Article by Mark Boydwww.simpleit.tumblr.com Thursday, 23 June 2011 Page 1
Using Wireshark for traffic analysis
Most all of the information in this below writing piece is information disseminated from www.sans.org and its
affiliates. My experience is in the Managed Services Provider sector, more specifically, the Education vertical
Troubleshooting Network Problems: WiresharkWe have all been there, two servers not talking to each other, two domain controllers not replicatinginformation, workstations getting some policies but not others, workstations not getting out to theinternet.
At a lower level, we have all had the complaint “The internet is slow” or “The network is slow” You
know that is such a subjective sentence that it enrages you, whether on a limited budget or a hugebudget, you know that throwing money at a network infrastructure refresh might not solve theproblem, you might be the I.T Manager / I.T admin because no one else in the organisation was
knowledgeable enough to do it. Who’s to say throwing money at a network refresh wi
ll solve theseproblems? Do you know how many users are out there? Do you know the origins of the networktraffic? Do you configure your switches to prioritise traffic, do you even know if your switches areconfigured? Do you know if your switches are capable of being configured?
First up we will look at Wireshark ™, formerly Ethereal. Wireshark can be daunting, the information
you see can be look foreign, alien even, or worse, like programming code. Who likes programming?No one that is who. Any resemblance Wireshark packet captures have to programming is enough toscare me away. Here is a screenshot of a standard Wireshark packet capture:
So, right now, you are about to close this document and say “No way…I am out, not doing this, no
way I am going to be a part of this, what is this madness? What is this Crazy alien output I amseeing?
To install and or configure Wireshark, and for perhaps better examples of how to use it visit here