Before I get into the tshark command syntax and other details, I want to chat about why you want to use tshark or any command lint tool. Simply put, working from the command line allows a tremendous amount of consistency and flexibility.
Consistency
When you try to have someone perform your capture using the Wireshark GUI, there are many opportunities for errors as well as just being very time consuming. When you have the command line syntax figured out you can put it in an email, batch file or document ensuring the client is doing exactly what you wanted. The added bonus is that working from, the command line is usually more responsive that remotely controlling a GUI over possibly slow links.
Flexibility
As I mentioned earlier, using the command line allows you to put the command in a batch file or document. This is incredibly useful if you wanted to schedule a capture, or if you wanted to configure a computer to automatically start capturing when it’s turned on. Other examples would be setting a desktop shortcut for the client to start
...
https://www.youtube.com/watch?v=lkiG231lDHQ
As a network analyst, you probably ping everyday as part of your job.
We ping to:
• check if a device is up, or reachable
• resolve a host name
• determine if there is a latency issue
• identify packet loss
• test IP Time To Live values
• validate if certain packet sizes are able to traverse your network
Over the past few years the protocol used by ping (ICMP) is being dropped, rerouted, spoofed and all sorts of other creative things in the name of security.
read the rest when its posted at network computing http://tinyurl.com/h8orh26
...
https://www.youtube.com/watch?v=pNvBHe3U6YQ
In this video I address the daunting question "why aren't you baselining".
Too many baseline - or don't baseline for the wrong reasons.
Here I explain what a baseline should consist of and that they shouldn't take long
I run through the mentality of waiting for things for break vs proavtively baselining.
I cover the concept of many smaller concise snapshots with a methodology.
What is a PC Bootup Bootup Configuration and why can you get a lot of value from it?
...
https://www.youtube.com/watch?v=M45521d6Fp0
In the networking field transferring files to or from networking equipment wasn’t as common as it is now. I suspect this is largely due to many factors like vendors updating their software to meet the ever challenging security concerns and clients interest in logs that may reside on the unit.
A good example was when I was troubleshooting a problem with a Cisco router and we needed to download the crashlog for Cisco TAC. I was a bit surprised when my client was not familiar with, or comfortable with downloading a file from their router. In another situation, a client wanted me to figure out why his tftp was slow or failing when uploading a Cisco IOS to his router. To cut to the chase, I used ftp and the upload finished in a fraction of the time. The client misunderstood and thought I was showing them a bug, but I explained that tftp is UDP based and not too forgiving where ftp is TCP based and more likely to work where tftp struggles.
I thought it would be helpful to duplicate the tftp performance issue with a different perspective. I used a WAN emulator from Apposite to demonstrate the differences and documented what is used for this lab, my methodology and an example of items that I document when performing an application baseline.
The two key point to take away from this is:
• It doesn’t take that much time to perform a high level comparison between two applications.
• When tftp is taking too long, or not completing, you might want to try ftp.
...
https://www.youtube.com/watch?v=VHQfyLmhI3c
I deployed a Cisco Access Point and did not know the IP address of it.
I've been on onsite many times and the equipment IP in the documentation or label was incorrect?
If I was physically near the unit, my first option would be to connect it to my laptop, start a packet capture and power the unit on. Most IP hosts, will transmit a Gratuitous ARP for duplicate IP address detection, revealing its IP address.
Since I am not near it, I will telnet into the Cisco switch that is connected to the AP, and leverage the show CDP command to determine its IP address.
Enjoy
Linkedin Profile http://ca.linkedin.com/in/fortunat
Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Youtube Channel: http://www.youtube.com/user/thetechfirm
...
https://www.youtube.com/watch?v=UhY1pHjF2oE
when you save a file in Wireshark, it looks as if the trace is closed. Not so, just reload and your good to go.
...
https://www.youtube.com/watch?v=FGIbWs5gC2o
Here’s an updated video of my original Fping Quickstart video to cover a few more tips and tricks.
Every technologist needs to have access to tools that have the features covered in the video.
Sure you can buy software, but I always say that there is point when you graduate from free software to commercial software. I just hope when you move to a commercial product, you do so for a specific reason.
For example, you may want a tool that pings with at an interval better than Microsoft’s 1 second interval. Or maybe you need a tool that can ping and increase the size of its payload to determine when fragmentation.
Enjoy
...
https://www.youtube.com/watch?v=GN-vh_FdpHs
tons of info at www.thetechfirm.com
Fixing Drag And Drop With VMware Workstation 12
Please note that I am NOT an employee of VMWARE, nor do I consider myself an expert, so please save your support questions for others who know way more than I do ;)
Just thought I would share what I figured out and what works for me.
I installed VMWARE Workstation and after installing Windows 7, I realized that I could not drag and drop files into that virtual environment. I also noticed that I could not install the VMWARE tools and the option was greyed out.
I searched online and couldn’t find a solution for my problem. By the way most suggestions were to reinstall VMWARE, which didn’t work for me.
I ran across some articles suggesting checking my floppy and CD Virtual machine settings and found that changing the Floppy settings to Use Physical Drive and Autoconnect did the trick for me.
Hope it helps you out
...
https://www.youtube.com/watch?v=WaWPaqqbjmM
tons more stuff at http://www.thetechfirm.com
I have mentioned in the past that you should really look ‘under the hood’ as far as application communication goes.
I have seen many applications that ‘work’ but not ‘work well’ generate error messages. These errors can be categorized as follows;
Application - Messages are entirely application based and are addressed by the application team or vendor.
- Sending commands with no authentication, wait for the error message, then resend the same command but this time with authentication
- Using small packet or data payload sizes
- Inefficient multi-tiered server architecture
- Login processes that download application files without checking if you have the current files
- References to servers that are de-commissioned or used for testing/development
Network – Messages generated by the network devices that can affect application performance and are addressed by the networking team
- MTU issues caused by different network topologies, firewalls
read the free full article at
NetworkDataPedia Blog: https://www.networkdatapedia.com/blog/author/Tony-Fortunato
when its posted
https://www.thetechfirm.com
Getting things to work better - bit by bit-
Linkedin Profile https://ca.linkedin.com/in/fortunat
Youtube Channel: https://www.youtube.com/user/thetechfirm
NetworkDataPedia Blog: https://www.networkdatapedia.com/blog/author/Tony-Fortunato
Network Computing Blog: https://www.networkcomputing.com/author/tony-fortunato
Linkedin Company URL: https://www.linkedin.com/company/the-tech-firm/
...
https://www.youtube.com/watch?v=kojjmovXu3g