Go Premium for a chance to win a PS4. Enter to Win



Posted on 2016-10-27
Medium Priority
Last Modified: 2016-10-30
I know Wireshark is an excellent tool for its purpose. As I am studying it, I have difficulty to figure out which type of problems is this tool designed to solve? In what scenario would I turn to Wireshark to start the trouble shooting?

[So far seems its designed to identify virus or overlook traffic for monitoring purposes]

Please help
Question by:Abraham Deutsch
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 400 total points
ID: 41862293
That's basically it.  It monitors and records network traffic on the computer it's running on.  Then you can examine the data to see what is being sent and received and determine if it is correct or not.

Assisted Solution

by:Rob Leaver
Rob Leaver earned 400 total points
ID: 41862344
You've pretty much stated its use, its to monitor or "sniff" network traffic.
LVL 37

Assisted Solution

Kimputer earned 400 total points
ID: 41862347
For clear text protocols (FTP, HTTP, SMTP) it could be handy (though happens less and less, as those protocols are now more and more encrypted).
Instead of digging through log files, you just fire up Wireshark, filter on the port, then start the FTP, HTTP or SMTP, and just read it back in Wireshark. Within no time, you'll have figured out why it didn't work (you can read the FTP/SMTP error code etc etc).
For DNS requests, it's also still useable (virusses usually do quite a lot of weird requests).
Rebuilding VOIP voice data is useful to hear the actually call quality (if you're not onsite, but have to work from remote).
Then there's the network stats for IP endpoints (to find the offending heavy downloader).
And for the things you sometimes cannot really solve but only observe with tears in your eyes are the ACK/RE-ACK/Resend/Retransmissions/Duplicatepackets issues between specific hosts. You can only see why the connection isn't working, but the solution might not be within your reach (routing/firewall issues).
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 25

Assisted Solution

Cyclops3590 earned 400 total points
ID: 41862436
when i did load balancing a lot, it came in handy for the following:

1) identify windowing/buffering issues.  meaning, you have a large download and it goes slower than you want.  it helps you identify how fast/much each side is sending, when the acks come thru for more data to be sent.  you can also see when buffers get overrun on receiving side in turn.  that was one case, the app was designed to take data off tcp buffer too slowly causing performance issue.  It was also good with respect to the windowing because you could tune it to better match the buffer settings to optimize throughput better.

2) identify if a server or client is adding to latency.  you can see in teh 3 way handshake how long it takes from receive to respond and you can tell if the client or server might have an app issue

3) You can see if there are performance issues due to "dirty" lines by looking at retransmissions.

4) You can drill into the data by reconstructing packets or filter very easily so that you can correlate all of the network traffic and where an issue might be arising.  For example, one use I did at my home was finding out that my IPv6 tunnel had dropped and hadn't established (it had been so solid I forgot about it).  So the capture showed me that dns was getting A and AAAA and trying IPv6 first before failing over to IPv4.

those are just a few of the items i used wireshark for most commonly.  you can think of it as a swiss army knife for analyzing traffic captures.  you don't have to actually sniff the traffic either.  so long as the data is in a format wireshark understands you can take captures from other places as well and analyze with wireshark in turn.
LVL 32

Assisted Solution

masnrock earned 400 total points
ID: 41862463
It's function is for monitoring network traffic. Now exactly HOW you use that data is where things can vary.

It might be for troubleshooting an issue with connection quality such as VoIP, you might be checking for a machine that is flooding the network, could even be for a computer that keeps dropping off the network at random intervals. Wireshark can provide a wide range of data, it's on you to determine which part of that data you want to filter for and analyze.
LVL 25

Accepted Solution

Cyclops3590 earned 400 total points
ID: 41862472
I'm going to disagree hopefully to provide clarity.  Wireshark's "monitoring" is merely a feature.  At its core it is a protocol analyzer.  That is what it is meant for.  The monitoring piece is just a way to collect the data so you can use it for what it was built for.  If it was meant for "monitoring" like ntop or other tools are then it wouldn't be such an optional feature to its function.

however, i'm thinking the difference here is semantics so I'm merely posting this so that clarity can be given as to what precisely wireshark is used for.

Author Closing Comment

by:Abraham Deutsch
ID: 41866046
Thank you all for clarify the functionality of wirkshark.

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question