Why Wireshark Display Filters Are Your Network Superpower

 

If you’ve ever opened a capture in Wireshark and immediately felt like you were staring into the Matrix, display filters are your way out. Learning to use them means you stop looking at all the packets ever and start looking at the ones that actually matter. Instead of scrolling endlessly and squinting at hex like it owes you money, you can narrow things down to exactly what you’re troubleshooting. Less noise, more signal, and way fewer “why is this taking so long?” moments.

One of the easiest and most satisfying wins is filtering by protocol name. In the video, using simple filters like dns, mdns, or nbns instantly cleans up the mess. Want to see only DNS traffic? Type dns and boom—suddenly your capture makes sense. It’s like telling Wireshark, “I don’t care about the other 10,000 packets, its just noise, packet junk or gossip.” This alone can turn a confusing capture into a clear story about what’s actually happening on the network.

Display filters also save a ton of time, which means less frustration and more confidence. When you know how to quickly isolate traffic, troubleshooting feels less like guessing and more like detective work. Is DNS slow? Filter on DNS. Is a connection failing? Filter on TCP. Instead of blaming “the network” (or the firewall, or the ISP, or Mercury in retrograde), you can actually prove what’s going on with a few well-placed filters.

Best of all, learning display filters is one of those skills that pays off immediately and forever. You don’t need to memorize everything—start simple, like protocol names, and build from there. Before long, you’ll look at massive captures and feel calm instead of afraid. And that’s a rare feeling in networking: confidence, clarity, and the smug satisfaction of saying, “Yeah, I filtered that.”

---

Lets play IP 'Whack a Mole'

Had such a weird problem the other day after the installation of a voice switch.

The voice switch was manually configured  with an ip address (x.x.x.2) and an old Cisco switch (model unknown) decides to grab the same ip from our dhcp server.

Here's the odd part,  I configured the DHCP scope to start at x.x.x.11.

Since I was working remotely, I disabled the upstream switch port that the cisco switch was connected to until the onsite guys could investigate.

The onsite tech told me that the cisco switch was in an area that wasn't accessible, I suggested he hang tight and I will reenable the upstream switch port connected to the Cisco switch.

I enabled the port and we waited for about 15 minutes to see if the issue comes back. I could see the devices on the cisco switch had ip addresses and data was definitely flowing. Oddly enough the switch had not requested an ip address from the DHCP server with I confirmed via the switch mac table, router mac table and DHCP server.

I told the tech "lets leave it alone for the weekend'. Monday morning I checked and the Cisco switch is still online, I can see its mac address, but no ip address.

The tech decided to 'take it out'  when he got access since it was a super old 10/100 switch, so unfortunately I could no longer do any more testing, but still a good exercise on identifying, locating and isolating a duplicate ip address scenario.

 

---

Stanford free AI course Deep Learning (CS230)

 

If you’re passionate about advancing your AI and machine learning skills, there’s no better time than now to dive into deep learning — and this free Stanford CS230 Deep Learning YouTube playlist is a goldmine of knowledge waiting to be explored. Hosted by Stanford University, this playlist curates a comprehensive set of lectures covering the essential concepts, techniques, and real-world applications of deep learning. It’s the kind of content that normally resides behind costly university enrollment — yet here it is, accessible with just a click. (YouTube)

What makes this playlist stand out is its structured approach to teaching one of the most sought-after skills in today’s tech landscape. From neural network fundamentals to advanced optimization strategies, the lecture videos break down complex topics into digestible, engaging lessons. Whether you’re a student preparing for a career in AI or a professional looking to level up your expertise, this Stanford course offers a roadmap that’s both deep in technical substance and geared toward real application. (YouTube)

Another great advantage of this playlist is its flexibility. You can watch it at your own pace, rewind to clarify tricky concepts, and re-watch key sections for better retention. Unlike traditional classroom settings, there’s no pressure, no deadlines, and no tuition — just you and some of the brightest minds in deep learning sharing cutting-edge insights. It’s a rare opportunity to learn directly from top educators without spending a dime. (YouTube)

In a world where AI and machine learning are rapidly reshaping industries, having reliable and expert-led training is essential. This playlist not only equips you with foundational knowledge but also inspires deeper curiosity and exploration into advanced topics like neural architectures and model optimization. Ready to elevate your skills and explore the frontier of AI? Start watching the Stanford CS230 Deep Learning playlist today and take a big step toward mastering one of the most transformative fields in tech. (YouTube)

---

Overview of Single-Mode and Multimode Fiber Optics

Troubleshooting skills don't just happen

 

I remember a while ago when I was presenting and told the group "if you do your job right, you will always find something to fix, tune or tweak" .

After an install, I always go online the next day or two and check logs, port stats, etc..  I would say I will find something odd that is worth investigating about 30% of the time.

Over the years, I have found a lot of 100Mb POE injectors connected to 1 Gb ethernet ports and 1 Gb devices, bad cabling, 100 Mb switches/hubs on 1 Gb devices, the list goes on...

In this specific example, a new computer with a 1 Gb Ethernet interface, with new patch and structured cabling connected into a switch 1 Gb Ethernet port came up as 10 MB, and then later, 100 Mb, along with a boatload of errors.

I reached out to the client to address the issue since it can only be a few things (in order of most to least probable):

- bad patch cable at the client's desk

- bad run to the patch panel

- bad patch panel cable 

- bad switch port

- bad computer ethernet port

The clients initial response is that they are 'too busy to look at it' , and since the computer seems to be working just fine and can get on the internet, there is no urgency to address it.

Now my job is to sell, convince and educate the client that this is worth fixing before they 'notice' and it becomes a last minute support issue. :)

---

from the net: The biggest cybersecurity and cyberattack stories of 2025

 

2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety levels, and, of course, zero-day vulnerabilities exploited in incidents.

Some stories, though, were more impactful or popular with our readers than others.

Below are fifteen of what BleepingComputer believes are the most impactful cybersecurity topics of 2025, with a summary of each. These stories are in no particular order.

https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2025/