Cheatsheets
You don't have to join the email list to download, but we would love it if you did!
What is TCP Completeness?
A field in Wireshark that displays the state of a TCP stream. Check out the filters we created for our profiles including the ones added to CloudShark, and the great article about this field written by Tom Peterson at qa|cafe.
Profiles
Many of our clients and students have requested our Wireshark profiles
They are now on GitLab!
We are pleased to announce that our profiles are now available on GitLab. This will make it easier for you to stay up-to-date on our latest changes and improvements.
All of our profiles will have the same nested Filter Button Groups and color rule set as shown here. There are currently three types of profiles available:
- Default: This is a good starting point for creating your own custom profiles.
- QuickLoad: These profiles have minimal dissectors enabled so that large pcaps can load faster.
- By protocol: These profiles are more specific and are designed for dissecting specific protocols or applications. We will be adding more profiles to this category in the near future.
YouTube Profiles & Pcaps
Files Referenced In Our YouTube Videos
Some are Wireshark profiles so that you can follow along in the video.
Optimized for TCP analysis with columns, filters, and only the most necessary protocols dissected.
Steps to load large files as quickly as possible
- Change to a Quickload profile
- Use a display filter in the File | Open dialog box if you know what you want
- Filter after loading if you don’t know what you want
- File | Export Selected Packets to create a new file with only the packets of interest
- Open new file with a troubleshooting profile
Steps to load large files as quickly as possible
- Change to a Quickload profile
- Use a display filter in the File | Open dialog box if you know what you want
- Filter after loading if you don’t know what you want
- File | Export Selected Packets to create a new file with only the packets of interest
- Open new file with a troubleshooting profile
Other Tips, Tricks & Tshirts
"Context Sensitive Filters"
Works with any field. Create filter button, and when you click on a packet, you get all the packets that match that field for the selected packet.
Example:
tcp.stream == ${tcp.stream}If you try to create the filter and the syntax is red, it could be because that field does not exist in the packet you are on. If you try to the use the filter and the syntax is red, it could be the same reason. Of course, each red filter could be some other issue with the syntax :). I think this what Jasper was trying to say in the chat.
Use special characters in your column titles. Make the titles shorter so the column can be more narrow when using the "Resize packet list" button, or double clicking on the right edge of the column. More space for additional columns.
