72 posts categorized "Wireshark" Feed

How TCP Works - The Receive Window (by Chris Greer)

What does that Window field in the TCP header do? 

Many people ask this question after capturing a trace file with Wireshark. What is the TCP Window? How does it work? How can I use it to troubleshoot performance problems? 

We will answer these questions and more in this nine minute video. Check it out! 

Note: This video focuses on the TCP Receive window. We will cover the send window in another video. 


Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Chris Greer Packet Pioneer Logo


Sharkfest 17 EU - First Thoughts (by Paul Offord)

That's it - another Sharkfest event done and dusted.  Janice and her team did a fantastic job, as always, and the venue was truly spectacular - think of 1930's opulence with a high tech twist and fantastic food.


I was a bit of a late comer - I didn't arrive until midday on the penultimate day - but even so, I could tell it had been a good one.  With attendees from more than 30 countries it was a truly international event.  I was lucky enough to catch several good sessions, and here's a quick summary of some important points I learned.

First up was Kary Rogers.  I think his US session should be compulsory viewing ( see https://youtu.be/tyk2-0MY9p0 ), and the EU session was another tour de force.  He presents straightforward systematic ways of looking at TCP performance, using some Wireshark features I've never thought to use, all mixed in with a dose of comedy.  The EU session had some new stuff and if it becomes available on the Sharkfest Retrospective area, you are going to want to watch it.

Then I sat in on a session called Developer Bytes Lightning Talks–Development Track, hosted by Roland Knall.  There was some real nitty gritty dev stuff in the session, but

Continue reading "Sharkfest 17 EU - First Thoughts (by Paul Offord)" »

Intro to Wireshark – Sharkweek Teaser! (by Chris Greer)

Does opening a packet trace stress you out?

If so, you aren’t alone. Packet analysis is tedious, detailed, and can be very time consuming. Usually captures are taken to troubleshoot issues when the stakes are high and failure to find the problem is not an option. You may even have your boss breathing down your neck, expecting you to miraculously see the smoking gun in a matter of minutes, leaving you to wonder if your job is on the line.

Hey, we’ve all been there.

Packet analysis with Wireshark is an art form that can take a long time to develop. Gaining comfort with trace files starts with some basic steps that can go a long way in helping you find the culprit of your performance or security problem. Here, we will take a look at a couple quick hints that all new Wireshark users should know – but we will definitely leave some for the Intro to Wireshark session at Viavi Sharkweek starting on Monday, November 6th. Register here! https://observer.viavisolutions.com/wireshark-week/

Step 1.

Know the packet path and capture well.

Continue reading "Intro to Wireshark – Sharkweek Teaser! (by Chris Greer)" »

LMTV LIVE | Wireshark Week (with Brad Reinboldt and Tony Fortunato)

Wireshark_email_header_17_200_3This week Tim, Tony and Denny spoke with an old friend, Brad Reinboldt, Senior Solutions Manager from Viavi Solutions, about their upcoming free education webinar series Wireshark Week.

We looked at the challenges of getting started with Wireshark, uncover quick tips from Tony that make troubleshooting in Wireshark easier, and talk about other tools that work alongside Wireshark to simplify root-cause analysis. Additionally, Brad went into detail on the Wireshark web sessions offered from November 6-11.

For more information, click here to sign up for Wireshark Week

Click to read other LMTV posts by contributors of LoveMyTool »

dumpcap Configuration Tool (by Tony Fortunato)

Wireshark users may already be familiar with tshark but not dumpcap.

dumpcap is a very powerful tool that Wireshark users you can use for a variety of reasons;

  • depending on your exact configuration, dumpcap can help mitigate dropped packets
  • in most cases dumpcap is less resource intensive
  • since dumpcap is a command line tool, you can use in a batch file
  • its easy to run it consistently regardless of your level of experience

The only issue with dumpcap is that the command line options can be overwhelming which is where the team from Advance7 comes in.  They put together a cool webpage that helps you figure out some basic dumpcap options.

Continue reading "dumpcap Configuration Tool (by Tony Fortunato)" »

Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)

Now almost all the streams we analyze are encrypted, how can we see what's inside those pesky SSL/TLS packets. Here's one way.


In the previous video in this series we saw how web logs provide an abundance of information; just the sort of stuff we need to take a performance problem to a developer.  And now we can analyze web logs with Wireshark.

In this video ...

Continue reading "Analyzing Microsoft IIS Web Logs - Part 2 (by Paul Offord)" »