This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture Analysis

0

I would like to know if there are any good references for analysing capture files. I can see the data, however, I don't have the knowledge to analyse what I am seeing.

asked 22 Feb '11, 08:21

nkingcade's gravatar image

nkingcade
1111
accept rate: 0%

One Answer:

1

That question is somewhat similar to the following question:

I would like to know if there are any good references for analysing X-ray images.
I can see the picture with bones and all, however, I don't have the knowledge to
analyse what I am seeing.

Of course, some things do stick out in wireshark capture files (just like the shadow of a scissor will still out in an X-ray image). For the most part however, it takes time to get to know how the protocols work and what should be visible in the capture file.

Start with a book like Wireshark Network Analysis by Laura Chappell, this will get you on the way with working with Wireshark and into some of the most commonly used protocols. Then you can dig deeper by reading up on the RFC's, analyzing lots of different tracefiles and so on...

Of course when you have specific questions on things you are trying to analyze, you can use the wireshark mailing lists and this Q&A site for support.

answered 22 Feb '11, 08:31

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%