Archive for the ‘Packet Capture’ category
The Network Capture Playbook Part 2 – Speed, Duplex and Drops
In part one of the playbook series we took a look at general Ethernet setups and capture situations, so in this post (as in all others following this one) I’ll assume you’re familiar with the topics previously discussed. This time, let’s check out how speed and duplex can become quite important, and what “drops” are […]
Trace File Case Files: SMB2 Performance
We had an interesting question regarding SMB2 performance on the Wireshark Q&A forum recently. Upon request the person asking the question was able to add a couple of trace files (=”capture” files). The question and a link to the traces can be found here: https://ask.wireshark.org/questions/55972/slow-writes-even-slower-reads-spanning-wan-to-netapp Since the question nicely fits into the scope my talk […]
Sharkfest Europe 2016 Retrospective
Finally, the annual Wireshark developer and user conference happened in Europe for the first time in October 2016 at the Hotel Papendal in Arnhem, the Netherlands. It was something many people kept asking for, and with a lot of work and effort, Janice and her team made it happen.
The Network Capture Playbook Part 1 – Ethernet Basics
Capturing network packets is the first step in any kind of network analysis or network forensics situation. Few people ever consider this an important step, but this is really where the analysis result can be heavily distorted if you’re not careful. During Sharkfest 2016 I talked about how important the capture process and it’s preparations […]
My packet analysis toolset
As any analyst (regardless of the topic being networks, IT security, forensics etc.) will tell you, it’s almost always a combination of tools that is used to get the results. And since I thought it might be useful, here’s my list of what I primarily use when analyzing packets.
How to Use Wireshark to Steal Passwords
Wireshark is a great tool to capture network packets, and we all know that people use the network to login to websites like Facebook, Twitter or Amazon. So there must be passwords or other authorization data being transported in those packets, and here’s how to get them.
Sharkfest 2016 recap
Another Sharkfest has come and gone, and once again it has been a great conference. If you’re into packet analysis, network forensics or network troubleshooting there is no other event that has the same density of information. It’s really a “specialist” conference, in a very open and friendly way, and newcomers are always welcome.
Megalodon challenge solution
During Sharkfest 2015 I put up a challenge that was different from the usual challenges offered. The pcap files are a lot bigger, the task to solve less specific, and the answer not a simple “easy to verify” answer. I promised to put up my solution a few months after posting the challenge to this […]
The Megalodon Challenge
This year at Sharkfest I offered a special capture file challenge I called “The Megalodon Challenge”. Other than the “normal” challenges you could find at The Reef it was not limited to the size of 100MB, and the solution cannot be reduced to a couple of words or numbers. After Sharkfest I was asked if […]
Sharkfest 2015 recap
“Jasper, do you have a minute?” I think that is the one sentence that I heard most at Sharkfest 2015, which is the annual Wireshark developer and user conference. Which makes it the most interesting place to be for anyone doing network analysis, for business or fun/hobby (yes, those exist). People asking me for a […]