Book Image

Wireshark Essentials

Book Image

Wireshark Essentials

Overview of this book

Table of Contents (15 chapters)
Wireshark Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Isolating conversations of interest


After you have completed a packet capture and saved a bulk capture file, you'll be with an almost overwhelming number of packets of various types and addresses in the Packet List pane. It's now time to par this down to just the packets that pertain to the analysis task at hand.

The idea is to progressively eliminate unrelated packets; analyze the pertinent conversations looking for anomalies; and again progressively filter, measure, and analyze packet flow and application behavior until you have discovered and can document the root cause of the issue.

There are two basic ways to isolate and inspect packets and conversations of interest, and you'll likely use both of the following methods in most of your analysis activities:

  • Conversations: This window creates a list of conversation pairs by MAC or IP address and/or TCP/UDP ports that can be sorted. It displays filters that will isolate and display only the selected conversation packets can be quickly applied...