Tracing in an enterprise environment presents particular challenges. Let's say we want to see everything going in an out of an application server. We can get a monitor session configured, hook up a laptop with dumpcap, start the capture and hey presto, you've got 500 GB of data to analyze.
How can we find the problem in all that trace data?
In this video we discover a simple way to mark trace data during capture. Using the find and filter capabilities of Wireshark, we can quickly find the problem area in the trace.