Lets get a good understanding of the various fields within a typical wireshark sniffer trace. If we are at a point we are not sure what might be causing the issue and is more of a behavioral random nature of problem then run the packet capture for less time within the probable window of problem occurrence pattern, like one or two hours, capture all the traffic and then use Display filters to visualize only the information that you are searching for.īesides the use of above one can see all the capture and use coloring rules to catch the attention of certain type of packets assigned different colors for easy sorting or distinguishing packet flow. This will help in keeping the data collected to stay in a reasonable amount in terms of file size. It is recommended to use the Capture filters, when you know what are you looking for and trying to verify that in a running traffic to that event is captured when run that for more than couple of hours in a heavy traffic environment. When to use DISPLAY FILTERS and CAPTURE FILTERS? CAPTURE FILTERS – from the beginning you know what the packet of interest for you and capture only those packetsįilters for coloring the packets- this is used as a visual aid to enhance the display filter or capture filter or can be used just without any filter to just classify the many interesting packets as different colors for high level approach. DISPLAY FILTERS – after you capture a lot of information, they help you to visualize only the packets that you are interested in It enhances the time to resolution rapidly hence the need to understand how to use the wireshark filtering. Use of filters then becomes an art and complements the troubleshooters skill greatly This will help in quickly finding whether the interesting traffic is present or absent from the traffic collected. With the such a large amount of overwhelming data it may be very time-consuming to pin point the problem and gets practically a very difficult task almost tending to impossible.įiltering comes to our rescue to help a good troubleshooting engineer to spot the problems quickly by eliminating the unwanted traffic cutting the variables to a few or minimum variables to focus on at one time. The problem is that if you capture the packets traveling through a network device we may end having huge file and may even end up to 1G if you capture long enough with lot packets details in it. Since this troubleshooting process can become so complicated despite using the best approach and having a good understanding and troubleshooting skills. Those situations sniffer comes to our aid. Once identified still the exact point of failure is difficult to find. When a working network stops functioning a logical approach is required to localize the issue. There are many components or network elements and configuration and proper operation of the devices helps us achieve a smooth running network. When it comes to troubleshooting network related issues there are many dependencies and all work in layered model and each layer data depend on its lower layer below it. Why do we need to use wireless sniffer capture filter? It then becomes critical for us identify and localize the wireless network issue using wireless sniffer trace. If it did not make it correctly over the air then will obviously be missing or not get translated or sent over over to the wired side by the AP to the DS or distribution system. Our suspicion may get us to verify if it even made it through the first point of the source of origination which being wireless is working fine or not or it being missed over the air. When we inspect a traffic or data on a wired network using wired sniffer trace and cant find our interesting packets we need to know where is it missing. Why do we need to capture wireless sniffer trace? The stripping of the wireless mac address is done by the by the AP. This is true for whether its for a wired or for wireless network where we capture the packets over the air before they are put on the network. The wireshark tool in itself will not help us in getting through the troubleshooting unless we have a good knowledge and understanding of the protocol, the topology of the network and which data points to consider taking sniffer traces. This document will help you in guiding how to set up the wireshark and analyze the interesting packets using a versatile tool within the wireshark program called the wireshark filters. '802.11 Sniffer Capture Analysis -Wireshark filtering Wireshark Filtering-wlan Objective
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |