APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Wireshark 101

Let's get the confession out of the way first: I'm a fool for not using Wireshark earlier.

Oh, I had my reasons. First was that before my current piece of Mac hardware, running Wireshark under X11 was annoying. X11 would not quite bring my old machine to its knees, but I sure as heck noticed it. I also didn't have a lot of RAM to spare, so I pretty much avoided anything that required X11.

Beyond that, I was happy enough with tcpdump. I'd dump packets to files and write scripts to get what I wanted out of them. Yes, that sounds awful, but on the other hand, I was seldom looking for anything particularly esoteric. I am not a heavy network geek. I know the basics, maybe a little bit more, but I'm no expert. As with most things, I'm a diletante, happily swimming along close to the surface and almost never diving very deep. As I have explained before, part of that is Shiny Object Syndrome and part of it is sheer laziness: I'm a dabbler.

But I digress. Recently I ran into a network troubleshooting issue that tcpdump and my scripting couldn't handle.

Well, that's not true. Obviously tcpdump could capture the packets and plainly someone with enough skills and ambition could write the necessary scripts, but that person isn't me, is it?

Therefore, I turned to Wireshark.

Immediately, I was very happy. Joyful, in fact. Running this in X11 on my new 12 GB iMac wasn't even noticeable and it was immediately obvious that Wireshark can do things with a single click that would be very painful for me to script. There are some minor interface issues that bug me (menu items disappear from view rather than being highlighted when I select them and I am yet to figure out how to cut and paste from my Mac side, but I'm sure both of those things have answers). Right now, I don't care: it's the power and versatility that excites me.


Except there is a lot to learn. Wireshark is an incredibly powerful tool and I say that knowing that I have barely begun to know anything about it! Just fiddling around introduced me to things that made my jaw drop, but there is so much there I decided I needed a book.

Yeah, this book. A pricey little item, even in Kindle format, but well worth it. I spent quite a few hours reading through it and doing the lab exercises. It taught me quite a bit more than I actually need to know and more than enough that I doubt I'll ever write another script to dissect a packet dump: it's just too easy to do it with Wireshark!

By the way, if you want to get a good idea of what's in the book, download the (free) videos at https://lcuportal2.com/wireshark101.html.

Tony Lawrence 2013-05-26 Rating: 5.0

Amazon Order (or just read more about) Wireshark 101: Essential Skills for Network Analysis from Amazon.com. Yes, I earn a small referral fee if you use that link to purchase the book.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Review of Wireshark 101: Essential Skills for Network Analysis

1 comment

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Mon May 27 00:18:36 2013: 12093   TonyLawrence


By the way, someone recommended (link) for tutorial videos. I haven't had chance to look at them yet.

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Perl is designed to give you several ways to do anything, so consider picking the most readable one. (Larry Wall)

This post tagged: