Wireshark mailing list archives

Re: Very, very elementary question - how do I make sense of the trace?

From: Stuart Kendrick <skendric () fhcrc org>
Date: Mon, 03 Oct 2011 05:27:03 -0700

Hi Lisi,

Turns out that's a large question.

The route I have taken involved a mix of classes and hands-on
experience.  I started taking classes in 1991, and I've taken a class on
protocol analysis (Wireshark is just one of many, many tools which
perform a function called 'protocol analysis') every year or two since,
gradually deepening my understanding of how clients and servers interact
in modern networked environments, as I use these tools repeatedly to
solve problems at work.  [I'm not the smartest bear on the block, so you
may be able to progress more rapidly than I have!]  That's been my path
-- other folks may have followed different routes to acquire their
understanding.

I'm casting about for an analogy ...

This oversimplifies things a bit, but learning to understand Wireshark
output is like learning to understand x-ray output ... the doctor-to-be
learns an awful lot about how the body works, how the organs function,
how bones behave, how the whole system interacts with itself and the
outside world ... and only /after/ numerous years in med school and
working as an intern and as a resident would s/he find an x-ray useful
... an x-ray by itself doesn't tell us much, just as a protocol trace
(aka Wireshark output) doesn't tell us much ... but when layered on top
of an understanding of how clients/networks/servers interact, /then/ it
becomes useful.  And of course, both the MD and the trouble-shooting
analyst learns more and more as the years go by ... IT (Information
Technology) may be a whole lot simpler than biology (medicine) ... but
there's still more material than any one person will learn in a lifetime.

hth,

--sk

Stuart Kendrick
FHCRC

On 10/3/2011 3:38 AM, Lisi wrote:

I cannot find anywhere a basic and simple enough explanation of the meaning of 
the output from Wireshark for me to be able to understand it (the output).  

Can anyone recommend something that I could read, that might slightly reduce 
my ignorance?  My ignorance is so total that I do not even know what 
questions to ask, so that Google is sadly not my friend. :-(.

Thanks,
Lisi
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Very, very elementary question - how do I make sense of the trace? Lisi (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Stuart Kendrick (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Prigge Scott (Oct 03)
  - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Chuck B (Oct 03)
  - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 04)
    - Re: Very, very elementary question - how do I make sense of the trace? Susan Bradley (Oct 04)
    - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 04)