There’s three questions we get asked the most here at CloudShark:
- How do I capture packets and get them into CloudShark?
- Where can I find example packet captures?
- Where do I start with packet capture analysis?
That last question is very important to us, because one of the things we always want to promote is demystifying the use of packet captures to troubleshoot network and security problems. They are really are the best way, and with the right tools and knowledge they can be your first go-to.
Here’s a list of our favorite resources for getting started with packet captures.
Many of the resources we introduce here base their training and examples on Wireshark. The good news is that almost anything that you learn about packet capture analysis in Wireshark applies to analysis in CloudShark, and is usually done more easily in CloudShark! We encourage you to go through some of these resources using CloudShark for your hands-on experience.
Chris Sanders puts a lot of time and effort into making sure the wider community understands how to use packet captures for troubleshooting and security analysis.
Laura Chappell is one of the founders of Wireshark University. The textbook on Wireshark analysis is big and in-depth, but this book is a little more targeted towards beginners looking to start learning about networks through packets.
Here’s some of our go-to blogs to with examples and training resources to get familiar with capture analysis.
- chrissanders.org - mentioned above, the author of practical packet analysis has a ton of articles and resources here that he updates regularly.
- Packet Pioneer - Chris Greer is a SharkFest regular and has a great blog with both basic and advanced topics.
- Packet Foo - Jasper Bongertz is an undisputed master of TCP packet analysis and goes in-depth on many different topics on this blog.
- Packetlife.net - a great resource for packet capture examples while you’re learning.
- PacketBomb Blog - Kary Rogers has an ongoing blog on various network troubleshooting concepts and basics on packet capture and packet analysis.
- Malware Traffic Analysis - If you’re looking for topics related to security and malicious traffic, this blog has both capture examples and exercises. Be careful though, some of the examples contain real malware examples, so do go through them lightly.
- ask.wireshark.org - This is not only a great place to ask questions but it’s great to follow along with the analysis performed by some of the biggest packet experts out there. Using CloudShark to post the captures you have questions about makes this even easier!
- Sharkfest - Sharkfest is a collaborative event held three times a year (in the US, Europe, and Asia) with various experts talking on a number of packet capture and network troubleshooting concepts. If you want to really get going from being a beginner to a packet capture guru, there’s no better way than live with the experts themselves. If you can’t, they keep a record of most talks (many on video), called their “retrospectives”. Watch the retrospectives for their US, Europe, and Asia Sharkfests - there’s lots there!
Those are just a short list of some of the resources we know about for diving into the world of network packets. Like we said, with the right tools using captures can be both easy and the best way to troubleshoot tough network problems. Have any more resources you want to see listed? Let us know!