 | 1 | initial version |
First of all be aware you may be embarking on a long journey here. It depends on your access to the network and the intermediate nodes, the network appliances and how well you understand the protocols. You may get some advice here, but won't be taken by the hand for a full network analysis.
That being said, have a look at the various video's and other learning stuff presented at the Wireshark Website, eg. the Users Guide or the various presentations of SharkFest.
In this particular instance you would be looking specifically hard at the TCP layer, as in, what is happening in connection setup and further down the line with these connections. What is to be learned from that, especially when compared to (known good) external-to-site communication. So you'll have to capture that too. I would expect the traffic to take a different route through the network, so what happens to these TCP streams, in what regard do they differ? So taking captures at various points in the network (through span ports probably) should give you the data to interpret.
