Loading ...|
Aug 18
|
Some while back one of my US based colleagues passed on some advice about checking out some details on how to get the best out of Wireshark
For anyone interested in getting their feet wet using Wireshark the network protocol analyzer. This knowledge can be useful to have when dealing with network anomalies.
Download the latest 1.2.1
As you may or may not know this was originally called Ethereal, and then morphed in to Wireshark, and has recently had quite a number of improvements and has moved from ver. 0.9 to now 1.2 plus in the last few months. There has been quite a number of additions including the ability to graph throughput etc from within the tool, as well as it now supporting GeoIP DB’s so that you can carry out extensive mapping of where the packets are going to or coming from.
http://wiki.wireshark.org/HowToUseGeoIP
Running Windows 7?
If you are running Windows 7 – then do be aware that the WinPcap driver (the component that does the sniffing) will fail to install by default – but if you modify the executable to run in Vista SP1 compatability mode then all should be fine – as detailed below:
I’ve just downloaded WinPcap 4.1 beta5 from here: WinPcap, the Packet Capture and Network Monitoring Library for Windows Set the compatibility mode to Windows Vista (right click on the installer executable then select Properties; on the Compatibility tab, check "Run this program in compatibility mode for", select Windows Vista SP1 from the dropdown list, then finally click OK =)) and it will install as it should.
For me it worked flawlessly so far.
Further reading
I then followed this up a bit further and noted that after a recent Sharkfest event there were a number of presentations made by a chap called Ray Tompkins (CEO of Gearbit) and these are available at:
At Sharkfest 2009 gearbit presented 3 sessions::
Finding the Latency:
How Protocols Work:
Wireshark Charts & IO Graphs:
OSTU – Wireshark IO Graph for Response Time Analysis:
Understanding the Need for Protocol Analysis: HYPERLINK
OSTU – Wireshark Case Study: Benchmark Test
OSTU – Wireshark TCP Stream Graphs
OSTU – Wireshark Capture Filters
OSTU – Wireshark Display Filters
OSTU – Identifying Zero Window with Wireshark
If you do find that you have to dig in on a Customers Site to start doing some serious troubleshooting around Networks then I would seriously recommend the first two presentations in PDF format as they do appear to explain things in a very simple and matter of fact way.
Wireless Issues:
Now this should in no way be any sort of substitute for a proper Wireless Survey, but when you find that you are up against some issues then try using inSSIDer as a very good starting point? And it works on Windows 7 straight out of the box 
