83 posts categorized "Wireshark" Feed

Capture Packets With Microsoft’s netsh (by Tony Fortunato)

There are many challenges we face when I want to capture packets while troubleshooting.  

  • Installing a packet capture tool such as Microsoft’s Netmon or Wireshark, might be a deal breaker for some admins.
  • Using a span or mirror port might not be available or add excessive latency to packets.

In most cases I would be happy with a solution that simply captures the packets and I can analyze the data on another system.

Many analysts I speak to are not aware that most Microsoft operating systems allow you to capture packets without installing anything on it.  The command is netsh trace start etc… 

In this video I show you how to get started by capturing data and making the trace compatible for Wireshark.



Continue reading other LoveMyTool posts by Tony Fortunato »

Wireshark Decode As Example (by Tony Fortunato)


There are many scenarios when you work on a trace file and your protocol analyzer doesn’t decode the application. I see this a lot with proprietary applications, some IOT devices and when administrators change the application default port number. In less common scenarios, you might be trying to figure out how malware or worms spread in your network or try to determine an application signature.

In this example I show you how to use Wireshark’s Decode As feature to teach Wireshark how to decide a trace as FTP.

I run through some navigation tips and tricks, how to resize the columns, how to see the data within the packets (when it is in clear text and lastly how to use the Decode As feature.

Every protocol analyzer may have different term for this feature, but you should know how to do this in your favorite analyzer.


Continue reading other LoveMyTool posts by Tony Fortunato »

Troubleshooting Slow Broadband (by Paul Offord)

"Are you downloading something?", my wife asked when her YouTube video kept stalling. "Not me", I assured her.

Untitled design

But then I noticed a port light on my broadband router going nuts, and that port was connected to my Windows computer. What the heck is going on?

In this video ...

Continue reading "Troubleshooting Slow Broadband (by Paul Offord)" »

Hey Network Engineers - What To Do While Everyone Is Away (by Chris Greer)

Empty office Wireshark

You drew the short straw.

Over the next couple of weeks, while everyone else is skiing in some amazing place or finally taking that year-end time with their kids, you are left behind at the office to “monitor” the system.

Unless you work for UPS or Amazon, it will most likely be a relaxed couple of weeks! It will be tempting to kick back and watch YouTube, or act busy while doing some other mundane chore.

However, the last two weeks of the year is also a great time to be a network engineer. Here is a list of things you can work on while everyone else is away.

  1. Throughput Testing

Continue reading "Hey Network Engineers - What To Do While Everyone Is Away (by Chris Greer)" »

So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)

I often get trace files from customers with the comments, "there seems to be some TCP retransmissions" but they are not sure just how that really relates to performance issues they are having.  After all, some amount of retransmissions in an Ethernet Network is normal, right? 

There are certainly safeguards against packet loss in the protocols we use today but just what does it do to the end user experience when packet loss occurs?  Join me as we explore troubleshooting with Wireshark and NetData with an example I ran into recently where we needed to get to the bottom of their performance issue.




Continue reading "So Just How Bad is 0.9% Packet Loss in your Network? --Network Congestion and TCP's impact on Performance (by Mike Canney)" »

How TCP Works - The Receive Window (by Chris Greer)

What does that Window field in the TCP header do? 

Many people ask this question after capturing a trace file with Wireshark. What is the TCP Window? How does it work? How can I use it to troubleshoot performance problems? 

We will answer these questions and more in this nine minute video. Check it out! 

Note: This video focuses on the TCP Receive window. We will cover the send window in another video. 


Author Profile - Chris Greer is a Network Analyst for Packet Pioneer LLC and a Certified Wireshark Network Analyst. Chris regularly assists companies in tracking down the source of network and application performance problems using a variety of protocol analysis and monitoring tools including Wireshark. Chris also delivers training and develops technical content for several analysis vendors. Got network problems? Let's get in touch

Chris Greer Packet Pioneer Logo