Comments on: Packet School 101 – Part 2

By: Gabriel

Gabriel — Tue, 24 Jul 2007 19:25:01 +0000

Thank you for the lessons, I truly enjoyed the content since this is what I am studying in school at this moment, which is Network Security, I find your website very tasteful, down to earth but very professional; once again thank you for the lessons.

By: Rachel

Rachel — Fri, 06 Apr 2007 17:57:08 +0000

Thank you for the lesson. I go through all your steps and others that i have to include, but, I have problem to take the graphs and other expert information and pest to my report. If you can help me in this.

Thank You.

By: German Trejo

German Trejo — Sun, 04 Mar 2007 06:21:36 +0000

I am running linux FC6 with wireshark 0.99.4, on part two I can not get the list shown on expert infos, can you help me how to get it?

By: Malcolm Hein

Malcolm Hein — Mon, 07 Aug 2006 12:32:27 +0000

Thank you for the time and effort you put into this material. It is fascinating to see the TCP/IP stack at work. Having taken classes devoted to TCP/IP and being a book-only CCNA is now paying off as I can now follow what is happening in the graphs and other Wireshark displays. It’s coming together and making sense in a much more tangible way.

And it’s free!

Keep up the good work. You guys are the greatest.

Sincerely,

Malcolm Hein

PS: I normally do not gush like this. So you KNOW you must be doing something good.

By: .:: Securnetwork.net Blog - Massimo Rabbi ::. » Wireshark 0.99.2

.:: Securnetwork.net Blog - Massimo Rabbi ::. » Wireshark 0.99.2 — Mon, 24 Jul 2006 16:47:13 +0000

[...] Packet School 101 – Part 2 [...]

By: The Way We See It » Blog Archive » The wild, wide world of protocol analysis

Thu, 06 Jul 2006 19:47:03 +0000

[...] That’s why we think it’s worth digging into and learning this product, particularly for those still in school, or who may not have access to some other commercial protocol analysis. Pun intended, this subject came to our attention thanks to input from a regular reader on a recent heavily visited Digg entry. Entitled "Packet School 101", it links to a series of short articles from Chris Sanders on the topic of network traffic analysis. Part 1 of the series describes what’s involved in downloading and using basic Ethernet (or WireShark) capabilities, especially on a switched network where gaining access to OP (other people’s) traffic can be something of a challenge (unless you get into switch port bridging, mirroring, or spanning, which is another subject entirely of its own). Part 2 takes readers through analysis of a sample packet capture, in the form of a 13 MB trace file. It revisits the concept of the "slow download" explored in Part 1 with actual data to back up an investigation of the symptoms and an explanation of possible causes and contributing factors. Hopefully, Parts 3 and later will follow and be available by the time you read this blog. [...]

By: Dave

Dave — Thu, 06 Jul 2006 18:51:12 +0000

Some switches have a feature that allows you to make a switchport into a monitoring port if you don’t have a hub. Many Cisco switches and routers have this feature.
Another alternative is ARP poisoning, but I may be getting ahead of the lessons.

By: badger_fan

badger_fan — Thu, 06 Jul 2006 18:31:54 +0000

Thanks for the info, can’t wait for the next installment. I’m just trying to learn this stuff and your really helping.

By: Administrator

Administrator — Thu, 06 Jul 2006 14:37:04 +0000

“Expert Info” is listed under the Analyze context menu on the version I am running. I am currently running 0.99.0 which I just downloaded near the beginning of last week.

By: nate

nate — Thu, 06 Jul 2006 14:26:26 +0000

There is no expert mode in Ethereal 0.10.12 under the Analyze menu.

By: lowkey

lowkey — Thu, 06 Jul 2006 09:12:30 +0000

thanks for this lesson. i’ve ethereal for a while but never really spent any time learning it. looking forward to the next installment.

By: OneLander

OneLander — Thu, 06 Jul 2006 02:15:01 +0000

If you want some more information about capture filters check this site out.

http://home.insight.rr.com/procana/

By: Administrator

Administrator — Thu, 06 Jul 2006 01:00:54 +0000

Appears I did forget to link the download to the trace file. Should be fixed momentarily. Thanks for the heads up!

By: KesslerB

KesslerB — Thu, 06 Jul 2006 00:55:54 +0000

Um… where’s the sample trace file we’re supposed to download before we begin? I don’t see it linked anywhere in the posting.

By: Chris Sanders » Packet School 101 - Part 1

Chris Sanders » Packet School 101 - Part 1 — Wed, 05 Jul 2006 16:05:12 +0000

[...] Packet School 101 – Part 2 [...]