Want to analyze your network? Some of the top filters for Wireshark are below. This by no means is a user guide for Wireshark which is the best freeware protocol analyzer available.
Want to see if your traffic is efficient? Use the following filter to identify problems in your traffic.
This flag helps to look at problems you may have in a trace file. By using this filter, you can see re-transmissions, acknowledgement problems and more.
Are you experiencing latency in traffic to a server? Are you being SYN attacked?
This flag can help you detect syn based attacks against a server. While thousands of packets may be found, it is the pattern of syn requests that can indicate if you are being attacked by someone.
Troubleshooting a connection? Do you know the port number for the application?
Following a stream of data on a specific port number can be achieved by typing in the above filter. This can be used when connecting to a website or a server such as MySQL (3306) or MSSQL (1433/1434). Another reason you should know common port numbers.
What’s some of the ports we make our students memorize? 7, 21,23, 25, 53, 80, 110, 135-139, 445, 9001 and of course a few more that are used in the enterprise. This can help you in troubleshooting connectivity issues.
Want to follow a stream of data to see how if you have errors? Use the following filter –
See the DUP ACKs above, indicates that one side of a transmission may not be receiving the Acknowledgement. In this case, an adjustment of the MTUs of the router took care of many of these duplicates.
Here’s a way you can follow a stream of data to see the SYN / ACK –
Capture traffic – Find the appropriate IP address – Right click and select follow TCP stream-
What are we looking at? This is the devices communicating. This is the TCP flow. You can also filter and possibly get a better ‘look’ by using tcp.analysis.lost_segment
What does an I/O graph tell you about traffic? The I/O graph in Wireshark will show you the throughput of all traffic in your trace file. This is shown in both directions. The TCP Stream Throughput in your Wireshark graph will show only the throughput from one TCP stream, in one direction.
What can be done about most errors? There are several tweaks you can check. Wireless, check the placement of the Wireless Access Point, Antenna alignment, short/long interval, channels, interference (spectrum analyzer), WAP overload, broadcasting devices (other nodes), tweaking your network card (disable all but flow control), Switch overload, MTU setting – while there are many more, also look at running netsh commands to optimize your network – see Optimizing your internet.
Although the post is for Windows 7, it works with Windows 8, 8.1 and 10.