Thursday, October 9, 2014

Wireshark Columns

Hansang Bae is the man when it comes to Wireshark, IMO. I have listened to many of his videos and his insight is always spot on. Knowing which columns to use in your Wireshark setup can be confusing but the first article linked below does a nice job explaining some tricks to a better environment.

Delta shows the time between packets. Big time, big problem! (At least a good place to start.)
CumuBytes allows us to see how much data is being transferred, cumulatively!



  • NxtSEQ
    • A counter of how many bytes have been transferred
    • custom field type
    • field name = tcp.ack
  • SEQ
    • A helpful reminder that the next time you transmit you’re going to start at this point
    • custom field type
    • field name = tcp.seq
  • ACK
    • The receiver sends the ACK, saying they’ve received this many bytes, so you’re good to go to such-and-such packet number
    • custom field type
    • field name = tcp.ack
  • ACKFor
    • Quick way to see, for example, packet #11 is ACKing packet #10
    • custom field type
    • field name = tcp.analysis.acks_frame


Wireshark Column Advice
http://www.riverbednews.com/2014/05/ask-the-experts-top-wireshark-tips-and-tricks-from-bae-and-combs/

Hansang Bae Videos for Developers
http://www.lovemytool.com/blog/hansang-bae/
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)