Network Troubleshooting: An Overview

This page will give you an overview where Wireshark can help you troubleshoot a network (... and where it might be better to use a different tool).

As learning network troubleshooting is an endless task (there are a lot of good books written about it), this can only be a rough overview. You can even spend a whole life (and get your annual income) with this.

/!\ Please keep in mind, that Wireshark is not aimed (and may not be well suited either) for all the tasks mentioned below (you'll be guided about the specific tasks below)!

In general: if you don't know any network protocols and how a network is generally working, Wireshark won't be very useful to you, until you are willing to learn something about it.

General Troubleshooting

Well, something on your network does not work at all or not as expected and you need to solve it.

Performance

Your network is running too slow. Of course, this depends on the expectations you have :)

Some possible causes:

So depending on the cause, Wireshark may or may not be helpful tracking down performance problems.

Monitoring

Keep an eye on what's going on in your network. Monitoring will warn you about broken services (e.g. webserver not responding), performance problems and alike.

This might range from a simple cron job pinging a remote machine once every hour, through dedicated tools like Nagios (formerly NetSaint) and end up in commercial enterprise level tools such as HP OpenView (tm).

Wireshark is not well suited for (and not aimed towards) monitoring. However, if your favourite monitoring tool detected a problem you may end up in the general troubleshooting or performance section described above.

Security

Some of the common security tasks:

In general, security related tasks are best done by specialized tools. However, Wireshark can assist you while using these tools to gain greater knowledge and a feeling of what's really going on by providing additional information.

Scanning

Scan your network using tools like Nmap or Nessus to find known security holes before the bad guys do. By analysing the network traffic such tools create, Wireshark can help you understand what these tools really do.

Intrusion Detection

An IDS server, running software such as Snort, will analyse network traffic and trigger an alarm if something "looks strange". Looking at the network traffic, Wireshark may help you to decide if the IDS reported a false alarm or if there's a real problem.

Forensic

After something bad has happened, try to find out what really has happened, how it has happened and eventually who initiated it. Wireshark may be helpful with this, if you have to dig deeply into the network traffic. However, people have reported that they use Wireshark to capture the traffic of their whole network for forensic purposes (using tape libraries or such to store all the data) using Wireshark as a network backup tool!

NetworkTroubleshooting/Overview (last edited 2008-04-12 17:50:30 by localhost)