Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.
The combination of Wireshark and procmon is pretty formidable; Wireshark for watching what's going on between networked system components, and procmon for seeing what's going on inside them (at least for those running Windows).
Matching procmon network entries with Wireshark traces can at first seem very frustrating, but actually once you know a few tips and tricks it's pretty straightforward.
This session was presented at Sharkfest 2014 - Dominican University, CA - June 16-20
One of the most challenging problems for a network engineer is the ability to bridge their knowledge of the network and protocol operation in troubleshooting unfamiliar applications and systems. In this presentation, we propose methods an engineer can use to address this problem. Specifically, we illustrate how to leverage knowledge of the network and protocols in combination with tools such as Wireshark to reveal how problems manifest themselves in the packets we collect and analyze. We will present real- world case studies to illustrate techniques to quickly gather the details necessary to identify and solve complicated application-network interaction problems.
Kevin Burns is a Principal Engineer with Comcast and the author of "TCP/IP Analysis and Troubleshooting Toolkit". He has been performing and teaching protocol analysis for 18 years at various companies and the last 11 years with Comcast. Kevin began his career in protocols and complex troubleshooting back in 1995 when he attended a course taught by Scott Haugdahl and has had a passion for analyzing difficult problems ever since.
This session was presented at Sharkfest 2014 - Dominican University, CA - June 16-20,2014
Good trace file analysis begins at the collection stage. If we don’t get the right packets, at the right time, in the right place, with the right collection method, then we may spin our wheels looking through millions of perfectly good packets, behaving exactly as they should. In this session, we will look into the top mistakes in packet collection and how to mitigate them, ensuring that traces are as valid as possible for troubleshooting the root cause of a problem. We will also explore common capture methods such as SPAN, Tap, and laptop vs. hardware-based capture, examining the pros and cons of each.
Chris Greer specializes in packet analysis and training services, helping clients to resolve network and application performance problems, while training them to do the same on their own. As a Consultant for Packet Pioneer LLC, he provides remote trace file analysis, on-site troubleshooting, and delivers training courses for vendor-supported tools. As a Wireshark Certified Network Analyst, Chris delivers hands-on Wireshark courses and is a certified partner of Wireshark University. Chris is a regular author for lovemytool.com and various vendor-supported blogs