Wireshark-users: Re: [Wireshark-users] Very, very elementary question - how do I make sense of th
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Stuart Kendrick <skendric@xxxxxxxxx>
Date: Mon, 03 Oct 2011 05:27:03 -0700
Hi Lisi,

Turns out that's a large question.

The route I have taken involved a mix of classes and hands-on
experience.  I started taking classes in 1991, and I've taken a class on
protocol analysis (Wireshark is just one of many, many tools which
perform a function called 'protocol analysis') every year or two since,
gradually deepening my understanding of how clients and servers interact
in modern networked environments, as I use these tools repeatedly to
solve problems at work.  [I'm not the smartest bear on the block, so you
may be able to progress more rapidly than I have!]  That's been my path
-- other folks may have followed different routes to acquire their
understanding.

I'm casting about for an analogy ...

This oversimplifies things a bit, but learning to understand Wireshark
output is like learning to understand x-ray output ... the doctor-to-be
learns an awful lot about how the body works, how the organs function,
how bones behave, how the whole system interacts with itself and the
outside world ... and only /after/ numerous years in med school and
working as an intern and as a resident would s/he find an x-ray useful
... an x-ray by itself doesn't tell us much, just as a protocol trace
(aka Wireshark output) doesn't tell us much ... but when layered on top
of an understanding of how clients/networks/servers interact, /then/ it
becomes useful.  And of course, both the MD and the trouble-shooting
analyst learns more and more as the years go by ... IT (Information
Technology) may be a whole lot simpler than biology (medicine) ... but
there's still more material than any one person will learn in a lifetime.

hth,

--sk

Stuart Kendrick
FHCRC

On 10/3/2011 3:38 AM, Lisi wrote:
> I cannot find anywhere a basic and simple enough explanation of the meaning of 
> the output from Wireshark for me to be able to understand it (the output).  
>
> Can anyone recommend something that I could read, that might slightly reduce 
> my ignorance?  My ignorance is so total that I do not even know what 
> questions to ask, so that Google is sadly not my friend. :-(.
>
> Thanks,
> Lisi
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe