Wireshark preferences
by Charit Mishra, Yoram Orzach, James H Baxter
Wireshark Revealed: Essential Skills for IT Professionals
- Wireshark Revealed: Essential Skills for IT Professionals
- Table of Contents
- Wireshark Revealed: Essential Skills for IT Professionals
- Credits
- Preface
- 1. Module 1
- 1. Getting Acquainted with Wireshark
- 2. Networking for Packet Analysts
- The OSI model – why it matters
- IP networks and subnets
- Switching and routing packets
- WAN links
- Wireless networking
- Summary
- 3. Capturing All the Right Packets
- Picking the best capture point
- Test Access Ports and switch port mirroring
- Capturing interfaces, filters, and options
- Verifying a good capture
- Saving the bulk capture file
- Isolating conversations of interest
- Using the Conversations window
- Wireshark display filters
- Filter Expression Buttons
- Following TCP/UDP/SSL streams
- Marking and ignoring packets
- Saving the filtered traffic
- Summary
- 4. Configuring Wireshark
- 5. Network Protocols
- The OSI and DARPA reference models
- Transport layer protocols
- Application layer protocols
- Summary
- 6. Troubleshooting and Performance Analysis
- Troubleshooting methodology
- Troubleshooting connectivity issues
- Troubleshooting functional issues
- Performance analysis methodology
- Top five reasons for poor application performance
- Summary
- 7. Packet Analysis for Security Tasks
- 8. Command-line and Other Utilities
- 2. Module 2
- 1. Introducing Wireshark
- 2. Using Capture Filters
- 3. Using Display Filters
- 4. Using Basic Statistics Tools
- Introduction
- Using the Summary tool from the Statistics menu
- Using the Protocol Hierarchy tool from the Statistics menu
- Using the Conversations tool from the Statistics menu
- Using the Endpoints tool from the Statistics menu
- Using the HTTP tool from the Statistics menu
- Configuring Flow Graph for viewing TCP flows
- Creating IP-based statistics
- 5. Using Advanced Statistics Tools
- Introduction
- Configuring IO Graphs with filters for measuring network performance issues
- Throughput measurements with IO Graph
- Advanced IO Graph configurations with advanced Y-Axis parameters
- Getting information through TCP stream graphs – the Time-Sequence (Stevens) window
- Getting information through TCP stream graphs – the Time-Sequence (tcp-trace) window
- Getting information through TCP stream graphs – the Throughput Graph window
- Getting information through TCP stream graphs – the Round Trip Time window
- Getting information through TCP stream graphs – the Window Scaling Graph window
- 6. Using the Expert Infos Window
- 7. Ethernet, LAN Switching, and Wireless LAN
- 8. ARP and IP Analysis
- 9. UDP/TCP Analysis
- Introduction
- Configuring TCP and UDP preferences for troubleshooting
- TCP connection problems
- TCP retransmission – where do they come from and why
- Duplicate ACKs and fast retransmissions
- TCP out-of-order packet events
- TCP Zero Window, Window Full, Window Change, and other Window indicators
- TCP resets and why they happen
- 10. HTTP and DNS
- 11. Analyzing Enterprise Applications' Behavior
- Introduction
- Finding out what is running over your network
- Analyzing FTP problems
- Analyzing e-mail traffic and troubleshooting e-mail problems – POP, IMAP, and SMTP
- Analyzing MS-TS and Citrix communications problems
- Analyzing problems in the NetBIOS protocols
- Analyzing database traffic and common problems
- 12. SIP, Multimedia, and IP Telephony
- Introduction
- Using Wireshark's features for telephony and multimedia analysis
- Analyzing SIP connectivity
- Analyzing RTP/RTCP connectivity
- Troubleshooting scenarios for video and surveillance applications
- Troubleshooting scenarios for IPTV applications
- Troubleshooting scenarios for video conferencing applications
- Troubleshooting RTSP
- 13. Troubleshooting Bandwidth and Delay Problems
- 14. Understanding Network Security
- A. Links, Tools, and Reading
- 3. Module 3
- 1. Welcome to the World of Packet Analysis with Wireshark
- 2. Filtering Our Way in Wireshark
- 3. Mastering the Advanced Features of Wireshark
- 4. Inspecting Application Layer Protocols
- 5. Analyzing Transport Layer Protocols
- 6. Analyzing Traffic in Thin Air
- 7. Network Security Analysis
- 8. Troubleshooting
- 9. Introduction to Wireshark v2
- Bibliography
- Index
In the Adding a time column section, we opened the Preferences window using Preferences in the Edit menu or by clicking on the Preferences icon in the icon bar to configure the time display column options. There are quite a number of Preferences options that you should be aware of and may want to adjust to customize your Wireshark environment:
- Layout: This is used to select the ordering of the Packet List, Packet Details, and Packet Bytes panes.
- Columns: This is used to add, remove, and move columns in the Packet List pane.
- Capture: This is used to set the default capture options.
- Filter Expressions: This is used to add, remove, or move the Filter Expression buttons.
- Name Resolution: This is used to set the MAC, transport, and network (IP) resolution options.
- Protocols: There are options that can be set for all of the protocols that Wireshark supports; some of the most important and useful of these options include:
- HTTP: This is used to add any additional TCP ports that should be recognized as HTTP traffic in your environment.
- IEEE 802.11: This is used to add/edit the Wireless Decryption keys if needed to decode an encrypted wireless session.
- IPv4: You may want to disable Validate IPv4 checksum if possible to avoid inadvertent error messages caused by an NIC option called checksum offloading, wherein checksums are checked after the packet is sent to Wireshark.
- RTP: Enable Allow subdissector to reassemble RTP streams to support decoding audio from VoIP captures.
- SMB: Enable Reassemble SMB Transaction payload to support exporting file objects from an SMB stream in a packet capture.
- SSL: Wireshark can decrypt the SSL/TLS traffic if you have the private key file. To add a key to Wireshark, go to the Preferences window and click on the RSA keys list Edit button. Then, in the SSL Decrypt window, click on New and complete the SSL Decrypt: New fields (IP address of the SSL server; Port, which is usually 443 for HTTP; Protocol, such as HTTP; and Key File, which is used to select the path to an RSA private key (if the key file is a PKCS#12 keystore (usually has a
.pfxor.p12extension), the Password field must be completed)), and finally, click on OK to close each subsequent window. - TCP: This provides you with multiple options, as follows:
- Validate TCP checksum if possible: Disable this to avoid inadvertent error messages caused by checksum offloading.
- Allow subdissector to reassemble TCP streams: Enable this to support exporting file objects from a TCP stream.
- Relative sequence numbers: Enable this to make it easier to read and track TCP sequence numbers in a capture file.
- Track number of bytes in flight: This is a value calculated and displayed in the TCP protocol header in the Packet Details pane, which is useful for performance analysis.
- Calculate conversation timestamps: This is the setting discussed earlier that is needed to support the tcp.time_relative and tcp.time_delta time displays.
There are numerous other preferences settings that may be pertinent to your personal preference or analysis environment; you will have to investigate most or all of these options. If you are unsure of a particular setting, you can get more information by clicking on the Help button at the bottom of the Preferences window.
The preferences settings are stored in a file called preferences in one of your Personal configuration directories, depending on the profile in use.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.