Wireshark mailing list archives

Re: Very, very elementary question - how do I make sense of the trace?

From: Prigge Scott <PriggeScottM () JohnDeere com>
Date: Mon, 3 Oct 2011 09:23:09 -0500

Can anyone recommend something that I could read, that might slightly reduce
my ignorance?  My ignorance is so total that I do not even know what
questions to ask, so that Google is sadly not my friend. :-(.

Hi Lisi. I have been in your position, so I know what it feels like - not really understanding how to get started. So I
have empathy for you. Here's the way I think about network traces. The first thing I must understand about a trace is
what type of problem am I trying to diagnose? The answer to that question has an impact on not only how I orient my
thought processes and what I search for, but also how I configure Wireshark, and sometimes on how/where I take my
traces. For example an SSL negotiation failure is an entirely different problem than very slow application response
time. Both can be diagnosed with Wireshark, but you are looking for different things in the trace.

If you can categorize the type of problem have captured, it may make googling a bit easier. But ultimately in my
opinion, searching the internet will be your best source of information until you can build an internal knowledge base.
If you are trying to diagnose a file transfer performance problem, I have found this article to be helpful. It has been
references to a number of important concepts and RFCs:
http://www.psc.edu/networking/projects/tcptune/

Beyond this, I have found much of my ability to diagnose issues through traces is simply based on my understanding of
basic TCP/IP. And obviously there are many resources for that topic. But if you want some help to get started, maybe
you could describe the issue and attach a small trace? Then maybe myself or someone else can walk you through the
diagnosis process on something concrete.

Scott
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Very, very elementary question - how do I make sense of the trace? Lisi (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Stuart Kendrick (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Prigge Scott (Oct 03)
  - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 03)
- Re: Very, very elementary question - how do I make sense of the trace? Chuck B (Oct 03)
  - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 04)
    - Re: Very, very elementary question - how do I make sense of the trace? Susan Bradley (Oct 04)
    - Re: Very, very elementary question - how do I make sense of the trace? Lisi (Oct 04)