This is performed by applying the filter criteria in top of the page (display filter column). Important features: Display filters, columns and profilesĭisplay filters allow the user to filter the packets contained in the captures and display the one that match your filter to the screen. This being said that understanding wireshark and its features will definitely speed up the troubleshooting process. This allows you to recognize the abnormal behavior that would have cause a issues. It will only give you some hints and leads but it’s totally up to you to understand the protocols of your troubleshooting. Actually it’s important to keep in mind wireshark is simply a tool to allow you to analyze the captures and it won”t tell you explicitly what is wrong. You as the user can take or capture all the packets you want, however if you don’t know how to read/interpret the captures then it’s all for nothing. The important steps start from this section now on. Thus, just keep in mind when you are setting up these captured filters based on the situation. The expert wouldn’t have captured all of this because they were filtering out only on port 80/443 traffic. DNS will send out the DNS query to their resolver for that url and notice that resolver not responding in 10 seconds that result in slow user experience. Problem: the expert would have seen the issues if he/she filtered on the source IP address of that user and captured all traffic would illustrated theslow DNS responses. He/She didn’t found any issues on the user that initiate a connection attempt and web server responds very quickly now. However in this scenario, the expert take the captured traffic and analyze it. Then, the expert take a capture filter on their source IP address and the port 80/443 traffic (HTTP/HTTPS). It’s usually depending on the scenario and the situationįor instance, a user complaining about the slow web browsing.
It is easier to view and analysis since the captured traffic as the captured file is smaller. This is good for when the user want a small amount of the traffic instead of the whole traffic.
Then, wireshark will pick up and save those packets that match this filter. If the user want to record specific traffic from a specific host or traffic on a specific port, the user could specify here. In addition, there is a filter section here (capture filter for selected interfaces), the section will filter traffic before it’s captured.Select the network adapter for the network monitoring. By clicking on the capture logo (in the red circle), a more detail options of capture interfaces can be viewed if necessary.
0 kommentar(er)
