Complete newbie at this

Mind you, I’m not a noob at network security or analysis, just at wireshark. I’m both MCSE and MVP through MS, but wireshark is a tool with way too many buttons for me to push and understand. I’ve spent months living my mantra “not going to rtfm; waiting for the movie”, but I will admit that this is akin to reading the manual for an F-16 then hopping in, as opposed to spending time with a qualified pilot for a few months and then hopping in. WAY too many variables for me to screw up.

Let me explain my position; actually, let me start with a little background. I’m a mod at a couple of sites, notably, and have a blog for MS on their spaces page, writing as both as an MVP and beta tester for, now, office 2010. I understand the general rules around company IT policies and outward assistance regarding it, so if this is out of the box, i totally understand.

That said, however, I need to test wireshark in a domain environment, and as I work in a large static domain, this is the perfect place to test it for intrusion detection to individual pc’s. We’ve set up a few honeypots on the dmz zone, and a few behind everything that we have to protect them, and need to see what type of vulnerabilities we are hitting with both sets of rigs. It’s a very wide spectrum, as we need to know ANY type of intrusion, be it internet (which I can filter using the static IP setup) or external (and this is where I get lost).

I am also curious as to what wiresharks capabilities are concerning VPN; we use vasco tokens in conjunction with checkpoint, and they are then assigned an IP that is inside the network and has full access to the network, but the individual pc cannot be resolved short of going to the global gateway and digging through tens of thousands of entries for that time and token code.

Just some random questions, let me know what data you need to narrow down the options.

All I can say is that it is one helluva product, and I’ve not come across any app that’s this versatile ever. And I’ve come across my fair share of apps. Well done, lads.



You can download the manual, the way i learn it was capturing icmp traffic(ping), telnet, ssh, streaming and see what is normal. I also created loops in my lab and capture them. My tip is to use filters to see what exactly you are looking for.