topics:
|
History of Wireshark
Introduction and mode of operation of the Wireshark network analyzer / Workflow data capturing
- Data sources
- Data recording in wired, 802.11-based networks
- Live Capture (Promiscuous Mode) and Live Capture settings
- Offline data sources
- Working with Capture Filter and Display Filter
- Adjust local folders
Philosophy, when, why and how to measure with Wireshark
- Specific deployment of the network analyzer: When should you measure and when not
- Field of application of the packet analysis
- Systematic procedure of an troubleshooting
Packet-analysis in switched and virtual networks
- SPAN / Mirror-Port, advantages and disadvantages
- Inline-network measurement through TAPs: breakout, aggregation and filter TAPs
- Filter and aggregation Network Packet Broker Switches
- Summarize and modify large trace files
IP basics
- Structure of the IP header
- IP addressing / sub netting
- IP fragmentation
- Introduction in QoS through DiffServ
TCP basics
- Structure of the TCP header
- Functionality TCP Receive Window and Congestion Window (Window Scaling)
- Overload control / congestion control
- Algorithm for the overload control
- Slow Start and Congestion Avoidance
- Window Scaling
- Fast-Retransmit and Fast-Recovery
- Selective ACKs (SACK)
- The impact from the Bandwidth-Delay-Product on the data throughput
Capture packets with Wireshark
- Important options for the data recording
- Data recording with more than one network card
- Long-term network analysis with Wireshark
- Data recording with Wireshark in high performance networks, where is the limit?
- Important information about Checksum Offloading and CRC Errors
- How does SSL-analysis work?
Customise the user interface the Wireshark network analyzer
- Fonts, Colors, columns, segmentation of the view
- Standard parameters, directories, profiles
- Name resolution
- Protocol adaption
- Navigation inside trace files
- Highlight correctly and effectively, sorting the packets
- Time visualization: relative vs. Delta
- Colorization of the conversations
- Individual color adaptions and regulate the colorization
Use the display filter for effective troubleshooting
- Filter definition basics
- Options to define the filter
- Expressions
- Expert filter settings
- Text on Wire filter
- Export filters
- What is to consider with filter definitions
- Typical errors in the filter settings
Utilize the Wireshark statistics for the analysis and the troubleshooting
- Statistics about connections and endpoints
- Time values of the IO graph
- Flow diagrams and determine the response time
- Time analysis for the CIFS-protocol
- Extended statistics
Using the IO graph for performance troubleshooting
- How to use the IO graph during performance troubleshooting
- How to analyze and detect poor performance
- What impact does have packet loss on the performance and how is this presented in the IO graph?
Network issues vs. application issues – Narrow down the source of errors
- Causes of poor performance
- Best practice approach
- Interpretation from gathered information to locate the causes
- Impact of retransmissions on the performance?
- Typical network problems
- Correctly interpret and understand packet loss
- Determine the cause
- Interpret the packet loss with Wireshark
- Correctly understand references about the packet loss
- The duplex mismatch issue is non destructible
- Determine the delay time
- Measure with Wireshark the RTT Acked Data delay time
- Throughput vs. delay time
|