version. I found the best way to get used to a new version of an application is to install it and go cold turkey. I mean cold turkey in the sense that I don’t want to have the previous version on my hard drive as a security blanket or fallback.
Then I simply go through the motions and replicate all the daily tasks that I use Wireshark for and figure out if the new version has any drastic differences.
In this video I cover what happened with the Statistics-Summary Screen and how it has been combined with the file comments function. ... https://www.youtube.com/watch?v=qZL8kNj0E-A
Like, share and subscribe to support my channel.
Tons more info at www.thetechfirm.com
------------------------------------------------------------------------------------------
I’m one of those guys who looks at the Wireshark release notes. Release notes are usually about bug fixes and protocol updates but every so often it contains a gem.
When Wireshark 4 came out, there was all sorts of chatter about new features, etc. After reading about the features, I soon realized that many of the features were helpful for more seasoned Wireshark users that would figure out or stumble upon them on their own.
One display filter tip that I thought was helpful was a more efficient ability to search for multiple values.
...
https://www.youtube.com/watch?v=EAljq9LAkDo
Getting Started Is The Tough Part
Regardless if you are troubleshooting, baselining installing or designing getting accurate data is critical.
We’ve all heard that old saying “garbage in, garbage out” but what about “no data, no chance”?
When I present or teach I always try to instill some basic concepts to help attendees regardless of their role.
The first point is “get off your chair”. When possible get off your chair and visit the site, or client, to get a proper perspective of the issue, site and gather first-hand information. In the day of video calling, and the ability to record video/photos from your phone, you can ask the client to ‘show you the issue’ or a walk around the site.
The second point is to document! Document anything, tools used, methodology the switch make/model, ip addresses, port numbers, operating systems, etc… you would be surprised how helpful this information can be for you at a later date or for someone else working with you.
No matter what you do, document or start with, just start with something. For example, I get many requests to help with application or device baselines. The first thing I ask is how do you want to baseline? There are many options; you can use the SNMP port stats of your switch to watch load/utilization, review firewall logs for port numbers used, if its windows or linux, look at netstat output, or lastly capture pack....
read the full article at www.networkdatapedia.com when its posted
...
https://www.youtube.com/watch?v=eAM7xjhH_pk
When is a FTP Error An Error
I am always fascinated with how different applications report the same problem.
I find it tremendously valuable to ‘break’ applications or cause intentional errors to see how applications behave what they report, or not report.
The behavior and reported error will vary from product to product and from version to version, so it helps to repeat your test every so often. Don’t forget that some applications can use multiple protocols and may mask, or misreport error messages.
The same point applies to your tool of choice. Does your protocol analyzer report on any ftp or application error codes? And lastly are there any other protocol clues to help zero in on this issue, like a TCP RST, ICMP error message, etc..
In this video, I use FTP and various FTP clients as an example of this methodology.
Enjoy
...
https://www.youtube.com/watch?v=-RcZrbdJsKI
Heres another slide from the Baselining session I had the other day.
This time we were looking at application behavior. The point of this slide is not to get initially caught up with what could be causing the behavior, or if its bad or good.
In this specific example, I used wget to see if an HTTP transfer behaved the same way as when the application performed the same HTTP GET.
I kept every as consistent as possible:
• Same source IP
• Same destination IP
• Same version of HTTP (1.1)
• Same URL
• Same approx. time of the day (5 minutes apart)
During a real baseline I would want to get multiple traces/tests (5 if possible) to definitively prove if this is indeed a real pattern.
After proving the pattern is consistent, you can make an observation, possible recommendations and then remeasure to see if it helped.
...
https://www.youtube.com/watch?v=Qc9azidbesw
I thought this would be helpful to show since its so portable and about $25. I use this with my tablet, but have also used it for my laptop, etc..
Very helpful
Blog: http://www.lovemytool.com/blog/tony-fortunato/
...
https://www.youtube.com/watch?v=F4JDp7sQrII
Here Tony explains how to create your own cabling errors in an effort to understand issues you may already have
...
https://www.youtube.com/watch?v=R5wfbxZ-TX0
Tony's Shaking your Network to Bits Video clip
Here Tony talks about the 'Space Junk' on your Network and how you may have not found the root cause to your 'Problem'
...
https://www.youtube.com/watch?v=TJxgmLN9UH8
Wireshark Slice Operator
I was pleasantly surprised how much attention the previous video got, so heres another one from the 2 course that I’m working on.
i will post course registration stuff as soon as i'm done.
This time I cover how to create a display filter for a specific byte of data in a specific location in the packet.
The rest is covered in the video.
Enjoy
...
https://www.youtube.com/watch?v=IdPlZtCLFbE
Every time I post an article or present in a webcast, I get emails asking how I did certain things or how to analyze packets. Even though I explain the methodology in many of the articles, I agree that it would help to see someone walk you through it.
I just finished writing an article comparing 3 different trace route tools that use TCP instead of ICMP. One is command line driven, one is a graphical tool and the last one provides cloud-based reporting and configuration.
read the rest at : http://www.networkcomputing.com/author-bio.asp?author_id=2332
...
https://www.youtube.com/watch?v=eh4WjF2rhP8