This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

hi basic question, in short, what is the very best single source/guide for learning the basic skill of how to read packets? as of the date you are reading this. one link is perfect.

specially i would at least (minimal need) like to know how to read what sites i visited, probably one of the most casual basic need and use of wireshark.

==
longer version..

tons of resources are out there on the Web as well as on this q&a forum. most of us don't need all that excess. in every topic (that is not based on taste, ie. the arts) there is always a best source. the same is true here. only the most experienced person (or someone who is highly skilled in selecting) would easily know what is the best

many things make it the best like it's the most updated (updated right now), and high usability -- any beginner would understand and easily learn, because the guide is good (top 1%). not productive for me to explain what qualities would lead to the best (top 1%), and their similarities and variation, on each and every topic from uv rays to wedding cakes. highly experienced people would already know on this particular one.

btw, i dont know if it is, but all this stuff and confusion being asked on the q&a forum should be centralized as soon as they get solutions, just like it should be everywhere else on the Web -- which of course, is not, and that's why we have this continuing and insane problem of extensive fragmented info.

asked 30 Apr '13, 00:24

bebetter's gravatar image

bebetter
13124
accept rate: 0%

edited 30 Apr '13, 00:39


For Wireshark itself, jaap already mentioned the Wireshark book site.

That's only half of the story, though - Wireshark assumes that you already understand the various protocols it dissects and presents to you (e.g. IP, TCP, HTTP, LDAP, whatever...). Simply put, it's very much like working with human languages; Wireshark can tell you that a conversation is "speaking Spanish" and present you with a transcript of what was said, but it's up to you to learn Spanish.

Toward that end--and since we have no idea of your knowledge level--I'll suggest starting with The TCP/IP Guide. There's a free online edition at that link, and it is also available in book form. (If you're new to networking, resist the urge to skip sections; that site's "Networking Fundamentals" section is a pretty good introduction...)

There is no single source that will teach you "how to read" every protocol dissected by Wireshark; once you get the fundamentals down, you'll need to find references for the protocols upon which you want to concentrate your efforts. There's an IBM Redbook, "TCP/IP Tutorial and Technical Overview", that goes into detail on several of the more common protocols. (Warning - that link is a 1000-page PDF.)

I'll also recommend the

permanent link

answered 03 May '13, 13:32

wesmorgan1's gravatar image

wesmorgan1
411101221
accept rate: 4%

edited 03 May '13, 14:14

permanent link

answered 30 Apr '13, 03:26

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

-3

First Know The Goal

"'how to read' every protocol" is not "what sites i visited."

i will assume that most sites use http, and in that case, "how to read every protocol" is irrelevent. if that assumption if incorrect, then nevermind.

if there isn't a guide for "how to read what sites i visited", or "how to setup wireshark to read what sites i visited" then that means there isn't any best guides out there currently.

Replies

1) Presumption of Non-Widely Spread Knowledge Does Not Make A Good Guide

if any guide presupposes knowledge (that is absolutely not common to the vast majority of society), then of course "this guide presupposes knowledge of etc. etc. etc." should be the 2nd thing stated.

the first thing is what the hell this does that can help us, and what it is used for

no idea if that book dose that, though it may be the best currently for advance level, which is not needed for most ppl

next source:

2) Cannot Judge Redbook by IBM because, since and I have NO IDEA what on here is relevant to the goal, I cannot skim it -- and thus, it is too long to look over

im thinking right now after finishing writing this if i should keep that link or not. a guide is NOT documentation OR references. this redbook looks largely (wild guess of 80%) like references (things that are googable are not needed to keep) so i not keeping.

i do keep helpful things, but i can't see what future need i would have for this.

this leads us a related, and biggest problem, of that tcp ip page:

3) EXCESSIVE FLUFF IS COMPLETELY UNACCEPTABLE

the biggest problem is --

EXCESSIVE FLUFF

"Quick navigation to subsections and regular topics in this section" is one of 90%

a lot of the writing on that page is fluff and almost nobody needs to know any of that stuff

this is problem when ppl do not know how to write. and thereby are unable present a guide concisely.

understand that this is a HUGE flaw.

an example of fluff is "There's a free online edition... etc. etc. etc." -- clicking on the link already makes this known, so compltely needless.

a comment like "...esist the urge to skip sections" is not fluff, though someone like me knows how to learn. this is an example of non-fluff, but still not needed.

4) minor points

however, that answer is not a "guide" so this doesn't really matter at all.

4.1 analogy/metaphor the analogy/metaphor you make is terrible. specifically for this, lots of reasons. generally for analogy/metaphor, they are one of the most inaccurate ways to present info.

firstly, what this tells me is you couldn't make a good guide. secondly, this strongly implies that you are not "someone who is highly skilled in selecting." other factors may confirm this. "section is a pretty good introduction..." the ... makes it seem like u are unsure of yourself. not a factor that confirms, just a minor probable little thing. too much to explain. not productive.

4.2 i am guessing that "I'll also recommend the" is edited out by you or someone due to lack of worth. good, i hate trash.

4.3 that tcp ip page is VERY POORLY ORGANIZED / BAD LAYOUT (AND HASN'T BEEN UPDATED IN FOREVER) and having been on FAR more pages on the Web then you have (i hav 753 tabs on chrome right now, and it has always been that way historically on firefox.), so i will tell right now that page is definitely not up to par. could have cleaned up all that badness on the tcp ip page. probably saw in ~2 yrs ago?? no idea, anyway, it went straight into https://chrome.google.com/webstore/detail/nolijncfnkgaikbjbdaogikpmpbdcdef

5) so IF there are no basic guides for this VERY SIMPLE thing yet in 2013, what to do? -- the most promising course of action in that scenario then -- is to postpone this question for over 730 days, in H2 2015, which i have done, though i'll check back on a quarterly basis, as also scheduled. most likely i will end up evetnually removing this page from my checkups after 2 quarters

can see my basic questions on http://ask.wireshark.org/users/2691/wiresharkhelpers , which i completley forgot what my pw was.

6) i dont need any of what i wrote here for what is the best (i already know everything, sorry i couldnt explain every single thing). i just wrote this for all of you so that a good source may (unlikely) be found/created

maybe one day i'll get around to creating a 'guide to data source' (since this is what this reply is about) and other actually helpful guides. more centeralized guides, less crap on the Web, please. not very happay :/

permanent link

answered 05 May '13, 10:35

bebetter's gravatar image

bebetter
13124
accept rate: 0%

edited 05 May '13, 11:16

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×4

question asked: 30 Apr '13, 00:24

question was seen: 1,685 times

last updated: 05 May '13, 11:16

p​o​w​e​r​e​d by O​S​Q​A