Create an account

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Working With WIreShark

I would not claim to be a WireShark expert. I actually find it a little overwhelming. There is so much detailed information to process & understand.
But that being said, I think it is a great tool for looking at raw network data, especially when unusual network activity seems to be occurring. 

One thing I think helps is to have an internal DNS server or proxy DNS.  This way you can look at hostnames rather than IP addresses in the live streams. If DNS records do not exist for the devices involved, create static records for the devices not resolving.  Go to Edit, Preferences, Name Resolution, add your DNS server.  
With local DNS resolution configured and working, reading the data stream becomes much easier. Understanding the packet info is the key to getting the most out of WireShark.

Users browsing this thread:
1 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016