This was really informative for those of us whom aren't familiar with Wireshark. Please continue to upload more videos with tips and tricks of the trade.
Thank-you, I'm very new to Wireshark and this will help me to organize different profiles to display traces as I learn what to look for to find a specific problem.
Very helpful, I'm going through all your videos today. Ironically, I'm watching these during the Discovery Channel's "Shark Week". I'm also working on an issue at work where the customer has a Steelhead optimizer.
Hmm, not sure if my other one got posted it not. Thanks for the kind words. But as a matter of fact, about two years ago, I presented a scenario involving Steelheads. I think it was two years ago - Sharkfest 2011.
Jeff, I actually had a session in one of my previous Sharkfest sessions about troubleshooting in accelerated setup. I believe it was two years ago, maybe?
Great, I will check that out. We trying to get a printer-side sniff but the sniff we have from the file server side shows kerberos OIDs in the SMB Protocol Negotiation Response, but printer-side *logging* of the response contains only NTLM OIDs. SMB2 is properly kerberized and we've read that there are separate Steelhead settings for SMB1 vs SMB2 so we suspect misconfiguration. Do you know offhand whether the Steelhead COULD be stripping the Kerberos OIDS from the response?
Sorry for the late reply. YT's comment mgmt really needs an overhaul! Me, Myself, and I don't think it's necessary. Because there is so much art to packet analysis, experience matters *much* more.
lordarkmemo, are you talking about the TCP.ANALYSIS.FLAGS button that I added, or do you mean you just want to see retransmissions? Pkt lost can be depicted in a few different ways, so I'm trying to figure out what you're after. Can you explain what you're trying to accomplish? thanks Hansang
Customer said they had optimization turned off for SMB1 (and on for SMB2) and that turning on optimization for SMB1 fixed the problem. Sorry for hijacking your thread here.
Jeff, did you check out the splash site? I can't add URLs here, but it's just splash.riverbed.com. Look at the steelhead section. There are a bunch of SMB1,2 and 3 settings so configurations should be ruled out first.
This was really informative for those of us whom aren't familiar with Wireshark. Please continue to upload more videos with tips and tricks of the trade.
Thank-you, I'm very new to Wireshark and this will help me to organize different profiles to display traces as I learn what to look for to find a specific problem.
Glad it was helpful. I'm getting ready to start a whole new A-Z course on protocol analysis. So be sure to stay tuned (here, LinkedIn, or Twitter)
Very helpful, I'm going through all your videos today.
Ironically, I'm watching these during the Discovery Channel's "Shark Week". I'm also working on an issue at work where the customer has a Steelhead optimizer.
Hmm, not sure if my other one got posted it not. Thanks for the kind words. But as a matter of fact, about two years ago, I presented a scenario involving Steelheads. I think it was two years ago - Sharkfest 2011.
Jeff, I actually had a session in one of my previous Sharkfest sessions about troubleshooting in accelerated setup. I believe it was two years ago, maybe?
Great, I will check that out. We trying to get a printer-side sniff but the sniff we have from the file server side shows kerberos OIDs in the SMB Protocol Negotiation Response, but printer-side *logging* of the response contains only NTLM OIDs. SMB2 is properly kerberized and we've read that there are separate Steelhead settings for SMB1 vs SMB2 so we suspect misconfiguration. Do you know offhand whether the Steelhead COULD be stripping the Kerberos OIDS from the response?
Thank you for your session... Is it good idea to be Wireshark certified(WCNA)?
Sorry for the late reply. YT's comment mgmt really needs an overhaul! Me, Myself, and I don't think it's necessary. Because there is so much art to packet analysis, experience matters *much* more.
Hi Hasang. Thank for the video. Can you tell me how to add a custom column that show/mark the packets lost?
lordarkmemo, are you talking about the TCP.ANALYSIS.FLAGS button that I added, or do you mean you just want to see retransmissions? Pkt lost can be depicted in a few different ways, so I'm trying to figure out what you're after. Can you explain what you're trying to accomplish? thanks
Hansang
DoodahGurl, TY. Will try to upload some more.
Great lesson for beginning!
Nice tutorial, just subscribed.
Thank you.
Customer said they had optimization turned off for SMB1 (and on for SMB2) and that turning on optimization for SMB1 fixed the problem. Sorry for hijacking your thread here.
Jeff, did you check out the splash site? I can't add URLs here, but it's just splash.riverbed.com. Look at the steelhead section. There are a bunch of SMB1,2 and 3 settings so configurations should be ruled out first.
Thanks alreid12345. I'm going to be adding some addition columns so stay tuned.