Nov 10

lua Lesson 2 – Filling In The Blanks

In the first section of this series, I presented a simple Lua script to extract expert data from Tshark. Continuing down this path, a few scripting changes have been made to enhance functionality and introduce new concepts. Specifically: White spacing was modified to improve readability and consistency Additional extractions have been added to provide contextual information A calculated value has been added Script timing logic has been added …

Nov 03

lua Lesson 1 – Tapping TCP Expert data

In this blog, I am going to introduce Lua tap scripting for Tshark. Specifically, this blog is intended to provide a conceptual overview and foundation for more complex development tasks, which will be presented in future blogs. Download LUA script Introduction Wireshark is a great tool for analyzing packet captures. However, there are many cases in which Wireshark doesn’t …

May 12

Just The Facts

slow syn-ack

Don’t jump to cause. This often leads to wasted resources and is a quick way to lose respect amongst your peers. Scenario You receive a trace via email and are told that it illustrates a “network problem”, which is causing slow application performance. In the words of the analyst, there are “tons of bad packets and retransmissions.” Much …

Apr 29

Science Meets Art On The Wire

Protocol analysis performs a critical role. While this discipline may not be an absolute requirement for a given organization on a daily basis, and often times there are more efficient ways at arriving at the desired outcome, when it is needed there is no substitute. Where do I start? What am I looking at? What does …

