Troubleshooting with WiresharkLocate the Source of Performance Problems Laura Chappell Founder, Chappell University Founder, Wireshark University Always ensure you obtain proper authorization before you listen to and capture network traffic. Protocol Analysis Institute, Inc 5339 Prospect Road, # 343 San Jose, CA 95129 USA www.packet-level.com Chappell University www.chappellU.com Copyright 2014, Protocol Analysis Institute, Inc., dba Chappell University. All rights reserved. No part of this book, or related materials, including interior design, cover design, and contents of the book web site, www.wiresharkbook.com, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher. To arrange bulk purchase discounts for sales promotions, events, training courses, or other purposes, please contact Chappell University via email (, phone (1-408-378-7841), or mail (5339 Prospect Road, #343, San Jose, CA 95129). Book/ebook URL: www.wiresharkbook.com (Version 1.0a) Distributed worldwide for Chappell University through Protocol Analysis Institute, Inc.
Protocol Analysis Institute, Inc. is the exclusive educational materials developer for Chappell University. For general information on Chappell University or Protocol Analysis Institute, Inc., including information on corporate licenses, updates, future titles, or courses, contact Protocol Analysis Institute, Inc., at 1-408-378-7841 or send email to For authorization to photocopy items for corporate, personal, or educational use, contact Protocol Analysis Institute, Inc., at Trademarks. All brand names and product names used in this book or mentioned in this course are trade names, service marks, trademarks, or registered trademarks of their respective owners. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation. Limit of Liability/Disclaimer of Warranty. The author and publisher used their best efforts in preparing this book and the related materials used in this book.
Protocol Analysis Institute, Inc., Chappell University, and the author(s) make no representations or warranties of merchantability of fitness for a particular purpose. Protocol Analysis Institute, Inc., and Chappell University assume no liability for any damages caused by following the instructions or using the techniques or tools listed in this book or related materials used in this book. Protocol Analysis Institute, Inc., Chappell University, and the author(s) make no representations or warranties that extend beyond the descriptions contained in this paragraph. No warranty may be created or extended by sales representatives or written sales materials. The accuracy or completeness of the information provided herein and the opinions stated herein are not guaranteed or warranted to produce any particular result and the advice and strategies contained herein may not be suitable for every individual. Copy Protection. Copy Protection.
In all cases, reselling or duplication of this book and materials referenced in this book without explicit written authorization is expressly forbidden. We will find you, ya know. So do not steal or plagiarize this book. Other Books by This Author Other Books by This Author Wireshark 101: Essential Skills for Network Analysis ISBN10: 1-893939-72-3 ISBN13: 978-1-893939-72-1 Series: Wireshark Solutions Series Book URL: www.wiresharkbook.com Available in hardcopy and digital format. Visit www.amazon.com for more details. Wireshark Network Analysis: The Official WiresharkCertified Network Analyst Study GuideSecond Edition ISBN10: 1-893939-94-4 ISBN13: 978-1-893939-94-3 Book URL: www.wiresharkbook.com Related URL: www.wiresharktraining.com Available in hardcopy and digital format.
Visit www.amazon.com for more details. Wireshark Certified NetworkAnalystOfficial Exam Prep GuideSecondEdition ISBN10: 1-893939-90-1 ISBN13: 978-1-893939-90-5 Book URL: www.wiresharkbook.com Related URL: www.wiresharktraining.com Available in hardcopy and digital format. Visit www.amazon.com for more details. Acknowledgments My sincere thanks go to the Wireshark Core Developers who have built Wireshark into an indispensable tool. The current list of core developers can be found at wiki.wireshark.org/Developers. My heartfelt thanks go to Gerald Combs for creating an amazing tool and leading the development team to implement many impressive enhancements over the years.
Thanks to Joy DeManty for reviewing the book tirelessly and running through all the labs time and time again. Thanks to Jim Aragon for putting in so much time over the holidays to edit this book. I so appreciate the time and effort you dedicated to improving this title. Hugs to my kids, Scott and Ginny. Thanks for keeping me laughing through this process. Laura Chappell Dedication Dedication This book is dedicated to C.W. Laura Chappell Dedication Dedication This book is dedicated to C.W.
Rogers with my deepest gratitude for teaching me many moons ago that technology and training can be entertaining! Laura About this Book This book was designed to teach you the most efficient network analysis and Wireshark techniques necessary to quickly locate the source of network performance problems. We begin with a brief list of problems that can plague a network. It was a daunting task deciding which issues to cover in this book. We focused on the most common problems and the problems that Wireshark and network analysis are most suited to solve. Part 1: Preparing for Problems focuses on a basic four-part troubleshooting methodology, crucial Wireshark skills used in troubleshooting, and a comparison of capture techniques. Part 2: Symptom-Based Troubleshooting is the "heart" of this book. Part 2: Symptom-Based Troubleshooting is the "heart" of this book.
This part delves into the various symptoms that a problematic network may experience and the possible causes of those symptoms. The symptoms are separated into four sections: resolution problems, time-related problems, problems that can be detected with Wireshark's Expert Infos, and application problems. This part of the book is filled with hands-on labs to help locate symptoms as well as details on what causes those types of problems. It's important to understand that Wireshark can always be used to determine where the problem occurred, but it cannot tell you why the problem occurred. We will, however, attempt to point you in the right direction regarding the cause of various symptoms. Part 3: Use Graphs to Detect Problems explains how to use Wireshark's various graphs to build pictures of network performance issues and prioritize your troubleshooting tasks.
Although you likely will have found the location of performance problems using the techniques learned in Part 1 and Part 2 of the book, visualization of problems can help when you must explain the issues to others. In addition, this section includes a chapter that explains how to export trace file information to various third-party charting and graphing tools. Finally,
Next page