April | 2013 | Packet-Foo | Network Packet Capture and Analysis

Archive for April, 2013

The packet analysts “self check”

One thing all members of our packet analysis team do every once in a while is to check what their own laptop/PC is doing on the network – meaning, that we just close all programs and run Wireshark to see what packets are still going in and out. If we’re in paranoid mode for some […]
Learning something new every day…

Today, a question was posted on ask.wireshark.org, about Wireshark becoming more than just a packet analyzer since it could already read MP3, JPG and other file formats.
Capturing packets of VMware machines, part 2

In the first post I described how to capture packets in VMware vSphere environments when dealing with standard vSwitches. While that works fine, some larger installations have an even better way of doing network captures of virtual machine traffic, provided by the so-called Distributed vSwitches. Unfortunately, those special vSwitches require a Enterprise Plus license, so […]
Firewall trouble

A few days ago my connection(s) to the computing center suddenly degraded, meaning that I suddenly could not contact some of my servers anymore or only after waiting for sometimes minutes, while others worked fine. I checked the Icinga monitoring system and saw that everything was fine, except the firewall, which seemed to have a […]
Capturing packets of VMware machines, part 1

I have always been the guy in our network analysis team responsible for the actual capture of network packets. I bought all the recording hardware we used, acquired network TAPs of all sorts and speeds, and did most of the planning of where to put which engine.