1 / 25

Become a Wireshark Guru 10 Hot Skills for Faster Troubleshooting

WCL201. Become a Wireshark Guru 10 Hot Skills for Faster Troubleshooting. Laura Chappell Founder, Wireshark University Founder, Chappell University. It’s Baaaaack! Laura’s Lab Kit v10. Tenth Anniversary Edition Available for free at the Global Knowledge booth (#1803)

seamus
Download Presentation

Become a Wireshark Guru 10 Hot Skills for Faster Troubleshooting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WCL201 Become a Wireshark Guru10 Hot Skills for Faster Troubleshooting Laura Chappell Founder, Wireshark University Founder, Chappell University

  2. It’s Baaaaack!Laura’s Lab Kit v10 • Tenth Anniversary Edition • Available for free at the Global Knowledge booth (#1803) • Trace files and training for network forensics and troubleshooting Announcing

  3. “Top 10” Problems • Packet loss • Client, server and wire latency • Window scaling issues (RFC 1323) • Service response issues and application behavior • Network design issues • Path issues (QoS/DSCP) • Itty bitty stinking packets (Low MTU/MSS Value) • Fragmentation • Timing problems (think lousy VoIP calls) • Infrastructure devices

  4. Skill #1: Add Columns QuicklyReduce packet perusing • Window Size Field (TCP) • Sequence Number (TCP) • Acknowledgment Number (TCP) • Distributed Services Code Point (IP) • SSI Signal (WLAN Radiotap/PPI) • Channel/Frequency (WLAN Radiotap/PPI)

  5. Skill #2: Examine the IO Graph First • Click on high points and low points while watching Wireshark’s coloring in the background

  6. Skill #2: Examine the IO Graph First • Compare Graphs See Y axis

  7. Skill #3: Watch Checksum Error Issue Application TCP/UDP Netgroup Packet Filter (NPF) used by WinPcap IPv4/IPv6 NIC Driver NIC

  8. Skill #4: Create Custom Profiles • Columns • Filters • Colors • Preferences See Create a Troubleshooting Profile - Import a Profile – LLK10 Profile

  9. Skill #5: Set the Time Column Properly • Seconds Since Previous Displayed Packet enables you to spot delays between packets

  10. Skill #6: Use a hosts File • Do not use Network Name Resolution unless you are looking at only a few IP addresses in the trace file • Unknown IP addresses will start the name resolution process • Wireshark hosts file first • DNS server PTR query next Manual resolution demo (cached names)

  11. Skill #7: Examine the Expert Info • Learn what each Expert item means Limited quantities at the show bookstore

  12. Skill #8: Create Butt-Ugly Coloring Rules • Customize, customize, customize

  13. Skill #9: Use Exclude/Include Filter • Exclude Filters • “and not” a list of good traffic qualities![protocol] && ![protocol] && ![ip.addr] … • Include Filters • Conversation filters • Protocol filters • Port filters

  14. Skill #10: Choose the Right Capture Location Tapping In (FDX) Wireshark Run on Local Host Mike Gabe Jill See Case Study: Interconnecting Device from Hell

  15. Skill #10: Choose the Right Capture Location Span port 2 to port 1 Wireless with AirPcap Adapters Access Point 1 Jill 2 3 4

  16. Skill #11: Prepare for Command-Line Capture • Tshark or dumpcap • tshark –h • tshark –D • tshark –i #

  17. More Tips: Laura’s Lab Kit v10 • Videos – Profiles, Case Study, Adapter Testing, Filtering and more. • Trace Files – over 300 samples to work with plus full listing of what’s cool in each

  18. Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that relate to your session. Also indicate when they can find you staffing in the TLC. Related Content • SIM201: Wiretapping 101: Catching Evidence on the Network • SIM202: We Don't Need No Stinkin' GUI: Command-Line Capture Techniques (Remote Options) • SIM327: Rethinking Cyber Threats: Experts Panel • Laura’s Lab Kit v10 DVD: Available at Global Knowledge Booth (#1803) • Wireshark Certified Network Analystwww.wiresharktraining.com/certification • Find Me Later At… the Global Knowledge Booth

  19. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Track Resources • Resource 1 • Resource 2 • Resource 3 • Resource 4

  20. Track Resources • Don’t forget to visit the Cloud Power area within the TLC (Blue Section) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward. • You can also find the latest information about our products at the following links: • Cloud Power - http://www.microsoft.com/cloud/ • Private Cloud - http://www.microsoft.com/privatecloud/ • Windows Server - http://www.microsoft.com/windowsserver/ • Windows Azure - http://www.microsoft.com/windowsazure/ • Microsoft System Center - http://www.microsoft.com/systemcenter/ • Microsoft Forefront - http://www.microsoft.com/forefront/

  21. Resources • Connect. Share. Discuss. http://northamerica.msteched.com Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn

  22. Complete an evaluation on CommNet and enter to win!

More Related