Don’t assume anything when troubleshooting! (John Modlin)

I was working at a large network heterogeneous environment and started working on a problem of scanners at field offices being unable to transfer documents across the WAN. Working on this problem led me quite down the rabbit hole, a black hole to be more specific.


The field techs had already changed out scanners, but the site continued to be intermittently unable to send documents across the WAN. Some documents transferred, some didn’t. After checking permissions and general settings on the scanner, I started looking at the network path.

Wireshark Interfaces and File List Tip

 Networkdatapedia.com has been asking for material that focus on knowing your network and/or knowing your tools.

Sounds pretty simple but trust me this is anything but simple or obvious. When you use the same tool and it becomes your ‘favorite’ or ‘go to tool’ you might be resistant to trying new tools.

Great example is back in the early 90’s when I was using Network General Sniffer products. I was getting very comfortable with it and was actually solving issues with no training. Through the years I heard of Lanalyzer, Capsa, Cinco, NetXRAY, Observer, Microsoft Network monitor, Protocol Inspector and of course Ethereal (aka Wireshark) as well as ton, I’ve probably forgotten.

I remember showing my Sniffer sales person Microsoft Network Analyzer and Ethereal explaining some if the features I liked. His response is “don’t waste your time on that free stuff”, followed up with “how good can it possibly be when its free”.

I soon figured out that every tool has its pluses and minuses and figuring out what works best for you is the toughest part. When you find that tool that you always reach for first, you need to take the time to learn all the nuances and what features new versions may bring – or break ;)

In this video I spend a few minutes showing you how to clear your ‘most recently used file list’ and how to hide network interfaces you won’t be using. Its important to note that hiding the interfaces does not delete, disable or affect them directly.

For example, if you hide your WiFi adapter in Wireshark, you can still use it to surf, ping, etc.. it will just be hidden from the available adapter list in Wireshark.

Enjoy.

Determining ARP Refresh Rate With Wireshark

 

There have been more than a few times where I had to illustrate that ARP was an issue.

When a suspected ARP issue, or you just need to understand how often a device ARP’s, or you need a good challenge when using your favorite packet analyzer, this is a great exercise.

DNS Client Issues

 In this video I wanted to show you an issue that I encounter quite often. DNS is one of those protocols we all take for granted and most people believe that if its working, you can’t do much to tune it.

There are many things you can do to improve DNS performance. One of the more common techniques is to configure a device as a local DNS server, cache or relay for those scenarios where you might have slow internet connections.

I want to focus on the client configuration. I’ve seen DNS server entries (manual or DHCP assigned) that are problematic. For example, DNS servers that no longer exist, typos, slow DNS servers or DNS servers that are located on slow links or paths.In this case I highlighted what your packet trace will look like when you attempt to use a device as a DNS server that is not a DNS server. I also explain why the ICMP packets are important in this process.

Big take away is to review your DNS or any name server configurations every so often to ensure there isn’t any issues.

.

Slice It Smart: Extend Your Capture Time With Packet Slicing

I would say packet slicing is one of the most critical techniques to understand.

Back in the day when we had hard drives with limited disk space and we needed to capture for long periods of time, we used packet slicing.

Packet slicing in Wireshark is one of those features that doesn’t get much love, but once you use it, you wonder how you ever captured packets without it. The basic idea is simple: instead of grabbing the entire packet payload, you only capture the first N bytes. For many troubleshooting and analysis tasks, that’s more than enough to see headers, flags, and protocol behavior without hauling around a ton of unnecessary data. One of the biggest benefits of packet slicing is smaller capture files. Full packet captures can balloon in size fast, especially on busy links or during long troubleshooting sessions. By slicing packets, you drastically reduce disk usage and make your capture files easier to store, share, and archive. This is especially handy when you need to send a capture to a colleague or attach it to a ticket without watching your email client cry. Packet slicing also improves performance during both capture and analysis. Writing less data to disk means less I/O overhead, which can be critical on laptops, virtual machines, or resource-constrained systems. Later on, when you open the capture in Wireshark, smaller files load faster, filters apply quicker, and scrolling through packets feels noticeably smoother. Less data means less waiting, Finally, packet slicing can help reduce risk and noise. By not capturing full payloads, you lower the chance of collecting sensitive or private data you don’t actually need for troubleshooting. In many cases—like diagnosing TCP handshakes, DNS issues, or routing problems—the headers tell the whole story. Packet slicing keeps your captures focused, efficient, and a little safer, proving that sometimes less really is more when you’re packet wrangling.

I use packet slicing for a slightly different situation. Sure, I might have a large drive but now the network speeds are much higher than 15 years ago. The other important reason why I use packet slicing is when the data is sensitive and we are not allowed to see the captured data. There are some other reasons covered in the video.

The point of the video is to introduce you to packet slicing but you should go look at your packet capture tool to determine if you have packet slicing and how to configure it.

---

ekahau's Free Webinar: Thursday, January 22, 2026 | 12:00 – 1:00 pm ET

Designing 5-star Wi‑Fi for Hotels