379 posts categorized "Tony Fortunato" Feed

Wireshark Capture Interface Issue (by Tony Fortunato)

When I first started my website I had a whole section on product ‘issues’ or ‘bugs’.

My intent was to help my clients, subscribers, while reducing the number of emails I get about these issues.  Over the years, I found it to be too much work to maintain since I introduced more tools to my website.

In the past 2 years, I have eliminated almost all vendor specific tool webpages from my site that contained tips, tricks and bugs.

Wireshark is still one of the primary tools I use in the field and still do private training or presentations with it, so I thought I would keep that section on my website.

In this video I explain an issue I ran into recently with the default capture interface setting. The purpose of the video is to document the issue and help anyone who may encounter this issue.

Let me know if you find this helpful and I will create more along with my usual tips and tricks.

 

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Capture Packets With Microsoft’s netsh (by Tony Fortunato)

There are many challenges we face when I want to capture packets while troubleshooting.  

  • Installing a packet capture tool such as Microsoft’s Netmon or Wireshark, might be a deal breaker for some admins.
  • Using a span or mirror port might not be available or add excessive latency to packets.

In most cases I would be happy with a solution that simply captures the packets and I can analyze the data on another system.

Many analysts I speak to are not aware that most Microsoft operating systems allow you to capture packets without installing anything on it.  The command is netsh trace start etc… 

In this video I show you how to get started by capturing data and making the trace compatible for Wireshark.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Wireshark Decode As Example (by Tony Fortunato)

 


There are many scenarios when you work on a trace file and your protocol analyzer doesn’t decode the application. I see this a lot with proprietary applications, some IOT devices and when administrators change the application default port number. In less common scenarios, you might be trying to figure out how malware or worms spread in your network or try to determine an application signature.

In this example I show you how to use Wireshark’s Decode As feature to teach Wireshark how to decide a trace as FTP.

I run through some navigation tips and tricks, how to resize the columns, how to see the data within the packets (when it is in clear text and lastly how to use the Decode As feature.

Every protocol analyzer may have different term for this feature, but you should know how to do this in your favorite analyzer.

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Baselining and Configuring an IOT Device (by Tony Fortunato)

For those of you who have followed my articles and rants, I've talked about baselining equipment now for many years. in this particular article, I will spend a little bit more time showing you how I baselined a webcam – yup another webcam - what it was doing, and how I reconfigured it to stop the unwanted traffic

A common question I get asked is, “How do you baseline wireless equipment?” You've got several options; you can obviously get a wireless analyzer and capture those packets over the air. Another approach is to work from the access points LAN side by using an inline analyzer between the access point and its switch port. Lastly spanning or mirroring that port to an analyzer works just as well.

It's important to remember that every piece of equipment on your network should be profiled or baselined. You should be familiar with what it should communicate with as well as what it is communicating with.

As I said in the video it doesn't matter if it's a refrigerator, a camera, or a thermostat.  You should always find out how these devices behave because at some point you will have to troubleshoot them.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


Fixing Mailto Problems On Windows 8 (by Tony Fortunato)

I appreciate all the positive feedback I’ve been receiving from my PC articles since I typically post about networking and Wireshark topics.

In this video I discuss how to fix a mailto problem I ran into while setting up a network management computer for a client.

The mailto: URL can be used by webpages or applications to send emails. In the video I used a Chrome extension as a test to illustrate the issue and fix.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


LMTV LIVE | Wireshark Week (with Brad Reinboldt and Tony Fortunato)



Wireshark_email_header_17_200_3This week Tim, Tony and Denny spoke with an old friend, Brad Reinboldt, Senior Solutions Manager from Viavi Solutions, about their upcoming free education webinar series Wireshark Week.

We looked at the challenges of getting started with Wireshark, uncover quick tips from Tony that make troubleshooting in Wireshark easier, and talk about other tools that work alongside Wireshark to simplify root-cause analysis. Additionally, Brad went into detail on the Wireshark web sessions offered from November 6-11.

For more information, click here to sign up for Wireshark Week

Click to read other LMTV posts by contributors of LoveMyTool »