To participate in this event, please use the button below to ask your questions
Ask questions from Tuesday 14 to Friday, April 24, 2020
Dr. Moisés might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Networking category.
I was really looking forward to this but i couldn't understand the guy. No disrespect intended. Cisco, please stop having non-native English speakers present English content. As a native English speaker i wouldn't dream of teaching something in another language
Thank you so much for your feedback, we apologize for the issues and bad experiences this event has provided you.
We’re looking to provide the best experience to our members and event attendees, your comments help us improve.
Hi Dr. Moises Andre Nisenbaum, thank you so much for sharing your knowledge in a Cisco Community Live event
Please help us to cover some of the pending questions from the live session:
You can use this display filter to show packet with specific ip source and destination:
ip.src== 192.168.1.1 and ip.dst == 184.108.40.206
Tap makes possible for you to have a copy of the traffic between A and B in a third device C.
The simpler TAP is a hub. If you insert a Hub between A and B you will be able see traffic in C connected in another hub port.
Of course, there are more sophisticated TAPs you can buy from 100 to several thousands of dollars.
Take a look at https://en.wikipedia.org/wiki/Network_tap for more information.
Both streams and packet loss have to do with TCP protocol.
A Wireshark stream is nothing more that a socket filter. It identify traffic with specific source and destination IP:PORT that can be understand as a TCP conversation. So, to filter by stream, you must be looking for TCP communication. It does not work with UDP, for example.
Packet loss can be identified, for example, when retransmission occurs, that is marked as black packet in packet pane.
That's why Wireshark is so important to learn and teach TCP.
• Does Wireshark have any programmability aspects to it? That is, can we interact with this same information using Python or another programming language?
The command line version of Wireshark - Tshark - can be called by programming languages like Python.
Also, Wireshark is a free and open-source packet analyzer, so, you can go deep and program new stuff like drivers for wireshark
There are some graphic tools in Wireshark. Please explore the menu Statistics --> TCP stream graphics.
For decryption of capture data such SSH and TLS, you will have to inform Wireshark the keys. That can be done using the menu Wireshark --> preferences.
Step by step you can find googling "how to decrypt wireshark packets"
If you use Linux it is straightforward. Just use Wi-fi driver.
In Windows is very difficult.
For step by step, take a look at: https://wiki.wireshark.org/CaptureSetup/WLAN