To effectively troubleshoot network traffic you must extract from the trace files key information points. To extract and view this information you must customize your protocol analyzer to present this custom view of the information. One of the most widely used protocol analyzers is the free tool called WireShark and by default this tool provides a very limited view into your trace files. Since this is the tool I personally use I will show you how I’ve customized it to provide the data I need.
In my last blog (Wireshark Custom Columns) I provided you information on customizing your Wireshark interface depending on the problem you are troubleshooting. These custom profiles are extremely helpful in providing the needed information for troubleshooting the vast range of issues you will encounter. As you increase your effectiveness as a analyst you will undoubtedly be called to resolve issues on many different networks other than your own. These situations may require that you utilize local hardware and software to troubleshoot with. In these situation you can rapidly become effective by transferring the custom profiles from your local system to this new system. Wireshark makes it easy to transfer your custom profile simply by copying a set of plain-text files between the two systems.