Troubleshooting slow networks with Wireshark // wireshark filters // Wireshark performance
Vložit
- čas přidán 2. 06. 2024
- You are guilty until proven innocent! The network is slow! But is it actually a network issue? Or is it an application issue. Chris Greer explains.
Wireshark course: davidbombal.wiki/chriswireshark
Nmap course: davidbombal.wiki/chrisnmap
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
CZcams: / davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: / cgreer
CZcams: / chrisgreer
Twitter: / packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
00:00 ▶️ Introduction
00:35 ▶️ Wireshark filters introduction
02:20 ▶️ Regular IP filter
05:28 ▶️ Common filters
07:10 ▶️ Operators in filters
08:19 ▶️ Where to get the filter Power Point
08:55 ▶️ Filter shortcuts
11:20 ▶️ Filter buttons
12:10 ▶️ TCP analysis flags
15:16 ▶️ Filter buttons (cont'd)
17:15 ▶️ TCP reset
18:35 ▶️ How to apply filter as display filter
20:08 ▶️ Experience vs Theory
22:19 ▶️ Special filters
29:00 ▶️ Time filters
38:22 ▶️ Consulting scenario
49:45 ▶️ HTTPS consulting scenario
55:33 ▶️ Other filters
56:46 ▶️ How to simplify p-caps
59:29 ▶️ Signature filters
01:01:39 ▶️ Quick recap
01:02:16 ▶️ Conclusion
wireshark
packet analysis
wireshark installation
wireshark filters
wireshark how to find ip address
wireshark http
wireshark ip address
wireshark wifi sniffing
wireshark tutorial
tcp analysis
packet analysis
free wireshark tutorial
tcp handshake
wireshark training
chris greer,
roubleshooting with wireshark
troubleshooting slow networks
network troubleshooting
packet capture
tcp reset
tcp connections
network protocols
packet capture using wireshark
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#wireshark #wiresharkfilters #networktroubleshooting - Věda a technologie
Yes to war stories. Maybe also examples on how to make (easy) home labs to play around with wireshark to find network and/or application issues.
Yea that’s a good one
Yeah real life examples
I’m a pretty simple person. I see David Bombal posted a video, I hit like. Haven’t even watched it yet, but I know it will be fantastic! Love your content!
Thank you so much!
After watching this video I feel like I learned something today. Thanks a lot, David for bringing such an amazing person to the show.
Once again David has brought in someone experienced in wire shark to lead us into the world of Networking troubles. Thanks David.....more of this.
Excellent. I've only been a network Admin 6 months , our Network Engineer retired and I was given the position and got my CCNA. There's so much I do not know. Its overwhelming I knew bare minimum about wireshark but it helped me fix 2 things. This really helped me learn a little more and in the spirit of one of the greatest greek philosophers Seneca says "Every night before going to sleep, we must ask ourselves: what weakness did I overcome today? What virtue did I acquire? " Wireshark is a network engineer virtue as far as I am concerned.
Great anecdote! Just a tiny detail, Seneca was a Roman philosopher.
Another great collaboration by @David Bombal and @Chris Greer! The knowledge bombs dropped here are invaluable, thanks to both of you!
That was brilliant, I am returning to networking after a 5 year break and this work you guys are doing has given me a real boost in confidence that I am in the right place. I really enjoyed that, that data was enlightening, accessible and useful. Also interested to hear what that config was!!! Thank you very much
This guest is simply amazing! Each time I listen to a session and learn a lot of useful knowledge from it
Thank you both for this series. This is gold. Looking forward for more videos on real world experiences. Really loved the consulting scenarios. The teaser in the end was a good one. Will be curiously waiting for that story!
Thanks Chris and David for some great network knowledge content. One of the growing issues that I have is understanding broadcast traffic / trace coverage / segmentation (vlans).
Thanks, David, & Chris. This was great. Would love to see a lot more from Chris. BTW @ 53:20 is how I enter my passwords. :)
i love how i was just going to call my isp when i just got this video notification 😂
That's great! 😂
Hey David I was watching the TLS run down you did with the other SME on encryption and TLS communication. However... I noticed something in my analysis and following along with the video.,. I am gonna circle around to it today and take a second glance.. maybe check my f5 it may be effecting the handshake but.. for sure no certificate and or server done packets were within my tls handshake... just wanted to give you a heads up. Maybe they were encrypted or modified i haven't looked yet.. but none the less great stuff man... and chris is the man when it comes to wireshark and analsysis at the deep packet level. His shark fest tips have helped me identify many problems.. in the real world.
Keep up the awesome freedom of knowledge you guys give and dont charge for :)
Cheers!
Thanks for commenting! Glad the content is helping you in the real world. 👍
Thanks for the wonderful session David & Chris... Looking forward for the war room sessions as well.
Thanks both of you guys we need more videos on Wireshark I'm a NOC Engineer and I really want to add Wireshark to my skills as we know Wireshark helps you a lot if you know how to play with it I will join Chris Greer course maybe I will find what I'm looking for.
Thank you guys for keeping on this great series!!
Chris is one of the nicest most helpful individuals I have ever contacted.
Chris is a legend. you got to appreciate david here, even though he knows things that Chris misses sometimes he gently remind him that as a question and doesn't try to show off. Have observed this with lot of guest, quality of a great host and something we could learn. keep bringing such content David. thank you
He stirs the pot. In a good way.
Great session.👍✌️Thank you David && Chris
High David and Chris, thanks a lot for the TCP Deep Dive series. It helped a lot to start find network problems with Wireshark. As always it is hard to find the needle.
Great video David! I've learned a lot, over and over again! Chris is a fantastic teacher. And yes, I can't wait to hear those war stories you've got Chris.
Like always great contents! Thanks to you both for this WS series and many more. ❤😊
Massive thanks guys! Brilliant examples. Looking forward to more stuff in this format. That “war stories” sounds great too 👍🏼
Loving the team ups w/ Chris. I’m learning so much and subscribed to his channel too.
Thank you very very much David and Chris, this series of videos of Wireshark are so usefull for me. Thanks to both for sharing your knowledge, greetings from Riviera Maya :)
Great video. Love these in depth videos about Wireshark with Chris. Keep them coming, and thanks.
I am teaching myself to pursue a career in cyber security. This is pure gold thank you so much!
I always love to watch your channel. Every time learn new things 😃
Still learning WS, very enlightening, thanks so much!!
49:53 Great question David. I was thinking about this question since Chris started with HTTP. Many thanks for this absolutely must question.
I have supported apps that others have built and you are 100% right. It is always the network fault as both the support personal and app developers don't want to be blamed (2 to 1). I have tried to use Wireshark in the past, but just too much info and not enough understanding. I have seen co-workers point at a random lines in Wireshark and say oh that is a network issue, but couldn't explain or prove why they know it is a network issue. For the un-trained (Like me) Wireshark is a 2 way street as it could lead to the wrong path. It is always refreshing to see how a professional packet analyst can look and filter Wireshark and (with little knowledge of the app in question) can articulate what is going on and give a reasonable path forward. Amazing, I love this discussion.
awesome content as always and and it's always great to see content from chris
btw you're getting pretty close to 1 million subs David
hope you get there real soon
David / Chris;
I love these Wireshark videos you've been doing. Even tho a lot of it I've already picked up on my own, just by running pcap's working as a Sec Analyst in PCI, there's still a bunch of stuff that I've learned watching these videos.
Please oh please...KEEP 'EM COMING!
You rock, @Chris Greer - thanks!!
This is awesome David! This could have saved tons of time and headaches in the past!
You nailed it David. Thanks for sharing these type of people to the community. ♥️🇳🇬
Great video. Big props to Chris. I always thjought he was observing TShark on Linux using a wifi usb adapter plug in which you can. But i didnt know I could install it natively on my Dell AND my Macs without using my Linux oS. Now I can see real info and really read serious traffic. I was never seeing any ip's or anything. just a bunch a minor AP traffic. Color codes never came up but now holy shit thee amount of traffic that colorized is nuts. I can finally see what my own personal traffic looks like on the wire. LOVE these videos on TShark with chris. Thank you so much David
Can't wait for the next in the series. As the "computer guy" at a retail store with really old crap infrastructure I could really use some pointers with narrowing down what is or is not happening that is impacting the network performance.
As a sysadmin/netadmin by trade, one skillset I've really neglected is packet capture/inspection as a means for troubleshooting & debugging or simple forensics. I normally rely on tools like Mikrotik's packet sniffer to get some basic information but this is clearly the better way to dive in and isolate the problem. Seeing all the encrypted hex traffic and mystical headers and protocols in Wireshark can be very intimidating, but the application itself seems very user-oriented and the filtering logic is very intuitive. This video has definitely sparked some interest in spending more time with wireshark as it's definitely going to be a skillset worth any effort and frustration in the learning curve, as it will save great deals of time (and probably money) in the long run. Thanks gents for the great content
You hit it Dimitri! Packet skills are very worth investing the time into.
Thanks Chris and David, real-time scenario would be fun to see
Thank You David and Chris! Great Video
this is GOLD!!!! War stories are awsome and gets insight on how to jump into issues. slowness is the hardest.
This is class and great tutorial.. Chris is master of his craft
Thank you, David and Chris.
Worth watching saved so much of time figuring out certain things in WS.
You and your guests are the best. i learn so much stuff about the networking field in a fan and entertaining maner.
this video is fantastic, would love to hear more about wireshark and war stories from Chris
Great initiative as i said knowing wirshark is so importante thx Mr Bombal, Chris is awesome with his claire explanation i love this topic
Awesome video! Another overview of wireshark and fragmentation (usually over VPNs) would be awesome!
I love to learn Wireshark. Very great video. Thanks
This is very good stuff. Please keep it up.
It's killer content as always. Thanks David & Chris. Respect
You are guilty until proven innocent! The network is slow! But is it actually a network issue? Or is it an application issue. Chris Greer explains.
// MENU //
00:00 ▶ Introduction
00:26 ▶ Intro
00:35 ▶ Wireshark filters introduction
02:20 ▶ Regular IP filter
05:28 ▶ Common filters
07:10 ▶ Operators in filters
08:19 ▶ Where to get the filter Power Point
08:55 ▶ Filter shortcuts
11:20 ▶ Filter buttons
12:10 ▶ TCP analysis flags
15:16 ▶ Filter buttons (cont'd)
17:15 ▶ TCP reset
18:35 ▶ How to apply filter as display filter
20:08 ▶ Experience vs Theory
22:19 ▶ Special filters
29:00 ▶ Time filters
38:22 ▶ Consulting scenario
49:45 ▶ HTTPS consulting scenario
55:33 ▶ Other filters
56:46 ▶ How to simplify p-caps
59:29 ▶ Signature filters
01:01:39 ▶ Quick recap
01:02:16 ▶ Conclusion
// MY STUFF //
www.amazon.com/shop/davidbombal
// SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
CZcams: czcams.com/users/davidbombal
//CHRIS GREER //
Udemy course: davidbombal.wiki/chriswireshark
LinkedIn: www.linkedin.com/in/cgreer/
CZcams: czcams.com/users/ChrisGreer
Twitter: twitter.com/packetpioneer
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please say how much time it takes to crack wifi password with hashcat brude force'. -a
Great Video! Most of my DDOS attacks come from TCP. Also a lot of malware and virus's I've caught come from directX JavaScript and Java which usually comes from ads. You don't even need to click the ad, it just needs to load on your browser
please upload short videos max 30min
In my world we call that MTTI, Mean Time to Innocence!! it's always the network, until you prove that it's not...
Can you please please have him look at malicious activity.
Thanks, I love your content. Keep it up
Thanks David for all your work and the free infomraiton you provide. Could you do a video on industrial networks profinet, EtherntIP etc., from network security point of view, please?
Thanks for the great presentation Chris and David. Really useful. Would love to hear some war stories!
DAVID amazing content as always with Chris. If it is possible if you guys can make DNS deep dive and troubleshooting with Wireshark, especially those related to active directory.
Fantastic video, thanks guys !!!
Great Tutorial! Would love to see a full Wireshark one on slow wifi debugging please!
This guy is amazing. The amount I learned in this one video is pretty amazing. Thanks
Chris Greer is amazing! Thanks for this!
Pure gold as always.
Nooooo! That cliffhanger was brutal!
Can't wait for the next part. I want to know all about those war stories!
Thanks David and Chris. Yes to War story
Great content👍 Thanks for coming back to networking in between we lost you David🙏🥰🥰
Thank you. I will never forget networking 😀
@@davidbombal Thank you🙏🥰🥰
I think I know what you mean, but on the other hand networking is everywhere :)
Incredibly helpful video!
David asks all the right questions
Very interesting lecture,.... Would be really useful though as continuation to have some inside tips about how to stitch packet traces/packets inside traces taken from different parts of the network and endpoints with focus on TCP sequencing and session stitching between those different captures - as most of the time to prove the point of application or network issue it is often needed to take packet traces on network devices too.
I really like this suggestion. Noted!
Thank you very beaucoup !!
And the chapters is very useful.
This is what I was hoping from a long time ago.
Excellent content gentleman!
Yes to war stories! Looking forward to watch the video!
Super nice content, keep it up!
amazing content
Much appreciated
Love to watch Chris. Learning an awful lot. And yes, please do a "war stories" video :)
Nice content...well explained. Especially the part where network guys were exonerated. Would you find a pcap to show how to prove its the application/server that has the lag. I would be helpful...
Really good info here, some I use already quite a bit. Wish they cleaned up the audio on this though
I recently had to use Wireshark at work - had no idea what I was doing (still don't) but think this should prove helpful
(Trying to track down Rx Length errors)
Thanks again David and Chris for the incredible information. I’m also a yes please to a war stories video. 👍
Great guy Chris.
amazing content thanks for sharing
Chris.. You guys should setup a lab with eve ng and simulate congestion and show how the congestion notifications work and how the window size works both in a compatible setup with ecn and ecw and one without the capability... and let me know if you guys do :)
Would love to be a part of it or follow it.
That is a great idea. Actually I was thinking it is time for an example with ECN.
Great video!!
I was checking your video about wireshark early today and now here is the other one
Hey David could you make networking observing for ebpf systems?
This was amazing
Can we get to see deep dive in ssl(tls) and ssh
I came here for a casual watch, but as with every freaking Chris Greer video, here I am taking notes.
Really glad you like the content Jon! Thanks for the comment.
@@ChrisGreer no sir, thank you lol. I’ve taken to recommending everyone on my team watch your content.
Hey, great videos, keep going. Of course, war histories would be very nice because is real world examples, its almost real world work expriences
Great , informative and practical as usual
Can you make video on IPsec and IKE like tlss handshake one from almost two weeks ago?
Great suggestion!
I'd love to hear the war stories!
David & Chris 🔥 Btw nice hat Chris 😁
Thank you Faran!
It was time to break out the black hat for a lil bit. 😉
@@ChrisGreer hehe 😁
What are the best filters to find the Network latency ? Please advise!
Yes! War stories and a run down on the profile on Chris Wireshark (specially the buttons he has)
A decade ago I was using WPE for my filtering which was great because it targeted an individual application. Now uh days browsers and many other apps use multiple processes so it's not practical 2day. In programming = would be to set a value to a variable. == Means "is equal to". === Means "is exactly equal to" usually for Case Sensitive issues. I'm thinking these are the same. War stories are great!
Nice video!
Thank you!
It would be good if attach the pcap for side by side analysis
Awesome, thanks a lot
Oddly this came out when I was searching to see why dsl connection is slow or drops. I’m pretty sure it’s upload hogging the bandwidth but I would like to make a graph as to what going up slows how much going down. There is a point that I can see upload device stays on network and continue upload but everyone else will show no internet so may drop its self from the network like windows will do sometimes
I see a pattern here that I could put into software maybe .. hmm .. client sends request, empty ack from server and time to wait until first application data and alike conversations point to performance problems of API endpoints? Could be a nice performance test suite.. :)
I DEFINITELY want to see war stories from Chris Greer.
FYI. In software dev, single = is assignment . Balance=5. Double equals, tests for that value. If(balance ==5).