Thread replies: 16
Thread images: 1
Thread images: 1
File: 200_s[1].gif (60KB, 362x200px) Image search:
[Google]
![200_s[1].gif](https://i.imgur.com/aOggaGK.gif "200 s[1]")
60KB, 362x200px
Are there any resources for better understanding packet capture from the network administrator perspective?
Most resources are for hackers, not tech enthusiasts trying to troubleshoot networking problems.
Trying to use wireshark is like trying to drink from a fire hose.
Can anyone help?
>>
Iv reached a problem that I can only solve by inspecting packets.
I just don't know how to read what im looking at.
>>
>>58432031
Packet capture is pretty fucking low level and there are loads of types of traffic. To work out whether there are problems or not, you'll need to understand the protocol in question and to spend some time becoming familiar with it, and maybe read the RFC for it if need be.
I've been using it for years so have no guide, but top tip: For most TCP stuff you want to filter on (source or dest) ip, then right click and "follow TCP stream" until you get the one you want.
>>
>>58432225
Maybe explain the problem then?
>>
>>58432031
try fiddler if you haven't already, it might be a little less intimidating.
>>
>>58432307
Fiddler doesn't let you inspect packets, it's TCP layer.
>>
>>58432271
One day I could not connect to my email server on my phones data connection. The server is up, I can connect to it from any machine, but I get a connection unavailable when I try to connect to it on my phones data plan.
Can't ping it, can't resolve it's host name. It's like the server is not there.
>>
>>58432031
Try Cisco's Packet Tracer to understand networks and communication
>>
>>58432451
>can't resolve it's host name
There's your problem. You need to resolve its host name to an IP address before you can do any of the other shit (ping, connect).
Assuming Linux, use "dig" to investigate DNS issues. Maybe switch DNS servers to Google's (8.8.8.8 and 8.8.4.4)
>>
>>58432490
>You need to resolve its host name to an IP address before you can do any of the other shit (ping, connect).
I can resolve the host name on any normal computer, any network, just not on my phone.
Before I go and root my phone, I want to rule out that my service provider is not interfering with my connection in any way.
>>
>>58432480
>Cisco's Packet Tracer
This may sound stupid, but will it work on non-cisco devices?
>>
>>58432512
Yeah sounds like your ISP's DNS servers are shit / buggy / malicious. You'll need to root to change them on a data connection.
You could just type the IP instead of the hostname, see if that works.
>>
>>58432524
It's a tool for teaching network design, packet flow and so on. It emulates networks. It won't help you fix this problem.
>>
>>58432549
thanks il look into this.
>>58432542
Already did that. It can't connect to the IP.
I need to do packet inspection, iv exhausted every other option. I just don't know this low level stuff all that well.
>>
>>58432634
That's interesting. Does sound like they're blocking access, perhaps due to spam problems.
You won't really get much more out of packet dumps than you can see at the front end. Like, if it times out then the connection request (SYN packet) is probably filtered out by a firewall rule. If you get connection refused then they're probably responding with a RST packet, probably also caused by a firewall rule. Either way you can't connect so it doesn't matter.
If it's your server I'd try different ports. Run a web server (sudo python -m SimpleHTTPServer 80) and see whether you can connect on port 80 or the entire host is filtered out. Then I'd try other hosts, like test if you can connect on mail ports (25?) on other hosts.
>>
>>58432031
do nslookup domain name
Thread posts: 16
Thread images: 1
Thread images: 1