SHARKFEST ‘11 | Stanford University | June 13–16, 2011 Customizing Wireshark for Different Use Scenarios June 14, 2011 Laura Chappell Founder | Chappell University/Wireshark University [email protected]SHARKFEST ‘11 Stanford University June 13‐16, 2011
13
Embed
Customizing Wireshark for Different Use Scenarios · Customizing Wireshark for Different Use Scenarios June 14, 2011 Laura Chappell Founder | Chappell University/Wireshark University
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Customizing Wireshark for Different Use Scenarios
June 14, 2011
Laura ChappellFounder | Chappell University/Wireshark [email protected]
SHARKFEST ‘11Stanford UniversityJune 13‐16, 2011
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Why Customize
• Call attention to potential issues• Provide more information in the Packet List pane – fabulous!
• Alter current interpretations of traffic to remove “red herrings”
• Troubleshoot faster!
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Overview of Profiles
• Where they reside• What they contain• How to share them• Some samples of use• Where you can get a pre‐made profile
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Where Do Profiles Fit?
NewDisplay Filter
NewColoring Rule
Wireshark Program File Folder*
Global Configuration• Default cfilters• Default dfilters• Default colorfilters
Edit Capture Filter
*Select Help | About Wireshark | Folders to locate
Personal Configuration• New cfilters• New dfilters• New colorfilters
Personal ConfigurationFile Folder*
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Global Configuration• Default cfilters• Default colorfilters
Where Do Profiles Fit?
Test1 Profile• New dfilters
Profiles\Test1 in Personal Configuration folder
Make a newDisplay Filter
Create a Profile called
Test1
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Some Profile Elements
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Starting from “Scratch”
• Creating your first profile (master)• Adding key settings
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Recommended Key Settings
• Disable “Checksum Errors” coloring rule• Create new coloring rule for Window Update packets – these are good!
SHARKFEST ‘11 | Stanford University | June 13–16, 2011
Recommended Key Settings
• Add “butt ugly” coloring rules for TCP Option problems –– the 4 EOL issue– the 4 NOP issue
• Add “butt ugly” for low Window Size value and Window Scale factor of 0
SHARKFEST ‘11 | Stanford University | June 13–16, 2011