You as the user can take or capture all the packets you want, however if you don’t know how to read/interpret the captures then it’s all for nothing. The important steps start from this section now on. Thus, just keep in mind when you are setting up these captured filters based on the situation.
The expert wouldn’t have captured all of this because they were filtering out only on port 80/443 traffic. DNS will send out the DNS query to their resolver for that url and notice that resolver not responding in 10 seconds that result in slow user experience. Problem: the expert would have seen the issues if he/she filtered on the source IP address of that user and captured all traffic would illustrated theslow DNS responses. He/She didn’t found any issues on the user that initiate a connection attempt and web server responds very quickly now. However in this scenario, the expert take the captured traffic and analyze it. Then, the expert take a capture filter on their source IP address and the port 80/443 traffic (HTTP/HTTPS). It’s usually depending on the scenario and the situationįor instance, a user complaining about the slow web browsing.
It is easier to view and analysis since the captured traffic as the captured file is smaller. This is good for when the user want a small amount of the traffic instead of the whole traffic. Then, wireshark will pick up and save those packets that match this filter. If the user want to record specific traffic from a specific host or traffic on a specific port, the user could specify here.
0 kommentar(er)
