{"id":5211,"date":"2017-10-17T11:10:39","date_gmt":"2017-10-17T16:10:39","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=5211"},"modified":"2017-10-09T11:21:38","modified_gmt":"2017-10-09T16:21:38","slug":"how-to-use-wireshark-to-diagnose-network-problems","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/how-to-use-wireshark-to-diagnose-network-problems\/","title":{"rendered":"How to use Wireshark to diagnose network problems"},"content":{"rendered":"<p><span style=\"font-family: verdana, geneva, sans-serif;\"><a href=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2017\/10\/network-shark.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-5212 alignright\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2017\/10\/network-shark.png\" alt=\"\" width=\"300\" height=\"326\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2017\/10\/network-shark.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2017\/10\/network-shark-276x300.png 276w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a>Wireshark is distributed as a free open source packet analyzer. The utility provides a detailed report on the traffic flowing through your Network Interface Card (NIC), and may be used in benchmarking network performance and troubleshooting network issues. Here are some tips and best practices, describing how.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">First Steps<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">If you haven\u2019t done so already, the first thing you\u2019ll need to do is install Wireshark on your testing system. The setup program can be obtained from <a href=\"http:\/\/www.wireshark.org\/download.html\" rel=\"nofollow\" target=\"_blank\">the Download section of the Wireshark website<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Wireshark is designed to capture and log the activity on your network in real time, so that you can sort through and analyze the results in your own time. To get the most out of this utility, you\u2019ll need to plan ahead a little \u2013 mostly to determine what it is that you actually want to monitor.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">If you just need to isolate and check up on local conditions, plugging the system on which Wireshark is installed into the relevant switch port will enable you take readings on the hardware addresses associated with that port, broadcast\/multicast traffic, and traffic passing to and from the system between ports.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">You should use port mirroring, if you wish to examine traffic on an Ethernet port other than the one your Wireshark system is plugged into.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">Capturing Interfaces<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Once you\u2019re clear on what you hope to achieve with the software, you can begin capturing network traffic by choosing Capture, then Options. The Options menu enables you to specify the length of time that Wireshark should run for, or the amount of data it should capture before it stops.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Select the interface you want, then click Start. Once you\u2019ve clicked Start, you\u2019ll see network traffic movements in real time \u2013 and be able to stop Wireshark from running manually, if you haven\u2019t configured an automatic stop. As you gain a clearer idea of the specific types of traffic you want to monitor, you can use the Filters feature to exclude certain types of traffic, or include specific kinds of packets.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Wireshark produces a log, in which each individual line represents one packet that was exchanged. Individual packets may be selected to get a drill down and deeper analysis of its contents.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">Memory Allowance<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">It\u2019s important to realize that Wireshark captures its information to memory, which may cause the program to hang if it\u2019s run for a considerable length of time, or when overall system memory is low. Wireshark\u2019s own documentation specifies that capturing interfaces on a fully saturated 100 Mbit\/s Ethernet will produce around 750 MB of data per minute \u2013 a rule of thumb worth remembering in relation to your own system\u2019s specifications and available resources.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">Typical Use Cases<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Wireshark may be used to diagnose and troubleshoot a number of network problems and issues. These include:<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">\u00b7 <a href=\"https:\/\/www.poweradmin.com\/help\/latestsmhelp.aspx?page=monitor_web_page.aspx?ref=blog\">Slow or under-performing web servers<\/a><\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">\u00b7 The analysis of HTTP traffic<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">\u00b7 Gaining visibility into commands and parameters, HTTP headers, and requests to servers<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">\u00b7 Viewing and analyzing responses to the client from the server, including HTTP headers, commands and the HTML that\u2019s returned<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">A Sample Analysis<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\"><a href=\"http:\/\/answers.perforce.com\/articles\/KB\/2956\" rel=\"nofollow\" target=\"_blank\">This article from Perforce.com<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a> walks you through a typical Wireshark analysis aimed at isolating the causes for a slow-performing network. It includes configuration instructions for both Windows and Linux installations of the software. The main points to note are:<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">1. You can configure the type of network interface to analyze, using the Expression option next to Filter.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">2. Use Capture, Interfaces to choose the network interface that\u2019s exhibiting problems, then click Start.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">3. Launch the application or process you wish to analyze.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">4. Select Capture, Stop when you have completed your analysis.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">5. Use File, Save as to create an analysis file in the specified format.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">Interpreting The Results<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">With the multitude of options it has to offer, it\u2019s easy to get lost in the output from a Wireshark analysis. If you\u2019re looking to diagnose a network problem, the key thing is to isolate the source of the problem traffic. The Statistics, Conversations option of the Wireshark output menu is one way of achieving this.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Depending on the network protocol you\u2019ve selected, you can use this menu to drill down to fine details including how much data is being transported (the Bytes option), or highlighting a particular sort of traffic (choose Analyze, then Enabled, then put a check mark on the specific protocols you need).<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">Remember to choose File, Save as to get an analysis document to study. This output may be converted to a spreadsheet file, by using the File, Export, File, Save as selection sequence, and choosing .csv as the required file format.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">In cases of network troubleshooting, it also helps to get two Wireshark analysis sets \u2013 one from a problem machine, and one for comparison from a system that\u2019s functioning correctly.<\/span><\/p>\n<h2><span style=\"font-family: verdana, geneva, sans-serif;\">Getting Help And Guidance<\/span><\/h2>\n<p><span style=\"font-family: verdana, geneva, sans-serif;\">There\u2019s user documentation supplied with the Wireshark program itself, and a number of online resources on the software\u2019s website, including <a href=\"http:\/\/www.wireshark.org\/docs\/\" rel=\"nofollow\" target=\"_blank\">online documents and video tutorials<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>. Wireshark also maintains <a href=\"http:\/\/wiki.wireshark.org\/\" rel=\"nofollow\" target=\"_blank\">its own wiki.<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wireshark is distributed as a free open source packet analyzer. The utility provides a detailed report on the traffic flowing through your Network Interface Card (NIC), and may be used in benchmarking network performance and troubleshooting network issues. Here are some tips and best practices, describing how. First Steps If you haven\u2019t done so already, [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":5212,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,9],"tags":[],"class_list":["post-5211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-technical"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=5211"}],"version-history":[{"count":2,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5211\/revisions"}],"predecessor-version":[{"id":5214,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/5211\/revisions\/5214"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/5212"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=5211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=5211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=5211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}