A network baseline is a set of parameters that define normal activity. The baseline provides a snapshot of network traffic during a window of time using Wireshark or Tshark. Characteristics to baseline can include utilization, network protocols, effective throughput forwarding rates, and network latency. The network team can use the baseline for forecasting and planning, along with optimization, tuning, and troubleshooting.

The baseline process goes through several stages: plan, capture, save, and analyze. Once the baseline is complete, the network analyst can review the captured data in order to assess general performance for end-to-end communications. Baselining the network helps to gain valuable information on the health of the network, and possibly identify current network problems. In addition, subsequent baselining exercises can help predict future problems.

Whenever the installation of new equipment is planned, it's best to do a baseline prior to the change. After implementation, do another capture to identify possible issues in the trace and to fine-tune the configuration.

As you can see, there are many ways we can use packet analysis to monitor, test, baseline, and troubleshoot. However, you should also be aware of when you shouldn't use packet analysis.

As you can see, we can use packet analysis in many ways. However, because of the ability to obtain sensitive information or as a precursor to an attack, packet analysis should only be done on a network you own or where you have explicit permission to conduct packet analysis for security scans or to troubleshoot network connectivity issues. In addition, consideration should be given to maintaining the privacy of the data collected during capture and have a proper method to obtain, analyze, and retain the packet captures.

As shown in the chapter, we have now learned about the many reasons to use packet analysis. Let's summarize by embracing Wireshark, which is one of the most powerful packet analysis tools available today.