Wireshark was a moving target while I wrote the book and we're releasing the book with features you won't even see if you don't load the development version or wait until v1.4 comes out.
I've been examining each feature and working on descriptions and scenarios to depict the out-of-order packets (which are sometimes retransmissions), retransmissions vs. fast retransmissions, duplicate ACKs (and what triggers them)
- HTTPS decryption methods including the long and error prone key entry in the preferences section and the best TCP preference settings to view and filter on the SSL/TLS handshake
- step-by-step procedures for application analysis methods to determine if an application affected network browsing performance (I analyzed Aptimize Website Accelerator running on Microsoft's Sharepoint website) - graphing methods to illustrate the effect of this tuning product
- building a table to show WLAN capture options - when do you want promiscuous mode enabled/disabled and what can you "see" without monitor mode capability
- diagramming networks with NAT/PAT devices, firewalls, layer 2 switches, MPLS configurations and more - all in an effort to explain how these devices affect the traffic
- maintaining my new feature checklist to ensure I covered the new Packet List pane, fabulous load times, ignore packets feature, Apply as Column feature, etc.
- keeping a master list of all the hot capture, display and color filters I've built to catch and vividly show the traffic that really explains what's going on
- inventorying all the book trace files that are referenced in the Practice What You've Learned section of each chapter - that was an undertaking!
It's been a lot of work - puff, puff - but strangely enticing. Each morning I had a list of features I would focus on that day. Each day I was able to marvel at Wireshark's capabilities. Each day I created charts and graphs of amazing network problems.
Oh... gotta go... that new development version of Wireshark is calling!
Laura
