Wireshark-users: Re: [Wireshark-users] Very, very elementary question - how do I make sense of th
> Can anyone recommend something that I could read, that might slightly reduce
> my ignorance? My ignorance is so total that I do not even know what
> questions to ask, so that Google is sadly not my friend. :-(.
Hi Lisi. I have been in your position, so I know what it feels like - not really understanding how to get started. So I have empathy for you. Here's the way I think about network traces. The first thing I must understand about a trace is what type of problem am I trying to diagnose? The answer to that question has an impact on not only how I orient my thought processes and what I search for, but also how I configure Wireshark, and sometimes on how/where I take my traces. For example an SSL negotiation failure is an entirely different problem than very slow application response time. Both can be diagnosed with Wireshark, but you are looking for different things in the trace.
If you can categorize the type of problem have captured, it may make googling a bit easier. But ultimately in my opinion, searching the internet will be your best source of information until you can build an internal knowledge base. If you are trying to diagnose a file transfer performance problem, I have found this article to be helpful. It has been references to a number of important concepts and RFCs:
http://www.psc.edu/networking/projects/tcptune/
Beyond this, I have found much of my ability to diagnose issues through traces is simply based on my understanding of basic TCP/IP. And obviously there are many resources for that topic. But if you want some help to get started, maybe you could describe the issue and attach a small trace? Then maybe myself or someone else can walk you through the diagnosis process on something concrete.
Scott