Content that refers to the Wireshark packet analysis tool.
Post Views: 171 Do not troubleshoot Wireshark captures by chasing random red and black packets. Start with triage, classify the traffic, branch into the correct protocol workflow, and then prove the finding with packet evidence. The following is a shortened version of our structured “Triage → Classify → Branch → Prove” Wireshark troubleshooting workflow built […]
Wireshark Troubleshooting Workflow Read More »
Post Views: 4,443 I am often asked this question of where to access PCAP or PCAP-NG files so that folks can explore packet captures using Wireshark. I have always provided these resources in my Wireshark classes at the Online School, but thought I should also just list them here for public consumption. Before you click!
Where can I get PCAP Packet Captures for Learning and Exploration? Read More »
Post Views: 1,151 If you have upgraded Wireshark to the latest version 4.6.5 and later, you will note a big change to the “welcome” screen, or home screen of Wireshark. It now looks like this: The two “boxes” on the right are new and bold. The tips and tricks is great for new Wireshark users,
A New Wireshark Welcome Screen Read More »
Post Views: 464 Let’s say you are a CO Tech/Engineer or an enterprise network engineer that works with Voice over IP (VoIP). Let’s further say that there are issues with one or more users so you have done a bunch of packet captures, perhaps even used Wireshark’s Ring Buffer capability, and now you want to
Extracting VoIP Packets from Multiple Captures Read More »
Post Views: 788 Learning how to manually control Wi-Fi channels in Linux is a foundational skill for wireless troubleshooting and packet analysis. Proper channel selection is critical because Wi-Fi troubleshooting is highly dependent on capturing the correct RF environment at the correct moment in time. When combined with Wireshark, Linux monitor mode provides one of
How to Set a WLAN Frequency or Channel in Linux for Wireshark Packet Capture Read More »
Post Views: 559 Net neutrality is typically framed as a policy debate (see my background Net Neutrality post here), but its real implications are observable in packet-level behavior. For network engineers and broadband technicians, the question is not abstract: can you see evidence of blocking, throttling, or prioritization in a packet capture? To read more
Net Neutrality at the Packet Level Read More »
Post Views: 826 I described what Adaptive Bit Rate Streaming (ABR) is in my prior article, if you need that background. Also there is an ABR Lab Exercise if you want some hands on learning with ABR that will show you visually some of the items discussed below. Here, I wanted to dive a little
Mapping ABR to TCP Congestion Control and QUIC Read More »
Post Views: 803 Adaptive Bitrate Streaming (ABR) is a video delivery method that dynamically adjusts the quality of a stream in real time based on three things: network conditions, device capability, and player performance. Instead of delivering a single fixed-quality, and therefore fixed transfer rate video, ABR continuously selects the most appropriate bitrate to maintain
What Is Adaptive Bitrate Streaming (ABR)? Read More »
Post Views: 504 The following is a step by step lab exercise to examine ABR – Adaptive Bit Rate used in modern video content delivery. I won’t explain ABR here – you can read about ABR and what it is, and how it works here in a recent post. We will analyze a synthetic but
A Synthetic ABR Lab Exercise Read More »
Post Views: 1,868 Most people do not know this, but TCP CUBIC is the dominant congestion control algorithm used in modern TCP/IP networks. It is designed to efficiently utilize high-speed, long-distance links while maintaining fairness across flows with different round-trip times (RTTs). Today, it is the default congestion control algorithm in most Linux systems, and
What is TCP CUBIC and Why so popular? Read More »
Post Views: 1,681 I have been teaching Wireshark classes since the early 2000’s, and using it since it was called Ethereal. My usage has primarily focused around troubleshooting network issues that have a packet capture associated with them. My fellow troubleshooters will tell you that this is not always the case. But, if we are
Create your own Wireshark Labs with AI Read More »
Post Views: 968 Check out these great references as well: Our custom profiles repository for Wireshark Our Udemy course on Wireshark Our Udemy course on Wireless Packet capture In our previous post I showed you how to use Wireshark’s Ring Buffer feature. I think we can all agree how great that feature is. In this
Combining Wireshark Ring Buffers with Capture Filters for Performance Read More »
Post Views: 2,368 Check out these great references: Our custom profiles repository for Wireshark Our Udemy course on Wireshark Our Udemy course on Wireless Packet capture Wireshark’s Ring Buffer feature is a capture mechanism feature that automatically rotates packet capture files based on size or time limits, overwriting the oldest files when a defined limit
Wireshark Ring Buffer Capture Feature Read More »
Post Views: 1,660 I provide this information for reference when examining TLS in Wireshark. The TLS 1.2 protocol ladder (also called the TLS handshake ladder) describes the step-by-step sequence of message exchanges between a client and server as they negotiate a secure, encrypted connection. Think of it as a “ladder” where each side alternates rungs
The TLS 1.2 Protocol Ladder Read More »
Post Views: 6,533 Using a loopback adapter (also called a local loopback interface) for packet capture in Wireshark allows you to capture traffic that stays within your own computer — for example, packets exchanged between local applications via localhost or 127.0.0.1. Normally, this traffic never reaches a physical network interface, so a loopback capture is
What is the Adapter for loopback traffic capture in Wireshark? Read More »
