Wireshark Conversation tips

Описание: go to https://www.thetechfirm.com for tons of stuff

Wireshark Conversation Tip
Many times I do stuff out of habit or reflex and all it takes is for someone to say “what did you do?” to realize that it might be worth sharing.
The other day I was working with a client and we were trying identify and isolate the conversation that generated the most traffic.
The first thing I did, again out of habit, was pull down the Statistics-Conversation report to identify the TCP or UDP conversation. The analyst I was working with has been learning Wireshark as he needed to (like many people) said “that’s cool” then he asked what the difference was between “endpoints” and “conversations”. It was a great session and we found the conversation quickly.
The next thing I did while going through another trace was used the right-click, Conversation-TCP feature which blew his mind. We went through it a few times and he commented on how much of a time-saver that is.
So here’s a video with the two tips.
Enjoy