“ip network troubleshooting“ · “ip network troubleshooting“ part 3 wayne m. pecena, cpbe,...
TRANSCRIPT
![Page 1: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/1.jpg)
“IP Network Troubleshooting“ Part 3
Wayne M. Pecena, CPBE, CBNE Texas A&M University
Educational Broadcast Services - KAMU
February 2016
![Page 2: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/2.jpg)
Today’s Outline: Focused Upon Protocol Analysis with Wireshark
• Review of Wireshark Basics & How to Capture Network Traffic
• Creating Custom Wireshark Views
• Creating Custom Pre & Post Wireshark Filters
• Detailed Capture Analysis Examples
• Alternatives to Wireshark & Why Might These Might Be Considered
• Additional Useful Tools
• Takeaways, Questions, and Maybe Some Answers
2
![Page 3: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/3.jpg)
Review of Wireshark Basics & How to Capture Network Traffic
3
![Page 4: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/4.jpg)
Obtain & Install “Wireshark” • Available for Windows, Mac OSx, & Linux
• Download (current v2.0.1): www.wireshark.org
• Be Sure to Include Libraries: – WinPcap (Windows)
– Libpcap (Unix/Linux)
• Install
• Start Wireshark
• Select Interface
• Click “Start”
• CTRL+E will Stop
• You Have Created a PCAP File!
• View & Analyze Results
• Save For Later Analysis
![Page 5: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/5.jpg)
Wireshark Host Requirements • Windows 10, 8, 7, Vista, Server 2016, Server 2012, Server 2008 R2, and Server 2008
• Apple OSx, Debian GNU/Linux, FreeBSD, Mandriva Linux, NetBSD, Red Hat Enterprise/Fedora Linux, and several others………..
• 64-bit AMD64/x86-64 or 32-bit x86 processor.
• 400 MB available RAM. Larger capture files require more RAM.
• 300 MB available disk space. Capture files require additional disk space.
• 1024×768 (1280×1024 or higher recommended) resolution / 16 bit color minimum.
• A supported Network Interface
5
Keep in Mind:
Capturing on a 100 Mbps network can produce hundreds of megabytes of capture data in a very short time. A fast processor, lots of memory and disk space is always a good idea.
Don’t Use Your
“Old” Retired PC
As an Wireshark Capture
Host
![Page 6: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/6.jpg)
Captured
Packet(s)
Selected
Header
Data Decoded
Payload
Data
Decoded Hexadecimal & ASCII
![Page 7: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/7.jpg)
7
Application
Session
Presentation
Transport
Physical
Data Link
Network
Application
Session
Presentation
Transport
Physical
Data Link
Network
Physical
Data Link
Physical
Data Link
Physical
Data Link
Physical
Data Link
Physical
Data Link
Physical
Data Link
Network NetworkLayer 2
Device Layer 2
Device
Layer 3
Device
![Page 8: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/8.jpg)
Encapsulation
8
Transport
Physical
Data Link
Network
7
5
6
4
1
2
3
Segments
Bits
Frames
Packets
OSI
Model
Protocol
Data
Unit
Data
Flow
Layers
![Page 9: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/9.jpg)
Where to Tap?
• Problem Nature Often Determines: – At Problem Host
– At Destination Host
– Mid-Network Locations
• Accessibility May Also Drive Tap Point
Remember: Interfaces are Bi-Directional
![Page 10: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/10.jpg)
How to Tap Ethernet & Capture Packets • Can Be Challenging!
• How to Capture?
– UTP Ethernet:
• Physical Passive Tap
• Active Tap
– Optical Ethernet:
• Physical Passive Tap
• Active Tap
– Ethernet Switch Port Mirror
– Run Wireshark on Client Host if Possible
![Page 11: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/11.jpg)
Active Tap Devices
UTP Taps
Optical Taps
![Page 12: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/12.jpg)
Shared Media Approach 100 Mbps Maximum – Half-Duplex Only
12
HostDevice
A
HostDevice
B
Wireshark CaptureHost
EthernetHub
Commonplace In
Wireless Environment
It Was Simpler
In The Past
Half-Duplex Shared Media
Networks
Not Commonplace
Today
![Page 13: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/13.jpg)
Switched Media Approach
13
HostDevice
A
HostDevice
B
Wireshark CaptureHost
EthernetSwitch
Normal Ethernet Switch Operation
Prevents Network Traffic Between
Host A and Host B To-Be-Seen
by the Wireshark Capture
Host
![Page 14: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/14.jpg)
Switched Media “Hub” Approach
14
HostDevice
A
HostDevice
BEthernetSwitch
Wireshark CaptureHost
EthernetHub
Works, But Downgrading Network
To Half-Duplex
Ethernet Switch Now Sees 2-MAC Addresses (problem if switch-port security is enabled)
![Page 15: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/15.jpg)
Switched Media “Tap” Approach
15
HostDevice
A
HostDevice
BEthernetSwitch
Wireshark CaptureHost
EthernetTap
?? Works, But Often Costly
Especially When GigE UTP
Or Optical Network Involved
![Page 16: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/16.jpg)
Switched Media “Monitor Port” Approach
16
HostDevice
A
HostDevice
B
Wireshark CaptureHost
EthernetSwitch
Monitor Port Enabled
Monitor Port
Recommended
Approach
(where possible)
![Page 17: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/17.jpg)
Keep In Mind!
17
HostDevice
A
HostDevice
B
Wireshark CaptureHost
EthernetSwitch
Monitor Port Enabled
Monitor Port
500 Mbps Network Traffic 500 Mbps Network Traffic
1000 Mbps Network Traffic
Limitations:
“Bad’ Frames Not “Mirrored”
No VLAN Tags Passed
Caution With RTP Network Traffic
Remember:
Tapping a Network
Can Be Challenging!
![Page 18: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/18.jpg)
HostA
HostB
Wireshark Host
Port 1
Port 14
Port 23
Cisco Ethernet Switch “SPAN Port”
Switched Port Analyzer (SPAN) Port
config t
monitor session 1 source interface fa0/1
monitor session 1 source interface fa0/23
monitor session 1 destination interface fa0/14
exit
![Page 19: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/19.jpg)
HostA
HostB
Wireshark Host
Port 1
Port 14
Port 23
HP Procurve Ethernet Switch “Port Mirror”
“Mirror” or “Monitor” Port
config
mirror-port 14
int 1, monitor (int 1-12, monitor)
int 23, monitor
show monitor
exit
HP Procurve 2915
![Page 20: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/20.jpg)
Creating Custom Wireshark Views
20
![Page 21: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/21.jpg)
frame 192 selected
Header Details Displayed
Payload Data Decoded (hex & ASCII)
![Page 22: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/22.jpg)
22
View Screen Layouts
![Page 23: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/23.jpg)
Default View Colors
23
![Page 24: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/24.jpg)
24
Customize Columns
![Page 25: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/25.jpg)
Creating Custom Pre & Post Wireshark Filters
25
![Page 26: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/26.jpg)
Filtering
• Capture Filters – Selectively Capture Packets
– Pre-Capture Configuration
– Minimizes Amount of Captured Data
• Display Filters – Applied When Viewing
– Allows Focusing on Attribute(s)
– All Data is Retained
• Which One to Use? – Reason for Capturing Dictates Proper Filter Use
– Use “Capture” Filter When You Know What You Are Looking For
– Remember: You Can’t Display What Has Not Been Captured!
![Page 27: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/27.jpg)
Using “Capture” Filters
27
![Page 28: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/28.jpg)
Useful “Capture” (pcap) Filter Examples
• ip
• tcp
• udp
• host 165.95.240.130
• host 165.95.240.128/26
• host 165.95.240.128 mask 255.255.255.192
• src net 165.95.240.128/26
• dst net 165.95.240.128/26
• port 80
• not broadcast and not multicast
28 http://www.tcpdump.org/manpages/pcap-filter.7.html
![Page 29: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/29.jpg)
Using “Display” Filters
29
![Page 30: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/30.jpg)
Useful “Display” Filter Examples
30
• eth.addr==00:19:c8:c8:22:7f
• ip
• ip.addr==165.95.240.130
• ip.addr==165.95.240.130 or ip.addr==165.95.240.129
• tcp
• tcp.port==80
• udp
• udp.port==50000
• http
http://www.firstdigest.com/2009/05/wiresharks-most-useful-display-filters/
![Page 31: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/31.jpg)
Detailed Capture Analysis Examples
31
![Page 32: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/32.jpg)
TCP 3-Way Handshake
32
SYN
SYN, ACK
ACK
Find the 1st SYN Packet: “Edit>Find Packet”
Enter “tcp.flags.syn==1”
Right Click on Packet – Select “Follow TCP Stream”
![Page 33: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/33.jpg)
ICMP Example
33
![Page 34: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/34.jpg)
Streaming Media Example
34
![Page 35: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/35.jpg)
Wireshark Statistics
35
![Page 36: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/36.jpg)
Alternatives to Wireshark & Why Might These Might Be Considered
36
![Page 37: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/37.jpg)
Fluke Networks “Clearsight”
37
![Page 38: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/38.jpg)
38
http://www.klos.com/products/packetvault/
http://www.riverbed.com/products/steelcentral/steelcentral-packet-analyzer-personal-edition.html
![Page 39: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/39.jpg)
Additional Useful Tools
39
![Page 40: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/40.jpg)
“zenmap” nmap security scanner GUI
40
https://nmap.org/zenmap/
![Page 41: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/41.jpg)
Wireless Networks & Wireshark
• Wireless is challenging!
• Most 802.11 Network Adapters Do Not Support “Promiscuous” Mode
• If Promiscuous Mode is Available – You Only See Packets To-From the Host Running Wireshark!
• You Must Select RF Channel (Wireshark capture options)
• You Will Only See Packets on That RF Channel
• Extensively Use Capture Filters! Focus Upon a Specific Client
41
![Page 42: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/42.jpg)
Takeaways, Questions, and Maybe Some Answers
42
![Page 43: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/43.jpg)
Takeaway Points & Concepts: Parts 1-3
• Establish a “Structured” Troubleshooting Approach – Avoid “Shooting from the Hip” Approach(s)
• Use the OSI Model as a Guide to a Structured Approach – Work You Way Up the “IP Stack”
• Verify Layer 1 Physical Connectivity
• Verify Layer 2 Connectivity is Error Free
• Verify Layer 3 Inter-Networking
• Use Protocol Analysis to “See” Network activity
• 80% of Network Problems is Physical Infrastructure Based – Standards Not Properly Applied
– Guidelines Not Adhered To
– Don’t Loose Sight of 100m Ethernet UTP Segment Limit!
43
![Page 44: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/44.jpg)
Takeaway Points & Concepts ……….
• Use Protocol Analysis to “See” Network Host Interaction”
• “Wireshark” Is The Most Popular Protocol Analyzer
• Understanding the OSI Model & TCP/IP Protocol Action is Key to Understanding Wireshark Results
• Understand How & Where to Capture Network Activity
• “Filtering” is Essential to Find the Needle in the Haystack – Capture Filters (minimize captured data)
– Display Filters (minimize displayed info)
• Customize Your Wireshark Views
• Verify Everything Yourself
• Caution Trusting What You Are Told!
44
![Page 45: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/45.jpg)
References – Further Study
https://wiki.wireshark.org/
https://www.wireshark.org/docs/wsug_html/
![Page 46: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/46.jpg)
46
Utilize a Structured Process to Troubleshooting!
![Page 47: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/47.jpg)
47
![Page 48: “IP Network Troubleshooting“ · “IP Network Troubleshooting“ Part 3 Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU February 2016](https://reader036.vdocuments.mx/reader036/viewer/2022071217/604c1324196f0151fa2ad9cb/html5/thumbnails/48.jpg)
Thank You for Attending! Wayne M. Pecena Texas A&M University [email protected] 979.845.5662
48
? Questions ?