I use Wireshark all the time. In general, I just scratch the surface by using it to test whether or not NetFlow is coming into Scrutinizer.
Golden Rule: Using an external third-party application, like Wireshark, to test connectivity helps establish credibility in any situation.
Most people whom I speak with have a general understanding of what a packet capture is. The problem is, they don’t know how to gather or use the data once they have obtained it. So I thought I would do a little homework and find some resources that provide some basic Wireshark training for the busy IT professional.
This three-part tutorial will highlight the basics of Wireshark and give you a quick understanding of how to use this powerful tool. All three parts of this informative tutorial were produced by Mike Lively of Northern Kentucky University.
Part 1: Introduction to Wireshark
Part 2: Cookies and Grabbing Passwords with Wireshark
Part 3: Data Mining using Wireshark
Getting the current release of Wireshark is easy. Just go to http://www.wireshark.org/download.html.
So are we seeing NetFlow?
Once you have the packet capture, seeing if you are getting NetFlow is easy. Just type CFLOW in the filter box, and then click apply.
If you are seeing NetFlow, then you will see data on the screen. If the screen is blank, then you are not getting any NetFlow information.
If you are seeing NetFlow, but still aren’t seeing it in your collector, then you might want to check and see what version you are sending (see pic).
In the end, with a little effort, you can be somewhat knowledgeable in basic packet analysis.
