Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
Since receiving positive feedback about a previous trace file analysis video, I thought I would do another, but this time, introduce Wireshark's Colorize feature. Generally speaking, I'm not a big fan of colors since they can distract me, or give me a headache ;b , but there are some scenarios where colors are helpful.
I also discuss what that urs.microsoft.com conversation is.
Since my Excel Graph tutorial, I have received emails asking if I could whip something up regarding Pivottables. Well, here you go.
One of the limitations of the Excel Graph Video is that it doesnt illustrate those data points where there aren't any packets. This pivot table trick will fix this and make the data more manageable.
In my classes and seminars, I constantly tell analysts that you should think of your packets like your vacation photos. You can show them to people, and they will politely nod, but they have no interest in them. Along with the security implications and possible misinterpetation, a graph can really drive the point home or show you something new about that puzzling trace.
Just saw a question on ask.wireshark.org from an analyst who is just starting out with Wireshark, asking about the basic MAC filter.
I enjoy answering these type of questions since it shows me that more and more people are trying out Wireshark.
So after a few postings, I realized there is something basic I am not conveying, so I whipped up a quick video on how to create a Capture and Display MAC Address Filter.
I came across this really nifty little utility to help analyze your Wireshark tracefiles.
Splitpcap will use 1 trace file and create various trace files based on your criteria.
For example you can ask splitpcap to create a trace file for all the ip addresses and tcp/udp conversations, or create a trace file for every ip address, plus a ton more.
I especially like the -y L7 switch that will extract the application data or payload and save it in a text file. Just like Follow TCP or UDP Stream.
I thought since I had to capture some packets from my ATA, it would be helpful to record a quick video showing you the basics of port mirroring.
Please note that every switch vendor and model will have a differnt syntax or way of doing this, so please read the documentation for your specific switch.
A little trick I like to show people in my classes and seminars.
It is basically how to take a trace file and create an Excel Graph.
I know, I know, youre wondering why not just use the I/O Graphs? Well I can do a bunch more customization for reports, etc.. If I just need a quick peek, then I would defintely use the IO graphs.
Your colleague sends you one of those hilarious viral cat videos; you watch and begin to laugh. You look to the side pane and see another hilarious cat video; you can’t help yourself and click on the next one in the queue. You have fallen under the spell of YouTube, and this is from someone who doesn't like cats. You are not alone.
Whether it’s watching a video for pleasure during your work day or using video for your job – check out “Seven Ways Enterprises are Using Video in Everyday Business” – video is beginning to compete with mission critical enterprise application data. As the volume of video explodes, as it’s predicted to do between now and 2015, this could become one of the most serious issues facing your network. Video demands high quality of service and is one of the most unpredictable data types on your network when it comes to packet sizes and packet bursts. But how do you know who the video bandwidth hog is and whether or not they are using video for business meetings or just watching a cat play a piano?
The three approaches below can help you determine who is inappropriately using video and bogging down your network, and whether the video sources are inside or outside the company.
I have had emails asking exactly how I use, or reference those 'packet bookmarks' I mentioned in an earlier article.
Just to be clear, this is not a Wireshark specific tip. This a technique I use when I capture packets with any protocol analyzer.
In case you haven't heard me mention this before, I simply ping as I capture applications that always have data continually trickling in. Regularly, I try to note the packet number, but sometimes this may be difficult to do, or I am working alone and dont have the time to write it down.
In this video I have a customer trace file and instructed them to ping at the following points;
Recent Comments