Mittwoch, 24. November 2010

Doing debugging - Part I

Do you have ever discovered some strange behavior? Aren't the packets coming to their designated destination? Do you need to debug and endpoint where no firewall or other logging device is between the starting and the endpoint?

A great tool for this is Wireshark former known as Ethereal.

It's the best packet sniffer I know - you can capture everything what enters or leaves your NIC.

A full how-to would fill some books so I'll just give you the following tips:
  • Create capture filters wisely, but not too granular - if you log everything, and your host has a well performing 10Gbit Interface it will drain all your memory
  • Work granular with Display filters - they only act at the packages which were recorded by the capture filters
If you want to read some good books about it, to get all the basics or just to pimp your networking stuff related library I can recommend you two books:

One universal book about packet analysis is "Practical Packet Analysis" from Chris Sanders:
Link to Amazon

It covers not only Wireshark, it only explains some other really useful tools. I've bought it, and it's really worth the price.

If you would like to get just a Wireshark specific book - "Wireshark Network Analysis" from Laura Chappell should be your choice
Link to Amazon

I must admit, I haven't bought it yet, cause of the high price, but a co-worker of me admitted it's worth reading and buying it - I'll borrow it in the few days, check it out and if its worth, it will be mine too ;)


As usual - if you have any questions - comment!

Keine Kommentare:

Kommentar veröffentlichen