Studying packet captures is one of the best methods to learn the operation of protocols in any of the 7 network layers. It doesn’t matter if they were made in wireshark, tshark, tcpdump or any other program.
Thanks to the work of very good people we do not need to create the conditions ourselves and make these captures. There are several “capture banks” available for us to enjoy and learn from:
From very early in my networking career I have been fascinated by protocol details, packet captures and the features of my top 3 application troubleshooting tool: Wireshark.
Getting the captures on the endpoints (clients/servers) is relatively easy but things can get difficult when you want to capture traffic somewhere in between and is hard to do port mirroring (SPAN) on some remote switch.
Packet Capture Capabilities of Cisco Routers and Switches is an old video (4 years is old right?) posted on the Cisco Support Forums that highlights different methods to get on box packet captures in Wireshark .pcap format or in text output.
The video is an hour long but if you’re in a rush I made it easy for you by summarizing the video in an “easy to read” mind map. grouped by IOS, NX-OS and IOS XR. Continue reading
Wireshark is my tool of choice for troubleshooting. While most people think of it at the end of the fight, with me it’s always on top of the list.
Recently, I had to look at a problem of a sales application where users reported that “the network was slow”.
The application was developed in-house, didn’t use any of the known application protocols like HTTP or FTP and wasn’t encrypted. In the middle of so many transactions and a working store, how to find the TCP conection that has the transaction to troubleshoot?
Continue reading