This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Validate Wireshark, as per US Food and Drug Administration requirements, for small tcp/ip system

0

I am using Wireshark to validate the tcp/ip protocols of a small system. However, I must first validate Wireshark itself for tcp/ip protocols before I can use it to validate another system. Anyone have any simple solutions?

asked 18 Dec '13, 07:59

cgoogins's gravatar image

cgoogins
11112
accept rate: 0%

edited 18 Dec '13, 12:52

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

What do you mean by "validate Wireshark itself"? Do you want to feed it some packets and see if the decode is what it is supposed to be?

(18 Dec '13, 08:04) Jasper ♦♦

Yes. I suppose. (BTW - I have limited experience in this area.)

(18 Dec '13, 08:08) cgoogins

Unfortunately, as Jasper indicated, without knowing what the FDA's definition of what "validation" means, there's not much we can do to help you.

(18 Dec '13, 12:53) Guy Harris ♦♦

One Answer:

1

The only reason to do this I can think of is that you need to have some sort of "chain of custody" in case you find something wrong with the "small system" and then someone challenges your findings by saying "you analyzed it wrong."

So if you have to you can still double check your findings with other analyzers (most of them commercial), but I have never seen anyone dare to argue against Wireshark as an analyzer when it comes to decoding common stuff like the IP or TCP layer :-)

So my advice would be to go ahead and do the check using Wireshark and see what happens. Don't waste time on validating Wireshark. Double check findings instead, including the hex dump if necessary.

answered 18 Dec '13, 08:22

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thank you very much for the advice. But, this is for a medical device, and the FDA requires proof that validation tools also be validated themselves.

(18 Dec '13, 08:29) cgoogins

I see. Can you ask someone at the FDA what the usual testing procedures are? Maybe they already have a list which includes Wireshark as a validated tool - it is the most common tool to be used for such examinations. And I'm pretty sure your device isn't the first medical device that has its TCP/IP stack checked.

(18 Dec '13, 08:42) Jasper ♦♦

Thanks for the suggestions. I wish it could work that way, but unfortunately it doesn't. It is up to me to validate it.

(18 Dec '13, 12:26) cgoogins