Wireshark name resolution

As I mentioned in a previous post, if you’re troubleshooting an issue using wireshark, especially if you’re using IPv6, it can be a headache to keep track of which IP is which in a complex network. Imagine trying to write down or memorize the following IP addresses in the packet capture: Wireshark can real the … Continue reading Wireshark name resolution

Identifying network latency / jitter issues w/ Wireshark

Issue : sporadically and randomly clients would see jitter (picture freezing for a small number of seconds) when viewing live video streams such as BBC news To start tackling the above issue it is first important to observe the normal behaviour of the video stream. In BBC’s case, the video stream is using RTMP (port … Continue reading Identifying network latency / jitter issues w/ Wireshark

TCP zero windows

Yet another reason downloads can fail… Issue : Large file is being downloaded (eg an ISO running above 500MBs). The file starts off downloading fine, but eventually stops downloading, leaving the file incomplete. Cause (in this case) : TCP zero windows caused the server to reset the connection Troubleshooting : In wireshark, run the following … Continue reading TCP zero windows

Exporting / saving decrypted data from wireshark

Elaborating on my previous post, “Decrypting https traffic with bluecoat reverse proxy” in support or troubleshooting situations most of the time the end client would not be willing to give up any private keys. This is of course understandable given the fact that this could lead to a security system compromise, which would necessitate a … Continue reading Exporting / saving decrypted data from wireshark

Decrypting HTTPS traffic with BlueCoat reverse proxy

Just submitted as KB article to bluecoat 🙂 Common example scenario: An SSL reverse proxy is deployed, and at some stage in the troubleshooting process a packet capture of the HTTPS traffic is required to view traffic flowing between the client / proxy or between the OCS and proxy. In a reverse proxy scenario, the … Continue reading Decrypting HTTPS traffic with BlueCoat reverse proxy

Measuring Bandwidth using Wireshark

Update: For easy bandwidth visualization from packet captures, check out a web-based pcap parser we wrote: https://medium.com/cybersift/the-cybersift-packet-capture-parser-bandwidth-usage-43fe479ecaf0 There are of course several ways of measuring bandwidth usage from a particular PC. But when it comes to granularity and detail, almost nothing beats wireshark. Wireshark has several ways of showing the bandwidth being used, each method displays the … Continue reading Measuring Bandwidth using Wireshark