This file can be helpful for reference when narrowing the scope of the problem. Tshark -nn -r m圜apture.pcap -q -z conv,tcp > myTCPConversationList.txt With tshark, we can generate a list of all TCP conversations, including details about the IP addresses, ports, and amount of data transferred. If you aren’t sure what is in a pcap, listing the TCP conversations can be a good place to start. So for the sake of this article, we are going to assume you already have your pcap(s) to analyze. Taking a pcap on the command line is fairly straightforward, and has been covered elsewhere in detail. This is where the command line tools such as tshark and tcpdump come in. The graphical interface of wireshark is great for looking at packet flows, sequence numbers, and graphing conversations or ACK timings.īut sometimes it is helpful to screen a capture before you spend the time looking at it manually.
It may seem intimidating to look at packet captures, but once you dive in, you’ll find how useful it can be. This is much faster than guessing at the source of the problem, as it can eradicate any false assumptions you have about the network. When things aren’t working as expected, the best thing you can do is to take a packet capture (pcap) and look at what’s actually going on.
Whenever you are setting up a network, changing a network, or optimizing a network, things always end up going wrong.
0 kommentar(er)
