Here's how to create a Windows desktop shortcut to automatically start capturing when you launch the Wireshark GUI
Wednesday, August 30, 2023
Monday, August 28, 2023
- Using Wireshark's editcap to Remove Duplicate Packets
Depending on how you capture packets, you may run into scenarios where you have duplicate packets caused by the nature of your tool's placement and network topology.
Do not confuse this with legitimate duplicate packets caused by network-related issues. We want to see those packets to resolve the issue.
Here, I use Wireshark editcap utility to remove duplicate packets.
Friday, August 25, 2023
Device Baselining
Not a week goes by without hearing from people asking for me to perform a baseline.
I also got a lot of requests asking to create a template to help them perform a baseline.
Not to sound like a consultant, but every baseline is completely different depending on the equipment, the network, and your ultimate goal.
In this video I show you how I start a baseline with an ip camera and my Profitap IOTA, and what i find. Of course, you can start any baseline using Wireshark which is completely free, but the goal for your first baseline should be to document the equipment location, network topology, and the goal of the baseline.
For example you might say I want to see how this camera behaves when it boots up.
You would want to document which devices are communicating with the camera, which protocols are in use, and possibly any load on the network.
I strongly encourage you not to get overwhelmed with too much detail upfront because if you have a trace file, you should be able to go back and retrieve any information that you may decide is important at a later date.
Enjoy
Monday, August 21, 2023
Measure Task Time With Timer
Over the years there is always interest in the articles I post showing how to measure latency, delay or how long it takes a task to complete.
I have showed my readers many utilities, tricks and tips on how to accomplish various variations on this theme.
Here’s another helpful utility you should consider for your toolbox. Its portable, free and simple to use which got my interest right away.
Heres the link to Timer https://www.gammadyne.com/cmdline.htm#timer and a video with an example.
Enjoy
Thursday, August 17, 2023
..Another Upgrade.. well you know
I was working with a long-time client on a fairly major upgrade for a remote site. We were replacing equipment, cabling, and some firmware upgrades.
I was invited to sit in on the planning meetings since I know the network and staff fairly well. During our first meeting, we documented all the equipment that will be 'touched', pros and cons, dependency analysis, and the typical backup plan if things should go south.
A few meetings later the team reviewed the actual action plan, roles and responsibilities, and timelines. It was in this meeting that I suggested that they make the changes in discrete 'phases' so we can better monitor if the change worked and back out more quickly if things should go wrong. the fact this place is fairly remote can complicate troubleshooting further.
I was met with a chorus of teasing and the title of "Grim Reaper" and "Negative Tony". I took it all in good fun since I know them so well but cautioned them that if they make all the changes at once and something goes wrong, it will take a lot longer to diagnose the issue. They were so confident, that they "got it", they even suggested I sit this one out. I gladly responded with "Great, I'll be at the cottage".
Fast forward to the change and they went with their wholesale change and I heard nothing during the change window and went with "no news is good news" ;) I turned off my phone and enjoyed my weekend.
Monday morning I had a ton of voicemails, texts, and emails asking me to call immediately. unfortunately, they ran into issues and have completely backed out but are still down. I immediately hopped in my car and went out to help. During my 2-hour drive, I asked all the typical questions and nothing jumped out at me. They blamed the firmware upgrade, new router, and anything they changed, but if it's all back why is it still down?
I started with my standard "Have you walked the site yet?", and they replied, "Of course we did and found nothing.". I replied, "So it won't take long to do it again with me, right?". Here's where the fun starts...
As we walked around, I immediately noticed there was no grounding for the new outdoor AP and they responded "We'll take care of that later", then I noticed that one of the enclosures was jam-packed with ethernet cables. after further investigation, I realized there were 5x12 foot cables when all we needed was 3 footers. They told me the installer forgot the short cables and will be back. Then I pointed out that the main backhaul enclosure had no power. That's when the finger-pointing started amongst themselves trying to figure out who, if anyone physically checked. I told them we can figure out who to blame later, let's fix the problem first.
I traced the power and main ethernet cable only to find that someone had nicked both cables in a door. This ironically was the first thing on their list for their change.
Believe me, I understand we want a change to be over with as quickly as possible and I totally understand that in the midst of troubleshooting a 'down' scenario, you have to believe what someone tells you. But you must get to a point where you have to start from scratch and validate/verify everything reported.
Check out the cables below.
Subscribe to:
Comments (Atom)
Popular post
-
I just wanted to take a few minutes to share the results of some of the "Capture Limit" testing I have been doing in my lab. These...
-
From Betty's Linkedin post I've updated my profiles! I've now got over 300 hashtag # Wireshark display filters to share. I had...
-
Everyone loves a reference sheet and this one is very helpful since GREP is so under utilized Found this on www.sysxplore.com my favori...
