Wireshark contains an Expert system (click that colored button in the lower left corner on the status bar) which highlights packets of concern. There are so many network issues that are not detected with the Expert system, however. Consider creating a custom profile that contains a set of "butt ugly" coloring rules to call your attention to highlight potential performance issues.
Some of my favorite troubleshooting coloring rules look for protocol anomalies, error responses and high delta times. Other coloring rules focus on packets that may hint at (or scream about) security issues.
Here's a list of some of the coloring rules I will cover in the October 19th webinar:
* High delta times in displayed packets: When you filter on a conversation, look for sudden increases in delta times, but watch out for moments when user intervention is required to send the next packets - users are slow.
* 4 NOPs in the TCP Options Area: I've covered this over at the Wireshark Tips page - you just never want to see this one.
* HTTP Error Codes: Any HTTP response code higher than 299 indicates either a client error or server error.
* Small TCP Window Size Values: Even if the Window Size field isn't at 0, a low value can totally stop a data transfer process. Wireshark's Expert won't catch packets with a Window size of 50 - it will just catch a Window Size of 0.
In the webinar we will also talk about using "butt uglies" - colors that you detest - to call attention to the performance problems indicated in a trace file.
It will be a full webinar (with a maximum of 1,000 seats), so register early and arrive early to the session. The recorded version will only be available to the All Access Pass members.
Remember to check out the Wireshark Certified Network Analyst program at www.wiresharktraining.com/certification!
Enjoy!
Laura
