BettyDuBois.com

Cheatsheets

You don't have to join the email list to download, but we would love it if you did!

A field in Wireshark that displays the state of a TCP stream.
Know What All of the Possible Combinations Mean

What is TCP Completeness?

A field in Wireshark that displays the state of a TCP stream. Check out the filters we created for our profiles including the ones added to CloudShark, and the great article about this field written by Tom Peterson at qa|cafe

Profiles & Pcaps

Files Referenced In Our YouTube Videos

Some are Wireshark profiles so that you can follow along in the video.

How Can We Help?
YouTube Logo
TCP Profile

Optimized for TCP analysis with columns, filters, and only the most necessary protocols dissected.

Download TCP Profile
TLS Profile
Limited protocols are enabled to speed file loading and filters. Use to analyze TLS files, and see what version you are actually using.
Download TLS Profile
Quickload Profiles
Just like Quickload-4 below, except it has some key Layer 7 protocols enabled. 


Steps to load large files as quickly as possible

  1. Change to a Quickload profile
  2. Use a display filter in the File | Open dialog box if you know what you want
  3. Filter after loading if you don’t know what you want
  4. File | Export Selected Packets to create a new file with only the packets of interest
  5. Open new file with a troubleshooting profile
Download Quickload 7
Special Characters in Column Titles

Quickload 4 Profile
Only the bare minimum of protocols are enabled and their preferences are all turned off. No OSI layer 7 protocols are enabled. 


Steps to load large files as quickly as possible

  1. Change to a Quickload profile
  2. Use a display filter in the File | Open dialog box if you know what you want
  3. Filter after loading if you don’t know what you want
  4. File | Export Selected Packets to create a new file with only the packets of interest
  5. Open new file with a troubleshooting profile
Download Quickload 4

Other Tips, Tricks  & Tshirts


"Context Sensitive Filters"

Works with any field. Create filter button, and when you click on a packet, you get all the packets that match that field for the selected packet.

Example:
tcp.stream == ${tcp.stream}

If you try to create the filter and the syntax is red, it could be because that field does not exist in the packet you are on.  If you try to the use the filter and the syntax is red, it could be the same reason.  Of course, each red filter could be some other issue with the syntax :).  I think this what Jasper was trying to say in the chat.

Special Characters in Column Titles

Use special characters in your column titles.  Make the titles shorter so the column can be more narrow when using the "Resize packet list" button, or double clicking on the right edge of the column. More space for additional columns.


Dark Mode Profile
From YouTube video “Take Wireshark to the Dark Side”.  The colors have been tweaked to be easily visible when using dark mode on the Mac.
Download Dark Mode Profile
TCP Handshake Pcaps
Pcaps for the "Inside the TCP handshake" YouTube video recorded at SharkFest 13.​
Download TCP Handshake Pcaps
SharkFest13 Profile
Profile used for the "Inside the TCP handshake" YouTube video recorded at SharkFest 13.
Download SF13 TCP Profile (a lot has changed since then)

Ready to get started?

Schedule a free 30 minute session with Betty.


Schedule
Packet Detectives logo, magnifying glass and fingerprint

When users complain about your network or applications, we investigate the crime, find the culprit, and make you look like a hero.

© Copyright DuBois Training & Consulting, LLC. All rights reserved. Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation.