I use Wireshark all the time. In general, I just scratch the surface by using  it to test whether or not NetFlow is coming into Scrutinizer.

Golden Rule: Using an external third-party application, like Wireshark,  to test connectivity helps establish credibility in any situation.

Most people whom I speak with have a general understanding of what a packet capture is. The problem is, they don’t know how to gather or use the data once they have obtained it. So I thought I would do a little homework and find some resources that provide some basic Wireshark training for the busy IT professional.

This three-part tutorial will highlight the basics of Wireshark and give you a quick understanding of how to use this powerful tool. All three parts of this informative tutorial were produced by Mike Lively of Northern Kentucky University.

Part 1:  Introduction to Wireshark

Part 2:  Cookies and Grabbing Passwords with Wireshark

Part 3:  Data Mining using Wireshark

Getting the current release of Wireshark is easy. Just go to http://www.wireshark.org/download.html.

 

So are we seeing NetFlow?
Once you have the packet capture, seeing if you are getting NetFlow is easy. Just type CFLOW in the filter box, and then click apply.

netflow

If you are seeing NetFlow, then you will see data on the screen. If the screen is blank, then you are not getting any NetFlow information.

If you are seeing NetFlow, but still aren’t seeing it in your collector, then you might want to check and see what version you are sending (see pic).

In the end, with a little effort, you can be somewhat knowledgeable in basic packet analysis.

James Dougherty

I have worn many hats in my professional life. Support engineer, developer, network admin and manager are all points on my resume, but the one common thread with all of these jobs is that I enjoy working with people; that is what I do here at Plixer. I make sure that everyone understands our product and can get the most out of it. It's just simple 'no bull' support!

Let me know if you have any questions, I would be happy to help.

- Jimmy D

Related

Leave a Reply